319 repository-uri
Methodologies and tools for identifying security flaws, testing robustness, and auditing system compliance.
Explore 319 awesome GitHub repositories matching security & cryptography · Vulnerability Assessment and Testing. Refine with filters or upvote what's useful.
Acest proiect este un director întreținut de comunitate care servește drept index cuprinzător de instrumente software, framework-uri și materiale educaționale. Funcționează ca o bază de cunoștințe open-source, organizând diverse domenii de inginerie și resurse tehnice într-o taxonomie structurată pentru a ajuta dezvoltatorii să descopere conținut de înaltă calitate. Directorul se distinge printr-un model de peer-review descentralizat, unde contribuitori independenți curatoriază, verifică și actualizează intrările pentru a asigura acuratețea și relevanța. Toate informațiile sunt stocate într-un format markdown de tip flat-file, controlat prin versiuni, ceea ce asigură independența față de platformă, transparența și auditabilitatea întregii colecții. Proiectul acoperă o suprafață vastă de capabilități, incluzând descoperirea resurselor tehnice, avansarea în cariera profesională și gestionarea cunoștințelor de dezvoltare software. Oferă acces la căi de învățare structurate, instrumente de infrastructură și securitate, utilitare de gestionare a datelor și resurse specializate pentru domenii variind de la sănătate la științe umaniste digitale. Repository-ul este menținut ca o colecție publică, controlată prin versiuni, permițând accesul programatic și actualizări bazate pe comunitate pentru datele sale structurate.
Covers methodologies and tools for identifying security flaws and testing application robustness.
Acest proiect servește drept repository centralizat, condus de comunitate, de cunoștințe tehnice și resurse administrative. Oferă o taxonomie structurată care agregă informații disparate într-un framework căutabil, susținând învățarea continuă și rezolvarea rapidă a problemelor pentru administratorii de sistem și practicienii în securitate cibernetică. Prin maparea resurselor pe securitate ofensivă, gestionarea infrastructurii și dezvoltarea software, oferă o cale unificată pentru dobândirea de competențe și referințe profesionale. Proiectul este definit de o filozofie de design bazată pe linia de comandă, prioritizând utilitarele bazate pe terminal și interfețele scriptabile pentru a facilita administrarea eficientă a sistemului și fluxurile de lucru de securitate repetabile. Se distinge printr-o abordare agnostică față de platformă, menținând documentație și ghiduri operaționale care rămân aplicabile în diverse medii de tip Unix și bazate pe cloud. Această integrare modulară a setului de instrumente permite utilizatorilor să compună medii personalizate adaptate sarcinilor administrative sau de securitate specifice. Repository-ul acoperă o suprafață largă de capabilități, inclusiv seturi de instrumente cuprinzătoare pentru auditarea sistemului, gestionarea rețelei și întărirea infrastructurii. Oferă căi de învățare structurate pentru dezvoltarea competențelor în securitate cibernetică, variind de la laboratoare de hacking etic și standarde de testare a penetrării până la evaluarea vulnerabilităților și cele mai bune practici de configurare a sistemului. Colecția cuprinde, de asemenea, o gamă largă de instrumente de productivitate, utilitare de diagnosticare și materiale educaționale concepute pentru a eficientiza mentenanța de rutină și a îmbunătăți postura generală de securitate.
Identifies locally deployable web applications intentionally designed with security flaws for practicing exploitation and defensive techniques.
gstack is an AI agent framework and development workflow system designed to automate the software development lifecycle. It coordinates specialized AI personas to manage tasks across product design, engineering management, and quality assurance, transforming product intent into technical specifications and final releases. The project is distinguished by its deep integration of headless browser automation and semantic code memory. It utilizes a persistent Chromium daemon for web scraping and visual auditing, and implements a searchable knowledge base that logs architectural decisions and repos
Performs structural audits to identify complex race conditions and broken invariants that pass standard tests.
This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i
Supplies a diverse library of payloads tailored for testing vulnerabilities where applications improperly process remote file inclusions.
This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating ext
Audits system robustness and identifies security flaws using a centralized, multi-purpose toolkit.
OpenHands is an autonomous agent framework designed for software engineering workflows. It provides a modular platform for orchestrating AI agents that reason, plan, and execute tasks within isolated, containerized development environments. By integrating with standard version control and development tools, the system enables agents to autonomously navigate codebases, implement features, and resolve issues through iterative reasoning and tool execution. The platform distinguishes itself through a model-agnostic orchestrator that connects diverse language models to a unified tool registry. It
Validates security risks by requiring language models to embed analysis parameters directly within tool calls.
SecLists is a centralized library of security assessment data designed to support vulnerability discovery and penetration testing. It functions as a comprehensive repository of wordlists, payloads, and testing methodologies used to audit software, firmware, and internet-connected hardware for technical vulnerabilities. The project distinguishes itself through a standardized taxonomy and a language-agnostic data format, which allows security tools to predictably ingest and utilize its assets regardless of the underlying programming environment. By decoupling raw testing data from execution log
Provides a comprehensive collection of usernames, passwords, and sensitive data patterns for security assessment.
