# API Parameter Fuzzing Tools > Search results for `fuzz web endpoints and APIs to find hidden parameters` on awesome-repositories.com. 114 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/fuzz-web-endpoints-and-apis-to-find-hidden-parameters **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/fuzz-web-endpoints-and-apis-to-find-hidden-parameters).** ## Results - [dwarvesf/hidden](https://awesome-repositories.com/repository/dwarvesf-hidden.md) (13,360 ⭐) — Hidden is a desktop productivity tool designed to manage and organize the macOS menu bar. It functions as a system interface customizer that allows users to consolidate secondary status icons into a single toggleable area, reducing visual clutter and streamlining the desktop workspace. The utility provides granular control over menu bar elements by enabling users to hide specific icons and rearrange them through a drag-and-drop interface. By utilizing system-level hooks and event monitoring, it maintains a persistent configuration of hidden items that can be toggled on or off to suit the user's current focus. The project covers a range of system utility customization capabilities, including the ability to manage the layout of background application icons and system status indicators. It operates by interacting with the window server to adjust the visibility and positioning of elements within the top-level status bar. - [ffuf/ffuf](https://awesome-repositories.com/repository/ffuf-ffuf.md) (15,618 ⭐) — This tool is a command-line utility designed for automated web resource discovery, fuzzing, and application structure mapping. It functions as a security-focused scanner that identifies hidden files, directories, parameters, and virtual hosts by injecting payloads into HTTP requests. By systematically testing how servers handle various inputs, it assists in mapping the architecture of web applications and uncovering potential security vulnerabilities. The tool distinguishes itself through a highly concurrent engine that manages asynchronous request execution and recursive job orchestration. It allows for granular control over the fuzzing process, including pipeline-based payload mutation, dynamic input encoding, and the ability to integrate external tools for custom payload generation. Users can manage scan intensity through precise traffic rate controls and interactive execution adjustments, ensuring stability while navigating target defenses. Beyond core discovery, the software provides extensive observability and reporting capabilities. It supports logic-based response filtering to isolate relevant findings from noise, audit logging for verifiable testing trails, and structured data export in formats like JSON and CSV. The tool also accommodates secure testing environments through support for client-side certificate authentication and persistent configuration management for standardized testing workflows. - [directus/directus](https://awesome-repositories.com/repository/directus-directus.md) (36,030 ⭐) — Directus is a headless content platform that functions as a backend service, automatically generating REST and GraphQL APIs by performing introspection on existing SQL database schemas. It serves as a unified data orchestration layer, decoupling content management from frontend delivery while providing a secure, stateless gateway for database transactions. The platform distinguishes itself through a granular role-based access control engine that enforces security policies at the field level across all API endpoints. It includes a visual, low-code administrative dashboard that allows non-technical users to manage database records directly, alongside a dynamic query abstraction layer that ensures consistent data access regardless of the underlying storage engine. Beyond its core API generation capabilities, the system supports complex data workflows through an event-driven webhook architecture and a middleware pipeline for custom logic injection. It also provides integrated digital asset management for storing and transforming media files, facilitating the development of internal tools and rapid backend prototyping. - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data integrity and collaborative growth by utilizing version-controlled knowledge management and template-driven content generation, ensuring that the research remains current and consistent across a wide range of technical domains. The project covers a broad capability surface, including detailed references for web application security, database injection, insecure deserialization, and AI model security testing. It also aggregates external resources, such as research papers and third-party tools, to provide a holistic view of modern threat analysis and defensive research. The documentation is organized as a hierarchical tree of markdown files, designed for easy navigation and reference during active security engagements. - [gwen001/github-endpoints](https://awesome-repositories.com/repository/gwen001-github-endpoints.md) (219 ⭐) — Find endpoints on GitHub. - [avelino/awesome-go](https://awesome-repositories.com/repository/avelino-awesome-go.md) (175,576 ⭐) — This project serves as a comprehensive language ecosystem index, functioning as a centralized, community-curated directory for the Go programming language. It organizes a vast landscape of software components, libraries, and development tools into a structured, navigable hierarchy, enabling developers to efficiently discover resources tailored to specific functional domains. The repository distinguishes