# Penetration Testing > Search results for `penetration testing` on awesome-repositories.com. 111 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/penetration-testing **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/penetration-testing).** ## Results - [greydgl/pentestgpt](https://awesome-repositories.com/repository/greydgl-pentestgpt.md) (11,697 ⭐) — PentestGPT is an autonomous security testing framework that leverages large language models to plan, execute, and coordinate end-to-end penetration testing engagements. By functioning as an autonomous agent, the system automates the entire testing lifecycle, from initial reconnaissance and vulnerability analysis to the generation of custom exploits and the execution of post-exploitation tasks. The platform distinguishes itself through a multi-agent orchestration system that coordinates specialized AI agents to collaborate on complex, multi-stage attack chains. It integrates multimodal context, synthesizing both visual and textual data to inform its decision-making process. To ensure consistency and continuity, the framework maintains persistent session state, allowing users to pause and resume assessments without losing critical context or progress. The system provides a comprehensive suite of capabilities for managing external security utilities, including the ability to parse raw command-line output into structured data for automated analysis. It operates within isolated, containerized environments to ensure that testing workflows remain reproducible and secure across diverse target architectures. - [packtpublishing/mastering-machine-learning-for-penetration-testing](https://awesome-repositories.com/repository/packtpublishing-mastering-machine-learning-for-penetration-testing.md) (372 ⭐) — Mastering Machine Learning for Penetration Testing, published by Packt - [z4nzu/hackingtool](https://awesome-repositories.com/repository/z4nzu-hackingtool.md) (77,515 ⭐) — This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating external repositories, allowing users to fetch and organize third-party tools directly into a structured local directory. By utilizing a categorized menu system and shell-based process execution, the suite enables efficient navigation and direct invocation of specialized tools for tasks ranging from forensic analysis and reverse engineering to exploit development. The toolkit covers a broad spectrum of security domains, including web and wireless attack vectors, cloud security, payload creation, and social media analysis. It also incorporates automated environment setup to handle the installation of necessary system packages and language runtimes, ensuring compatibility across its diverse collection of utilities. - [appwrite/appwrite](https://awesome-repositories.com/repository/appwrite-appwrite.md) (56,318 ⭐) — Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party services, databases, and external APIs through standardized interfaces. Developers can manage and automate the configuration of these backend resources using infrastructure-as-code tools, while granular role-based access control enforces security policies across all platform resources and API endpoints. Beyond its core services, the platform offers a broad capability surface that includes cross-platform data synchronization, event-driven webhooks, and comprehensive billing and usage monitoring. It supports extensive integrations for AI utilities, payment processing, messaging, and logging, allowing developers to extend application functionality through modular, event-driven workflows. The platform is designed for both managed and self-hosted deployments, providing tools for production environment optimization, data migration, and custom domain configuration. - [usestrix/strix](https://awesome-repositories.com/repository/usestrix-strix.md) (20,138 ⭐) — Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agnostic routing, it supports a wide range of local and cloud-based model providers, enabling users to tailor analysis depth and reasoning capabilities to their specific security requirements. This orchestration is complemented by the ability to inject structured knowledge packages into agents, allowing for highly targeted vulnerability research and customized testing methodologies. The system provides a broad capability surface that combines static code analysis with dynamic runtime testing. It includes integrated headless browser automation for simulating user behavior, proxy-based traffic interception for inspecting and replaying network communication, and infrastructure mapping tools for reconnaissance. These features are unified within a sandboxed environment that supports custom script execution, terminal access, and real-time telemetry export for auditing and reporting. The project is designed for integration into existing development workflows, offering features like incremental codebase analysis, secret detection, and pipeline-native exit code reporting. It provides a centralized interface for managing scan intensity, authenticated testing, and the generation of structured security reports with proof-of-concept evidence. - [clean-test/clean-test](https://awesome-repositories.com/repository/clean-test-clean-test.md) (54 ⭐) — A modern C++-20 testing framework. - [fortra/impacket](https://awesome-repositories.com/repository/fortra-impacket.md) (15,467 ⭐) — Impacket is a collection of Python classes designed for the construction, manipulation, and analysis of low-level network packets and services. It functions as