Ghidra is a software reverse engineering suite designed to analyze compiled binaries and reconstruct program logic without access to original source code. It provides an interactive environment for disassembly and decompilation, utilizing a platform-independent intermediate representation to maintain consistency across diverse hardware architectures. The framework supports automated binary analysis through programmatic routines, enabling the investigation of complex code patterns and security indicators. The platform distinguishes itself through a modular architecture that allows for extensiv
Automates the scanning of compiled binaries to detect security indicators, patterns, and potential logic vulnerabilities.
Agent-skills is a collection of structured instructions and behavioral personas designed to standardize how AI coding agents perform engineering tasks. It functions as a workflow orchestrator that maps natural language intent to repeatable technical sequences and verification checklists. The project distinguishes itself through the use of specialized markdown-defined roles, such as security auditors or test engineers, to apply targeted domain expertise. It employs an evidence-based verification model that requires runtime data or passing tests as mandatory exit criteria to ensure AI-generated
Categorizes security findings by risk level based on exploitability and impact to prioritize remediation.
This project is a full-stack web framework designed for building database-backed applications through a standardized architectural pattern. It provides a comprehensive suite of integrated libraries that manage the entire request-response lifecycle, from routing incoming web traffic to rendering dynamic server-side templates. By utilizing an object-relational mapping layer, the framework allows developers to define domain models that map database tables directly to application objects, simplifying data persistence, schema migrations, and complex relationship management. The framework is distin
Maintains a transparent disclosure process for managing and reviewing reported security vulnerabilities.
hacker-scripts is a multi-purpose toolkit comprising a security vulnerability testing suite, a keyword-driven email automator, and a TCP remote hardware controller. It provides a collection of scripts for identifying security weaknesses and conducting controlled hacking experiments across multiple programming language environments. The system automates email workflows by scanning headers and bodies for specific strings to trigger server responses and sends randomized text and email alerts based on system activity. It also enables remote hardware control by sending binary commands over network
Provides a suite of multi-language scripts for identifying security weaknesses and conducting controlled hacking experiments.
This project is a standardized repository of malicious and malformed character sequences designed to stress-test data parsing and sanitization routines. It serves as a security testing corpus and a language-neutral reference for auditing software robustness against injection flaws and unexpected data handling errors across diverse platforms. The dataset functions as a benchmark for input validation, providing a curated collection of edge-case strings that allow developers to identify potential crashes and security vulnerabilities. By decoupling these test vectors from application logic, the r
Serves as a language-neutral reference for auditing software robustness against injection flaws and data handling errors.
Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applica
Correlates static code analysis with dynamic runtime exploitation to provide a unified view of reachable security risks.
Filament is a full-stack framework for building administrative panels and management interfaces within the Laravel ecosystem. It provides a declarative, component-based architecture that allows developers to construct complex, data-driven applications using server-side configuration objects rather than manual HTML. By inspecting database model structures and relationships, the framework automates the generation of CRUD interfaces, forms, and data tables, significantly reducing boilerplate code. The project distinguishes itself through a highly modular and extensible design that supports custo
Scans codebases for vulnerabilities and misconfigurations to provide actionable security remediation.
Hono is a lightweight web framework built on Web Standard APIs that executes across JavaScript runtimes including Cloudflare Workers, Deno, Bun, and Node.js.
Verifies JSON Web Tokens from headers or cookies and exposes decoded payloads to the application context.
Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ
Provides a high-performance engine for identifying security weaknesses and misconfigurations across large-scale network environments.
Repomix is an AI-focused development utility designed to prepare local and remote codebases for analysis, review, and automated interaction. It functions as a codebase context bundler and a Model Context Protocol server, aggregating project files into structured documents that are optimized for ingestion by large language models. By serving as a bridge between local repositories and external intelligence agents, the tool facilitates real-time codebase inspection and automated development workflows. The system distinguishes itself through rigorous repository token management and security-consc
Examines code for vulnerabilities, insecure patterns, and dependency safety to provide actionable remediation steps.
Hashcat is a high-performance hash cracking software and OpenCL compute application used to recover plain-text passwords from hashed data. It functions as a GPU-accelerated recovery tool and distributed password cracker, leveraging CPUs and GPUs to perform intensive cryptographic computations. The system differentiates itself through a distributed cracking workflow that coordinates tasks across multiple machines via an overlay network to share computational load. It further optimizes recovery speed using Markov chain keyspace optimization to prioritize the most likely password candidates. Th
Iterates through all possible combinations of characters based on a specified mask to find a matching hash.
This project is a suite of specialized tools for linting, minifying, analyzing, and managing container images and their associated registries. It provides a set of utilities including an image minifier to reduce image size, a security profiler to harden running containers, an image analyzer for static inspection, and a registry manager for organizing multi-architecture indices. The toolset distinguishes itself through behavior-based optimization and security. It uses dynamic analysis to track executed instructions and file access to remove unused binary data, and records kernel interactions t
Retrieves and filters risk information for specific security IDs to assess threat levels within container images.
This project is a comprehensive API security audit checklist and vulnerability audit framework. It provides a structured guide of security countermeasures for designing, testing, and deploying secure APIs across various protocols. The framework includes specialized guides for securing OAuth 2.0 authorization flows, implementing zero trust networking for service-to-service communication, and protecting GraphQL endpoints from resource exhaustion and information leakage. It also provides standards for integrating static analysis, dynamic scanning, and secret detection into CI/CD delivery pipelin
Provides a comprehensive framework and checklist for auditing API security during design and release.