itself through a decentralized contribution model, where community-driven updates ensure the index remains current with the rapidly evolving software landscape. Beyond simple resource listing, it acts as a technical knowledge repository, aggregating professional literature, style guides, and best practices to support developer onboarding and professional growth across the entire software development lifecycle. The directory covers a broad capability surface, including essential utilities for distributed systems engineering, application security, data processing, and development productivity. It provides access to specialized tools for database management, web framework integration, testing, and build automation, alongside educational materials that help developers master language-specific architectural patterns. The project is maintained as a static resource aggregation, providing a holistic view of external links and documentation to orient developers within the Go ecosystem. - [hahwul/dalfox](https://awesome-repositories.com/repository/hahwul-dalfox.md) (4,846 ⭐) — Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion testing, while employing AST-based DOM analysis to trace data flow from sources to execution sinks. Its broader capabilities include multi-stage parameter profiling, out-of-band callback verification for blind vulnerabilities, and the generation of SARIF-compatible result exports. The tool supports authenticated scanning through custom headers and cookies, as well as the integration of curated external payload lists. The tool can be integrated into automation pipelines using machine-readable outputs and specific exit codes for CI signaling. - [anggrayudi/android-hidden-api](https://awesome-repositories.com/repository/anggrayudi-android-hidden-api.md) (3,663 ⭐) — This project is an Android hidden API wrapper and system API bridge that provides access to internal Android system classes and resources. It enables compilation and execution of code against non-public Android framework methods and internal classes by replacing the standard platform jar. The tooling facilitates the retrieval of system-level strings, dimensions, and colors through an internal resource accessor, removing the need for manual Java reflection. The project covers low-level architectural mechanisms for custom bootclasspath injection and stub-based class loading to bypass compile-time checks for non-public system members. It also includes reflection-based resource access to retrieve private system resources at runtime. - [google/fuzzing](https://awesome-repositories.com/repository/google-fuzzing.md) (3,772 ⭐) — Tutorials, examples, discussions, research proposals, and other resources related to fuzzing - [aflplusplus/aflplusplus](https://awesome-repositories.com/repository/aflplusplus-aflplusplus.md) (6,605 ⭐) — AFL++ is a coverage-guided fuzzing framework that discovers crashes and hangs in software by mutating inputs while tracking which code paths are exercised. It functions as both a fuzzing engine and a campaign manager, supporting targets with or without source code through compile-time instrumentation, dynamic binary instrumentation, and emulation. The framework includes tools for crash triage and analysis, test case minimization, and campaign deployment across local or distributed environments. The framework distinguishes itself through its breadth of instrumentation backends, allowing users to fuzz binary-only targets via QEMU user-mode emulation, Frida runtime instrumentation, static binary rewriting, Unicorn emulation, or full-system emulation with KVM. For source-available programs, it inserts coverage-tracking code at compile time using LLVM or GCC plugins, with options for selective instrumentation, comparison-guided instrumentation, and LAF-INTEL byte-splitting. AFL++ also supports fuzzing Windows PE binaries through Wine and QEMU, shared libraries, network services, GUI programs, and structured data with custom mutators. Beyond core fuzzing, AFL++ provides utilities for seed collection and deduplication, corpus minimization, crash exploration, and stability measurement. It integrates with continuous integration pipelines for short, randomized runs and supports multi-core scaling with one main and multiple secondary instances, as well as multi-machine synchronization for distributed campaigns. The framework can activate sanitizers during compilation and offers persistent-mode harnesses for increased throughput. - [ultimatehackers/xsstrike](https://awesome-repositories.com/repository/ultimatehackers-xsstrike.md) (15,027 ⭐) — XSStrike is a security tool designed to detect cross-site scripting vulnerabilities through parameter fuzzing and web response analysis. It functions as a web application fuzzer and vulnerability scanner that identifies injection points and security flaws. The project includes a specialized utility for detecting blind XSS, where payloads execute asynchronously or on separate pages. It also features a JavaScript library auditor to identify outdated libraries with known vulnerabilities and a dedicated tool for identifying and bypassing web application firewalls using various evasion techniques. Its broader capabilities encompass multi-threaded web page crawling to map site structures and a high-volume input parameter fuzzing engine to trigger unexpected server behaviors. - [asyncfuncai/deepwiki-open](https://awesome-repositories.com/repository/asyncfuncai-deepwiki-open.md) (14,362 ⭐) — This platform is an automated documentation and codebase analysis system designed