a framework for building custom network tools, providing a programmatic interface to interact with communication protocols and service architectures. The library provides primitives for managing authentication, session state, and remote procedure calls within network environments. By offering a modular class hierarchy, it allows for the assembly of network packets and the implementation of specialized communication stacks. The project supports the development of scripts for network protocol research, security assessment automation, and the administration of remote services. It includes a suite of tools for interacting with and testing various network services, particularly those common in Windows environments. - [test-bench/test-bench](https://awesome-repositories.com/repository/test-bench-test-bench.md) (73 ⭐) — Principled Test Framework for Ruby and MRuby - [s0md3v/xsstrike](https://awesome-repositories.com/repository/s0md3v-xsstrike.md) (14,752 ⭐) — XSStrike is an automated security scanning engine designed for web application discovery, input - [denoland/deno](https://awesome-repositories.com/repository/denoland-deno.md) (107,110 ⭐) — Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system, network, and environment variables. The runtime natively supports modern web-standard APIs, ensuring consistent behavior and portability across different environments. What distinguishes Deno is its integrated approach to the software development lifecycle. It bundles essential utilities—including a formatter, linter, test runner, and dependency manager—directly into the runtime, eliminating the need for external build tools or complex transpilation steps. The platform features a universal module resolution system that supports remote HTTPS URLs, local paths, and standard package registries, all backed by lockfiles to ensure build determinism and supply chain security. Beyond its core runtime capabilities, Deno includes a built-in, persistent key-value database engine that supports atomic transactions and reactive data monitoring. It also provides a robust compatibility layer for the Node.js ecosystem, allowing for the seamless execution of legacy modules and native binary addons. For multi-tenant or distributed applications, the runtime offers isolated sandbox environments that manage resource constraints and security boundaries, facilitating secure code execution in shared infrastructure. The project is distributed as a single binary, providing a unified toolchain for managing dependencies, executing tasks, and configuring runtime security policies. - [beefproject/beef](https://awesome-repositories.com/repository/beefproject-beef.md) (10,728 ⭐) — BeEF is a modular security testing environment designed for browser exploitation and web application auditing. It functions as a platform for security professionals to evaluate client-side defenses by injecting persistent scripts into web browsers, establishing a bidirectional communication channel for remote command execution and data exfiltration. The framework distinguishes itself through its ability to use compromised browser sessions as proxies to conduct internal network reconnaissance, effectively bypassing perimeter security controls. It utilizes an event-driven control interface and asynchronous command queuing to manage multiple hooked sessions, allowing for the coordination of complex, multi-stage assessment workflows. The system supports a modular architecture that enables the development of custom plugins and automated rules to extend its core testing capabilities. It includes comprehensive administrative controls, such as role-based access control, authentication rate limiting, and network access restrictions, to secure the testing environment and manage component lifecycles. - [testing-library/react-testing-library](https://awesome-repositories.com/repository/testing-library-react-testing-library.md) (19,606 ⭐) — 🐐 Simple and complete React DOM testing utilities that encourage good testing practices. - [boostorg/test](https://awesome-repositories.com/repository/boostorg-test.md) (209 ⭐) — The reference C++ unit testing framework (TDD, xUnit, C++03/11/14/17) - [leptos-rs/leptos](https://awesome-repositories.com/repository/leptos-rs-leptos.md) (20,142 ⭐) — Leptos is a full-stack Rust web framework designed for building reactive applications that share logic and types between the server and the browser. It provides a comprehensive toolkit for developing web interfaces where specific DOM nodes update automatically in response to changes in underlying reactive signals, rather than re-rendering entire component trees. The framework distinguishes itself through a fine-grained reactivity model that tracks dependencies at the individual data point level. It utilizes compile-time template transformation to convert declarative HTML-like syntax into optimized imperative instructions, and supports isomorphic server-side rendering with streaming HTML delivery. By employing component-based hydration islands, it minimizes the amount of JavaScript sent to the client, attaching interactivity only where necessary. Beyond its core rendering model, the project covers a broad surface of full-stack capabilities, including type-safe remote procedure calls that allow client-side code to invoke server-side functions directly. It integrates asynchronous data management, nested routing, and state synchronization between the server and client, while providing tools for managing component lifecycles and memory through a reactive ownership