# Offensive Tooling and Red Teaming > Search results for `Offensive Tooling and Red Teaming` on awesome-repositories.com. 118 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/offensive-tooling-and-red-teaming **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/offensive-tooling-and-red-teaming).** ## Results - [greydgl/pentestgpt](https://awesome-repositories.com/repository/greydgl-pentestgpt.md) (11,697 ⭐) — PentestGPT is an autonomous security testing framework that leverages large language models to plan, execute, and coordinate end-to-end penetration testing engagements. By functioning as an autonomous agent, the system automates the entire testing lifecycle, from initial reconnaissance and vulnerability analysis to the generation of custom exploits and the execution of post-exploitation tasks. The platform distinguishes itself through a multi-agent orchestration system that coordinates specialized AI agents to collaborate on complex, multi-stage attack chains. It integrates multimodal context, synthesizing both visual and textual data to inform its decision-making process. To ensure consistency and continuity, the framework maintains persistent session state, allowing users to pause and resume assessments without losing critical context or progress. The system provides a comprehensive suite of capabilities for managing external security utilities, including the ability to parse raw command-line output into structured data for automated analysis. It operates within isolated, containerized environments to ensure that testing workflows remain reproducible and secure across diverse target architectures. - [justcallmekoko/esp32marauder](https://awesome-repositories.com/repository/justcallmekoko-esp32marauder.md) (9,916 ⭐) — ESP32Marauder is a suite of specialized firmware images and tools designed for wireless network auditing, packet sniffing, and Bluetooth scanning on ESP32 hardware. It functions as a wireless penetration tool used to analyze network security and monitor signal traffic. The project includes capabilities for capturing wireless handshakes and simulating access points to test infrastructure resilience. It also features a Bluetooth low energy scanner used to identify hardware signatures and detect unauthorized signals or skimming devices. The firmware supports broader security operations including wireless network scanning, packet traffic analysis, and target list management. It provides mechanisms for logging intercepted traffic to physical storage and updating the system image via a web interface. Hardware configuration is handled through build-time mapping for display drivers, pin assignments, and screen resolutions to ensure compatibility with various microcontroller boards. - [kamranahmedse/developer-roadmap](https://awesome-repositories.com/repository/kamranahmedse-developer-roadmap.md) (357,434 ⭐) — Developer Roadmap is a community-driven platform that provides structured, graph-based learning paths for software engineering. It serves as a comprehensive knowledge repository where technical domains are organized into visual sequences to guide professional skill acquisition and career growth. The project distinguishes itself through a collaborative ecosystem that enables users to contribute roadmaps, curate industry best practices, and maintain professional profiles. It integrates diagnostic assessment frameworks to evaluate technical proficiency, helping developers identify knowledge gaps and prepare for professional interviews through targeted learning sequences. Beyond its core mapping capabilities, the platform offers practical project ideas and interactive tutoring to reinforce engineering concepts. It provides a centralized space for the community to share resources, track progressive skill development, and navigate complex technical landscapes. - [wddadk/offensive-osint-tools](https://awesome-repositories.com/repository/wddadk-offensive-osint-tools.md) (0 ⭐) — This repository contains tools and links that can be used during OSINT in Pentest or Red Team. Currently, there are numerous awesome lists with tons of tools, but Offensive Security specialists often don't need such an extensive selection. This motivated the creation of this list. These tools… - [analysis-tools-dev/static-analysis](https://awesome-repositories.com/repository/analysis-tools-dev-static-analysis.md) (14,389 ⭐) — This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, managing technical debt, and auditing software supply chain security. The collection covers a broad spectrum of analysis capabilities, ranging from automated code refactoring and structural transformation to formal verification and database schema analysis. It also includes resources for orchestrating multiple linters within development workflows, visualizing code metrics, and performing security compliance audits across diverse repositories. - [sundowndev/hacker-roadmap](https://awesome-repositories.com/repository/sundowndev-hacker-roadmap.md) (15,081 ⭐) — Hacker Roadmap is a community-driven repository that functions as a structured learning path and resource directory for cybersecurity