# Open Source Red Teaming Frameworks > Search results for `open-source alternative to Metasploit for red teaming` on awesome-repositories.com. 118 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/open-source-alternative-to-metasploit-for-red-teaming **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/open-source-alternative-to-metasploit-for-red-teaming).** ## Results - [greydgl/pentestgpt](https://awesome-repositories.com/repository/greydgl-pentestgpt.md) (11,697 ⭐) — PentestGPT is an autonomous security testing framework that leverages large language models to plan, execute, and coordinate end-to-end penetration testing engagements. By functioning as an autonomous agent, the system automates the entire testing lifecycle, from initial reconnaissance and vulnerability analysis to the generation of custom exploits and the execution of post-exploitation tasks. The platform distinguishes itself through a multi-agent orchestration system that coordinates specialized AI agents to collaborate on complex, multi-stage attack chains. It integrates multimodal context, synthesizing both visual and textual data to inform its decision-making process. To ensure consistency and continuity, the framework maintains persistent session state, allowing users to pause and resume assessments without losing critical context or progress. The system provides a comprehensive suite of capabilities for managing external security utilities, including the ability to parse raw command-line output into structured data for automated analysis. It operates within isolated, containerized environments to ensure that testing workflows remain reproducible and secure across diverse target architectures. - [rapid7/metasploit-framework](https://awesome-repositories.com/repository/rapid7-metasploit-framework.md) (38,415 ⭐) — The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to manage high-performance, concurrent network connections and features a transport-agnostic communication layer that abstracts protocols to maintain persistent command and control. Users can extend the core functionality through a plugin system and define complex exploit logic using a domain-specific language. The framework provides robust capabilities for remote payload management, including the configuration of network settings like sleep intervals and timeout thresholds. It maintains state persistence across long-running sessions by storing discovered host information and vulnerability data in a relational database. The software is designed for cross-platform deployment, with installation support available for Linux, macOS, and Windows environments. - [kamranahmedse/developer-roadmap](https://awesome-repositories.com/repository/kamranahmedse-developer-roadmap.md) (357,434 ⭐) — Developer Roadmap is a community-driven platform that provides structured, graph-based learning paths for software engineering. It serves as a comprehensive knowledge repository where technical domains are organized into visual sequences to guide professional skill acquisition and career growth. The project distinguishes itself through a collaborative ecosystem that enables users to contribute roadmaps, curate industry best practices, and maintain professional profiles. It integrates diagnostic assessment frameworks to evaluate technical proficiency, helping developers identify knowledge gaps and prepare for professional interviews through targeted learning sequences. Beyond its core mapping capabilities, the platform offers practical project ideas and interactive tutoring to reinforce engineering concepts. It provides a centralized space for the community to share resources, track progressive skill development, and navigate complex technical landscapes. - [danthareja/contribute-to-open-source](https://awesome-repositories.com/repository/danthareja-contribute-to-open-source.md) (0 ⭐) — The goal of this project is to empower you to contribute code to open source projects on GitHub by teaching you the mechanics of the process in an interactive experience. - [z4nzu/hackingtool](https://awesome-repositories.com/repository/z4nzu-hackingtool.md) (77,515 ⭐) — This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating external repositories, allowing users to fetch and organize third-party tools directly into a structured local directory. By utilizing a categorized menu system and shell-based process execution, the suite enables efficient navigation and direct invocation of specialized tools for tasks ranging from forensic analysis and reverse engineering to exploit development. The toolkit covers a broad spectrum of security domains, including web and wireless attack vectors, cloud security, payload creation, and social media analysis. It also incorporates automated environment setup to handle the installation of necessary system packages and language runtimes, ensuring compatibility across its diverse collection of utilities. - [github/opensource.guide](https://awesome-repositories.com/repository/github-opensource-guide.md) (15,530 ⭐) — This project serves as a comprehensive repository of best practices and documentation standards for managing open source software. It provides a foundational framework for establishing project governance, defining contributor roles, and structuring the lifecycle of collaborative software development. By centralizing knowledge on community building and operational transparency, it