to generate structured wikis, technical guides, and interactive diagrams from source code repositories. It functions as a retrieval-augmented generation framework that connects codebases to language models, enabling context-aware answers, deep research, and automated documentation updates through semantic vector search. The system distinguishes itself through a self-hosted, containerized architecture that supports both cloud-based and local AI model execution. It provides sophisticated model orchestration, allowing users to route tasks between different providers to balance cost, performance, and reliability. Furthermore, it incorporates collaborative research coordination, which assigns specialized roles to tasks to facilitate parallel analysis and the synthesis of findings from diverse perspectives. Beyond its core generation capabilities, the platform includes a comprehensive suite of infrastructure tools for managing repository analysis, API specification generation, and dependency security. It maintains operational integrity through multi-tenant data isolation, role-based access control, and automated health monitoring. The platform also optimizes performance by offloading computationally intensive embedding tasks to remote worker clusters and utilizing response caching to minimize redundant processing. The project provides structured configuration management and automated version migration to ensure compatibility across software updates. - [fuzzing/mffa](https://awesome-repositories.com/repository/fuzzing-mffa.md) (334 ⭐) — Media Fuzzing Framework for Android - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific executables and mobile application packages to establish remote command sessions. The framework covers a broad surface of capabilities, including web application penetration testing, OSINT reconnaissance, memory and disk forensics, and wireless network auditing. It provides tools for payload generation, credential theft, and the automation of information gathering from public data sources. This project is implemented primarily as a shell-based application. - [golang/go](https://awesome-repositories.com/repository/golang-go.md) (134,756 ⭐) — Go is a statically typed, compiled programming language designed for building scalable, concurrent software. It provides a memory-safe execution environment that combines a high-performance runtime with a self-hosting compiler toolchain, enabling the creation of statically linked machine code binaries without external dependencies. The language is built around a structural type system that uses interfaces for polymorphism and a concurrency model based on lightweight, stack-based coroutines that communicate through channels. The language distinguishes itself through a runtime that features a concurrent, low-latency garbage collector and a compiler that performs escape analysis to optimize memory allocation. It includes a comprehensive, integrated toolchain that supports the entire software lifecycle, from dependency management and versioning to profiling, testing, and diagnostic analysis. These tools are designed to maintain consistent, reproducible builds and high code quality across complex, distributed systems. Beyond its core runtime and language features, Go provides standardized interfaces for database-driven application development, including support for connection pooling and secure query execution. The ecosystem is supported by a unified command-line interface that simplifies project organization, module distribution, and performance tuning. The project maintains extensive documentation, including formal language specifications, memory models, and installation guides for various platforms. - [fuzzdb-project/fuzzdb](https://awesome-repositories.com/repository/fuzzdb-project-fuzzdb.md) (8,819 ⭐) — fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-site scripting, path traversal, and other common security vulnerabilities. The library covers a broad range of capabilities, including server configuration auditing, sensitive data discovery, and security filter evasion. It provides patterns to identify predictable resources, writable directories, and source disclosure vulnerabilities, as well as payloads for injecting OS commands, XPath, and remote file includes. - [gh0stkey/web-fuzzing-box](https://awesome-repositories.com/repository/gh0stkey-web-fuzzing-box.md) (2,444 ⭐) - [s0md3v/xsstrike](https://awesome-repositories.com/repository/s0md3v-xsstrike.md) (14,752 ⭐) — XSStrike is an automated security scanning engine designed for web application discovery, input - [googlechrome/lighthouse](https://awesome-repositories.com/repository/googlechrome-lighthouse.md) (30,355 ⭐) — Lighthouse is an automated diagnostic tool that evaluates web pages against industry standards for performance, accessibility, and search engine optimization. It functions as a programmatic analysis engine and a command-line utility, allowing developers to integrate comprehensive web quality checks directly into continuous integration pipelines and local development workflows. The project distinguishes itself through a modular architecture that utilizes artifact-based data collection to ensure consistent analysis across different environments. It supports a headless execution mode for automated testing and provides a plugin-driven framework, enabling developers to register custom audit logic and specialized reporting categories to meet unique project requirements. Beyond its core auditing capabilities, the tool detects underlying web frameworks and