and ethical hacking. It organizes complex security concepts into sequential modules, guiding users from fundamental knowledge to advanced technical exploitation skills through a curated collection of educational materials and professional development resources. The project distinguishes itself by acting as a centralized index that maps specialized third-party security software and isolated training environments to specific operational use cases. By aggregating technical advisories, documentation, and research materials, it provides a comprehensive hub for practitioners to refine their expertise in penetration testing, network infrastructure risk assessment, and web application security auditing. The platform covers a broad capability surface, including tools for vulnerability scanning, password auditing, and network traffic analysis. It supports the security community by facilitating the contribution of new learning resources and providing access to interactive, challenge-based environments where users can practice defensive and offensive techniques in controlled settings. - [bluscreenofjeff/red-team-infrastructure-wiki](https://awesome-repositories.com/repository/bluscreenofjeff-red-team-infrastructure-wiki.md) (0 ⭐) — This wiki is intended to provide a resource for setting up a resilient Red Team infrastructure. It was made to complement Steve Borosh (@424f424f) and Jeff Dimmock's (@bluscreenofjeff) BSides NoVa 2017 talk "Doomsday Preppers: Fortifying Your Red Team Infrastructure" (slides) - [1n3/sn1per](https://awesome-repositories.com/repository/1n3-sn1per.md) (10,049 ⭐) — Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan outputs and triage vulnerabilities, alongside an active exploit validation engine to eliminate false positives. Its broader capabilities cover mobile application auditing for Android and iOS binaries, dark web leak monitoring, and asset risk assessment. The system provides a security analysis dashboard for managing multi-user workspaces, generating structured reports, and configuring security tools via a web interface. The environment is deployed using containers and persistent volumes to ensure a reproducible runtime. - [infosecmatter/minimalistic-offensive-security-tools](https://awesome-repositories.com/repository/infosecmatter-minimalistic-offensive-security-tools.md) (593 ⭐) — A repository of tools for pentesting of restricted and isolated environments. - [z4nzu/hackingtool](https://awesome-repositories.com/repository/z4nzu-hackingtool.md) (77,515 ⭐) — This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating external repositories, allowing users to fetch and organize third-party tools directly into a structured local directory. By utilizing a categorized menu system and shell-based process execution, the suite enables efficient navigation and direct invocation of specialized tools for tasks ranging from forensic analysis and reverse engineering to exploit development. The toolkit covers a broad spectrum of security domains, including web and wireless attack vectors, cloud security, payload creation, and social media analysis. It also incorporates automated environment setup to handle the installation of necessary system packages and language runtimes, ensuring compatibility across its diverse collection of utilities. - [redcanaryco/atomic-red-team](https://awesome-repositories.com/repository/redcanaryco-atomic-red-team.md) (12,089 ⭐) — Atomic Red Team is an adversary simulation tool and detection validation suite designed to emulate attacker behaviors. It functions as a security control testing framework that uses a library of portable tests to verify if security monitoring and alerting systems correctly identify specific malicious techniques. The project serves as a MITRE ATT&CK emulation framework, mapping individual test executions to a standardized industry taxonomy of adversary behaviors. This mapping allows for the validation of security controls against the MITRE ATT&CK matrix to identify gaps in detection and response capabilities. The system covers security detection engineering and control verification by executing attack patterns through shell-based commands. These tests are defined as structured data files and can be run within containerized environments or via cloud-based development containers to ensure consistent results across different hosts. - [gtfobins/gtfobins.github.io](https://awesome-repositories.com/repository/gtfobins-gtfobins-github-io.md) (12,669 ⭐) — GTFOBins is a curated knowledge base documenting security-related techniques for Unix-based system binaries. It serves as a reference for offensive security research, detailing how standard, pre-installed system utilities can be repurposed to facilitate privilege escalation, restricted environment escapes, and post-exploitation workflows. The project distinguishes itself by cataloging insecure execution paths and misconfigured permissions inherent in common system tools. By identifying legitimate binary functions that can be leveraged to bypass security controls, the repository provides a structured index for auditing local system security and