# Subdomain Enumeration and Reconnaissance Tools > Search results for `discover subdomains and map attack surface` on awesome-repositories.com. 118 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/discover-subdomains-and-map-attack-surface **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/discover-subdomains-and-map-attack-surface).** ## Results - [1n3/sn1per](https://awesome-repositories.com/repository/1n3-sn1per.md) (10,049 ⭐) — Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan outputs and triage vulnerabilities, alongside an active exploit validation engine to eliminate false positives. Its broader capabilities cover mobile application auditing for Android and iOS binaries, dark web leak monitoring, and asset risk assessment. The system provides a security analysis dashboard for managing multi-user workspaces, generating structured reports, and configuring security tools via a web interface. The environment is deployed using containers and persistent volumes to ensure a reproducible runtime. - [google-map-react/google-map-react](https://awesome-repositories.com/repository/google-map-react-google-map-react.md) (6,470 ⭐) — google-map-react is a JavaScript library that integrates Google Maps into React applications by rendering any React component as a custom map marker. It provides direct access to the native Google Maps API internals, enabling advanced custom operations beyond standard marker placement. The library distinguishes itself by allowing fully custom interactive markers and content, replacing default Google Maps markers and balloons with React components. It supports server-side rendering so search engines can index map content without requiring JavaScript, and includes an internal algorithm for detecting hover events on map objects even when zoomed out. Additional capabilities include displaying interactive info windows when markers are clicked, filtering markers based on user criteria, and loading the Google Maps API on demand only when the map component is first used. The library can also calculate and render component positions before the Google Maps API has finished loading. Documentation and installation instructions are available through the project's repository. - [infobyte/faraday](https://awesome-repositories.com/repository/infobyte-faraday.md) (6,523 ⭐) — Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to aggregate findings. Additionally, it provides bidirectional synchronization with external ticketing systems via webhooks to maintain consistency between vulnerability states and remediation tasks. Broad capabilities include automated scan scheduling, role-based access control, and identity federation via SAML 2.0 and LDAP. The system also features template-driven report generation for executive and compliance documents, as well as a Model Context Protocol server to expose management data to AI assistants. The project is written in Python and integrates with PostgreSQL for data storage and Elasticsearch for high-performance querying. - [secdec/attack-surface-detector-burp](https://awesome-repositories.com/repository/secdec-attack-surface-detector-burp.md) (113 ⭐) — The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters - [gwen001/gitlab-subdomains](https://awesome-repositories.com/repository/gwen001-gitlab-subdomains.md) (106 ⭐) — Find subdomains on GitLab. - [labstack/echo](https://awesome-repositories.com/repository/labstack-echo.md) (32,451 ⭐) — Echo is a high-performance, lightweight web framework for Go designed for building scalable RESTful APIs and web services. It provides a centralized environment for mapping network requests to handler functions, utilizing a fast radix-tree routing engine to ensure efficient request dispatching. The framework is built around a modular, middleware-centric pipeline that allows developers to execute reusable logic for cross-cutting concerns like authentication, logging, and security across the entire application. What distinguishes Echo is its focus on developer productivity through structured data binding and a unified response interface. It automatically maps incoming request payloads into typed objects while validating content against defined schemas, significantly reducing manual parsing boilerplate. The framework also includes built-in support for real-time communication via WebSockets and server-sent events, alongside advanced traffic management capabilities such as rate limiting, load balancing, and reverse proxying. The framework covers a broad surface of operational and security requirements, including automated TLS certificate management, CSRF protection, and CORS policy enforcement. It provides comprehensive utilities for request and response management, including support for streaming large data, template rendering, and graceful server shutdowns to ensure reliable service termination. Observability is integrated through distributed tracing, performance metrics export, and detailed request logging. - [owasp/amass](https://awesome-repositories.com/repository/owasp-amass.md) (14,722 ⭐) — Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships between discovered domains and IP addresses, supported by