content management systems to provide tailored optimization recommendations. It generates structured, machine-readable reports and offers multiple interfaces, including a browser-integrated panel and a dedicated extension, to facilitate real-time feedback during the development process. - [node-modules/parameter](https://awesome-repositories.com/repository/node-modules-parameter.md) (0 ⭐) — parameter - [daffainfo/allaboutbugbounty](https://awesome-repositories.com/repository/daffainfo-allaboutbugbounty.md) (6,644 ⭐) — AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access controls, two-factor authentication, CAPTCHA protections, rate limiting, and web application firewalls, as well as methods for exploiting OAuth misconfigurations, JWT vulnerabilities, and NoSQL injection. The collection also addresses denial of service attacks, file inclusion and upload exploitation, CSRF crafting, and reconnaissance techniques using Google, GitHub, and Shodan dorks. It provides guidance on discovering scope, detecting exposed metadata, and exploiting business logic flaws such as coupon code abuse, refund manipulation, and currency arbitrage. - [gitroomhq/postiz-app](https://awesome-repositories.com/repository/gitroomhq-postiz-app.md) (32,271 ⭐) — Postiz is an open-source social media management platform designed to centralize the scheduling, publishing, and analysis of content across diverse social networks, community forums, and blogging platforms. It functions as a unified hub where users can coordinate, review, and distribute content through a shared team workspace, while leveraging integrated artificial intelligence to assist in drafting text and generating multimedia assets. The platform distinguishes itself through a modular architecture that utilizes a provider-specific adapter pattern to ensure consistent content distribution across various external services. It incorporates an AI-driven tool execution model that connects natural language models to internal functions, enabling automated content generation and media configuration. Furthermore, the system provides a programmatic API gateway that allows external applications to interact with its scheduling and management features via structured payloads. Beyond core scheduling, the platform includes comprehensive tools for performance tracking, media storage abstraction, and collaborative workflows. It supports complex content strategies through features like multi-part thread scheduling and automated campaign execution, while maintaining secure identity management through OAuth-based mediation and support for external identity providers. The application is designed for self-hosting and can be deployed into containerized environments using provided configuration charts. - [cpuu/awesome-fuzzing](https://awesome-repositories.com/repository/cpuu-awesome-fuzzing.md) (972 ⭐) — A curated list of awesome Fuzzing(or Fuzz Testing) for software security - [bottlerocket-os/bottlerocket](https://awesome-repositories.com/repository/bottlerocket-os-bottlerocket.md) (9,624 ⭐) — Bottlerocket is a container-optimized operating system and minimal Linux distribution designed specifically for hosting container workloads. It functions as an immutable infrastructure OS, utilizing a read-only root filesystem and atomic partition swapping to ensure consistent and reversible system updates. The system is distinguished by an API-driven host manager that replaces traditional shell-based configuration with a local REST API for administrative tasks. To maintain security and stability, it employs a dual-runtime isolation model that separates workload runtimes from system operational tasks to prevent resource exhaustion. The project provides specialized image variants for various hosting environments, including optimized builds for Kubernetes nodes and Amazon ECS. It further supports high-performance computing through integrated drivers for hardware accelerators such as NVIDIA GPUs and neural accelerators. Broad capabilities cover the full lifecycle of container hosting, including bootstrap configuration via TOML, in-place software updates, and out-of-band administrative access via privileged containers for system debugging. - [sensepost/gowitness](https://awesome-repositories.com/repository/sensepost-gowitness.md) (4,174 ⭐) — Gowitness is a system for rendering web interfaces at scale to capture visual snapshots, HTTP metadata, and network scan results. It functions as a headless browser screenshot tool and a web surface mapper used to identify and visually document the attack surface of network ranges and URL lists. The tool includes a screenshot gallery server that provides a web-based interface for browsing, filtering, and managing a database of captures. It specifically serves as an Nmap target visualizer, parsing network scan results to automatically capture screenshots of discovered web services. Capabilities include network discovery through CIDR block scanning and the collection of technical metadata such as DOM elements, TLS information, request headers, cookies, and console logs. The system supports bulk visual captures and allows exporting results into structured formats including SQLite, JSONLines, and CSV. Programmatic interaction is available via an API for managing captures, retrieving metadata, and submitting target URLs. - [autoscrape-labs/pydoll](https://awesome-repositories.com/repository/autoscrape-labs-pydoll.md) (6,919 ⭐) — pydoll is a Chrome DevTools Protocol automation library and headless browser controller used for web data extraction and