understanding methods for maintaining control during security assessments. The platform is built as a static site that separates technical content from its visual presentation. It utilizes a standardized data schema to store binary specifications, which are processed through a template-driven build system to generate the final documentation. A pre-computed index enables client-side search functionality, allowing users to filter and locate specific binary techniques directly within the browser without a backend database. - [formbricks/formbricks](https://awesome-repositories.com/repository/formbricks-formbricks.md) (12,391 ⭐) — Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by automatically synchronizing response data to CRMs, databases, and communication tools, while providing programmatic interfaces for managing resources and automating feedback loops. Beyond core collection, the system includes advanced logic for conditional branching, scoring, and personalized routing to create adaptive survey experiences. It offers extensive customization options, including white-labeling, CSS overrides, and multi-channel distribution across web, mobile, and email environments. The platform is built for self-hosting, supporting containerized deployments with built-in multi-tenant data isolation and enterprise-grade security features like single sign-on and role-based access control. - [alessandroz/lazagne](https://awesome-repositories.com/repository/alessandroz-lazagne.md) (10,867 ⭐) — LaZagne is a cross-platform credential recovery tool designed to extract passwords and secrets from operating systems, browsers, and applications. It functions as a security utility for retrieving stored credentials from compromised systems during penetration testing. The tool provides capabilities for decrypting domain credentials and extracting sensitive data from system storage, including memory dumps, credential managers, keychains, and password hashes. It recovers stored passwords from common software by accessing plaintext files, APIs, and local databases. The project supports digital forensic analysis and security auditing by gathering recovered credentials and exporting them into structured text or JSON formats for external storage and analysis. - [red-data-tools/red-chainer](https://awesome-repositories.com/repository/red-data-tools-red-chainer.md) (0 ⭐) — A flexible framework for neural network for Ruby - [peass-ng/peass-ng](https://awesome-repositories.com/repository/peass-ng-peass-ng.md) (19,337 ⭐) — PEASS-ng is an automated penetration testing framework designed to identify privilege escalation vectors on local systems. It functions as a security assessment utility that scans environments for misconfigurations, sensitive files, and insecure permissions to uncover paths for unauthorized privilege elevation. The project distinguishes itself through a modular script-based enumeration engine that adapts to the target environment. It utilizes environment-aware capability detection and cross-platform shell abstraction to normalize data collection across diverse operating systems, while operating primarily within volatile memory to minimize its forensic footprint. The framework covers a broad range of post-exploitation assessment tasks, including automated security auditing for both Linux and Windows environments. It employs pattern-matching heuristic analysis to systematically query system configurations and identify security gaps during authorized security assessments. - [electronicarts/cnc_red_alert](https://awesome-repositories.com/repository/electronicarts-cnc-red-alert.md) (6,678 ⭐) — This repository contains the original source code for a classic real-time strategy game, serving as a legacy game engine implementation for managing units, maps, and combat mechanics in a military strategy setting. It functions as a real-time strategy game source code archive intended for preservation and technical study. The codebase acts as a game modification base, allowing developers to create custom content and modifications using the original source. It provides a foundation for retro game modding and software archeology to analyze how historical game mechanics were programmed. The project supports game engine research and the preservation of legacy software, ensuring the long-term availability of the technical implementation for educational and development purposes. - [red/red](https://awesome-repositories.com/repository/red-red.md) (6,009 ⭐) — Red is a next-generation programming language strongly inspired by Rebol, but with a broader field of usage thanks to its native-code compiler, from system programming to high-level scripting and cross-platform reactive GUI, while providing modern support for concurrency, all in a zero-install, zero-config, single ~1MB file! - [ceph/ceph](https://awesome-repositories.com/repository/ceph-ceph.md) (16,247 ⭐) — Ceph is a unified, software-defined storage platform designed to provide object, block, and file storage services from a single distributed cluster. By decoupling data management from physical hardware, it enables elastic scaling across commodity