acts as a guide for launching, maintaining, and scaling healthy software projects. The project distinguishes itself by offering actionable strategies for the human and organizational aspects of software development that often fall outside of technical implementation. It covers methodologies for formalizing leadership hierarchies, implementing consensus-based decision-making, and enforcing codes of conduct to foster inclusive environments. Furthermore, it provides specific guidance on long-term sustainability, including frameworks for securing financial support, navigating legal requirements, and managing maintainer well-being to prevent burnout. Beyond its core governance focus, the project encompasses a broad range of operational capabilities. These include standardized workflows for contributor onboarding, security compliance practices such as vulnerability reporting and threat modeling, and quality assurance standards that integrate accessibility and automated maintenance. The documentation is designed to help maintainers navigate the complexities of project health, visibility, and strategic planning throughout the entire lifecycle of an open source initiative. - [open-source-flash/open-source-flash](https://awesome-repositories.com/repository/open-source-flash-open-source-flash.md) (7,320 ⭐) — This project is an open source specification petition platform and proprietary specification archive. It serves as a markdown-based repository for collecting signatures and community support to urge vendors to open source proprietary software specifications. The platform functions as a tool for open source specification advocacy and proprietary software archival. It creates permanent records of proprietary standards and documents the community efforts required to transition them to open source licenses, ensuring the preservation of technical knowledge. The system utilizes a git-driven contribution workflow and distributed version control storage to manage petitions. Data is stored as formatted text files and organized via static file-based routing for archival display and retrieval. - [bluscreenofjeff/red-team-infrastructure-wiki](https://awesome-repositories.com/repository/bluscreenofjeff-red-team-infrastructure-wiki.md) (0 ⭐) — This wiki is intended to provide a resource for setting up a resilient Red Team infrastructure. It was made to complement Steve Borosh (@424f424f) and Jeff Dimmock's (@bluscreenofjeff) BSides NoVa 2017 talk "Doomsday Preppers: Fortifying Your Red Team Infrastructure" (slides) - [node-red/node-red](https://awesome-repositories.com/repository/node-red-node-red.md) (22,803 ⭐) — Node-RED is a visual, low-code automation framework designed for building event-driven data processing workflows. It provides a browser-based programming environment where users connect hardware devices, APIs, and online services by wiring together functional nodes in a directed graph. This visual approach allows for the creation of complex logic paths without the need for traditional source code. The platform is distinguished by its pluggable node architecture and portable flow serialization. Logic is represented as JSON-based data structures, enabling flows to be easily versioned, shared, and deployed across diverse environments ranging from cloud infrastructure to embedded hardware. The system includes a message-passing engine that routes asynchronous objects between nodes, supported by a scoped context mechanism for managing state across different parts of an automation flow. Beyond its core execution model, the project offers extensive capabilities for system orchestration and hardware interfacing. It supports modular development through reusable subflows and custom nodes, which can be discovered and shared via a community-driven repository. The runtime is highly extensible, allowing developers to embed the engine directly into existing applications, configure custom storage backends, and manage the system programmatically through an HTTP-based administrative API or command-line tools. - [sundowndev/hacker-roadmap](https://awesome-repositories.com/repository/sundowndev-hacker-roadmap.md) (15,081 ⭐) — Hacker Roadmap is a community-driven repository that functions as a structured learning path and resource directory for cybersecurity and ethical hacking. It organizes complex security concepts into sequential modules, guiding users from fundamental knowledge to advanced technical exploitation skills through a curated collection of educational materials and professional development resources. The project distinguishes itself by acting as a centralized index that maps specialized third-party security software and isolated training environments to specific operational use cases. By aggregating technical advisories, documentation, and research materials, it provides a comprehensive hub for practitioners to refine their expertise in penetration testing, network infrastructure risk assessment, and web application security auditing. The platform covers a broad capability surface, including tools for vulnerability scanning, password auditing, and network traffic analysis. It supports the security community by facilitating the contribution of new learning resources and providing access to interactive, challenge-based environments where users can practice defensive and offensive techniques in controlled