# Intentionally Vulnerable Cloud Environments > Search results for `vulnerable cloud environments to practice cloud hacking` on awesome-repositories.com. 119 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/vulnerable-cloud-environments-to-practice-cloud-hacking **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/vulnerable-cloud-environments-to-practice-cloud-hacking).** ## Results - [prowler-cloud/prowler](https://awesome-repositories.com/repository/prowler-cloud-prowler.md) (13,049 ⭐) — Prowler is an automated cloud infrastructure security scanner and posture management tool. It evaluates cloud environments and infrastructure-as-code templates against security benchmarks to identify misconfigurations, vulnerabilities, and compliance gaps that could compromise system integrity. The platform distinguishes itself through graph-based attack path analysis, which identifies chains of misconfigurations that create exploitable routes for unauthorized access. It utilizes a plugin-based execution model to perform state-based assessments of live environments and static analysis of configuration files, ensuring security coverage across the entire development lifecycle. The tool provides comprehensive capabilities for continuous security integration, allowing teams to automate compliance reporting by mapping findings to regulatory frameworks. It supports risk prioritization and provides actionable remediation guidance, while enabling the integration of security data into external incident management and monitoring systems through automated reporting pipelines. - [apsdehal/awesome-ctf](https://awesome-repositories.com/repository/apsdehal-awesome-ctf.md) (11,614 ⭐) — This project is a comprehensive directory of software utilities, frameworks, and educational resources designed for cybersecurity competitions and offensive security research. It serves as a centralized index for tools used in cryptography, forensics, reverse engineering, and web exploitation, while providing structured materials for training and skill development. The repository distinguishes itself through a community-driven maintenance model that aggregates and organizes technical resources into a searchable, hierarchical structure. It facilitates knowledge transfer by cataloging expert problem-solving methodologies and writeups, enabling users to discover specialized toolchains and infrastructure configurations for both participating in and hosting competitive hacking events. Beyond its role as a directory, the project covers a broad capability surface including the deployment of isolated lab environments and the configuration of automated systems for security research. It provides access to frameworks for vulnerability analysis, credential testing, and the orchestration of simulated attack scenarios. The collection is maintained as an open-source resource, allowing for collaborative updates to ensure the relevance of its indexed tools and documentation. - [dragondrop-cloud/cloud-concierge](https://awesome-repositories.com/repository/dragondrop-cloud-cloud-concierge.md) (245 ⭐) — "Terraform best practices as a Pull Request." Codify resources outside of Terraform control, detect drift, estimate cloud costs, identify security risks, and more. - [alibaba/spring-cloud-alibaba](https://awesome-repositories.com/repository/alibaba-spring-cloud-alibaba.md) (29,113 ⭐) — Spring Cloud Alibaba is a microservices orchestration framework that provides a standardized programming model for building distributed systems. It functions as a cloud-native integration layer, bridging enterprise application frameworks with distributed infrastructure to manage service discovery, traffic control, and state consistency across complex, multi-part application environments. The framework distinguishes itself through specialized components for managing distributed operations, including aspect-oriented traffic control that enforces flow rules, circuit breaking, and rate limiting at the application layer. It facilitates reliable communication through service-discovery-based orchestration for load balancing and an event-driven message bus for asynchronous data exchange. Furthermore, it supports data integrity across heterogeneous databases by coordinating global transaction lifecycles through a centralized transaction manager. Beyond these core orchestration capabilities, the project simplifies system maintenance by providing real-time distributed configuration synchronization and standardized dependency management. By utilizing a centralized manifest for version control, it ensures compatibility and stability across all integrated cloud-native service components. - [cloud-custodian/cloud-custodian](https://awesome-repositories.com/repository/cloud-custodian-cloud-custodian.md) (6,011 ⭐) — Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources - [vulhub/vulhub](https://awesome-repositories.com/repository/vulhub-vulhub.md) (20,279 ⭐) — Vulhub is a collection of pre-configured, containerized applications designed to serve as a standardized platform for security research, vulnerability testing, and educational exploitation exercises. It functions as an orchestration framework that enables users to deploy isolated software environments for the purpose of practicing penetration testing and analyzing common security flaws in a controlled setting. The project utilizes an infrastructure-as-code pattern to define complex, multi-service software stacks, ensuring that testing targets remain consistent and reproducible. By leveraging declarative service orchestration, it automates the startup sequence and network connectivity of interconnected containers, allowing researchers to simulate realistic, vulnerable application architectures. The environment lifecycle is ephemeral, providing automated tools to create, manage, and destroy instances to maintain a clean state across research sessions. Beyond its core deployment capabilities, the platform supports a range of workflows including security tooling validation, vulnerability analysis, and hands-on security training. Users can monitor container health, inspect application