Network Mapping and Service Enumeration Tools

The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to manage high-performance, concurrent network connections and features a transport-agnostic communication layer that abstracts protocols to maintain persistent command and control. Users can extend the core functionality through a plugin system and define complex exploit logic using a domain-specific language. The framework provides robust capabilities for remote payload management, including the configuration of network settings like sleep intervals and timeout thresholds. It maintains state persistence across long-running sessions by storing discovered host information and vulnerability data in a relational database. The software is designed for cross-platform deployment, with installation support available for Linux, macOS, and Windows environments.

iRingo is a customization tool for Apple devices designed to bypass geographical restrictions and enable region-locked system services and applications. It functions as a regional unlocker and service proxy that modifies system requests to activate hidden or restricted operating system capabilities. The project focuses on unlocking AI-driven system intelligence, voice assistants, and advanced search features through network overrides and regional code modifications. It enables access to restricted news, television services, and beta software versions that are normally unavailable in specific countries. The tool's capability surface covers geoservices and meteorological data, allowing for the redirection of map endpoints to unlock international 3D imagery and the integration of third-party weather data for air quality and precipitation intensity. It also provides network and routing utilities to manage private proxies, store region modifications, and the synchronization of notification settings across hardware platforms.

Masscan is a command-line network scanner designed for large-scale discovery and infrastructure reconnaissance. It identifies open ports across specific network segments or the entire internet by probing vast address ranges with high efficiency. The tool functions as an asynchronous packet engine, bypassing standard operating system kernel networking stacks to transmit raw packets directly from application memory. The project distinguishes itself through a specialized architecture that manages millions of concurrent connections by separating packet transmission and reception into independent execution threads. It utilizes a stateless, index-based mathematical algorithm to randomize target selection, ensuring probes are distributed unpredictably across address spaces. To maintain consistent performance and prevent network congestion, the scanner employs a high-precision timer to regulate transmission rates and uses zero-copy buffer management to minimize memory overhead. The software provides a platform-agnostic interface for raw network access, allowing it to operate consistently across different hardware and operating system environments. It supports the export of collected reconnaissance data into structured formats such as XML, JSON, or plain text for further analysis. The application is distributed as a portable utility, with its core codebase maintained through standardized string handling and automated testing.

This project is an AI agent orchestration platform that provides a visual environment for building, testing, and deploying complex automation workflows. It functions as a low-code development interface where users can chain discrete functional blocks into dependency-aware pipelines to integrate artificial intelligence with external data and services. The platform supports the creation of intelligent conversational agents, automated business processes, and multi-service API orchestrations within a unified workspace. The platform distinguishes itself through its event-driven integration engine, which triggers automated sequences based on real-time webhooks, scheduled events, or changes in third-party platforms. It offers a secure, cloud-native execution sandbox for running custom code, data transformations, and AI model inferences in isolated environments. Users can maintain stateful memory across multi-stage tasks, implement complex branching logic, and utilize human-in-the-loop components to pause and approve workflow execution. The system covers a broad capability surface, including extensive connectors for cloud storage, communication platforms, CRM systems, and project management tools. It provides utilities for managing infrastructure, observability, and security, alongside specialized tools for meeting intelligence, data enrichment, and web scraping. The platform supports deployment on managed cloud infrastructure or self-hosted container environments, ensuring full control over data and model execution.

This project is a command-line utility designed to benchmark and optimize network connectivity by identifying the fastest available content delivery network nodes. It performs concurrent latency probing and speed testing across large pools of IP addresses to evaluate real-world performance based on your specific geographic location and network environment. Beyond simple benchmarking, the tool functions as an automated configuration manager that synchronizes your network settings with the best-performing endpoints discovered during testing. It integrates with external DNS management services to update domain records and can modify local system files or generate configuration files for domain resolution services to ensure traffic is consistently routed through optimized paths. The software also includes capabilities for local network acceleration by spawning a lightweight proxy server that prioritizes high-speed connections. Users can customize the evaluation criteria, such as latency thresholds or packet loss limits, through command-line arguments to tailor the performance analysis to their specific requirements.