a modular plugin system for integrating third-party discovery services. The framework covers broader capabilities including network reconnaissance, public asset discovery, and the preparation of security audits by mapping all reachable entry points. These processes are managed through a concurrent worker pipeline to accelerate the scanning and resolution of large target sets. - [linux-surface/linux-surface](https://awesome-repositories.com/repository/linux-surface-linux-surface.md) (7,413 ⭐) — This project provides a customized Linux kernel and driver suite designed to enable hardware compatibility for Surface devices. It focuses on building and patching the Linux kernel to provide driver support for proprietary hardware components that are missing from the upstream source. The system includes a secure boot kernel signing mechanism and a process for enrolling custom keys into the system firmware. This allows the execution of patched kernels while maintaining system security protections. The project covers peripheral driver support for touchscreens, styluses, and keyboards, as well as input management for multitouch and gestures. It also includes power and performance utilities for battery telemetry monitoring, discrete GPU power management, and system sleep state control. Additional capabilities include pre-boot input support to enable keyboards during disk decryption and a coordination system for clipboard detachment. - [laramies/theharvester](https://awesome-repositories.com/repository/laramies-theharvester.md) (15,687 ⭐) — theHarvester is a command-line utility designed for gathering open-source intelligence and mapping an organization's external attack surface. It functions as a security information gathering framework that automates the collection of publicly available data to assist in reconnaissance and threat analysis. The tool utilizes a plugin-based architecture to execute isolated queries against various search engines and public databases. It employs asynchronous task execution to run multiple discovery operations in parallel, while a centralized pipeline aggregates and deduplicates findings from these disparate sources into a unified output. The framework supports the identification of public-facing digital assets, including subdomains, IP addresses, and email addresses. It manages connectivity to third-party intelligence providers through a centralized configuration system that handles authentication keys for external data sources. Raw information retrieved from these services is processed using pattern-matching logic to isolate specific entities from unstructured text. - [fingerprintjs/fingerprintjs](https://awesome-repositories.com/repository/fingerprintjs-fingerprintjs.md) (27,334 ⭐) — Fingerprint is a visitor identification and fraud detection platform that generates persistent, unique identifiers by analyzing browser and device attributes. By extracting technical signals from the client environment, it enables reliable user tracking across sessions without relying on traditional cookies. The platform distinguishes itself through its focus on high-accuracy identification and security-first architecture. It employs edge-side proxying to bypass ad-blockers and privacy restrictions, ensuring consistent data collection. To maintain data integrity, it uses cryptographic payload sealing and server-side verification flows, which prevent tampering by ensuring that identification data is processed securely on the backend rather than solely on the client. Beyond core identification, the project provides a comprehensive suite for bot detection and security. It analyzes network metadata, device reputation, and behavioral patterns to identify malicious traffic, AI agents, and automated scrapers. These capabilities are supported by granular risk assessment tools, including confidence scoring and protection rulesets that allow for automated blocking of suspicious interactions. The platform offers extensive administrative and integration features, including multi-environment resource isolation, regional data residency controls, and programmatic API management. It supports diverse deployment environments through framework-specific SDKs, mobile integration, and automated proxy infrastructure deployment. - [blacklanternsecurity/bbot](https://awesome-repositories.com/repository/blacklanternsecurity-bbot.md) (9,929 ⭐) — This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patterns. The framework covers a broad range of reconnaissance activities, including web application scanning, email address enumeration, and public infrastructure mapping. It maintains a state-persistent asset inventory and provides capabilities for web screenshot capture, parameter extraction, and real-time event streaming. Data is managed through an event-driven pipeline that supports external data export to databases and logging platforms, as well as notification delivery via webhooks to chat platforms. - [any4ai/anycrawl](https://awesome-repositories.com/repository/any4ai-anycrawl.md) (2,742 ⭐) — AnyCrawl is an AI-powered data extractor, automated web crawler, and headless browser orchestrator. It serves as a web content