logs, and modify internal configurations to perform deep analysis of specific software components. The repository is structured to facilitate the rapid setup of standardized targets for testing and educational purposes. - [frappe/erpnext](https://awesome-repositories.com/repository/frappe-erpnext.md) (35,726 ⭐) — ERPNext is a comprehensive enterprise resource planning suite designed to integrate core organizational functions, including accounting, inventory, human resources, and project management, into a single unified platform. It operates as a metadata-driven business application, where data structures and application logic are defined through configuration rather than hard-coded programming to facilitate rapid customization. The system distinguishes itself through a robust security and governance framework that enforces granular, role-based access control across all document operations. It features a dedicated data privacy layer that performs field-level masking, intercepting and transforming sensitive information at the application level based on user authorization. This ensures that private data remains protected while maintaining full operational functionality for authorized staff. The platform manages business processes through an event-driven workflow engine that triggers automated tasks and notifications based on document status changes. Its document-oriented persistence layer handles relationships and validation logic centrally, while server-side hooks allow for the injection of custom logic into the document lifecycle. The system is documented and distributed as a configurable framework for managing complex organizational data. - [zankner/cloud](https://awesome-repositories.com/repository/zankner-cloud.md) (0 ⭐) — C ritique-out- Loud Reward Models (CLoud) - [webgoat/webgoat](https://awesome-repositories.com/repository/webgoat-webgoat.md) (9,160 ⭐) — WebGoat is a deliberately insecure web application designed as an interactive security lab for learning how to identify and exploit common web vulnerabilities. It serves as a containerized sandbox that allows for the simulation and experimentation of web-based attacks and penetration testing techniques without risking production systems. The project functions as a learning lab that maps specific insecure coding patterns to structured lessons. It implements simulated server-side flaws to provide a hands-on environment for studying common security vulnerabilities and defensive coding practices. The application supports deployment through isolated containers and browser-based desktop virtualization to ensure a consistent attack surface. It includes capabilities for managing lesson availability and tracking user progress across the various vulnerable application components. - [grafana/grafana](https://awesome-repositories.com/repository/grafana-grafana.md) (74,456 ⭐) — Grafana is an observability data platform designed to aggregate metrics, logs, and traces from diverse sources into a unified environment. It functions as a centralized interface for visualizing complex telemetry data, transforming raw streams into interactive dashboards that support real-time system health tracking and performance monitoring. The platform distinguishes itself through a plugin-based modular architecture that integrates disparate databases, cloud services, and monitoring tools via a standardized data abstraction layer. This framework allows for the dynamic loading of external components to support varied data sources and visualization types without requiring modifications to the core codebase. Additionally, the system incorporates a rule-based alerting engine that evaluates incoming data streams against defined thresholds to trigger automated notifications for incident response. Beyond its core visualization and alerting capabilities, the platform provides tools for infrastructure performance monitoring and operational data analysis. It utilizes a declarative, component-driven interface to manage dashboard states and a compiled backend to process high-throughput queries and API requests. The system maintains configuration persistence and state consistency across distributed instances through a centralized metadata storage layer. - [anthropics/claude-code](https://awesome-repositories.com/repository/anthropics-claude-code.md) (132,728 ⭐) — Anthropic's terminal-native AI coding agent. - [digininja/dvwa](https://awesome-repositories.com/repository/digininja-dvwa.md) (13,229 ⭐) — DVWA is a vulnerable web application lab and penetration testing sandbox designed to simulate common security flaws. It serves as a training platform for the OWASP Top 10 security risks and functions as a PHP and MySQL security lab for practicing the identification and exploitation of web vulnerabilities. The project provides a graduated learning experience through configurable security levels that adjust the difficulty of the vulnerabilities. It also supports switching between different database engines to research how various storage systems respond to injection attacks. The application is used for cybersecurity education, security tool benchmarking, and vulnerability lab simulation. It allows users to test automated scanners and auditing tools against known weaknesses in a controlled environment. - [cloud-hypervisor/cloud-hypervisor](https://awesome-repositories.com/repository/cloud-hypervisor-cloud-hypervisor.md) (5,285 ⭐) — Cloud Hypervisor is a Rust-based hypervisor and KVM virtual machine monitor designed to execute 64-bit guest operating systems. It functions as a user-space virtual machine manager that employs a minimal emulation layer to reduce memory overhead and latency for cloud workloads. The project distinguishes itself through the use of a memory-safe language to implement a virtio device emulator and a user-space device model. It provides a standardized web API for managing virtual machine lifecycles and resource configurations. The platform covers broad virtualization capabilities, including the emulation of NVMe and block storage, network connectivity via host bridging, and hardware device passthrough. It supports