tree. The framework includes a CLI for bootstrapping projects, orchestrating full-stack builds, and automating development cycles with live recompilation. It is documented to support various deployment strategies, including static hosting, containerized server-side applications, and serverless environments. - [ffuf/ffuf](https://awesome-repositories.com/repository/ffuf-ffuf.md) (15,618 ⭐) — This tool is a command-line utility designed for automated web resource discovery, fuzzing, and application structure mapping. It functions as a security-focused scanner that identifies hidden files, directories, parameters, and virtual hosts by injecting payloads into HTTP requests. By systematically testing how servers handle various inputs, it assists in mapping the architecture of web applications and uncovering potential security vulnerabilities. The tool distinguishes itself through a highly concurrent engine that manages asynchronous request execution and recursive job orchestration. It allows for granular control over the fuzzing process, including pipeline-based payload mutation, dynamic input encoding, and the ability to integrate external tools for custom payload generation. Users can manage scan intensity through precise traffic rate controls and interactive execution adjustments, ensuring stability while navigating target defenses. Beyond core discovery, the software provides extensive observability and reporting capabilities. It supports logic-based response filtering to isolate relevant findings from noise, audit logging for verifiable testing trails, and structured data export in formats like JSON and CSV. The tool also accommodates secure testing environments through support for client-side certificate authentication and persistent configuration management for standardized testing workflows. - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data integrity and collaborative growth by utilizing version-controlled knowledge management and template-driven content generation, ensuring that the research remains current and consistent across a wide range of technical domains. The project covers a broad capability surface, including detailed references for web application security, database injection, insecure deserialization, and AI model security testing. It also aggregates external resources, such as research papers and third-party tools, to provide a holistic view of modern threat analysis and defensive research. The documentation is organized as a hierarchical tree of markdown files, designed for easy navigation and reference during active security engagements. - [honojs/hono](https://awesome-repositories.com/repository/honojs-hono.md) (30,994 ⭐) — Hono is a lightweight web framework built on Web Standard APIs that executes across JavaScript runtimes including Cloudflare Workers, Deno, Bun, and Node.js. - [jozanza/pico-test](https://awesome-repositories.com/repository/jozanza-pico-test.md) (45 ⭐) — ⚡ PICO-8 testing framework - [filamentphp/filament](https://awesome-repositories.com/repository/filamentphp-filament.md) (31,128 ⭐) — Filament is a full-stack framework for building administrative panels and management interfaces within the Laravel ecosystem. It provides a declarative, component-based architecture that allows developers to construct complex, data-driven applications using server-side configuration objects rather than manual HTML. By inspecting database model structures and relationships, the framework automates the generation of CRUD interfaces, forms, and data tables, significantly reducing boilerplate code. The project distinguishes itself through a highly modular and extensible design that supports custom plugins, themes, and specialized dashboard widgets. It features a fluent, object-oriented API for defining UI components, validation rules, and data persistence logic, while maintaining application state between the browser and server over a persistent connection. Developers can further customize the interface through dynamic configuration, custom Blade view embedding, and a comprehensive system for managing user identity, multi-tenancy, and role-based access control. Beyond core CRUD capabilities, the framework includes advanced tools for data presentation, such as interactive charts, statistical summaries, and global search functionality. It also provides robust support for complex data entry, including multistep wizards, repeatable form blocks, and file management. The system is designed for reliability, offering built-in observability, automated testing helpers, and performance optimizations like asset scoping and client-side navigation. The framework is distributed as a set of packages that integrate directly into existing Laravel applications, with command-line utilities available to scaffold resources and administrative components. - [palkan/test-prof](https://awesome-repositories.com/repository/palkan-test-prof.md) (2,036 ⭐) — Ruby Tests Profiling Toolbox - [htr-tech/zphisher](https://awesome-repositories.com/repository/htr-tech-zphisher.md) (15,416 ⭐) — Zphisher is a security testing framework designed for conducting authorized social engineering assessments and penetration testing. It functions as a credential harvesting simulator that enables security professionals to evaluate organizational defenses and user awareness by deploying deceptive login interfaces. The platform automates the creation of realistic web pages through dynamic template rendering and provides tools to mask destination addresses. It integrates reverse