extraction API and a gateway that connects crawling and scraping tools to language models using a standardized API protocol. The project specializes in converting unstructured website content into structured JSON or markdown optimized for AI assistants. It utilizes language models and JSON schemas to pull specific information into validated formats and provides capabilities for AI page summarization and LLM-optimized content extraction. The system manages comprehensive web scraping infrastructure, including proxy rotation, stealth rendering, and asynchronous job queuing. It supports automated site traversal through recursive crawling and sitemap discovery, as well as scheduled data collection using cron-based timing and webhook notifications. Additional capabilities include search engine integration for URL discovery and the execution of custom JavaScript logic within a sandbox for result transformation. The toolkit is available for containerized deployment. - [llm-attacks/llm-attacks](https://awesome-repositories.com/repository/llm-attacks-llm-attacks.md) (4,509 ⭐) — This repository provides tools and methodologies for studying adversarial attacks on large language models. It focuses on understanding how carefully crafted inputs can manipulate or bypass the safety mechanisms of LLMs, enabling researchers to probe model vulnerabilities and improve their robustness. The project covers techniques for generating adversarial prompts, evaluating model responses under attack conditions, and analyzing the effectiveness of different attack strategies. - [techarohq/anubis](https://awesome-repositories.com/repository/techarohq-anubis.md) (17,067 ⭐) — Anubis is a command-line security reconnaissance framework designed for subdomain enumeration and attack surface mapping. It functions as a utility for security professionals to identify, catalog, and visualize the external digital footprint of an organization by discovering all subdomains associated with a target domain. The tool distinguishes itself through a modular resolver pipeline that integrates passive reconnaissance from third-party security APIs and public certificate transparency logs. It combines this data with active discovery methods, including recursive DNS brute-forcing and algorithmic pattern-based permutation generation, to uncover hidden infrastructure that is not publicly indexed. To maintain efficiency during large-scale assessments, the software utilizes asynchronous concurrent scanning to perform thousands of simultaneous DNS lookups. A built-in deduplication engine normalizes and filters these results to provide a clean, unique list of discovered assets for further vulnerability research. - [christophetd/censys-subdomain-finder](https://awesome-repositories.com/repository/christophetd-censys-subdomain-finder.md) (843 ⭐) — ⚡ Perform subdomain enumeration using the certificate transparency logs from Censys. - [ceph/ceph](https://awesome-repositories.com/repository/ceph-ceph.md) (16,247 ⭐) — Ceph is a unified, software-defined storage platform designed to provide object, block, and file storage services from a single distributed cluster. By decoupling data management from physical hardware, it enables elastic scaling across commodity hardware, allowing organizations to build large-scale storage infrastructure without reliance on proprietary vendor equipment. The system distinguishes itself through a shared-nothing, distributed architecture that utilizes deterministic hashing for data placement. This approach eliminates centralized metadata bottlenecks, allowing the cluster to scale efficiently while maintaining even load balancing across all nodes. To ensure high availability and data reliability, the platform employs continuous background self-healing, automated integrity verification, and flexible redundancy strategies including both replication and erasure coding. Beyond its core storage capabilities, the platform provides comprehensive infrastructure management tools for orchestrating cluster lifecycles and automating node deployment. It supports diverse application requirements by offering native integration for containerized workloads, virtualized block storage, and standard file system interfaces. The system also includes advanced performance features such as automated storage tiering and data access optimization to balance throughput and cost across varied hardware media. - [kubernetes/kops](https://awesome-repositories.com/repository/kubernetes-kops.md) (16,631 ⭐) — kops is a Kubernetes cluster provisioner and lifecycle manager designed to automate the creation, maintenance, and destruction of production-grade clusters on cloud infrastructure. It functions as a declarative infrastructure manager, synchronizing the live state of a cluster with versioned manifests stored in remote object storage to ensure idempotent operations. The project distinguishes itself by offering comprehensive automation for the entire cluster lifecycle, including high-availability control plane deployment, incremental rolling updates, and automated version upgrades. It also serves as an infrastructure-as-code exporter, capable of generating Terraform configurations