ClashX.Meta is a macOS desktop application that provides a graphical interface for managing the Clash proxy engine. It enables rule-based traffic routing using domain, IP, and GeoIP rules, and allows users to manage proxy configurations and toggle system proxy settings directly from the menu bar. The application serves as a full-featured client for controlling the core proxy daemon on macOS. The project includes a YAML-based configuration manager with built-in schema validation, ensuring proxy profiles are valid before activation. It also provides a TUN virtual network stack that captures all device traffic and processes packets in user space, along with process-level traffic attribution that logs which applications generate network connections. The system proxy hook modifies macOS network preferences programmatically to enable or disable proxying. Users can import remote proxy configuration files, switch between routing modes (global, direct, or rule-based), configure applications to bypass the proxy, and view process-level logs for troubleshooting. The project also supports building from source, running tests, and verifying binary authenticity. ClashX.Meta is open-source and can be built using the standard Go toolchain.

This application is a desktop network traffic analyzer that provides real-time monitoring and forensic inspection of data packets. By interfacing directly with low-level system drivers, it captures raw network traffic from physical or virtual adapters to identify communication patterns, track bandwidth usage, and diagnose connectivity issues. The system distinguishes itself through an immediate-mode graphical interface that rebuilds the display state every frame, ensuring high responsiveness during live data updates. It maintains performance by using asynchronous message passing to decouple the packet capture engine from the rendering thread. To provide context for network activity, the application performs real-time enrichment through high-speed database lookups, enabling features like autonomous system identification, host location mapping, and reverse DNS resolution. Beyond basic monitoring, the tool includes comprehensive diagnostic and security capabilities. Users can apply granular traffic filtering, manage alert conditions for specific network events, and utilize automated threat detection to identify and block suspicious connections. The software also supports the recording of traffic data into standard file formats for offline analysis and provides configuration options for operation within isolated containerized environments.

Scapy is a network packet manipulation tool and protocol analysis suite designed for crafting, sending, sniffing, and dissecting network traffic. It functions as a framework for building custom network tools that interact directly with low-level packet headers and payloads, enabling users to perform security research and network diagnostics. The system distinguishes itself through a layer-based construction model that allows users to define protocols as stacked objects, which automatically handle checksums and field offsets. It utilizes dynamic field reflection to map packet structures to binary data formats and employs a raw socket interface to bypass standard transport layer restrictions for custom packet injection. The platform provides a comprehensive capability set for network security testing, automated scanning, and traffic simulation. It includes a protocol dissection engine that recursively parses binary streams into structured objects, supported by stateful flow tracking to correlate packets into logical sessions. Users can capture and analyze live traffic through a background sniffing loop to troubleshoot communication patterns and verify protocol implementations.

Web-check is a self-hosted diagnostic platform designed to perform comprehensive technical reconnaissance and security audits on web domains. It functions as a network scanner that inspects infrastructure by querying IP addresses, DNS records, SSL certificate chains, and server headers to identify potential misconfigurations or vulnerabilities. The platform is built to run within private infrastructure, ensuring that site investigations remain independent of external tracking or third-party data logging. By utilizing server-side request proxying, the tool bypasses client-side security restrictions to conduct direct network-level inspections. It further enhances its diagnostic capabilities by orchestrating concurrent requests to various third-party services, aggregating metadata into structured intelligence through a modular pipeline. The application is packaged as a containerized service, allowing for consistent deployment across cloud environments or local servers. Users can configure the platform’s behavior and service rate limits through environment variables, enabling the activation of specific analysis checks based on individual requirements. The software supports multiple installation methods, including one-click cloud deployments, container-based execution, and manual builds from source code.