proxy tunneling to expose local testing services to the public internet, allowing for remote access during security audits without requiring modifications to network firewall configurations. The tool supports the simulation of credential harvesting attacks to measure vulnerability within authentication workflows. It is packaged to ensure consistent execution across different host environments, facilitating the deployment of controlled testing infrastructure for security awareness training. - [sqlmapproject/sqlmap](https://awesome-repositories.com/repository/sqlmapproject-sqlmap.md) (37,676 ⭐) — This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuristic fingerprinting, which adjusts injection techniques in real-time based on server responses. It supports advanced post-exploitation capabilities, including remote command execution on the underlying host operating system and file system access through database-level vulnerabilities. To navigate restricted environments, the software incorporates out-of-band data exfiltration channels and a middleware pipeline for applying user-defined transformations to bypass security filters and web application firewalls. The suite covers a broad range of operational requirements, including stateful session management, anti-CSRF token handling, and extensive request customization. It supports various target specification methods, such as proxy log analysis and remote API management, while offering granular control over scan performance and detection thresholds. The software is distributed as a command-line application, with configuration management supported through external file loading and command-line arguments. - [crewaiinc/crewai](https://awesome-repositories.com/repository/crewaiinc-crewai.md) (53,687 ⭐) — CrewAI is a multi-agent orchestration framework designed for building autonomous systems that execute complex, multi-step workflows. It provides a development platform where specialized agents are defined with specific roles, goals, and tool sets to perform tasks collaboratively. By leveraging a declarative workflow engine, the system manages task dependencies, state transitions, and execution logic, allowing for the creation of structured, stateful sequences of operations. The framework distinguishes itself through its hierarchical management capabilities, which utilize manager agents to coordinate specialist teams, delegate tasks, and oversee project execution. It incorporates a persistent memory architecture that enables agents to retain context and perform semantic searches across long-running operations. Furthermore, the system supports robust production-ready applications by enforcing schema-based output validation and providing execution checkpointing, which allows for mid-flight resumption and the replaying of specific tasks to debug or refine processes. Beyond its core orchestration, the project offers a comprehensive suite of developer utilities for managing agent performance and workflow reliability. This includes tools for training agents through iterative cycles, monitoring system events via a central execution bus, and visualizing workflow structures. The platform also features a provider-agnostic interface for integrating external APIs and utilities, ensuring that agents can interact with diverse real-world services while maintaining consistent data structures throughout the execution lifecycle. - [klen/nvim-test](https://awesome-repositories.com/repository/klen-nvim-test.md) (198 ⭐) — A Neovim wrapper for running tests - [flutter/flutter](https://awesome-repositories.com/repository/flutter-flutter.md) (176,956 ⭐) — This project is a multi-platform UI framework designed for building applications that target mobile, web, and desktop environments from a single codebase. It utilizes a declarative paradigm where the user interface is defined as a function of application state, supported by a layered architecture that includes a high-performance rendering engine and a multi-platform compilation model. The framework provides a comprehensive suite of developer tools, including hot reloading for real-time code injection and diagnostic utilities for monitoring application state and performance. It features a modular component system, a constraint-based layout engine, and built-in support for navigation, localization, and accessibility. Developers can extend functionality through a native integration model that supports platform-specific APIs, foreign function interfaces, and a package management system for dependency distribution. Beyond core UI development, the project includes infrastructure for application packaging and distribution across various app stores and web environments. It also incorporates concurrency models for background task management, security utilities for code obfuscation, and tools for integrating generative AI into the development workflow. - [patch/i18n-testing](https://awesome-repositories.com/repository/patch-i18n-testing.md) (67 ⭐) — International data for testing and QA - [angular/angular](https://awesome-repositories.com/repository/angular-angular.md) (100,360 ⭐) — Angular is a platform for building web applications using a component-based architecture. It provides a comprehensive suite of tools for managing encapsulated UI units, including hierarchical dependency injection, a declarative template system, and fine-grained reactivity through signals. The framework supports complex application requirements such as client-side routing, form management, and internationalization. The