from the current state of a deployed cluster. Beyond provisioning, it covers a broad operational surface including automated node and pod scaling, etcd data store management, and complex networking configurations such as dual-stack IPv6 and CNI integration. It also manages identity and security through OIDC authentication integration, cloud IAM role mapping, and x509 certificate lifecycle management. The tool provides a command-line interface with support for shell autocompletion. - [ignitetechnologies/mindmap](https://awesome-repositories.com/repository/ignitetechnologies-mindmap.md) (8,656 ⭐) — Mindmap is a cybersecurity knowledge base and reference library that organizes security tools, frameworks, and methodologies into a visual knowledge map. It functions as a curated directory of cheat sheets and command guides for offensive and defensive security operations, presented as a hierarchical interface with collapsible nodes. The project converts structured markdown files into navigable visual trees to facilitate the study of penetration testing workflows and DevOps learning roadmaps. It also serves as a security compliance framework, providing structured mappings of NIST and ISO 27001 controls for information security auditing. The platform covers a wide range of security domains, including tool cataloging for reconnaissance and reverse engineering, privilege escalation guides, and reference materials for active directory pentesting and network traffic analysis. The knowledge base is built using static content generation and a JSON-driven metadata catalog to populate its searchable lists and filterable galleries. - [trigg/discover](https://awesome-repositories.com/repository/trigg-discover.md) (0 ⭐) - [lemmynet/lemmy](https://awesome-repositories.com/repository/lemmynet-lemmy.md) (14,454 ⭐) — Lemmy is a self-hosted, federated discussion platform that enables the operation of independent, decentralized social networking servers. By implementing the ActivityPub protocol, it allows autonomous instances to exchange content, synchronize user interactions, and participate in a global, distributed network without centralized control. The platform distinguishes itself through a decoupled architecture that separates the backend API from the frontend, facilitating the development of custom interfaces while maintaining unified user handles and cross-platform communication. It provides granular administrative and moderation tools, including public action auditing, role delegation, and the ability to manage federated connections, which allows administrators to enforce local community standards across the broader network. The system supports a comprehensive suite of social features, including threaded conversations, content voting, and hierarchical discussion management. It is designed for scalability, utilizing asynchronous background processing and horizontal service partitioning to handle federation workloads and traffic efficiently. Administrators can further secure and customize their instances through integrated traffic controls, language filtering, and support for anonymous network routing. The project provides containerized deployment workflows and automated database migration management to simplify the maintenance of self-hosted environments. - [gabsjahbless/discovering-reversetabnabbing](https://awesome-repositories.com/repository/gabsjahbless-discovering-reversetabnabbing.md) (5 ⭐) — Reverse tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example, to replace it with a phishing site. As the user was originally on the correct page they are less likely to notice that it has been changed to a phishing site. If the user… - [thekingofduck/fuzzdicts](https://awesome-repositories.com/repository/thekingofduck-fuzzdicts.md) (8,355 ⭐) — fuzzDicts is a repository of curated wordlists and dictionaries designed for web application fuzzing. It provides collections of strings and payloads used to discover hidden files, subdomains, and security vulnerabilities. The project includes specialized libraries for different security testing vectors, such as dictionaries for common request and cookie parameters, lists of common subdomain prefixes, and collections of passwords and default vendor credentials for brute-force testing. It also maintains a security payload library containing character sequences used to identify flaws like SQL injection and cross-site scripting. The available datasets cover several capability areas, including hidden asset discovery, subdomain enumeration, and security vulnerability scanning. - [davidhdev/react-bits](https://awesome-repositories.com/repository/davidhdev-react-bits.md) (41,207 ⭐) — React-bits is a comprehensive toolkit for web development that combines a library of interactive motion primitives with a command-line interface for component management and AI-assisted coding. It provides a framework for implementing declarative motion states and specialized typography animations, allowing developers to build responsive, gesture-enabled interfaces that respond to user input. The project distinguishes itself through a remote registry system that allows for the direct injection of