settings. - [swift-open-source/ultratabsaver](https://awesome-repositories.com/repository/swift-open-source-ultratabsaver.md) (290 ⭐) — The open source Tab Manager Extension for Safari. - [princeton-nlp/swe-agent](https://awesome-repositories.com/repository/princeton-nlp-swe-agent.md) (19,540 ⭐) — SWE-agent is a collection of autonomous agents designed for software engineering, competitive programming, and offensive cybersecurity operations. These agents utilize large language models to navigate codebases, interact with file systems, and use terminal interfaces to resolve GitHub issues or complete technical challenges. The system employs specialized agent modes that switch prompting strategies based on whether the task is a software bug, an algorithmic programming problem, or a security vulnerability. It includes dedicated capabilities for automated repository maintenance and offensive security automation, such as identifying system weaknesses and completing capture-the-flag tasks. Execution is managed through a tool-integrated shell interface and a file-system based workspace. The architecture uses an observation-action feedback cycle and acyclic state management to track progress and process command outputs, iteratively refining actions until a defined goal is achieved. - [formbricks/formbricks](https://awesome-repositories.com/repository/formbricks-formbricks.md) (12,391 ⭐) — Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by automatically synchronizing response data to CRMs, databases, and communication tools, while providing programmatic interfaces for managing resources and automating feedback loops. Beyond core collection, the system includes advanced logic for conditional branching, scoring, and personalized routing to create adaptive survey experiences. It offers extensive customization options, including white-labeling, CSS overrides, and multi-channel distribution across web, mobile, and email environments. The platform is built for self-hosting, supporting containerized deployments with built-in multi-tenant data isolation and enterprise-grade security features like single sign-on and role-based access control. - [infinitered/reactotron](https://awesome-repositories.com/repository/infinitered-reactotron.md) (15,513 ⭐) — Reactotron is a desktop-based development environment designed for inspecting, monitoring, and manipulating mobile and web applications in real time. It functions as a centralized hub that connects to a running application via a persistent WebSocket connection, allowing developers to observe internal state, network traffic, and console output without manual instrumentation. The tool distinguishes itself through a modular plugin architecture that enables custom debugging commands and specialized extensions. It provides advanced diagnostic capabilities, including the ability to overlay design mockups directly onto the application interface for visual verification and the automatic redaction of sensitive information from telemetry data to maintain privacy during the development lifecycle. Beyond core inspection, the platform supports comprehensive observability features such as performance benchmarking, local storage verification, and source-mapped error tracking. It facilitates interactive debugging by allowing developers to dispatch custom actions, modify state trees, and reconstruct serialized data snapshots to troubleshoot application logic. The software is distributed as a standalone desktop application that manages connections across multiple running instances, providing a unified interface for tracking and analyzing application behavior. - [ellerbrock/open-source-badges](https://awesome-repositories.com/repository/ellerbrock-open-source-badges.md) (548 ⭐) — :octocat: Open Source & Licence Badges - [apsdehal/awesome-ctf](https://awesome-repositories.com/repository/apsdehal-awesome-ctf.md) (11,614 ⭐) — This project is a comprehensive directory of software utilities, frameworks, and educational resources designed for cybersecurity competitions and offensive security research. It serves as a centralized index for tools used in cryptography, forensics, reverse engineering, and web exploitation, while providing structured materials for training and skill development. The repository distinguishes itself through a community-driven maintenance model that aggregates and organizes technical resources into a searchable, hierarchical structure. It facilitates knowledge transfer by cataloging expert problem-solving methodologies and writeups, enabling users to discover specialized toolchains and infrastructure configurations for both participating in and hosting competitive hacking events. Beyond its role as a directory, the project covers a broad capability surface including the deployment of isolated lab environments and the configuration of automated systems for security research. It provides access to frameworks for vulnerability analysis, credential testing, and the orchestration of simulated attack scenarios. The collection is maintained as an open-source resource, allowing for collaborative updates to ensure the relevance of its indexed tools and documentation. - [makeplane/plane](https://awesome-repositories.com/repository/makeplane-plane.md) (50,924 ⭐) — Plane is a project management platform designed for planning, tracking, and delivering complex organizational tasks. It provides a centralized workspace that utilizes hierarchical structures to