project includes a command-line interface for scaffolding and build automation, alongside a testing ecosystem for unit and integration verification. It offers multiple rendering strategies, including server-side rendering and static site generation, with support for hydration processes to optimize application delivery. Additionally, the framework features a built-in animation suite and security mechanisms to handle common web vulnerabilities. - [threat9/routersploit](https://awesome-repositories.com/repository/threat9-routersploit.md) (13,150 ⭐) — Routersploit is a penetration testing framework designed for the security assessment of embedded network devices and routers. It functions as a comprehensive tool for auditing hardware configurations and testing network protocols to identify and verify security vulnerabilities. The framework utilizes a modular plugin architecture that allows for the dynamic loading of exploit and scanner modules. It provides a centralized command interface that manages target state and executes controlled payloads, enabling the automation of security testing across diverse network hardware. The platform covers a broad range of capabilities, including the identification of network weaknesses and the execution of protocol-specific payload injections. It employs asynchronous scanning and pattern-based response parsing to analyze active services and firmware configurations for potential security risks. - [thejambo/awesome-testing](https://awesome-repositories.com/repository/thejambo-awesome-testing.md) (2,290 ⭐) — A curated list of testing resources - [hacktricks-wiki/hacktricks](https://awesome-repositories.com/repository/hacktricks-wiki-hacktricks.md) (11,656 ⭐) — HackTricks is a comprehensive cybersecurity knowledge base and wiki designed to support ethical hacking, penetration testing, and infrastructure security auditing. It serves as a structured reference guide for security professionals, providing detailed documentation on common vulnerabilities, attack vectors, and remediation strategies across diverse software and network environments. The project distinguishes itself by offering actionable methodologies for identifying and analyzing security flaws. It functions as a centralized repository for security research, enabling practitioners to study the mechanics of cyber threats and apply systematic techniques during authorized system assessments. The content is maintained through a static site generation process that converts markdown files into an interlinked collection of HTML pages. This architecture utilizes a hierarchical file structure for navigation and includes a client-side search index to facilitate information retrieval without requiring server-side processing. - [hoppscotch/hoppscotch](https://awesome-repositories.com/repository/hoppscotch-hoppscotch.md) (79,546 ⭐) — Hoppscotch is an open-source API development ecosystem designed for building, testing, and debugging REST, GraphQL, and real-time APIs. It provides a unified platform that functions across web browsers, desktop applications, and command-line interfaces, allowing developers to manage the entire API lifecycle from a single environment. The platform distinguishes itself through a highly interactive, command-driven interface that utilizes a global spotlight palette and keyboard shortcuts to streamline complex workflows. It supports advanced request manipulation and validation by executing JavaScript-based scripts and assertions within a sandboxed runtime. Furthermore, it integrates AI-assisted tools to automate the generation of request payloads, test scripts, and documentation, while maintaining compatibility with existing API definitions and collections from other formats. Beyond core testing capabilities, the project offers a collaborative workspace for teams to organize, share, and synchronize API collections and environment variables. It includes robust support for diverse authorization methods, proxy interception for network requests, and enterprise-grade features such as SCIM user provisioning and activity auditing. The software is available for self-hosted deployment via containerized architectures, ensuring consistent behavior across various production and development environments. - [elm-explorations/test](https://awesome-repositories.com/repository/elm-explorations-test.md) (243 ⭐) — Write unit and fuzz tests for Elm code. - [disneystreaming/weaver-test](https://awesome-repositories.com/repository/disneystreaming-weaver-test.md) (443 ⭐) — A test framework that runs everything in parallel. - [jellyfin/jellyfin](https://awesome-repositories.com/repository/jellyfin-jellyfin.md) (53,338 ⭐) — Jellyfin is a self-hosted media server that organizes digital media collections and streams content to various client devices over a local or remote network. It utilizes a client-server architecture that separates media processing and storage from user interfaces, communicating through a standardized web-based application programming interface. The platform is designed for cross-platform hosting, running consistently across Linux, Windows, and macOS through native binaries or containerized environments. It features a hardware-accelerated transcoding engine that offloads intensive video conversion tasks to dedicated graphics hardware, optimizing playback performance and reducing processor utilization. Additionally, the system includes a modular plugin architecture that allows for dynamic feature expansion by integrating third-party extensions. The software supports a