high-availability operations such as live migration, state snapshotting, and the dynamic resizing of CPU and memory resources through hotplugging. The system is managed via a REST-API control plane and provides secure communication channels and shared memory interfaces between the host and guest. - [canonical/cloud-init](https://awesome-repositories.com/repository/canonical-cloud-init.md) (3,729 ⭐) — Official upstream for the cloud-init: cloud instance initialization - [j3ssie/osmedeus](https://awesome-repositories.com/repository/j3ssie-osmedeus.md) (6,425 ⭐) — Osmedeus is an LLM security orchestration engine and AI agent framework designed to automate security workflows. It functions as a declarative workflow automator that uses YAML definitions to coordinate AI agents, shell commands, and distributed scanning tools through a directed acyclic graph. The system distinguishes itself by deploying autonomous AI agents that use tool-calling loops and conversation memory to plan and execute complex analysis tasks. It features a specialized Agent Communication Protocol to delegate tasks to external AI binaries and supports recursive sub-agent orchestration for delegated task handling. The platform covers a broad range of capabilities, including distributed security scanning across cloud infrastructure and the management of large-scale attack surface discovery. It incorporates a hybrid runner model to execute tasks across local shells, Docker containers, and remote SSH hosts, while persisting artifacts in S3-compatible storage and tracking findings in a centralized database. The engine can be embedded as a Go library or managed via a REST API and web interface. - [orange-cyberdefense/goad](https://awesome-repositories.com/repository/orange-cyberdefense-goad.md) (7,464 ⭐) — GOAD is an Ansible-based automation tool and infrastructure orchestrator used to deploy pre-configured networks of vulnerable Windows virtual machines. It serves as a security training environment for practicing Active Directory penetration testing, privilege escalation, and lateral movement across various cloud platforms and local virtualization hypervisors. The project distinguishes itself through a multi-provider infrastructure model and a system of infrastructure recipes that simulate intentional security misconfigurations. It supports the deployment of varied attack scenarios, including vulnerable Active Directory environments, Exchange servers, and SCCM setups, while allowing for custom lab extensions and tiered inventory overrides to adapt the environment to specific provider settings. Broad capabilities include the provisioning of blue team monitoring stacks with EDR solutions and centralized logging for security event analysis. It also provides network access utilities such as SSH jumpboxes and SOCKS proxies to route attack traffic into isolated segments, and simulates specific security challenges like database impersonation and access control list manipulation. - [farhanashrafdev/90daysofcybersecurity](https://awesome-repositories.com/repository/farhanashrafdev-90daysofcybersecurity.md) (13,409 ⭐) — 90DaysOfCyberSecurity is an open-source educational repository that provides a structured ninety-day learning roadmap for individuals pursuing a career in the security industry. The project organizes foundational security concepts, technical skills, and professional development tasks into a sequential, day-by-day curriculum designed for self-paced study. The repository functions as a community-driven knowledge base, leveraging version control to allow contributors to expand the curriculum with new tutorials, case studies, and study materials. It distinguishes itself by integrating a professional career guide that offers templates for industry-standard resumes and strategies for navigating the job market alongside its technical training modules. The curriculum covers a broad range of security domains, including networking, scripting, and cloud security, by aggregating links to external video playlists, tutorials, and hands-on lab platforms. Learners can access these resources to practice defensive and offensive techniques in sandbox environments or gamified labs. The entire collection is hosted as a static documentation site, ensuring the learning path remains accessible and easy to navigate. - [coollabsio/coolify](https://awesome-repositories.com/repository/coollabsio-coolify.md) (57,055 ⭐) — This project is a self-hosted platform-as-a-service that provides a centralized management interface for deploying, configuring, and monitoring containerized applications and databases on private infrastructure. It functions as a visual control plane, automating the end-to-end lifecycle of services from source code to production. By managing container orchestration, networking, and resource allocation, it allows users to maintain full control over their own hardware while streamlining the delivery of software. The platform distinguishes itself through its agentless architecture, which uses secure shell connections to execute administrative tasks and manage remote servers without requiring persistent local software. It integrates directly with version control systems to trigger automated build and deployment pipelines, including the creation of temporary, isolated preview environments for every pull request. This workflow is supported by a declarative engine that uses templates to standardize the deployment of complex multi-container architectures and persistent database engines. Beyond core orchestration, the system handles the operational requirements of hosted services by managing dynamic reverse-proxy routing and automated SSL certificate lifecycles. It provides a comprehensive suite of infrastructure management tools, including browser-based terminal access for debugging, automated system dependency installation, and persistent state management via a central database. These capabilities ensure that infrastructure remains synchronized and consistent across multiple remote environments. - [openfaas/openfaas-cloud](https://awesome-repositories.com/repository/openfaas-openfaas-cloud.md) (0 ⭐) — OpenFaaS