hardware, allowing organizations to build large-scale storage infrastructure without reliance on proprietary vendor equipment. The system distinguishes itself through a shared-nothing, distributed architecture that utilizes deterministic hashing for data placement. This approach eliminates centralized metadata bottlenecks, allowing the cluster to scale efficiently while maintaining even load balancing across all nodes. To ensure high availability and data reliability, the platform employs continuous background self-healing, automated integrity verification, and flexible redundancy strategies including both replication and erasure coding. Beyond its core storage capabilities, the platform provides comprehensive infrastructure management tools for orchestrating cluster lifecycles and automating node deployment. It supports diverse application requirements by offering native integration for containerized workloads, virtualized block storage, and standard file system interfaces. The system also includes advanced performance features such as automated storage tiering and data access optimization to balance throughput and cost across varied hardware media. - [jiep/offensive-ai-compilation](https://awesome-repositories.com/repository/jiep-offensive-ai-compilation.md) (0 ⭐) — A curated list of useful resources that cover Offensive AI. - [bishopfox/sliver](https://awesome-repositories.com/repository/bishopfox-sliver.md) (10,707 ⭐) — Sliver is a command and control framework designed for adversary emulation and security assessment operations. It provides a centralized platform for managing remote systems, enabling security professionals to coordinate multi-operator sessions and maintain persistent, secure communication channels across diverse network environments. The framework distinguishes itself through its focus on stealth and infrastructure flexibility. It utilizes dynamic payload obfuscation to generate unique binaries and supports in-memory execution to minimize disk artifacts. Communication is secured through mutual TLS, WireGuard, and other standard protocols, while an asynchronous task queue ensures reliable command delivery even across intermittent network connections. Beyond its core communication capabilities, the platform supports a wide range of post-exploitation tasks, including process manipulation, token management, and network pivoting. Users can automate complex security workflows and route traffic through compromised nodes to reach isolated network segments, facilitating comprehensive testing of organizational security controls. - [agno-agi/agno](https://awesome-repositories.com/repository/agno-agi-agno.md) (40,717 ⭐) — Agno is an agent operating system designed to manage the lifecycle, tool execution, and persistent state of autonomous agents across distributed infrastructure. It provides a unified runtime environment that wraps diverse agent frameworks into a consistent, interoperable protocol, allowing developers to build and deploy complex multi-agent systems that coordinate tasks and delegate sub-processes. The platform distinguishes itself through a robust governance and orchestration layer that includes human-in-the-loop approval gates, role-based access control, and a centralized API gateway. It features a shared cultural knowledge layer that enables agents to reflect on interactions and store universal principles across sessions, alongside persistent memory architectures that manage chat history and context retrieval. The system supports a wide range of operational capabilities, including real-time response streaming, asynchronous background task management, and automated performance evaluation. It integrates with external systems through standardized interfaces and provides comprehensive observability tools to trace autonomous decision paths and monitor agent accuracy in production environments. Developers can configure the system using typed classes or YAML files, and the platform exposes agents as secure, scalable web services with built-in middleware for authentication and request validation. - [manisso/fsociety](https://awesome-repositories.com/repository/manisso-fsociety.md) (12,136 ⭐) — fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The framework covers a broad range of security capabilities, including network reconnaissance, web application auditing, and system vulnerability exploitation. It provides dedicated toolsets for credential brute forcing, network traffic interception, wireless security auditing, and post-exploitation management to maintain persistence on compromised systems. - [davidprobinsky/redteam-physical-tools](https://awesome-repositories.com/repository/davidprobinsky-redteam-physical-tools.md) (583 ⭐) — Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry. - [anthropics/claude-code](https://awesome-repositories.com/repository/anthropics-claude-code.md) (132,728 ⭐) — Anthropic's terminal-native AI coding agent. - [shadow1ng/fscan](https://awesome-repositories.com/repository/shadow1ng-fscan.md) (13,421 ⭐) — Fscan is an automated penetration testing tool designed for internal network reconnaissance and