organize work into epics and initiatives, enabling automated progress tracking across teams without requiring manual status updates. The platform distinguishes itself through an integrated artificial intelligence engine that coordinates tasks, retrieves live data, and automates repetitive workflows by analyzing project history and documentation. It supports enterprise-grade requirements by offering self-hosted deployment options for private or air-gapped networks, ensuring full control over data sovereignty and security. Additionally, the system incorporates a configuration-as-code approach, allowing teams to manage workspace settings and infrastructure through version-controlled files for consistent, auditable deployments. Beyond its core management capabilities, the platform includes tools for request triage, time-boxed work cycle tracking, and collaborative knowledge management. It features a modular architecture that supports custom integrations and third-party plugins, alongside mobile-optimized interfaces for cross-platform access. Administrative governance is handled through visual workflow configuration, which allows teams to define custom state transitions, approval gates, and granular role-based access controls. - [tapaswenipathak/open-source-programs](https://awesome-repositories.com/repository/tapaswenipathak-open-source-programs.md) (3,856 ⭐) — A list of open source programs. - [samratashok/nishang](https://awesome-repositories.com/repository/samratashok-nishang.md) (9,951 ⭐) — Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication and data exfiltration. The framework covers a broad surface of offensive operations, including privilege escalation through token manipulation, credential harvesting from memory and registry hives, and the generation of weaponized documents. It also facilitates lateral movement via network pivoting, man-in-the-middle traffic interception, and the establishment of persistent backdoors. The toolset is implemented primarily in PowerShell. - [mxrch/ghunt](https://awesome-repositories.com/repository/mxrch-ghunt.md) (19,089 ⭐) — GHunt is a Google account investigator and open-source intelligence framework designed to retrieve publicly available information and metadata associated with Google accounts. It functions as an OSINT data extractor and offensive security framework used to identify user identities and uncover hidden metadata. The tool extracts public profile data from various Google services and exports the findings into structured JSON formats. This allows for the collection and analysis of digital footprints to support security research and reconnaissance. - [forem/forem](https://awesome-repositories.com/repository/forem-forem.md) (22,726 ⭐) — Forem is an open-source platform designed for building and managing technical communities. It functions as a social publishing engine that enables members to share long-form content, participate in threaded discussions, and engage through social interactions. The platform provides tools for organizations to maintain branded profiles, host community hackathons, and facilitate collaborative learning through structured educational tracks. Beyond its social features, Forem integrates advanced capabilities for AI agent workflow orchestration and codebase knowledge graphing. It allows developers to map project architecture, analyze dependency relationships, and automate complex coding tasks using autonomous agents. The system includes specialized infrastructure for LLM context optimization, such as token compression and persistent memory management, to improve the efficiency and performance of agent-driven development. The platform supports a modular architecture that allows for extensibility through plugins and custom configuration. It includes comprehensive administrative tools for managing user permissions, moderating content, and tracking community engagement metrics. Forem is designed to be self-hosted, providing full control over deployment, data storage, and community governance. - [open-source-society/bioinformatics](https://awesome-repositories.com/repository/open-source-society-bioinformatics.md) (0 ⭐) — Open Source Society University :microscope: Path to a free self-taught education in Bioinformatics! Archived - [dafthack/cloudpentestcheatsheets](https://awesome-repositories.com/repository/dafthack-cloudpentestcheatsheets.md) (2,802 ⭐) — CloudPentestCheatsheets is a knowledge base and curated set of technical instructions for executing penetration tests on cloud-native architecture. It serves as a security audit guide and cheat sheet for auditing security and identifying misconfigurations across major cloud environments. The project provides structured materials for performing cloud penetration testing, security auditing, and asset enumeration. These resources are organized to support multi-cloud security assessments through the evaluation of offensive security postures across various cloud service providers. The technical guidance is delivered via modular provider segmentation and a checklist-driven workflow. It utilizes curated command libraries and a markdown-based flat-file organization to store instructional content and provider-specific commands. - [greenrobot/eventbus](https://awesome-repositories.com/repository/greenrobot-eventbus.md) (24,760 ⭐) — EventBus is a publish-subscribe messaging library designed to facilitate decoupled