Cloud - [clickhouse/clickhouse](https://awesome-repositories.com/repository/clickhouse-clickhouse.md) (48,229 ⭐) — ClickHouse is a high-performance, columnar analytical database designed for real-time query execution and large-scale data aggregation. It functions as a distributed data warehouse capable of processing petabytes of information, while also providing an embedded engine that integrates directly into applications for native query capabilities without external dependencies. The system is built to handle high-throughput ingestion and complex analytical workloads, delivering millisecond-level latency for interactive dashboards and operational monitoring. The platform distinguishes itself through advanced storage and execution techniques, including vectorized query processing and a merge tree storage engine that maintains performance during massive insertions. It features adaptive subcolumn mapping for semi-structured data and supports native vector search for machine learning and generative AI applications. To facilitate efficient data movement, the engine utilizes zero-copy shared memory buffers, minimizing overhead when interacting with external analytical tools or processing diverse file formats like Parquet, JSON, and Arrow. Beyond its core storage and processing capabilities, the project provides a comprehensive suite of tools for observability, security, and data integration. It includes built-in support for natural language querying, automated workflow orchestration for AI agents, and extensive diagnostic features for query plan inspection. The platform also offers robust cloud infrastructure management, including support for private networking, compliant deployment strategies, and integrated billing consolidation. - [jasondavies/d3-cloud](https://awesome-repositories.com/repository/jasondavies-d3-cloud.md) (3,944 ⭐) — Create word clouds in JavaScript. - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific executables and mobile application packages to establish remote command sessions. The framework covers a broad surface of capabilities, including web application penetration testing, OSINT reconnaissance, memory and disk forensics, and wireless network auditing. It provides tools for payload generation, credential theft, and the automation of information gathering from public data sources. This project is implemented primarily as a shell-based application. - [hmaverickadams/beginner-network-pentesting](https://awesome-repositories.com/repository/hmaverickadams-beginner-network-pentesting.md) (6,205 ⭐) — This is a hands-on lab environment for learning network penetration testing techniques, centered on setting up and attacking a vulnerable Active Directory network. The project provides a structured framework for practicing the full attack chain, from initial reconnaissance and scanning through exploitation, privilege escalation, lateral movement, and credential theft, all within isolated virtual machine labs. The lab environment is designed to simulate real-world attack scenarios, including the ability to compile and execute exploit code directly against targets without relying on Metasploit. It also integrates Metasploit for gaining shell access and maintaining persistence, and includes workflows for applying security patches to demonstrate defensive countermeasures. The project coordinates multiple tools like Nmap, Nessus, and Nikto through scripted pipelines for scanning and enumeration. Beyond the technical attack simulation, the project includes a framework for documenting findings, attack paths, and remediation steps into a structured report suitable for client delivery. The documentation covers building the Active Directory lab, executing the full attack chain, and patching the environment to reinforce defensive practices. - [google/go-cloud](https://awesome-repositories.com/repository/google-go-cloud.md) (0 ⭐) — Write once, run on any cloud ☁️ - [comfy-org/comfyui](https://awesome-repositories.com/repository/comfy-org-comfyui.md) (117,227 ⭐) — ComfyUI is a node-based generative AI orchestration engine designed for constructing, testing, and executing complex image and video synthesis pipelines. By utilizing a directed acyclic graph execution model, the platform allows users to build reproducible workflows through modular, interconnected processing blocks without requiring manual code implementation. It serves as both a local environment for high-performance model inference and a production-ready server for deploying generative capabilities. The platform distinguishes itself through its focus on workflow portability and extensibility. Complex pipelines are persisted as structured JSON files, enabling version control and programmatic reconstruction. Users can extend the system’s core functionality by dynamically loading custom node extensions at runtime, while the engine’s lazy evaluation strategy ensures efficiency by computing only the necessary nodes for a given output. Real-time state synchronization via WebSockets provides immediate feedback during the generation process. Beyond its core execution capabilities, the platform supports a broad range of operational needs, including local model orchestration, cloud-scale infrastructure management, and API integration. It provides tools for managing generative models, local software environments, and enterprise-grade infrastructure. The system exposes visual workflows as programmable endpoints, allowing developers to integrate advanced generative tasks into external software applications. - [capitalone/cloud-custodian](https://awesome-repositories.com/repository/capitalone-cloud-custodian.md) (0 ⭐) — .. image:: https://badges.gitter.im/capitalone/cloud-custodian.svg :target: https://gitter.im/capitalone/cloud-custodian?utmsource=badge&utmmedium=badge&utmcampaign=pr-badge&utmcontent=badge :alt: Join the chat at https://gitter.im/capitalone/cloud-custodian - [shellphish/how2heap](https://awesome-repositories.com/repository/shellphish-how2heap.md) (8,444 ⭐) — how2heap is an educational resource and technical testbed for learning heap-based vulnerabilities and memory