vulnerability assessment. It functions as a comprehensive security framework that maps network infrastructure, identifies active hosts and services, and detects security weaknesses across internal environments. The tool distinguishes itself through a modular plugin architecture that allows for extensible security checks and a stateful asset tracking system that maintains an in-memory registry of discovered infrastructure. It incorporates a dedicated credential brute-force engine for testing password strength and supports proxy-aware traffic routing to facilitate operations within segmented or restricted network segments. Beyond core discovery, the platform provides capabilities for post-exploitation security operations, including system information collection and remote access management. Users can control scan performance through configurable concurrency and rate limits, with options to manage tasks via both command-line execution and a graphical web interface. - [yeyintminthuhtut/awesome-red-teaming](https://awesome-repositories.com/repository/yeyintminthuhtut-awesome-red-teaming.md) (7,776 ⭐) - [screetsec/thefatrat](https://awesome-repositories.com/repository/screetsec-thefatrat.md) (11,038 ⭐) — TheFatRat is a security exploitation framework designed to automate the creation, obfuscation, and deployment of payloads for penetration testing. It functions as a comprehensive toolkit that streamlines the exploitation lifecycle, enabling users to generate malicious executables, manage network listeners, and execute post-exploitation tasks through a unified command-line interface. The framework distinguishes itself by integrating various third-party exploitation utilities into a single, orchestrated workflow. It provides specialized capabilities for embedding code into legitimate binaries and modifying file metadata to test system resilience against signature-based detection. Additionally, the tool supports physical security assessments by generating autorun configurations for removable media to evaluate automated execution behaviors on target systems. Beyond core payload generation, the platform includes utilities for environment dependency validation to ensure all necessary components are configured correctly before testing begins. It also automates post-compromise actions, such as information gathering and credential extraction, to facilitate efficient security audits. - [crewaiinc/crewai](https://awesome-repositories.com/repository/crewaiinc-crewai.md) (53,687 ⭐) — CrewAI is a multi-agent orchestration framework designed for building autonomous systems that execute complex, multi-step workflows. It provides a development platform where specialized agents are defined with specific roles, goals, and tool sets to perform tasks collaboratively. By leveraging a declarative workflow engine, the system manages task dependencies, state transitions, and execution logic, allowing for the creation of structured, stateful sequences of operations. The framework distinguishes itself through its hierarchical management capabilities, which utilize manager agents to coordinate specialist teams, delegate tasks, and oversee project execution. It incorporates a persistent memory architecture that enables agents to retain context and perform semantic searches across long-running operations. Furthermore, the system supports robust production-ready applications by enforcing schema-based output validation and providing execution checkpointing, which allows for mid-flight resumption and the replaying of specific tasks to debug or refine processes. Beyond its core orchestration, the project offers a comprehensive suite of developer utilities for managing agent performance and workflow reliability. This includes tools for training agents through iterative cycles, monitoring system events via a central execution bus, and visualizing workflow structures. The platform also features a provider-agnostic interface for integrating external APIs and utilities, ensuring that agents can interact with diverse real-world services while maintaining consistent data structures throughout the execution lifecycle. - [infosecn1nja/red-teaming-toolkit](https://awesome-repositories.com/repository/infosecn1nja-red-teaming-toolkit.md) (10,140 ⭐) - [appwrite/appwrite](https://awesome-repositories.com/repository/appwrite-appwrite.md) (56,318 ⭐) — Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party services, databases, and external APIs through standardized interfaces. Developers can manage and automate the configuration of these backend resources using infrastructure-as-code tools, while granular role-based access control enforces security policies across all platform resources and API endpoints. Beyond its core services, the platform offers a broad capability surface that includes cross-platform data synchronization, event-driven webhooks, and comprehensive billing and usage monitoring. It supports extensive integrations for AI utilities, payment processing, messaging, and logging, allowing developers to extend application functionality through modular, event-driven workflows. The platform is designed for