modular UI source code into local project directories. It also features a protocol-based bridge that indexes local codebase structures to provide intelligent coding assistants with the context necessary for accurate development suggestions. By decoupling UI logic from presentation layers, the project ensures that its components remain style-agnostic and compatible with various styling methodologies. Beyond core interface elements, the project includes a suite of creative tools for generative visual design. These utilities enable the creation of shader-based dynamic backgrounds, procedural vector shapes, and artistic media textures. These assets can be exported as code snippets or visual media, providing a flexible workflow for enhancing the aesthetic quality of digital interfaces. - [mildrenben/surface](https://awesome-repositories.com/repository/mildrenben-surface.md) (0 ⭐) — Material Design, CSS only framework. - [s0md3v/photon](https://awesome-repositories.com/repository/s0md3v-photon.md) (12,953 ⭐) — Photon is a command-line web crawler designed for security reconnaissance and information gathering. It systematically traverses websites to discover URLs, map domain infrastructure, and identify associated subdomains by retrieving DNS records. The tool distinguishes itself through its ability to perform deep content analysis, including the extraction of sensitive data such as API keys and authentication tokens using user-defined regular expressions. It supports offline inspection by cloning crawled web content to the local filesystem, allowing for structural analysis without additional network activity. The crawler utilizes multi-threaded execution to maximize throughput during discovery and supports proxy-aware routing to manage traffic origin. Its architecture is built for integration into automated security workflows, allowing users to pipe discovered metadata and extracted patterns directly to standard output or export results into structured files for further processing. - [msaraiva/surface](https://awesome-repositories.com/repository/msaraiva-surface.md) (2,136 ⭐) — A server-side rendering component library for Phoenix - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific executables and mobile application packages to establish remote command sessions. The framework covers a broad surface of capabilities, including web application penetration testing, OSINT reconnaissance, memory and disk forensics, and wireless network auditing. It provides tools for payload generation, credential theft, and the automation of information gathering from public data sources. This project is implemented primarily as a shell-based application. - [oj/gobuster](https://awesome-repositories.com/repository/oj-gobuster.md) (13,429 ⭐) — Gobuster is a command-line security utility designed for brute-force discovery of hidden infrastructure and content. It operates by systematically testing wordlists against target network services to identify files, directories, subdomains, and cloud storage buckets. The tool utilizes a concurrent worker pool to execute these requests in parallel, ensuring efficient scanning across various network environments. The project distinguishes itself through a modular plugin architecture that supports multiple discovery modes, including HTTP, DNS, and TFTP. This design allows for protocol-agnostic request abstraction, enabling the tool to perform virtual host identification, cloud storage auditing, and custom protocol fuzzing within a unified execution pipeline. Users can further refine these operations by customizing network headers, proxy settings, and security certificates. Beyond basic enumeration, the tool provides robust result management capabilities. It includes response-based filtering logic to discard irrelevant data based on status codes or content patterns, and it supports real-time stream-based processing to save findings directly to local files. These features allow for the systematic mapping of external network footprints and the identification of exposed application endpoints or sensitive configuration data. - [projectdiscovery/naabu](https://awesome-repositories.com/repository/projectdiscovery-naabu.md) (5,766 ⭐) — Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without completing the full handshake, enabling faster scans. It supports passive port enumeration through external services like Shodan InternetDB, and can exclude CDN or WAF IPs from full scans. Naabu also provides a REST API for programmatic scan triggering, configuration management, and result export, alongside the ability to embed port scanning directly into Go programs with callback-based result handling. The tool covers host discovery, port scanning, and service detection across multiple input formats and output options. It includes features for filtering scan targets, rescanning completed scans, and exposing scan metrics via HTTP. The project is available as a command-line tool and as a Go library, with support for Docker deployment. - [dtc7w3pq/response-attack](https://awesome-repositories.com/repository/dtc7w3pq-response-attack.md) (0 ⭐) — Response Attack: Exploiting Contextual Priming to Jailbreak