allocator internals. It provides a collection of source code examples and binaries that serve as a laboratory for studying memory corruption techniques specifically targeting the glibc malloc implementation. The project focuses on the development of exploit primitives, such as tcache poisoning and double frees, to redirect program execution. It includes a suite of implementations for bypassing memory protections and manipulating heap metadata to achieve arbitrary memory writes. The framework covers a wide range of memory corruption capabilities, including chunk manipulation, metadata corruption, and thread-local cache attacks. It also provides tools for reversing pointer obfuscation and analyzing heap hardening mechanisms. The project includes a containerized environment for provisioning lab workspaces, allowing binaries to be compiled against specific system library versions to simulate different allocator behaviors. - [firebase/firebase-ios-sdk](https://awesome-repositories.com/repository/firebase-firebase-ios-sdk.md) (6,618 ⭐) — This is a Backend as a Service SDK for Apple platforms, providing a collection of libraries that connect iOS and macOS applications to cloud databases, authentication services, and serverless infrastructure. It serves as a developer kit for integrating real-time data synchronization, file storage, and push notifications into native apps. The SDK is distinguished by its generative AI integration, which routes text and multimodal prompts between on-device models and cloud-hosted large language models. It further differentiates itself with a specialized app distribution tool for managing pre-release binaries, tester groups, and stability tracking. The platform covers a broad range of capabilities, including identity management with multi-provider sign-in, global data storage with ACID transactions and offline persistence, and comprehensive observability through crash reporting and performance monitoring. It also provides tools for remote configuration, behavioral messaging, and serverless backend logic execution. Integration is supported via the Swift Package Manager, CocoaPods, and Carthage. - [chaitin/xray](https://awesome-repositories.com/repository/chaitin-xray.md) (11,612 ⭐) — Xray is a security assessment tool focused on web vulnerability scanning, attack surface mapping, and technology fingerprinting. It identifies common security flaws through automated scanning and semantic analysis, while verifying findings via a custom proof-of-concept execution engine. The system distinguishes itself with a containerized vulnerability testbed used to deploy pre-configured vulnerable applications. This environment allows for the simulation of specific vulnerabilities and edge-case scenarios to validate scanner accuracy and eliminate false positives. The platform covers a broad range of security capabilities, including recursive web crawling for directory enumeration, real-time HTTP traffic interception via a proxy layer, and baseline security checks for SSL versions and HTTP headers. It features a template-based plugin system for extending vulnerability checks and supports exporting findings into text, JSON, or HTML formats. - [insforge/insforge](https://awesome-repositories.com/repository/insforge-insforge.md) (11,794 ⭐) — InsForge is a backend-as-a-service platform that provides an integrated suite of tools for managing relational databases, identity provision, object storage, and serverless compute. It functions as an open-source identity provider and a PostgreSQL database manager featuring integrated vector storage and row-level security. The platform serves as an LLM orchestration gateway, offering a unified endpoint to route requests across various AI providers through an OpenAI-compatible interface. It enables AI-driven application generation and connects AI agents to backend resources using a standardized context protocol. Broad capabilities include comprehensive OAuth and OIDC identity management, an S3-compatible object storage gateway, and a real-time pub-sub engine for database synchronization. The system also covers automated billing and subscription lifecycles with mirrored payment data, as well as serverless function runtimes triggered by HTTP requests or database events. Infrastructure is managed via a backend command-line interface and declarative configuration files. - [giongto35/cloud-game](https://awesome-repositories.com/repository/giongto35-cloud-game.md) (2,458 ⭐) — Web-based Cloud Gaming service for Retro Game - [qazbnm456/awesome-web-security](https://awesome-repositories.com/repository/qazbnm456-awesome-web-security.md) (13,097 ⭐) — This project serves as a comprehensive cybersecurity training platform and resource repository focused on web application security. It functions as a centralized hub for security practitioners, providing both a curated collection of technical documentation and research, and a system for deploying isolated, containerized environments to practice security analysis and exploitation techniques. The platform distinguishes itself by integrating automated data aggregation with hands-on, container-based orchestration. It maintains a current knowledge base of industry research and digital threats while simultaneously providing ephemeral testbeds and wargame challenges. These environments allow users to safely interact with intentionally vulnerable applications, facilitating practical skill development in penetration testing and vulnerability mitigation without compromising host system integrity. Beyond its core training capabilities, the project supports the construction of specialized browser components for research and organizes extensive educational materials into structured learning paths. The repository is maintained through scheduled scripts that index technical documentation and industry updates, ensuring that the collection of guides and research remains relevant for ongoing security study. - [tensult/cloud-reports](https://awesome-repositories.com/repository/tensult-cloud-reports.md) (280 ⭐) — Scans your AWS cloud resources and generates reports. Check out free hosted version: - [jetify-com/devbox](https://awesome-repositories.com/repository/jetify-com-devbox.md) (12,105 ⭐) — Devbox is a development environment orchestrator designed to create reproducible, isolated workspaces for software projects. By leveraging declarative configuration files and the Nix package manager, it ensures that project dependencies, environment variables, and tooling remain consistent across different machines and team members. It functions as a central manager for project-specific environments, providing isolated shell execution that prevents conflicts with host system software. The project distinguishes itself through its ability to bridge local development and cloud-hosted infrastructure. It supports container-native deployment by generating container images directly from project configurations and utilizes remote binary caching to accelerate environment setup by storing pre-built artifacts. Beyond environment management, it includes integrated capabilities for background service orchestration, secret management, and automated testing workflows that can be triggered within the development lifecycle. The platform provides a comprehensive suite of tools for managing the full development lifecycle, including IDE integration, team-based access control, and observability features like log streaming and performance analysis. It also offers extensibility through custom plugin integration and automated package configuration, allowing teams to standardize workflows and maintain consistent tooling across distributed environments. - [trimstray/the-book-of-secret-knowledge](https://awesome-repositories.com/repository/trimstray-the-book-of-secret-knowledge.md) (228,641 ⭐) — This project serves as a centralized, community-driven repository of technical knowledge and administrative resources. It provides a structured taxonomy that aggregates disparate information into a searchable framework, supporting continuous learning and rapid problem-solving for system administrators and cybersecurity practitioners. By mapping resources across offensive security, infrastructure management, and software development, it offers a unified path for skill acquisition and professional reference. The project is defined by a command-line-first design philosophy, prioritizing terminal-based utilities and scriptable interfaces to facilitate efficient system administration and repeatable security workflows. It distinguishes itself through a platform-agnostic approach, maintaining documentation and operational guides that remain applicable across diverse Unix-like and cloud-based environments. This modular toolchain integration allows users to compose custom environments tailored to specific administrative or security tasks. The repository covers a broad capability surface, including comprehensive toolkits for system auditing, network management, and infrastructure hardening. It provides structured learning paths for cybersecurity skill development, ranging from ethical hacking labs and penetration testing standards to vulnerability assessment and system configuration best practices. The collection also encompasses a wide array of productivity tools, diagnostic utilities, and educational materials designed to streamline routine maintenance and enhance overall security posture. - [dragonflydb/dragonfly](https://awesome-repositories.com/repository/dragonflydb-dragonfly.md) (30,688 ⭐) — Dragonfly is a high-performance, multi-model in-memory data store designed to serve as a drop-in replacement for existing database infrastructures. By utilizing a multi-threaded, shared-nothing architecture and a fiber-based concurrency model, it maximizes CPU utilization and minimizes latency for read and write operations. The system supports a wide range of data structures, including strings, hashes, lists, sets, sorted sets, and JSON documents, while maintaining full compatibility with standard industry wire protocols and client libraries. What distinguishes Dragonfly is its focus on efficiency and scalability through advanced memory management and request processing. It employs a lock-free, cache-friendly hash table structure and zero-copy serialization to reduce overhead during high-throughput operations. For durability, the system utilizes asynchronous, snapshot-based persistence that captures the state of the dataset without blocking active requests. Furthermore, it provides built-in support for horizontal scaling and cluster management, allowing for the distribution of large datasets across multiple nodes to ensure high availability. Beyond core storage, the platform includes a comprehensive suite of operational and analytical capabilities. It features integrated support for geospatial data management, real-time message brokering via publish-subscribe patterns, and full-text search. To handle massive datasets efficiently, the engine incorporates probabilistic data structures for cardinality estimation, frequency tracking, and membership testing. These features are complemented by robust administrative tools, including access control, request rate limiting, and detailed server monitoring. - [googlecloudplatform/cloud-run-mcp](https://awesome-repositories.com/repository/googlecloudplatform-cloud-run-mcp.md) (618 ⭐) — MCP server to deploy apps to Cloud Run - [googlecontainertools/skaffold](https://awesome-repositories.com/repository/googlecontainertools-skaffold.md) (15,856 ⭐) — Skaffold is a command-line tool that automates the build, push, and deployment lifecycle for containerized applications on Kubernetes. It functions as a continuous development engine, monitoring source code for changes to trigger incremental updates, manifest hydration, and automated deployments to a cluster. By abstracting the underlying build and deployment tools, it provides a unified interface for managing the inner development loop. The platform distinguishes itself through its environment-aware configuration and flexible build orchestration. It supports diverse build strategies, including local, remote, and in-cluster image construction, and allows developers to switch between environment-specific profiles