range of administrative and deployment capabilities, including database-backed state management for user preferences and media metadata, as well as discovery-protocol-based networking for automatic client identification. It provides tools for monitoring server health, managing network port configurations, and organizing connected devices. Installation is supported through various methods, including pre-built container images, automated scripts for Linux distributions, and binary packages for Windows and macOS. - [carpedm20/awesome-hacking](https://awesome-repositories.com/repository/carpedm20-awesome-hacking.md) (15,722 ⭐) — This project is a comprehensive, community-curated directory of cybersecurity resources, tools, and educational materials. It functions as a centralized index for researchers and students to discover frameworks and utilities across the entire security lifecycle, ranging from initial vulnerability assessment to post-exploitation analysis. The repository distinguishes itself through a hierarchical taxonomy that organizes diverse security disciplines into a searchable, version-controlled knowledge base. Rather than hosting software directly, it utilizes a decentralized aggregation model that links to external platforms, training environments, and specialized toolkits, ensuring the index remains current through community-driven contributions. The collection covers a broad spectrum of security domains, including automated vulnerability scanning, network traffic analysis, and digital forensics. It also provides access to specialized resources for binary reverse engineering, penetration testing training, and competitive platforms such as capture-the-flag events and bug bounty programs. All information is maintained in a lightweight, markdown-based format, allowing for rapid navigation and reference within the repository. - [apsdehal/awesome-ctf](https://awesome-repositories.com/repository/apsdehal-awesome-ctf.md) (11,614 ⭐) — This project is a comprehensive directory of software utilities, frameworks, and educational resources designed for cybersecurity competitions and offensive security research. It serves as a centralized index for tools used in cryptography, forensics, reverse engineering, and web exploitation, while providing structured materials for training and skill development. The repository distinguishes itself through a community-driven maintenance model that aggregates and organizes technical resources into a searchable, hierarchical structure. It facilitates knowledge transfer by cataloging expert problem-solving methodologies and writeups, enabling users to discover specialized toolchains and infrastructure configurations for both participating in and hosting competitive hacking events. Beyond its role as a directory, the project covers a broad capability surface including the deployment of isolated lab environments and the configuration of automated systems for security research. It provides access to frameworks for vulnerability analysis, credential testing, and the orchestration of simulated attack scenarios. The collection is maintained as an open-source resource, allowing for collaborative updates to ensure the relevance of its indexed tools and documentation. - [helm/chart-testing](https://awesome-repositories.com/repository/helm-chart-testing.md) (1,632 ⭐) — CLI tool for linting and testing Helm charts - [elysiajs/elysia](https://awesome-repositories.com/repository/elysiajs-elysia.md) (18,531 ⭐) — Elysia is a high-performance TypeScript web framework designed for building type-safe backend services. It provides a modular, plugin-based architecture that allows developers to compose server logic, middleware, and validation schemas into scalable application instances. By leveraging native web standards, the framework ensures portability across diverse JavaScript runtimes, including Node.js, Deno, and various edge computing environments. The framework distinguishes itself through its focus on end-to-end type safety, automatically synchronizing request and response definitions between the server and client. It features a sophisticated plugin system that enables granular control over the request lifecycle, allowing for scoped validation, dependency injection, and shared state management. Additionally, it includes built-in support for real-time communication via WebSockets and provides automated generation of interactive API documentation directly from server routes. Beyond its core routing and validation capabilities, the framework offers a comprehensive suite of tools for managing the request-response lifecycle, including custom payload parsing, reactive cookie management, and streaming responses. It also integrates observability features such as request tracing and performance monitoring, alongside testing utilities that allow for in-memory request simulation without requiring a live network connection. The project is designed for flexibility in deployment, supporting everything from standard server environments to serverless and edge platforms, with options for bundling applications into portable binaries. - [sundowndev/hacker-roadmap](https://awesome-repositories.com/repository/sundowndev-hacker-roadmap.md) (15,081 ⭐) — Hacker Roadmap is a community-driven repository that functions as a structured learning path and resource directory for cybersecurity and ethical hacking. It organizes complex security concepts into sequential modules, guiding users from fundamental knowledge to advanced technical exploitation skills through a