parallel browser automation. It controls Chromium-based browsers via direct WebSocket connections, allowing it to manage isolated browser contexts and tabs while bypassing the overhead and detection associated with WebDriver. The project features an anti-bot evasion framework that mimics natural human behavior, including mouse movements generated via Bezier curves and variable typing patterns. It provides specialized stealth capabilities to bypass behavioral analysis and automate interactions with CAPTCHA challenges. The library covers a broad range of capabilities, including network traffic interception for mocking server responses, comprehensive DOM manipulation and shadow DOM traversal, and structured data mapping for extracting content from dynamic pages. It also includes tools for browser fingerprint spoofing, identity synchronization, and the capture of page screenshots, PDFs, and screencasts. - [strongcourage/fuzzing-corpus](https://awesome-repositories.com/repository/strongcourage-fuzzing-corpus.md) (320 ⭐) — My fuzzing corpus - [six2dez/reconftw](https://awesome-repositories.com/repository/six2dez-reconftw.md) (7,226 ⭐) — reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent execution across different cloud providers and features a checkpoint system to resume interrupted workflows from the last point of failure. The toolkit covers a broad range of capabilities, including passive and active subdomain enumeration, open-source intelligence gathering, and network infrastructure analysis. It also incorporates automated vulnerability scanning for common web flaws and CVEs, differential asset tracking to identify new targets, and the generation of security reports using artificial intelligence. The environment can be deployed via container orchestration and integrated into CI/CD pipelines for recurring security checks. - [filamentphp/filament](https://awesome-repositories.com/repository/filamentphp-filament.md) (31,215 ⭐) — Filament is a full-stack framework for building administrative panels and management interfaces within the Laravel ecosystem. It provides a declarative, component-based architecture that allows developers to construct complex, data-driven applications using server-side configuration objects rather than manual HTML. By inspecting database model structures and relationships, the framework automates the generation of CRUD interfaces, forms, and data tables, significantly reducing boilerplate code. The project distinguishes itself through a highly modular and extensible design that supports custom plugins, themes, and specialized dashboard widgets. It features a fluent, object-oriented API for defining UI components, validation rules, and data persistence logic, while maintaining application state between the browser and server over a persistent connection. Developers can further customize the interface through dynamic configuration, custom Blade view embedding, and a comprehensive system for managing user identity, multi-tenancy, and role-based access control. Beyond core CRUD capabilities, the framework includes advanced tools for data presentation, such as interactive charts, statistical summaries, and global search functionality. It also provides robust support for complex data entry, including multistep wizards, repeatable form blocks, and file management. The system is designed for reliability, offering built-in observability, automated testing helpers, and performance optimizations like asset scoping and client-side navigation. The framework is distributed as a set of packages that integrate directly into existing Laravel applications, with command-line utilities available to scaffold resources and administrative components. - [sqlmapproject/sqlmap](https://awesome-repositories.com/repository/sqlmapproject-sqlmap.md) (37,676 ⭐) — This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuristic fingerprinting, which adjusts injection techniques in real-time based on server responses. It supports advanced post-exploitation capabilities, including remote command execution on the underlying host operating system and file system access through database-level vulnerabilities. To navigate restricted environments, the software incorporates out-of-band data exfiltration channels and a middleware pipeline for applying user-defined transformations to bypass security filters and web application firewalls. The suite covers a broad range of operational requirements, including stateful session management, anti-CSRF token handling, and extensive request customization. It supports various target specification methods, such as proxy log analysis and remote API management, while offering granular control over scan performance and detection thresholds. The software is distributed as a command-line application, with configuration management supported through external file loading and command-line arguments. - [introlab/find-object](https://awesome-repositories.com/repository/introlab-find-object.md) (477 ⭐) — Find-Object project - [htr-tech/zphisher](https://awesome-repositories.com/repository/htr-tech-zphisher.md) (15,416 ⭐) — Zphisher is a security testing framework designed for conducting authorized social engineering assessments and penetration testing. It functions as a credential harvesting simulator that enables security professionals to evaluate organizational defenses and user awareness by deploying deceptive login interfaces. The platform automates the creation of realistic web pages through dynamic template rendering and provides tools to mask destination addresses. It