MadelineProto is an asynchronous PHP library that provides a programmatic interface for interacting with the Telegram API using the MTProto protocol, the same protocol used by official Telegram clients. It functions as both a Telegram bot SDK and a userbot automation library, enabling PHP applications to connect to Telegram as either a bot account or a regular user account, sending and receiving messages, media, and other data directly without relying on the Bot API intermediary. The library is built on an event-driven architecture with Amp v3 fiber-based concurrency, allowing for non-blocking, concurrent operations within a single-threaded event loop. It includes a modular plugin system for processing Telegram updates with attribute-based filters and concurrent handler execution, and supports batch method containerization for efficient processing of multiple API calls. MadelineProto also provides a VoIP call management engine for initiating, accepting, and managing Telegram voice calls with audio streaming and recording capabilities, as well as multi-protocol proxy routing through MTProxy, SOCKS5, or HTTP proxies. Beyond its core messaging and event handling capabilities, MadelineProto offers comprehensive file transfer and media management, supporting uploads, downloads, and streaming of files up to 4GB with progress tracking and parallel transfers. It includes an async ORM for session persistence, Prometheus metrics endpoints for monitoring, and supports multiple database backends including MariaDB, PostgreSQL, and Redis for persistent storage. The library also provides tools for authentication via phone number, bot token, or QR code, and includes features for managing secret chats, forum topics, and chat join requests.

Pi-hole is a self-hosted network utility that functions as a DNS sinkhole server to provide network-wide ad blocking. By acting as a dedicated network gateway, it intercepts and discards requests for known advertising, tracking, and malicious domains across an entire local network, preventing unwanted content from loading on any connected device. The software operates through a lightweight background daemon that handles high volumes of concurrent DNS queries with minimal resource overhead. It utilizes a host-file injection mechanism to redirect traffic toward its local filtering engine and applies regex-based pattern matching to identify and block specific domain requests. Users manage these operations and monitor network traffic statistics through a centralized, web-based configuration interface. Beyond blocking, the project provides tools for comprehensive DNS traffic management and home network security. By resolving domain names locally, it offers increased visibility into outgoing internet traffic and helps optimize network performance by preventing the download of resource-heavy tracking scripts and advertisements.

This project is a community-curated database of network patterns designed to facilitate regional access bypass. It functions as a centralized, crowdsourced registry where distributed contributors submit and verify domain identifiers to maintain an accurate and up-to-date list of network rules. The registry provides a declarative syntax that allows diverse proxy clients to distinguish between local and restricted traffic. By standardizing these rules, the project enables automated configuration of routing tables, ensuring that only specific requests are directed through external proxy tunnels. The repository serves as a version-controlled distribution point for these network filters, allowing client applications to consume the data to maintain consistent filtering logic. The project is maintained as a collaborative, open-source database accessible for integration into various network routing tools.

RustScan is a high-speed network reconnaissance tool designed for automated port discovery and service enumeration. It functions as an automated vulnerability scanner that identifies open ports and active services across network environments, providing a foundation for mapping attack surfaces and gathering intelligence on target systems. The tool distinguishes itself through its ability to dynamically adjust scanning parameters and concurrency in real-time based on system feedback, ensuring efficient performance while preventing network congestion. It features an extensible architecture that supports the execution of custom scripts and the automated piping of discovered data into external security utilities, including native integration with Nmap for deep service analysis. Beyond basic port discovery, the software supports payload-driven service probing to accurately classify network services and includes capabilities for UDP service identification. It is built as a cross-platform utility, utilizing a unified codebase to generate native binaries for multiple operating systems.

XX-Net is a cross-platform desktop application that functions as a local proxy server and network traffic router. It intercepts outgoing network requests from a local machine and redirects them through encrypted tunnels to a distributed mesh of cloud-based nodes, facilitating secure and reliable access to external resources. The software distinguishes itself by providing a centralized management interface for coordinating complex proxy infrastructure. It employs rule-based traffic routing, allowing users to define custom logic based on destination addresses and protocols to determine the optimal path for data packets. This approach enables the circumvention of regional or institutional network restrictions while maintaining consistent connection stability. The application includes a comprehensive suite of tools for managing tunnel connections, listening ports, and remote server configurations. Users can adjust system settings, update schedules, and security credentials through a dashboard that supports dynamic configuration changes without requiring a full application restart.

Trape is a browser-based remote access tool and exploit framework designed for gathering device geolocation, hardware profiles, and network data. It functions as an open-source intelligence platform and a system for executing custom scripts and triggering browser vulnerabilities to capture credentials or monitor device activity. The project features a real-time geolocation tracker capable of retrieving precise physical coordinates and monitoring individual movement, including silent acquisition that bypasses standard location prompts. It further provides a network tunneling service to make locally hosted servers accessible over the internet for remote interactions. Additional capabilities include device profiling of hardware specifications, network environment scanning to identify connected devices, and the aggregation of open-source intelligence. The framework also supports session monitoring to detect active web services and can trigger remote audio playback of synthesized voice messages through a target browser.