curated collection of educational materials and professional development resources. The project distinguishes itself by acting as a centralized index that maps specialized third-party security software and isolated training environments to specific operational use cases. By aggregating technical advisories, documentation, and research materials, it provides a comprehensive hub for practitioners to refine their expertise in penetration testing, network infrastructure risk assessment, and web application security auditing. The platform covers a broad capability surface, including tools for vulnerability scanning, password auditing, and network traffic analysis. It supports the security community by facilitating the contribution of new learning resources and providing access to interactive, challenge-based environments where users can practice defensive and offensive techniques in controlled settings. - [weld/weld-testing](https://awesome-repositories.com/repository/weld-weld-testing.md) (115 ⭐) — Set of test framework extensions (JUnit 4, JUnit 5, Spock) to enhance the testing of CDI components via Weld. Supports Weld 5. - [fastapi/fastapi](https://awesome-repositories.com/repository/fastapi-fastapi.md) (99,260 ⭐) — FastAPI is a web framework for building APIs with Python. It leverages standard language type hints to provide automatic data validation, request parsing, and interactive API documentation generation. The framework supports asynchronous request handling and manages execution contexts to prevent blocking the main event loop. The project includes a dependency injection system that allows for the resolution and injection of reusable components into request handlers. This system supports request-scoped caching, lifecycle management, and integration with security mechanisms like OAuth2 and JSON Web Tokens. Developers can organize applications into modular routers and mount sub-applications to manage complex routing logic. Infrastructure features include middleware support for cross-origin resource sharing, background task management, and static file serving. The framework automatically generates OpenAPI specifications for defined endpoints, which can be customized through metadata and schema extensions. Testing utilities are provided to simulate HTTP and WebSocket connections, allowing for isolated verification of application behavior. - [guhilling/cdi-test](https://awesome-repositories.com/repository/guhilling-cdi-test.md) (29 ⭐) — JUnit extension for easy and efficient testing of CDI components - [rapid7/metasploit-framework](https://awesome-repositories.com/repository/rapid7-metasploit-framework.md) (38,415 ⭐) — The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to manage high-performance, concurrent network connections and features a transport-agnostic communication layer that abstracts protocols to maintain persistent command and control. Users can extend the core functionality through a plugin system and define complex exploit logic using a domain-specific language. The framework provides robust capabilities for remote payload management, including the configuration of network settings like sleep intervals and timeout thresholds. It maintains state persistence across long-running sessions by storing discovered host information and vulnerability data in a relational database. The software is designed for cross-platform deployment, with installation support available for Linux, macOS, and Windows environments. - [fastapi/typer](https://awesome-repositories.com/repository/fastapi-typer.md) (18,871 ⭐) — This project is a Python framework for building command-line interfaces by converting standard functions into executable programs. It uses type hints to automatically infer and generate argument parsers, validation logic, and help documentation, allowing developers to define complex terminal applications through simple function signatures. The framework distinguishes itself through a decorator-driven registration system that enables the construction of hierarchical command trees. It supports dependency injection to manage shared state and runtime configuration across subcommands, and it utilizes reflective metadata inspection to dynamically build help screens and parameter configurations. Beyond core parsing, the library provides a comprehensive suite of tools for terminal interaction, including support for interactive prompts, secure input collection, and visual feedback like progress indicators. It also handles advanced system integration tasks such as generating shell completion scripts, reading configuration from environment variables, and formatting terminal output with custom styling. The project is designed to be installed as a standard Python package, enabling developers to expose command-line entry points directly from their modules. - [keygraphhq/shannon](https://awesome-repositories.com/repository/keygraphhq-shannon.md) (44,672 ⭐) — Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applications to confirm vulnerabilities. It utilizes graph-based data flow analysis to trace execution paths from user inputs to sensitive sinks, ensuring that security findings are based on reachable threats rather than raw scan results. By operating in isolated or air-gapped environments, the system maintains strict data sovereignty and residency, ensuring that source code and sensitive analysis data remain within the local perimeter. Beyond core testing, the platform provides comprehensive security observability and supply chain auditing. It correlates