both managed and self-hosted deployments, providing tools for production environment optimization, data migration, and custom domain configuration. - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific executables and mobile application packages to establish remote command sessions. The framework covers a broad surface of capabilities, including web application penetration testing, OSINT reconnaissance, memory and disk forensics, and wireless network auditing. It provides tools for payload generation, credential theft, and the automation of information gathering from public data sources. This project is implemented primarily as a shell-based application. - [datadog/stratus-red-team](https://awesome-repositories.com/repository/datadog-stratus-red-team.md) (2,264 ⭐) - [gophish/gophish](https://awesome-repositories.com/repository/gophish-gophish.md) (13,938 ⭐) — Gophish is an open-source phishing toolkit and simulation framework designed to test organizational security awareness and evaluate vulnerability to social engineering attacks. It provides a core engine for sending deceptive emails to targets and tracking their interactions to identify gaps in security training. The platform functions as a comprehensive campaign manager for deploying lures and monitoring email delivery and click-through rates. It allows for the design and execution of simulated email threats to track how targets interact with malicious-looking content or provide credentials in a controlled environment. The system covers a broad range of capabilities, including the management of simulated phishing campaigns, email vulnerability assessments, and the tracking of user interactions through protocol scanning and response monitoring. The software is distributed as a single compiled executable for deployment across different server environments. - [infinitered/reactotron](https://awesome-repositories.com/repository/infinitered-reactotron.md) (15,513 ⭐) — Reactotron is a desktop-based development environment designed for inspecting, monitoring, and manipulating mobile and web applications in real time. It functions as a centralized hub that connects to a running application via a persistent WebSocket connection, allowing developers to observe internal state, network traffic, and console output without manual instrumentation. The tool distinguishes itself through a modular plugin architecture that enables custom debugging commands and specialized extensions. It provides advanced diagnostic capabilities, including the ability to overlay design mockups directly onto the application interface for visual verification and the automatic redaction of sensitive information from telemetry data to maintain privacy during the development lifecycle. Beyond core inspection, the platform supports comprehensive observability features such as performance benchmarking, local storage verification, and source-mapped error tracking. It facilitates interactive debugging by allowing developers to dispatch custom actions, modify state trees, and reconstruct serialized data snapshots to troubleshoot application logic. The software is distributed as a standalone desktop application that manages connections across multiple running instances, providing a unified interface for tracking and analyzing application behavior. - [rootsecdev/azure-red-team](https://awesome-repositories.com/repository/rootsecdev-azure-red-team.md) (1,709 ⭐) - [chainlit/chainlit](https://awesome-repositories.com/repository/chainlit-chainlit.md) (12,213 ⭐) — Chainlit is a Python framework designed for building and deploying interactive, stateful conversational AI interfaces. It provides a backend-driven platform that connects language models and agent frameworks to a web-based chat frontend, managing the complexities of session state, message history, and real-time communication. The framework distinguishes itself by offering a component-based UI builder that allows developers to inject interactive widgets, rich media, and data visualizations directly into the chat stream. It supports the visualization of complex agent workflows, enabling users to inspect intermediate reasoning steps and tool usage in real-time. Additionally, the platform includes built-in support for secure user authentication, persistent conversation history, and the ability to embed chat widgets into existing web applications with bidirectional communication. The system covers a broad range of capabilities, including document processing, vector database integration for context-aware retrieval, and comprehensive observability tools for debugging and monitoring model interactions. It also provides extensive configuration options for interface customization, localization, and access control, ensuring that applications can be tailored to specific organizational requirements. The project is distributed as a Python library and includes a command-line interface to facilitate project setup, configuration, and deployment. - [lightspin-tech/red-kube](https://awesome-repositories.com/repository/lightspin-tech-red-kube.md) (0 ⭐) — Red Team K8S Adversary Emulation Based on kubectl - [htr-tech/zphisher](https://awesome-repositories.com/repository/htr-tech-zphisher.md) (15,416 ⭐) — Zphisher is a security testing framework designed for conducting authorized social engineering assessments and penetration testing. It functions as a credential harvesting simulator that enables security professionals to evaluate organizational defenses and user awareness by deploying deceptive login interfaces. The platform automates the creation of realistic web pages through dynamic template rendering and provides tools to mask destination addresses. It integrates reverse proxy tunneling to expose local testing services to the public internet, allowing for remote access during security audits without requiring modifications to network firewall configurations. The tool supports the simulation of credential harvesting attacks to measure vulnerability within authentication workflows. It is packaged to ensure consistent execution across different host environments, facilitating the deployment of controlled testing infrastructure for security awareness training. - [wifiphisher/wifiphisher](https://awesome-repositories.com/repository/wifiphisher-wifiphisher.md) (14,631 ⭐) — Wifiphisher is a modular security framework designed for wireless penetration testing and social engineering auditing. It functions as a platform for security professionals to assess the resilience of Wi-Fi networks by simulating unauthorized access, performing man-in-the-middle interceptions, and executing credential-harvesting scenarios. The tool distinguishes itself through its ability to combine rogue access point deployment with dynamic phishing interfaces. By forcing wireless clients to associate with deceptive infrastructure, the framework can capture network metadata and inject it into personalized web templates in real time. This process is supported by low-level wireless control, including packet injection and deauthentication-based client steering, which allows the system to maintain a position between the target and the network. The framework provides extensive capabilities for traffic management and operational automation. It includes mechanisms for bridging client traffic to maintain internet connectivity during interception, as well as a modular extension system that allows users to execute custom Python scripts. These scripts can be used to automate complex attack workflows, enhance phishing scenarios, or integrate external tools during active security assessments. - [healthchecks/healthchecks](https://awesome-repositories.com/repository/healthchecks-healthchecks.md) (9,891 ⭐) — Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start and success signals to detect hanging jobs. The platform includes a health dashboard, status badge generation, and a Prometheus-compatible metrics exporter for external observability. Alerts are routed through a multi-channel notification system including webhooks and SMS, while large request payloads can be offloaded to S3-compatible object storage. User security is managed through WebAuthn two-factor authentication and optional reverse proxy identity integration. - [offensive-security/exploitdb](https://awesome-repositories.com/repository/offensive-security-exploitdb.md) (7,845 ⭐) — ExploitDB is a curated archive of exploit code and vulnerability data designed for penetration testing and security research. It serves as an offensive security knowledge base and a repository of publicly available proof-of-concept code used to validate software flaws. The project provides a searchable collection of historical and current exploit vectors. It supports security threat intelligence by tracking public releases and aids in vulnerability research by providing a reference library for analyzing how specific systems can be compromised. The archive is managed through a curated input pipeline that filters and validates submitted code. Data is stored in a flat-file structure with text-based metadata headers and search-optimized indexing to allow retrieval by platform or vulnerability identifier. - [kgretzky/evilginx2](https://awesome-repositories.com/repository/kgretzky-evilginx2.md) (14,627 ⭐) — Evilginx2 is a man-in-the-middle phishing framework designed to proxy authentication traffic between a user and a target web service. By acting as a reverse proxy, the tool intercepts and relays web requests to capture credentials and session tokens in real time, enabling the bypass of multi-factor authentication mechanisms through session cookie hijacking. The platform distinguishes itself by integrating infrastructure orchestration with modular template-driven content injection. It automates the deployment of proxy servers, manages the lifecycle of encryption certificates, and applies content obfuscation to evade detection by security filters. These capabilities allow for the simulation of sophisticated phishing attacks and the assessment of organizational resilience against credential harvesting. The project includes comprehensive traffic management features, such as heuristic bot filtering, to protect the integrity of captured data from automated security scanners. It