TrackersListCollection is an automated aggregator that maintains a directory of active BitTorrent tracker addresses. It functions as a resource for peer-to-peer file sharing applications, providing the necessary endpoints to facilitate peer discovery and improve network connectivity. The project distinguishes itself through a combination of automated source aggregation and community-driven curation, which ensures the repository remains populated with healthy network nodes. By consolidating data from multiple public endpoints, it provides a centralized source for maintaining current and reliable tracker information. The repository stores these addresses in standardized, line-delimited text files designed for compatibility with various download clients. This format allows users to import the lists directly into their software configuration settings to optimize decentralized file transfer performance.

NetBox is a data center infrastructure management tool designed to serve as a centralized source of truth for network environments. It provides a structured platform for documenting network topology, managing device inventories, and tracking IP address spaces, ensuring that physical and logical connections are maintained within a single, consistent database. The system is built on a modular framework that supports custom plugins, allowing organizations to extend its core functionality and tailor infrastructure modeling to specific operational requirements. By utilizing a declarative state model and an event-driven change tracking system, it provides an audit trail for all modifications and enables the detection of operational drift between documented models and actual infrastructure states. The platform is designed with an application programming interface at its core, facilitating integration with external tools for network automation, configuration generation, and compliance enforcement. It is distributed as a web-based application that manages data integrity through a relational database schema.

Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using custom scripts. It provides a unified command-based interface for manual interaction, enabling users to define custom key bindings, content views, and command-line tools. The engine supports multiple operational modes, including explicit, transparent, reverse, and SOCKS proxying, as well as a userspace WireGuard VPN mode for capturing traffic without requiring client-side configuration changes. Beyond basic interception, the platform includes comprehensive tools for recording and replaying network conversations to simulate complex interactions or automate repetitive tasks. It offers advanced capabilities such as request blocking, header and body modification, and local resource mapping. The system also provides robust support for debugging and performance analysis, including integration with external tools through secret logging and structured data representation. The software is designed for rapid iteration, featuring live script reloading that updates custom logic without restarting the proxy process. It includes extensive documentation for managing certificates, configuring proxy modes, and implementing custom addons through a well-defined programmatic interface.

Ethical-Hacking-Labs is a comprehensive cybersecurity training curriculum and lab suite designed for learning penetration testing, network analysis, and offensive security techniques. It provides a structured environment for practicing the full attack lifecycle, from initial reconnaissance and scanning to exploitation and post-compromise analysis. The project provides instructional materials and guided exercises that cover specific technical domains, including open source intelligence research and network security courseware. It includes a practical workbook for identifying system vulnerabilities and practicing credential cracking and privilege escalation. The suite covers a broad range of security capabilities, including network scanning, vulnerability assessment, and traffic analysis. It also includes utilities for credential access through hash cracking, open source intelligence gathering, and the simulation of attack vectors using malicious payloads. The labs utilize virtualization environment setup to deploy pre-configured security distribution images within isolated virtual networks.

Headscale is a self-hosted control plane for private mesh networking that enables the creation of secure, encrypted peer-to-peer networks. By acting as a centralized coordination server, it manages device authentication, cryptographic key exchange, and network topology, allowing distributed infrastructure to communicate without relying on third-party services. It implements a zero-trust security architecture, verifying device and user identity before granting access to internal resources. The project distinguishes itself by providing a fully independent, self-hosted alternative for managing network overlays. It integrates with external identity providers to automate user authentication and enforces granular, declarative access control policies across a fleet of devices. Administrators can manage the network through a web-based dashboard, a REST API, or a gRPC interface, providing flexibility for both manual oversight and programmatic automation. The system supports a wide range of networking capabilities, including remote subnet routing, exit node configuration, and automated DNS management. It ensures connectivity across diverse environments through relay-based NAT traversal, which facilitates communication even when direct peer-to-peer connections are blocked by firewalls. The platform also maintains state persistence using a relational database and automates security through integrated TLS certificate management. The software is available as a standalone binary or via containerized deployment, with support for cross-platform clients across various mobile and desktop operating systems.