Large Language Models - [gfx-rs/wgpu](https://awesome-repositories.com/repository/gfx-rs-wgpu.md) (17,382 ⭐) — This project is a cross-platform graphics and compute framework that provides a unified, hardware-agnostic abstraction layer for rendering and parallel processing. It enables developers to build high-performance applications that execute consistently across diverse operating systems and hardware backends, including Vulkan, Metal, and DirectX. By mapping high-level graphics commands to native APIs, it serves as a portable foundation for both real-time 3D rendering and general-purpose GPU computing. The framework distinguishes itself through a robust architecture that supports both native desktop execution and web-based deployment. It utilizes a command-buffer-based execution model and a sophisticated shader translation pipeline to ensure consistent behavior across different graphics hardware. Furthermore, it includes a dedicated WebAssembly targeting layer, allowing the same graphics code to run within browser environments using standard web-based graphics APIs. Beyond its core rendering capabilities, the project provides comprehensive tools for managing the entire graphics lifecycle. This includes advanced memory management, asynchronous resource synchronization, and flexible pipeline configuration. It also offers extensive support for complex visual techniques, such as mesh shading, high dynamic range rendering, and multi-view content generation, alongside diagnostic utilities for performance monitoring and shader compilation caching. The project is implemented in Rust and provides a stable, well-documented interface for integrating hardware-accelerated graphics into external applications. - [projectdiscovery/nuclei](https://awesome-repositories.com/repository/projectdiscovery-nuclei.md) (29,189 ⭐) — Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integrates advanced reconnaissance capabilities, including cloud infrastructure assessment, subdomain discovery, and technology fingerprinting, into a unified workflow that can be orchestrated via a command-line interface or programmatic API. Beyond core scanning, the project provides a comprehensive suite of tools for external attack surface management, including asset inventorying, visual evidence capture, and automated ticketing integration. It supports collaborative security operations through team workspaces, centralized template management, and real-time alerting, ensuring that vulnerability findings can be tracked, verified, and remediated within a single environment. The platform is distributed as a command-line utility and supports containerized execution, enabling integration into existing CI/CD pipelines and automated security workflows. - [goradd/maps](https://awesome-repositories.com/repository/goradd-maps.md) (53 ⭐) — map library using Go generics that offers a standard interface, go routine synchronization, and sorting - [astronvim/astronvim](https://awesome-repositories.com/repository/astronvim-astronvim.md) (14,355 ⭐) — AstroNvim is a modular Neovim distribution that functions as a comprehensive development environment. It provides a pre-configured framework for managing editor settings, plugin ecosystems, and language server integrations, effectively transforming a base text editor into a full-featured integrated development environment. The project distinguishes itself through a highly customizable Lua-based architecture that emphasizes modularity and performance. It enables users to manage complex editor configurations through a centralized, declarative system that supports lazy loading, community-maintained plugin specifications, and automated environment initialization. By treating the configuration directory as a standard project, it allows for granular control over editor behavior, UI components, and keybindings while maintaining the ability to isolate multiple editor instances. Beyond its core configuration capabilities, the project includes extensive tooling for language analysis, debugging, and workflow automation. It integrates language server protocols to provide real-time code intelligence, diagnostics, and refactoring, alongside a suite of utilities for session management, fuzzy-finding, and terminal integration. The interface is fully extensible, allowing for the composition of custom status lines, dashboard elements, and visual themes to suit specific development needs. The project is distributed as a Git-based repository, allowing users to clone and manage their development environment directly through standard version control workflows. - [a-h/templ](https://awesome-repositories.com/repository/a-h-templ.md) (10,358 ⭐) — Templ is a type-safe HTML templating engine and UI framework for Go. It provides a system for building reusable HTML components that compile into Go code for server-side rendering, ensuring type safety and compile-time validation of data and logic. The project features a dedicated language server that provides autocomplete and syntax validation for template files within supported code editors. It employs compile-time code generation to transform a custom template language into Go source