also provides a unified workflow for managing phishing campaigns, including the coordination of email delivery and the tracking of user interactions. The software is distributed as a command-line tool that handles the end-to-end configuration of network settings and domain resolution. - [node-red/node-red-nodes](https://awesome-repositories.com/repository/node-red-node-red-nodes.md) (0 ⭐) — A collection of nodes for Node-RED. See below for a list. - [activepieces/activepieces](https://awesome-repositories.com/repository/activepieces-activepieces.md) (20,887 ⭐) — Activepieces is an open-source, self-hosted workflow automation platform designed to connect third-party applications through modular triggers and actions. It provides a low-code integration framework that allows users to build, manage, and execute complex business logic sequences within isolated, sandboxed environments. The platform distinguishes itself through its focus on embeddability and enterprise-grade security. It features an embedded automation builder that can be integrated into external applications via iframes, supported by comprehensive identity and access management tools such as single sign-on, SCIM provisioning, and granular role-based access control. These capabilities allow organizations to maintain programmatic control over their automation infrastructure while ensuring secure user provisioning and centralized credential management. Beyond its core automation engine, the system includes robust lifecycle management tools for versioning, deploying, and promoting workflows across different environments. It supports advanced operational requirements through distributed worker scaling, event queuing, and detailed observability features, including execution history inspection and telemetry exports. Developers can extend the platform by creating custom connectors using TypeScript, which can be validated, packaged, and synchronized with version control systems. The project is built with TypeScript and provides a comprehensive CLI for managing database migrations, integration testing, and infrastructure provisioning. - [trustedsec/social-engineer-toolkit](https://awesome-repositories.com/repository/trustedsec-social-engineer-toolkit.md) (14,984 ⭐) — The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and broader penetration testing, utilizing site cloning, DNS spoofing, and payload generation to execute various attack vectors. - [msaleme/red-team-blue-team-agent-fabric](https://awesome-repositories.com/repository/msaleme-red-team-blue-team-agent-fabric.md) (0 ⭐) - [e2b-dev/awesome-ai-agents](https://awesome-repositories.com/repository/e2b-dev-awesome-ai-agents.md) (25,903 ⭐) — This project is a curated repository and directory focused on the artificial intelligence agent ecosystem. It serves as a centralized knowledge base for developers and researchers to discover frameworks, platforms, and autonomous software entities designed for reasoning, planning, and executing complex tasks. The directory distinguishes itself through a community-driven curation model, where contributors maintain and update the collection via a distributed version control system. This collaborative approach ensures that the index remains current with the latest academic resources, open-source projects, and commercial tools, all organized through a structured categorical taxonomy. The collection covers a broad range of technical domains, including multi-agent system orchestration, autonomous workflow automation, and general agent development. By aggregating these high-quality references, the repository facilitates the evaluation of technologies for building self-directed digital workers and complex autonomous systems. The information is structured using lightweight markup files and rendered as a static site to provide a consistent and accessible interface for global users. - [rmrk-team/rmrk-tools](https://awesome-repositories.com/repository/rmrk-team-rmrk-tools.md) (0 ⭐) — Typescript implementation of the RMRK spec using Substrate's system.remark extrinsics. - [abhinavxd/libredesk](https://awesome-repositories.com/repository/abhinavxd-libredesk.md) (2,571 ⭐) — Libredesk is an omnichannel support management system designed to unify live chat and email communications into a single dashboard. It provides a comprehensive environment for managing customer interactions, agent roles, and team assignments to organize support workloads. The project distinguishes itself through AI customer support automation, which includes generating automated responses and refining message tones. It also supports the development and integration of custom chat widgets using WebSockets and JavaScript APIs. The system covers a broad set of capabilities, including customer relationship management with custom contact attributes, automated conversation routing, and a REST API for external tool integration. It also features monitoring tools for SLA compliance tracking, customer satisfaction measurement, and administrator activity auditing. The application is delivered as a self-contained binary with embedded static assets for simplified deployment.