automatically based on the active cluster context. To accelerate development, it includes features for direct file synchronization into running containers and remote debugging bridges that connect local tools to processes within a cluster. Beyond core orchestration, the tool manages the entire application lifecycle, from project bootstrapping and dependency definition to log streaming and port forwarding. It integrates with common package managers and supports complex workflows through modular configuration composition and automated manifest generation. The system also provides observability tools, such as structured log parsing and integration test coverage collection, to assist in monitoring and troubleshooting applications during the development process. - [juice-shop/juice-shop](https://awesome-repositories.com/repository/juice-shop-juice-shop.md) (12,530 ⭐) — Juice Shop is a self-contained web application designed as a platform for cybersecurity education and security training. It functions as a controlled environment containing intentional security flaws, allowing users to practice offensive security techniques and defensive coding practices while tracking their progress through a live scoreboard. The platform serves as an industry-standard benchmark for evaluating the effectiveness and detection accuracy of automated security scanning tools. By hosting a standardized set of known vulnerabilities and common attack patterns, it provides a reliable environment for validating the performance of security software and testing the capabilities of various vulnerability assessment tools. The application manages these security challenges through a modular request-handling pipeline and an object-relational mapping layer that ensures consistent state across user interactions. It maintains a centralized registry of active vulnerabilities and uses event-driven updates to reflect progress in the user interface. The project is distributed as a complete, deployable web environment for training and testing purposes. - [istio/istio](https://awesome-repositories.com/repository/istio-istio.md) (38,226 ⭐) — Istio is a service mesh infrastructure that provides a centralized control plane to manage, secure, and observe communication between distributed microservices. It functions as a policy-driven network traffic controller, enabling developers to route, balance, and secure service-to-service traffic without requiring modifications to application code. The system enforces zero-trust security by utilizing mutual transport layer authentication to verify cryptographic identities for every network request. The project distinguishes itself through a sidecar-less proxy architecture, which offloads networking tasks to shared infrastructure proxies rather than requiring individual proxies for every container. This approach is complemented by waypoint proxies, which perform deep packet inspection and enforce granular access policies at the application layer. Furthermore, the platform provides a unified connectivity fabric that synchronizes service registry data across multiple clusters, allowing for consistent traffic management and security policy enforcement across disparate network boundaries. The system operates on a declarative model where a centralized management component continuously reconciles the desired state with the underlying network infrastructure. It supports both transport-layer and application-layer authorization, allowing for precise control over service access based on service accounts and specific request methods. The architecture is designed to simplify operational management and reduce resource overhead while maintaining consistent network behavior across complex, multi-cluster environments. - [ethicalhack3r/dvwa](https://awesome-repositories.com/repository/ethicalhack3r-dvwa.md) (13,236 ⭐) — DVWA is a vulnerable web application sandbox and PHP security training environment. It serves as a deployable penetration testing target and an OWASP Top 10 lab designed for practicing exploits and simulating common web security vulnerabilities. The application allows users to adjust security difficulty levels to match their skill level and toggle between different SQL database engines to test how various systems handle injection attacks. It includes a mechanism to disable authentication, enabling automated security tools to interact directly with the environment. The project provides capabilities for vulnerability simulation, SQL injection testing, and general web security training. It includes tools for database initialization and configuration via environment variables. - [redskycyber/cloud-security](https://awesome-repositories.com/repository/redskycyber-cloud-security.md) (301 ⭐) — This Repo serves as a collection of shared security and penetration testing resources for the cloud. - [unum-cloud/ucsb](https://awesome-repositories.com/repository/unum-cloud-ucsb.md) (60 ⭐) — Wide NoSQL benchmark for RocksDB, LevelDB, Redis, WiredTiger and MongoDB extending the Yahoo Cloud Serving Benchmark - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data integrity and collaborative growth by utilizing version-controlled knowledge management and template-driven content generation, ensuring that the research remains current and consistent across a wide range of technical domains. The project covers a broad capability surface, including detailed references for web application security, database injection, insecure deserialization, and AI model security testing. It also aggregates external resources, such as research papers and third-party tools, to provide a holistic view of modern threat analysis and defensive research. The documentation is organized as a hierarchical tree of markdown files, designed for easy navigation and reference during active security engagements. - [h2oai/h2ogpt](https://awesome-repositories.com/repository/h2oai-h2ogpt.md) (12,016 ⭐) — h2oGPT is a self-hosted platform designed for running large language models and executing retrieval-augmented generation workflows locally. It provides a comprehensive web interface that allows users to index private