code, enabling the creation of modular HTML fragments and logic blocks. The framework includes automated security mechanisms to prevent cross-site scripting through HTML escaping, CSS class and value sanitization, and resource URL validation. It supports various output targets, including streaming content to response writers for web interfaces or producing standalone files for static site generation. A command line interface is provided to handle the generation of Go source code and the formatting of markup and template files. - [projectdiscovery/subfinder](https://awesome-repositories.com/repository/projectdiscovery-subfinder.md) (13,105 ⭐) — Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orchestration to parallelize discovery workloads across remote nodes. For dynamic web application analysis, the tool incorporates headless browser rendering to execute client-side code and capture visual state. The platform provides a broad capability surface for security operations, including asynchronous interaction monitoring to detect blind vulnerabilities and server-side request forgery. It features a domain-specific language for granular filtering of scan results and supports pipeline-oriented data streaming to integrate findings into external security tools and reporting systems. The software is implemented in Go and provides a command-line interface for executing discovery tasks and managing security workflows. - [fatoomre/calm-attack](https://awesome-repositories.com/repository/fatoomre-calm-attack.md) (0 ⭐) — Calm Attack is an open-source Flutter-based mobile application designed to be a lifeline for individuals experiencing Panic Attacks. Empowering you to reclaim your strength and find peace in the storm, this app offers scientifically-backed grounding exercises to help you regain control when… - [javascript-tutorial/en.javascript.info](https://awesome-repositories.com/repository/javascript-tutorial-en-javascript-info.md) (25,344 ⭐) — This project is a comprehensive JavaScript programming tutorial and language reference. It serves as a web development education resource providing instruction on modern language fundamentals, object-oriented design, and advanced asynchronous programming patterns. The resource functions as both a frontend development guide and a technical reference. It covers core language features such as closures, prototypes, promises, and typed arrays, while providing practical lessons on managing browser data and handling network requests. The content spans several key capability areas, including browser API integration, data structure manipulation, and frontend web development. It specifically covers the manipulation of the document object model, the handling of browser events, and the creation of reusable web components. The documentation is delivered as a collection of static-site generated pages created from markdown files. - [appsecco/the-art-of-subdomain-enumeration](https://awesome-repositories.com/repository/appsecco-the-art-of-subdomain-enumeration.md) (0 ⭐) — This repository contains all the supplement material for the book "The art of subdomain enumeration" - The book is available here: https://appsecco.com/books/subdomain-enumeration/ - [hiddify/hiddify-app](https://awesome-repositories.com/repository/hiddify-hiddify-app.md) (30,948 ⭐) — Hiddify is a cross-platform proxy client designed to manage secure network connections and traffic routing across desktop and mobile operating systems. It functions as a unified proxy manager, providing a centralized interface to configure and control various network proxy protocols for encrypted and private internet access. The application distinguishes itself by integrating local loopback interception, which configures the operating system network stack to route traffic through a local port for granular filtering. It also serves as a self-hosted infrastructure tool, enabling users to automate the deployment of private proxy servers on remote infrastructure through simplified command-line initialization. The system maintains consistency across environments by synchronizing remote server states through declarative configuration files and utilizing an event-driven daemon to monitor proxy health and network state changes. It employs a shared bridge layer to interact with native system APIs and firewall rules, while bundling all necessary dependencies into a singular, self-contained executable package. - [six2dez/reconftw](https://awesome-repositories.com/repository/six2dez-reconftw.md) (7,226 ⭐) — reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent execution across different cloud providers and features a checkpoint system to resume interrupted workflows from the last point of failure. The toolkit covers a broad range of capabilities, including passive and active subdomain enumeration, open-source intelligence gathering, and network infrastructure analysis. It also incorporates automated vulnerability scanning for common web flaws and CVEs, differential asset tracking to identify new targets, and the generation of security reports using artificial intelligence. The environment can be deployed via container orchestration and integrated