communication between components in Java applications. It functions as a central hub where producers dispatch events that are routed to subscribers based on the class type of the payload. By using annotation-based markers, the system maps event handlers to specific data types, allowing different parts of an application to exchange information without requiring direct references between classes. The library distinguishes itself through a focus on performance and execution control. It utilizes a compile-time indexing mechanism that generates static lookup tables, replacing slow runtime reflection with direct method calls to accelerate message routing. Furthermore, it provides a thread-aware dispatcher that allows developers to configure whether event handlers execute on the main interface thread, in background pools, or synchronously within the posting thread. Beyond basic routing, the system supports advanced messaging patterns including priority-ordered delivery and sticky events. Sticky events maintain a memory-based cache of recent data, ensuring that late-registering subscribers automatically receive the most current state upon initialization. The library also offers granular control over the event lifecycle, enabling developers to cancel event propagation or manage custom thread pools and error handling strategies to maintain application responsiveness. - [activities/contributing-to-open-source](https://awesome-repositories.com/repository/activities-contributing-to-open-source.md) (0 ⭐) - [screetsec/thefatrat](https://awesome-repositories.com/repository/screetsec-thefatrat.md) (11,038 ⭐) — TheFatRat is a security exploitation framework designed to automate the creation, obfuscation, and deployment of payloads for penetration testing. It functions as a comprehensive toolkit that streamlines the exploitation lifecycle, enabling users to generate malicious executables, manage network listeners, and execute post-exploitation tasks through a unified command-line interface. The framework distinguishes itself by integrating various third-party exploitation utilities into a single, orchestrated workflow. It provides specialized capabilities for embedding code into legitimate binaries and modifying file metadata to test system resilience against signature-based detection. Additionally, the tool supports physical security assessments by generating autorun configurations for removable media to evaluate automated execution behaviors on target systems. Beyond core payload generation, the platform includes utilities for environment dependency validation to ensure all necessary components are configured correctly before testing begins. It also automates post-compromise actions, such as information gathering and credential extraction, to facilitate efficient security audits. - [arpit456jain/open-source-programs](https://awesome-repositories.com/repository/arpit456jain-open-source-programs.md) (0 ⭐) — I am planning to list some good and beginner friendly open source programs and their timelines - [mountain-loop/yaak](https://awesome-repositories.com/repository/mountain-loop-yaak.md) (18,778 ⭐) — Yaak is a cross-platform desktop client and command-line utility designed for developing, testing, and debugging API endpoints. It supports multi-protocol request execution for REST, GraphQL, and gRPC services, providing a unified environment for managing network interactions, authentication credentials, and automated testing workflows. The tool distinguishes itself through a local-first architecture that stores all workspace configurations and request definitions directly on the filesystem. This design enables native integration with version control systems like Git, allowing teams to track changes to API specifications and share project structures. Furthermore, it utilizes operating system keychains for secure credential management and offers a modular plugin system to extend functionality through custom authentication methods, data importers, and template functions. Beyond manual testing, the platform facilitates complex workflow orchestration by supporting request chaining, dynamic payload generation, and scriptable test suites. These capabilities are exposed through a command-line interface, enabling the integration of automated endpoint validation and connectivity testing directly into continuous integration and deployment pipelines. The system also maintains persistent streaming runtimes to support real-time data flow and bidirectional communication with network services. - [afonsopacifer/open-source-checklist](https://awesome-repositories.com/repository/afonsopacifer-open-source-checklist.md) (215 ⭐) — :octocat: A guide to help you remember important things when creating an open source project ;D - [empireproject/empire](https://awesome-repositories.com/repository/empireproject-empire.md) (7,813 ⭐) — Empire is a command and control framework and post-exploitation toolkit used for network penetration testing. It serves as a centralized platform for coordinating remote agent communication and automating the delivery of security testing payloads to target systems. The project provides a suite of modules for host reconnaissance, lateral movement, and credential harvesting across corporate environments. It functions as a remote administration tool to maintain persistence and execute commands on compromised hosts. The framework incorporates capabilities