document collections into searchable databases, enabling context-aware question answering and summarization without exposing sensitive data to external services. The platform distinguishes itself by offering a modular architecture that supports both local model execution and connections to external inference servers. It facilitates the development of autonomous agents capable of performing multi-step tasks by delegating actions to various tools and models. Beyond simple chat, the system includes capabilities for fine-tuning models on local hardware and managing the full lifecycle of predictive assets, from data ingestion and feature engineering to model deployment and performance monitoring. The software covers a broad range of enterprise-grade requirements, including document intelligence for extracting structured data from unstructured files, multi-GPU training support, and robust access control mechanisms. It provides tools for model explainability, compliance tracking, and collaborative experiment management to ensure transparency and reproducibility in machine learning workflows. The project is designed for containerized deployment, utilizing standard configuration files to ensure consistent execution across local and cloud environments. - [docker/compose](https://awesome-repositories.com/repository/docker-compose.md) (37,588 ⭐) — Docker Compose is a tool for defining and running multi-container applications through declarative configuration files. It functions as an application lifecycle manager, coordinating the startup, shutdown, and scaling of interconnected services within isolated environments. By using a standardized configuration format, it enables infrastructure as code, allowing developers to manage complex application stacks and their dependencies in a single, repeatable file. The project distinguishes itself by integrating directly with the broader Docker platform, leveraging a client-server architecture where a command-line interface communicates with a persistent daemon to manage container lifecycles. It supports advanced development workflows by providing specialized AI agent frameworks, microVM-based sandboxing for secure code execution, and cloud-based offloading for container builds. These capabilities allow for consistent development environments that mirror production configurations while providing integrated security analysis and supply chain guardrails. Beyond core orchestration, the platform encompasses a comprehensive suite of tools for image distribution, automated builds, and enterprise-grade administration. It provides extensive support for managing container runtimes, storage drivers, and registry interactions, ensuring compatibility with standardized container interfaces. The project is supported by a wide range of documentation, including guides, API references, and interactive workshops designed to assist with local development and scalable deployment. - [voorivex/pentest-guide](https://awesome-repositories.com/repository/voorivex-pentest-guide.md) (2,761 ⭐) — This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-party security tools. The guide covers a broad spectrum of security analysis, including attack surface mapping, authentication and session auditing, and infrastructure configuration reviews. It provides detailed procedures for identifying common vulnerabilities such as injection flaws, broken access control, business logic gaps, and token-based security issues. The project is organized as a collection of manuals and checklists, including a web security audit checklist and a dedicated API security testing manual. - [yunaiv/yudao-cloud](https://awesome-repositories.com/repository/yunaiv-yudao-cloud.md) (19,143 ⭐) — Yudao-cloud is a Java-based enterprise application platform designed for building scalable backend systems. It provides a modular architecture that supports both monolithic deployment for simplified development and microservices-based scaling for complex distributed environments. The platform functions as a comprehensive development framework that utilizes Spring Boot and distributed service orchestration patterns. It includes a centralized configuration manager to handle service discovery, dynamic settings, and reliable communication between independent components within a cloud-native environment. The system integrates essential infrastructure, including databases, caches, and message queues, to support the data storage and background processing requirements of large-scale business applications. It also features an API gateway to centralize request routing, authentication, and traffic management across the service network. - [docker/awesome-compose](https://awesome-repositories.com/repository/docker-awesome-compose.md) (45,561 ⭐) — Awesome Compose is a collection of resources designed to demonstrate the orchestration of multi-container applications. It serves as a practical reference for using declarative configuration files to define, manage, and deploy complex software stacks, ensuring that services run consistently across development, testing, and production environments. The project highlights the capabilities of container lifecycle management by providing examples of how to bundle software with its dependencies into isolated, portable units. It emphasizes the use of multi-stage build pipelines to optimize image sizes and the integration of environment variables to decouple application logic from host-specific settings. By leveraging these patterns, users can standardize development workspaces and automate the maintenance of interconnected service architectures. Beyond basic orchestration, the repository covers the broader surface of container infrastructure, including the management of image registries, network configurations, and storage drivers. It also demonstrates how to execute build-time commands and embed complex scripts directly into configuration files to streamline the assembly of containerized environments. - [sap/cloud-active-defense](https://awesome-repositories.com/repository/sap-cloud-active-defense.md) (106 ⭐) — Add a layer of active defense to your cloud applications.