static code analysis with dynamic runtime exploitation to provide a unified view of risk, while automatically deduplicating findings to reduce alert noise. The system also supports the software supply chain by generating compliant manifests and inspecting container images without requiring a local container runtime. The platform integrates directly into existing development workflows, delivering verified patches to source control and synchronizing remediation status with external project management tools. It includes robust support for compliance reporting, audit trails, and risk acceptance management to meet regulatory requirements. - [actix/actix-web](https://awesome-repositories.com/repository/actix-actix-web.md) (24,421 ⭐) — Actix Web is an asynchronous web framework designed for building high-performance network services. It provides a foundation for processing concurrent requests through a non-blocking execution model, utilizing an actor-based concurrency system to manage lightweight processes and message passing. The framework includes a low-level networking layer that handles the parsing and serialization of HTTP traffic according to standard specifications. The framework distinguishes itself through a type-safe routing engine that enforces strict data types at compile time, ensuring that request parameters align with handler signatures. It employs a middleware-based pipeline for modular request processing and utilizes zero-copy buffer management to minimize memory overhead by passing references to data rather than duplicating payloads. Additionally, it supports real-time bidirectional communication through persistent connections and provides a standardized approach to error management, allowing developers to map internal failures to specific HTTP responses. The project covers a broad range of capabilities, including modular route orchestration for scaling complex applications and comprehensive tools for logging and defining custom error responses. Documentation and learning resources are available to assist with server initialization, request handling, and the implementation of persistent network connections. - [mlsecproject/tiq-test](https://awesome-repositories.com/repository/mlsecproject-tiq-test.md) (179 ⭐) — Threat Intelligence Quotient Test - Dataviz and Statistical Analysis of TI feeds - [vulhub/vulhub](https://awesome-repositories.com/repository/vulhub-vulhub.md) (20,279 ⭐) — Vulhub is a collection of pre-configured, containerized applications designed to serve as a standardized platform for security research, vulnerability testing, and educational exploitation exercises. It functions as an orchestration framework that enables users to deploy isolated software environments for the purpose of practicing penetration testing and analyzing common security flaws in a controlled setting. The project utilizes an infrastructure-as-code pattern to define complex, multi-service software stacks, ensuring that testing targets remain consistent and reproducible. By leveraging declarative service orchestration, it automates the startup sequence and network connectivity of interconnected containers, allowing researchers to simulate realistic, vulnerable application architectures. The environment lifecycle is ephemeral, providing automated tools to create, manage, and destroy instances to maintain a clean state across research sessions. Beyond its core deployment capabilities, the platform supports a range of workflows including security tooling validation, vulnerability analysis, and hands-on security training. Users can monitor container health, inspect application logs, and modify internal configurations to perform deep analysis of specific software components. The repository is structured to facilitate the rapid setup of standardized targets for testing and educational purposes. - [davila7/claude-code-templates](https://awesome-repositories.com/repository/davila7-claude-code-templates.md) (20,933 ⭐) — Claude Code Templates is a comprehensive framework for orchestrating specialized AI agents and automating development workflows within local environments. It provides a structured system for defining, configuring, and deploying AI personas that handle specific technical tasks, ranging from backend architecture and frontend implementation to security auditing and infrastructure management. The project distinguishes itself through a configuration-driven approach that allows teams to standardize development environments and share reusable agent definitions across projects. It includes a robust CLI toolkit for managing the entire agent lifecycle, from discovery and installation to execution and performance monitoring. By utilizing standardized protocols and modular function definitions, it enables seamless integration of external services and local tools into the assistant's capabilities. Beyond core agent management, the platform offers extensive support for workflow automation, including event-driven hooks, custom slash commands, and automated testing pipelines. It incorporates security-focused features such as granular permission enforcement, sandbox execution environments, and automated secret scanning to ensure safe operation. The system also provides observability tools, including real-time dashboards for tracking agent performance, token usage, and conversation history. - [sindresorhus/speed-test](https://awesome-repositories.com/repository/sindresorhus-speed-test.md) (3,948 ⭐) — Test your internet connection speed and ping using speedtest.net from the CLI