for agent orchestration and the execution of specialized security modules. It includes methods for bypassing network detection and implementing evasion techniques to avoid discovery by security monitoring tools. - [dragonflydb/dragonfly](https://awesome-repositories.com/repository/dragonflydb-dragonfly.md) (30,688 ⭐) — Dragonfly is a high-performance, multi-model in-memory data store designed to serve as a drop-in replacement for existing database infrastructures. By utilizing a multi-threaded, shared-nothing architecture and a fiber-based concurrency model, it maximizes CPU utilization and minimizes latency for read and write operations. The system supports a wide range of data structures, including strings, hashes, lists, sets, sorted sets, and JSON documents, while maintaining full compatibility with standard industry wire protocols and client libraries. What distinguishes Dragonfly is its focus on efficiency and scalability through advanced memory management and request processing. It employs a lock-free, cache-friendly hash table structure and zero-copy serialization to reduce overhead during high-throughput operations. For durability, the system utilizes asynchronous, snapshot-based persistence that captures the state of the dataset without blocking active requests. Furthermore, it provides built-in support for horizontal scaling and cluster management, allowing for the distribution of large datasets across multiple nodes to ensure high availability. Beyond core storage, the platform includes a comprehensive suite of operational and analytical capabilities. It features integrated support for geospatial data management, real-time message brokering via publish-subscribe patterns, and full-text search. To handle massive datasets efficiently, the engine incorporates probabilistic data structures for cardinality estimation, frequency tracking, and membership testing. These features are complemented by robust administrative tools, including access control, request rate limiting, and detailed server monitoring. - [redcanaryco/atomic-red-team](https://awesome-repositories.com/repository/redcanaryco-atomic-red-team.md) (12,089 ⭐) — Atomic Red Team is an adversary simulation tool and detection validation suite designed to emulate attacker behaviors. It functions as a security control testing framework that uses a library of portable tests to verify if security monitoring and alerting systems correctly identify specific malicious techniques. The project serves as a MITRE ATT&CK emulation framework, mapping individual test executions to a standardized industry taxonomy of adversary behaviors. This mapping allows for the validation of security controls against the MITRE ATT&CK matrix to identify gaps in detection and response capabilities. The system covers security detection engineering and control verification by executing attack patterns through shell-based commands. These tests are defined as structured data files and can be run within containerized environments or via cloud-based development containers to ensure consistent results across different hosts. - [sbilly/awesome-security](https://awesome-repositories.com/repository/sbilly-awesome-security.md) (14,022 ⭐) — This project is a comprehensive, curated directory of cybersecurity resources, software, and documentation designed to support system and network protection. It serves as a centralized knowledge base and index for security professionals, aggregating industry-standard practices and open-source tools across a wide range of technical domains. The repository distinguishes itself by providing a structured collection of methodologies and frameworks for security operations. It covers critical areas including threat intelligence, digital forensics, infrastructure auditing, and vulnerability assessment management. By organizing these materials, the project assists in the discovery and implementation of solutions for network monitoring, incident response, and the maintenance of consistent security configurations across diverse environments. - [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and automated machine-to-machine workflows. It supports advanced authentication methods including hardware security keys, passkeys, and biometric unlocking, while simultaneously offering programmatic interfaces for injecting secrets directly into development pipelines and automated infrastructure deployments. This dual-purpose design allows teams to maintain strict data sovereignty through local hosting and containerized deployments while enforcing granular governance across their entire user base. Beyond core storage, the system includes extensive observability and compliance tools, such as immutable audit logging, credential risk analysis, and integration with external security information and event management platforms. It also facilitates secure collaboration through encrypted information sharing, emergency access delegation, and automated identity provisioning. The software is designed for flexible deployment across diverse infrastructure environments and includes command-line utilities for administrative tasks, bulk data migration, and secret retrieval. - [zachflower/awesome-open-source-supporters](https://awesome-repositories.com/repository/zachflower-awesome-open-source-supporters.md) (681 ⭐) — ⭐️ A curated list of companies that offer their services for free to Open Source projects - [fireeye/commando-vm](https://awesome-repositories.com/repository/fireeye-commando-vm.md) (7,668 ⭐) — Commando-VM is a Windows penetration testing distribution and offensive security toolkit. It provides a specialized virtual machine environment loaded with a curated suite of security auditing and exploitation tools designed for red teaming operations. The project facilitates the creation of red team infrastructure and security audit environments. It focuses on windows security auditing and penetration testing to help simulate adversary behavior and identify exploitable security flaws. The environment is established through script-based provisioning and modular toolset deployment. This process includes curated dependency mapping, windows-native tool integration, and post-installation configuration profiles to prepare the system for security assessments. - [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (13,114 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server. It supports flexible deployment models, allowing organizations to choose between managed cloud services or self-hosted infrastructure to meet specific data sovereignty and compliance requirements. Furthermore, the system integrates with external identity providers to streamline user provisioning and authentication, while offering advanced administrative controls for policy enforcement and security auditing. Beyond core storage, the platform provides extensive tools for DevOps and automated workflows, including command-line interfaces for secret injection and programmatic SDKs for custom integrations. It also includes robust collaboration features for secure data sharing, team resource management, and credential health monitoring to help organizations maintain a strong security posture. - [cockroachlabs/open-sourced-interview-process](https://awesome-repositories.com/repository/cockroachlabs-open-sourced-interview-process.md) (425 ⭐) — Open Sourced Interview Process - [flipper-xfw/xtreme-firmware](https://awesome-repositories.com/repository/flipper-xfw-xtreme-firmware.md) (9,887 ⭐) — Xtreme-Firmware is a custom operating system for the Flipper Zero designed to expand hardware capabilities and remove software restrictions. It functions as a multi-protocol signal emulator for capturing and replaying RFID, NFC, Sub-GHz, and Infrared signals to test hardware security. The project features a specialized USB HID attack framework for sending keystroke payloads and spoofing device identifiers over USB and Bluetooth. It also includes a WiFi penetration testing suite for scanning, sniffing, and sending deauthentication frames using a wireless development board. Broad capabilities cover radio frequency analysis, infrared remote bruteforcing, and access control code fuzzing. The system provides tools for hardware interface customization, including visual asset pack management and a progressive content unlocking system based on numerical levels. Additional utility is provided through a USB to UART bridging system and a built-in command line interface. - [lissy93/dashy](https://awesome-repositories.com/repository/lissy93-dashy.md) (24,026 ⭐) — Dashy is a configuration-driven dashboard designed for personal infrastructure management and self-hosted service monitoring. It functions as a centralized portal that aggregates web links, live infrastructure metrics, and application health status into a unified, searchable interface. By utilizing a structured schema, the platform allows users to define their entire layout, navigation, and widget configuration through version-controlled files, ensuring a portable and reproducible setup across different environments. The project distinguishes itself through a highly modular architecture that supports dynamic widget injection and flexible deployment strategies, ranging from containerized portals to static site hosting. It provides deep customization options, including interactive editors for interface adjustments, custom theme and icon support, and multi-page management for complex service environments. To maintain operational awareness, the dashboard performs continuous background polling of services and visualizes health data using accessible indicators designed for diverse user needs. Beyond basic navigation, the platform integrates advanced automation and security features to streamline workflows. It supports external identity provider integration and proxy-based authentication to secure sensitive configurations, while offering tools for encrypted state archiving and synchronization. Users can further enhance their experience through custom search shortcuts, keyboard-driven navigation, and content scheduling that adapts the interface layout based on time-based patterns. - [mahmoud/awesome-python-applications](https://awesome-repositories.com/repository/mahmoud-awesome-python-applications.md) (17,892 ⭐) — This project is a curated directory and reference library of open-source Python applications. It serves as a comprehensive index designed to help developers study real-world software architecture, design patterns, and practical implementation strategies through a diverse collection of community-driven projects. The repository distinguishes itself by focusing on the analysis of production-ready software patterns rather than providing a single tool. It offers a structured way to explore how complex features, such as modular plugin