into CI/CD pipelines for recurring security checks. - [mrakotosaon/diff-surface-triangulation](https://awesome-repositories.com/repository/mrakotosaon-diff-surface-triangulation.md) (0 ⭐) — This is our implementation of the paper Differentiable Surface Triangulation that enables optimization for any per-vertex or per-face differentiable objective function over the space of underlying surface triangulations. - [realpython/discover-flask](https://awesome-repositories.com/repository/realpython-discover-flask.md) (4,550 ⭐) — Full Stack Web Development with Flask. - [cloud-architekt/azuread-attack-defense](https://awesome-repositories.com/repository/cloud-architekt-azuread-attack-defense.md) (2,471 ⭐) - [subfinder/subfinder](https://awesome-repositories.com/repository/subfinder-subfinder.md) (13,859 ⭐) — Subfinder is a passive subdomain enumeration tool and DNS asset discovery utility designed for mapping the external attack surface of a domain. It functions as a passive reconnaissance framework that identifies subdomains by querying curated third-party data sources and APIs without interacting directly with the target infrastructure. The tool utilizes a modular provider interface to integrate various passive sources and employs concurrent request orchestration to manage simultaneous network queries. It includes wildcard DNS filtering to identify and remove catch-all records, ensuring the resulting list contains unique and valid hosts. The utility is designed for security toolchain integration, supporting pipeline-based data streaming through standard input and output chaining. It provides capabilities for multi-format result export and includes a software development kit to embed the enumeration engine into other applications. - [elastic/elasticsearch](https://awesome-repositories.com/repository/elastic-elasticsearch.md) (77,012 ⭐) — Elasticsearch is a distributed search engine and document store designed for the high-performance indexing and retrieval of massive volumes of unstructured data. It functions as a centralized analytics platform, providing a schema-flexible architecture that organizes information into searchable indices while maintaining global cluster state through a distributed consensus mechanism. The platform distinguishes itself through its integrated approach to observability, security, and advanced analytics. It combines full-text, vector, and hybrid search capabilities with machine learning-driven insights, allowing users to perform complex statistical aggregations, geospatial analysis, and automated anomaly detection. Its storage architecture supports multi-tier data lifecycles, enabling efficient data placement across hot, warm, and cold nodes to balance performance with long-term retention requirements. Beyond core search and storage, the system provides comprehensive observability tools for centralized log analysis, application performance monitoring, and infrastructure health diagnostics. It includes built-in security operations for threat detection and endpoint protection, all managed through a unified RESTful API gateway. The system is accessible via standardized REST APIs for cluster management, data ingestion, and query execution. Extensive documentation is available to guide users through API references for search, indexing, security, and cluster administration. - [aboul3la/sublist3r](https://awesome-repositories.com/repository/aboul3la-sublist3r.md) (10,957 ⭐) — Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security library, exposing its core logic as a module for integration into custom automation scripts. Discovered network identifiers can be persisted to text files for external analysis. - [mdsecactivebreach/o365-attack-toolkit](https://awesome-repositories.com/repository/mdsecactivebreach-o365-attack-toolkit.md) (0 ⭐) — o365-attack-toolkit allows operators to perform oauth phishing attacks. - [elixir-ecto/ecto](https://awesome-repositories.com/repository/elixir-ecto-ecto.md) (6,471 ⭐) — Ecto is an Elixir database toolkit that maps database rows to Elixir structs and validates data changes through changesets before persistence. It provides a language-integrated query syntax for composing database queries, building them incrementally and securely with compile-time expansion into safe SQL. The toolkit connects to multiple database backends including PostgreSQL, MySQL, MSSQL, SQLite3, ClickHouse, and ETS through a pluggable adapter interface. It supports eager and lazy preloading of associated records to eliminate N+1 query problems, and can store nested data structures as embedded columns within parent tables. Changesets provide a pipeline for casting, validating, and tracking field changes before applying them to the database. Ecto handles full CRUD operations with structured success or error tuples, and includes automated scaffolding for generating database schemas, migrations, and project files. The repository pattern encapsulates database operations behind dedicated modules that return consistent result types. - [accenture/jenkins-attack-framework](https://awesome-repositories.com/repository/accenture-jenkins-attack-framework.md) (0 ⭐) — Jenkins Attack Framework