integrates reverse proxy tunneling to expose local testing services to the public internet, allowing for remote access during security audits without requiring modifications to network firewall configurations. The tool supports the simulation of credential harvesting attacks to measure vulnerability within authentication workflows. It is packaged to ensure consistent execution across different host environments, facilitating the deployment of controlled testing infrastructure for security awareness training. - [elysiajs/elysia](https://awesome-repositories.com/repository/elysiajs-elysia.md) (18,531 ⭐) — Elysia is a high-performance TypeScript web framework designed for building type-safe backend services. It provides a modular, plugin-based architecture that allows developers to compose server logic, middleware, and validation schemas into scalable application instances. By leveraging native web standards, the framework ensures portability across diverse JavaScript runtimes, including Node.js, Deno, and various edge computing environments. The framework distinguishes itself through its focus on end-to-end type safety, automatically synchronizing request and response definitions between the server and client. It features a sophisticated plugin system that enables granular control over the request lifecycle, allowing for scoped validation, dependency injection, and shared state management. Additionally, it includes built-in support for real-time communication via WebSockets and provides automated generation of interactive API documentation directly from server routes. Beyond its core routing and validation capabilities, the framework offers a comprehensive suite of tools for managing the request-response lifecycle, including custom payload parsing, reactive cookie management, and streaming responses. It also integrates observability features such as request tracing and performance monitoring, alongside testing utilities that allow for in-memory request simulation without requiring a live network connection. The project is designed for flexibility in deployment, supporting everything from standard server environments to serverless and edge platforms, with options for bundling applications into portable binaries. - [google/oss-fuzz](https://awesome-repositories.com/repository/google-oss-fuzz.md) (12,353 ⭐) — OSS-Fuzz is a distributed, containerized platform for continuous fuzzing and memory safety analysis. It functions as a bug hunting infrastructure that identifies security vulnerabilities and stability bugs through automated, coverage-guided fuzz testing across a scalable cluster of containers. The system provides a continuous security testing pipeline that manages the entire lifecycle of vulnerability discovery, from bootstrapping project templates and compiling targets to executing long-running batch tests. It specifically focuses on memory safety, utilizing sanitizers to detect buffer overflows and undefined behavior in compiled code. The platform includes capabilities for crash reproduction, automated test case export, and code coverage analysis to identify untested areas of a codebase. It also supports pull request fuzzing to identify regressions and incorporates security governance through two-party review enforcement. The project supports multiple programming languages and provides automation utilities for project configuration and build pipeline management. - [mishakorzik/allhackingtools](https://awesome-repositories.com/repository/mishakorzik-allhackingtools.md) (5,186 ⭐) — AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social engineering suite for simulating phishing attacks and credential recovery. The system covers a broad range of operational capabilities, including network packet sniffing, wireless network attacks, and denial-of-service execution. It also incorporates web security testing for identifying SQL injection and cross-site scripting vulnerabilities, alongside utilities for password hash cracking and custom wordlist generation. The environment is managed through a shell-scripted interface that handles system package dependencies and provides options for terminal appearance customization and theme application. - [facebook/rocksdb](https://awesome-repositories.com/repository/facebook-rocksdb.md) (31,767 ⭐) — RocksDB is a high-performance, embeddable persistent key-value library and storage engine based on Log-Structured Merge-trees. It is designed to provide durable storage for large-scale datasets, integrating directly into applications to manage data on flash and RAM-based hardware. The engine is distinguished by its focus on minimizing read and write amplification through multi-threaded compaction and custom memory allocators. It features specialized optimizations for flash storage, including support for zoned block devices, and provides the ability to extend store behavior via external plugins. Its broad capability surface includes atomic transactions, column family partitioning for logical keyspace division, and data-at-rest encryption. The system also supports secondary indexing, time-to-live data expiration, and integration with distributed filesystems. Observability is provided through internal statistics tracking, component performance benchmarking, and crash recovery simulation. - [web-padawan/api-viewer-element](https://awesome-repositories.com/repository/web-padawan-api-viewer-element.md) (283 ⭐) — API documentation and live playground for Web Components. Based on Custom Elements Manifest format - [bytebytegohq/system-design-101](https://awesome-repositories.com/repository/bytebytegohq-system-design-101.md) (83,491 ⭐) — This project is a centralized engineering knowledge repository that provides a structured curriculum for mastering system design, architectural patterns, and fundamental software development workflows. It serves as a professional development resource for engineers, offering foundational knowledge and real-world case studies to support the design of scalable, secure, and efficient distributed systems. The repository distinguishes itself through a visual-first approach to knowledge synthesis, distilling complex technical concepts into high-density graphical diagrams and succinct illustrations. By employing cross-domain concept mapping and modular topic decomposition, it connects disparate engineering disciplines—such as infrastructure, security, and application layers—into granular, self-contained modules that facilitate rapid mental modeling and targeted learning. The content covers a broad spectrum of technical domains, including API and web development, database scaling strategies, networking protocols, and DevOps deployment pipelines. These educational assets are organized as a static, version-controlled repository, allowing users to consume technical insights asynchronously at their own pace. - [k8gege/k8tools](https://awesome-repositories.com/repository/k8gege-k8tools.md) (6,167 ⭐) — K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection. The framework distinguishes itself through its breadth of integrated capabilities, including a multi-protocol credential tester that checks username and password combinations across SSH, FTP, MySQL, and SMB services, along with port forwarding through compromised hosts to access internal services behind firewalls. It also provides UAC bypass via registry manipulation, a Windows privilege escalation toolkit that elevates processes from limited user to SYSTEM or Administrator, and USB keystroke injection attacks that program Teensy devices to simulate keyboard input on locked machines. Beyond these core differentiators, the toolkit encompasses credential theft and cracking, internal network penetration testing, payload generation and obfuscation, remote code execution via exploits, and web application exploitation. It includes utilities for data encoding and decoding, live host discovery, subdomain enumeration, persistent backdoor deployment, web shell command execution, and password hash cracking, all accessible through local, command-line, or remote PowerShell execution methods. - [yelp/fuzz-lightyear](https://awesome-repositories.com/repository/yelp-fuzz-lightyear.md) (226 ⭐) — A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing. - [clickhouse/clickhouse](https://awesome-repositories.com/repository/clickhouse-clickhouse.md) (48,229 ⭐) — ClickHouse is a high-performance, columnar analytical database designed for real-time query execution and large-scale data aggregation. It functions as a distributed data warehouse capable of processing petabytes of information, while also providing an embedded engine that integrates directly into applications for native query capabilities without external dependencies. The system is built to handle high-throughput ingestion and complex analytical workloads, delivering millisecond-level latency for interactive dashboards and operational monitoring. The platform distinguishes itself through advanced storage and execution techniques, including vectorized query processing and a merge tree storage engine that maintains performance during massive insertions. It features adaptive subcolumn mapping for semi-structured data and supports native vector search for machine learning and generative AI applications. To facilitate efficient data movement, the engine utilizes zero-copy shared memory buffers, minimizing overhead when interacting with external analytical tools or processing diverse file formats like Parquet, JSON, and Arrow. Beyond its core storage and processing capabilities, the project provides a comprehensive suite of tools for observability, security, and data integration. It includes built-in support for natural language querying, automated workflow orchestration for AI agents, and extensive diagnostic features for query plan inspection. The platform also offers robust cloud infrastructure management, including support for private networking, compliant deployment strategies, and integrated billing consolidation. - [aurelg/ephemeral-hidden-service](https://awesome-repositories.com/repository/aurelg-ephemeral-hidden-service.md) (9 ⭐) — Create ephemeral Tor hidden services from the command line - [thekingofduck/fuzzdicts](https://awesome-repositories.com/repository/thekingofduck-fuzzdicts.md) (8,355 ⭐) — fuzzDicts is a repository of curated wordlists and dictionaries designed for web application fuzzing. It provides collections of strings and payloads used to discover hidden files, subdomains, and security vulnerabilities. The project includes specialized libraries for different security testing vectors, such as dictionaries for common request and cookie parameters, lists of common subdomain prefixes, and collections of passwords and default vendor credentials for brute-force testing. It also maintains a security payload library containing character sequences used to identify flaws like SQL injection and cross-site scripting. The available datasets cover several capability areas, including hidden asset discovery, subdomain enumeration, and security vulnerability scanning. - [fastapi/typer](https://awesome-repositories.com/repository/fastapi-typer.md) (19,632 ⭐) — This project is a Python framework for building command-line interfaces by converting standard functions into executable programs. It uses type hints to automatically infer and generate argument parsers, validation logic, and help documentation, allowing developers to define complex terminal applications through simple function signatures. The framework distinguishes itself through a decorator-driven registration system that enables the construction of hierarchical command trees. It supports dependency injection to manage shared state and runtime configuration across subcommands, and it utilizes reflective metadata inspection to dynamically build help screens and parameter configurations. Beyond core parsing, the library provides a comprehensive suite of tools for terminal interaction, including support for interactive prompts, secure input collection, and visual feedback like progress indicators. It also handles advanced system integration tasks such as generating shell completion scripts, reading configuration from environment variables, and formatting terminal output with custom styling. The project is designed to be installed as a standard Python package, enabling developers to expose command-line entry points directly from their modules. - [sindresorhus/find-up](https://awesome-repositories.com/repository/sindresorhus-find-up.md) (640 ⭐) — Find a file or directory by walking up parent directories - [voorivex/pentest-guide](https://awesome-repositories.com/repository/voorivex-pentest-guide.md) (2,761 ⭐) — This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-party security tools. The guide covers a broad spectrum of security analysis, including attack surface mapping, authentication and session auditing, and infrastructure configuration reviews. It provides detailed procedures for identifying common vulnerabilities such as injection flaws, broken access control, business logic gaps, and token-based security issues. The project is organized as a collection of manuals and checklists, including a web security audit checklist and a dedicated API security testing manual. - [zaproxy/zaproxy](https://awesome-repositories.com/repository/zaproxy-zaproxy.md) (15,293 ⭐) — OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments. - [appsmithorg/appsmith](https://awesome-repositories.com/repository/appsmithorg-appsmith.md) (40,051 ⭐) — Appsmith is a low-code platform designed for building internal business tools, such as operational dashboards and administrative panels. It enables developers to construct dynamic user interfaces by dragging and dropping modular widgets onto a canvas and binding them directly to backend data sources. The platform utilizes a reactive framework that automatically updates interface elements and triggers functions whenever underlying data or widget properties change, eliminating the need for manual event handling. The platform distinguishes itself through a server-side proxy architecture that executes database and API queries securely, masking sensitive credentials from the client. It provides a sandboxed JavaScript environment for custom logic, ensuring that application code remains isolated and secure. Developers can manage their projects using integrated Git-based version control, which allows for branching, merging, and tracking changes across deployment pipelines. Beyond core UI construction, the platform includes a visual workflow orchestrator for automating business processes and handling human-in-the-loop tasks. It supports a wide range of data connectivity options, including SQL databases, third-party APIs, and AI-driven query execution. The system is built for enterprise environments, offering granular role-based access control, multi-tenancy support, and containerized deployment options for self-hosted infrastructure. The platform is distributed as a containerized runtime, allowing for consistent deployment across local and cloud environments. It includes comprehensive administrative tools for managing authentication, system telemetry, and instance-level security configurations. - [quarkslab/android-fuzzing](https://awesome-repositories.com/repository/quarkslab-android-fuzzing.md) (138 ⭐) — This repository contains the material associated with the blogpost Android greybox fuzzing with AFL++ Frida mode. - [chancejs/chancejs](https://awesome-repositories.com/repository/chancejs-chancejs.md) (6,541 ⭐) — Chance is a JavaScript library for generating random data, designed to produce realistic test data for automated tests and prototypes. It uses a Mersenne Twister pseudo-random number generator that accepts an optional seed value, enabling reproducible sequences of random values across multiple runs. The library provides a wide range of generators for common data types, including random integers, floats, booleans, characters, strings, and dates, all with configurable ranges and character pools. It can generate realistic geographic data like addresses, as well as financial data such as credit card numbers that pass the Luhn algorithm, currency pairs, and formatted monetary amounts. Chance also supports picking random items or subsets from arrays and generating random names and email addresses. The library is extensible, allowing users to attach custom generator functions and override built-in datasets to adapt random generation to specific contexts. Its method-chaining API enables sequential calls in a single expression, and locale-aware formatting is available for region-specific output like euro amounts.