systems, configuration management, and various deployment strategies, are implemented in practice across different types of services. By cataloging these applications, the project provides a resource for understanding the full lifecycle of software development. This includes examining methods for packaging and distributing code, such as containerization and self-contained executable bundling, as well as observing how different projects handle data transformation, process management, and system integration. - [frohoff/ysoserial](https://awesome-repositories.com/repository/frohoff-ysoserial.md) (8,750 ⭐) — ysoserial is a security research tool and payload generator designed to identify and exploit insecure Java deserialization. It functions as a framework for creating malicious serialized objects that can trigger remote code execution on Java virtual machines. The project provides a library of known gadget chains, which are sequences of vulnerable class calls that achieve arbitrary command execution during the deserialization process. It automates the generation of these payloads by leveraging common third-party libraries. The tool covers capabilities for security penetration testing, Java application hardening, and remote code execution research. This includes the ability to generate serialized bytestreams and compose gadget chains to verify if an application's object input validation is correctly implemented. - [cfpb/open-source-project-template](https://awesome-repositories.com/repository/cfpb-open-source-project-template.md) (214 ⭐) — A project template containing default open source files for new projects - [open-source-society/computer-science](https://awesome-repositories.com/repository/open-source-society-computer-science.md) (0 ⭐) — Open Source Society University Path to a free self-taught education in Computer Science! - [mandiant/commando-vm](https://awesome-repositories.com/repository/mandiant-commando-vm.md) (7,667 ⭐) — Commando VM is a Windows-based penetration testing distribution and offensive security virtual machine. It serves as a toolset manager for deploying and maintaining a curated collection of security tools, scripts, and configurations designed for security auditing, red teaming, and adversary simulation. The project automates the provisioning of a specialized workstation by using PowerShell scripts and a modular repository to orchestrate the installation of offensive security software. It utilizes a community-driven package manager to handle dependency resolution and binary installations, ensuring a consistent environment for conducting network attacks and vulnerability research. The distribution further optimizes the host operating system through post-installation environment configurations, including system-wide registry changes and environment variable updates. These capabilities provide a dedicated infrastructure for performing formal security assessments and simulating advanced adversary tactics. - [eclipse-che/che](https://awesome-repositories.com/repository/eclipse-che-che.md) (7,151 ⭐) — This project is a Kubernetes-based cloud IDE platform that provisions and manages containerized development environments accessible via a web browser. It functions as a multi-tenant developer platform, enabling teams to launch standardized workspaces directly from Git repositories. The platform implements development environments as code, using declarative YAML configurations and DevContainer-compatible specifications to define toolsets, IDE settings, and runtime dependencies. This ensures repeatable setups through reusable environment templates and standardized workspace stacks, allowing for the automated installation of curated IDE extensions from public or private registries. The system covers a broad range of infrastructure capabilities, including role-based access control for multi-tenancy, persistent storage management via Kubernetes volume claims, and identity provider federation for enterprise authentication. It also includes administrative controls for cluster resource management, platform branding, and secure coding infrastructure for air-gapped networks. - [open-source-legal/opencontracts](https://awesome-repositories.com/repository/open-source-legal-opencontracts.md) (1,356 ⭐) — The open document intelligence platform for builders and hackers - DMS for the agentic world - [aboul3la/sublist3r](https://awesome-repositories.com/repository/aboul3la-sublist3r.md) (10,957 ⭐) — Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security library, exposing its core logic as a module for integration into custom automation scripts. Discovered network identifiers can be persisted to text files for external analysis. - [drizzle-team/drizzle-orm](https://awesome-repositories.com/repository/drizzle-team-drizzle-orm.md) (34,835 ⭐) — Drizzle ORM is a TypeScript-native database toolkit providing type-safe SQL query building, schema management, and automated migrations across PostgreSQL, MySQL, SQLite, and SingleStore. - [red/red](https://awesome-repositories.com/repository/red-red.md) (6,009 ⭐) — Red is a next-generation programming language strongly inspired by Rebol, but with a broader field of usage thanks to its native-code compiler, from system programming to high-level scripting and cross-platform reactive GUI, while providing modern support for concurrency, all in a zero-install, zero-config, single ~1MB file!