repo_url description owner_name license stars Community-based integrated malware identification system nao-sec mit 81 Abusing VirusTotal API to host our C2 traffic, usefull for bypassing blocking firewall rules if VirusTotal is in the target white list , and in case you don’t have C2 infrastructure , now you have a free one D1rkMtr   447 SpookySSL PCAPS and Network Coverage fox-it mit 3   NVISOsecurity   33 Scripts and IOCs for the Andariel APT group research threatray mit 6 metame is a metamorphic code engine for arbitrary executables a0rtega mit 467 Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3 NCSC-NL mit 456 Triton based symbolic emulator ek0   11 Windows Local Privilege Escalation from Service Account to System antonioCoco gpl-3.0 449 Pure Python implementation of the XZ file format with random access support Rogdham mit 11 :electron: O-MVLL is a LLVM-based obfuscator for native code (Android & iOS) open-obfuscator apache-2.0 159   eshard other 58 🤬 A categorized list of incidents caused by unappreciated OSS maintainers or underfunded OSS projects. Feedback welcome! PayDevs cc0-1.0 245 tade is a discussion/forum/link aggregator application. It provides three interfaces: a regular web page, a mailing list bridge and an NNTP server epilys agpl-3.0 22 Spartacus DLL Hijacking Discovery Tool Accenture mit 206 Distance correlation and related E-statistics in Python vnmabus mit 105 📝 A nicely formatted LaTeX preprint template roaldarbol mit 398 Friendica Communications Platform friendica agpl-3.0 1076 WebAssembly module to produce an IPv4 heatmap mapped to a Hilbert Curve GreyNoise-Intelligence   4 Simple, secure & standards compliant web server for the most demanding of applications uNetworking apache-2.0 14785 This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected. Cloud-Architekt   1065 AD Security Intrusion Detection System Qianlitp gpl-3.0 1087 State of the art DLL injector that took 20 minutes to make SamuelTulach mit 15 Experimental methods of decoding/disassembling AArch64 instructions jevinskie bsd-2-clause 1 Official Source code for the WikiReader (by Openmoko) wikireader other 173 A web front-end for password cracking and analytics hashview gpl-3.0 255 Open Source Tripwire® Tripwire gpl-2.0 663 Reverse engineering of Apple MultipeerConnectivity Framework evilsocket   44 a list of hardware and software to be used in conjunction with the ATAKplatform FreeTAKTeam epl-2.0 73 Blacklists and whitelists that aim to promote security, safety, and sanity across the internet! T145 agpl-3.0 105 Python module to enqueue and query a remote Lacus instance ail-project bsd-3-clause 2   deptofdefense other 507 TAK Server TAK-Product-Center other 110 Open Source Platform for storing, organizing, and searching documents related to cyber threats docintelapp other 64 Simply beautiful open source icons feathericons mit 22783 Out-of-tree GNU Radio Module for Experimental Ettus Research Features EttusResearch other 42 Visually inspect YARA and regex matches found in both binary and text data. gmh5225 gpl-3.0 3 This repository includes code and IoCs that are the product of research done in Akamai’s various security research teams. akamai apache-2.0 176 matplotlib: plotting with Python matplotlib   16357 An interactive list of active amateur radio satellites for palewire mit 1 Python Web Scraper for LinkedIn. Collect data and store it into .xls file. J4NN0 gpl-3.0 9 🐛 Self spreading Botnet based on Mirai C&C Arch, spreading through SSH and Telnet protocol. Modern script fullly written in python3. Its-Vichy apache-2.0 135 User-friendly Microsoft Windows Debugger for Malware Analysts. DarkCoderSc apache-2.0 125 A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager horizon3ai   277 Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique D1rkMtr   544 Yet another Ransomware gang tracker RansomLook gpl-3.0 69 SACTI - Securely aggregate CTI sightings and report them on MISP COSSAS apache-2.0 9 IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners. sepinf-inc other 464 An advanced in-memory evasion technique fluctuating shellcode’s memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents mgeeky mit 591 Ricerca e Analisi delle Immagini CScorza   71 SSH based reverse shell NHAS bsd-3-clause 204 My musings in C and offensive tooling slaeryan   499 The modulable part of Lacus ail-project bsd-3-clause 2 TinyDB is a lightweight document oriented database optimized for your happiness :) msiemens mit 5451 YARI is an interactive debugger for YARA Language. avast mit 71 A “line-network” geolocation tool created for Bellingcat’s September 2022 Hackathon: Xetnus mit 82 🐙 Track down GitHub users. mxrch mpl-2.0 381 🔐CNCF Security Technical Advisory Group – secure access, policy control, privacy, auditing, explainability and more! cncf other 1501 The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more! pry0cc mit 2948 A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it’s nmap converter. vdjagilev mit 128 Master copies of the DISARM frameworks, with generated files to help you explore the data DISARMFoundation cc-by-sa-4.0 37 E2guardian is a web content filter that can work in proxy, transparent or icap server modes e2guardian gpl-2.0 399 Incident Response - Fast suspicious file finder codeyourweb mit 162 :star: :star: Distributed tcpdump for cloud native environments :star: :star: deepfence apache-2.0 777 Real-world infosec wordlists, updated regularly trickest mit 445 This repository contains various media files for known attacks on web applications processing media files. Useful for penetration tests and bug bounty. tamimhasan404   3 The Havoc Framework HavocFramework gpl-3.0 2634 🕵️‍♂️ Collect a dossier on a person by username from thousands of sites soxoj mit 7274 USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is executed, a thread is spwaned by default that tries to locate one of the busylights that is supported. All HID devices are enumerated, if PID/VID is matching then packets are sent to flash the busylight in different colours. nccgroup   16 Pandoc filter for creating diagrams in mermaid syntax blocks in markdown docs raghur   280 Unauthenticated rce in sophos User Portal and Webadmin components mass exploitation tool Xu0Tex1   1 Quokka: A Fast and Accurate Binary Exporter quarkslab apache-2.0 102 An ethereum evm bytecode disassembler and static/dynamic analysis tool tintinweb gpl-2.0 169 A database for captured data (malicious files etc.) from command and control servers. CYB3RMX mit 3 MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash DavidBuchanan314 mit 683 Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs ORCx41 mit 193 The xx file format. Turn your hex dumps into art, then into binary data. netspooky 0bsd 280 Find subdomain takeovers gwen001 mit 66 Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) lkarlslund mit 556 EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images. williballenthin apache-2.0 158 Traffic analysis for Tor-based malware detection and classification malfp mit 7 Hash collisions and exploitations corkami   1928 Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile. D1rkMtr   409 Bash Script with 4 ways to get persistence in Linux systems WITHOUT root permisions S12cybersecurity   8 Universal wireless communication library for embedded devices jgromes mit 724 Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them. Processus-Thief gpl-3.0 214 Robust Speech Recognition via Large-Scale Weak Supervision openai mit 14019 Rusty Shellcode Reflective DLL Injection (sRDI) memN0ps mit 156 White-box Design and Analysis kit hellman mit 9 A debugger backend for IDA Pro built on top of of Intel’s PIN framework Rupan   17 A curated list of data mining papers about fraud detection. benedekrozemberczki cc0-1.0 1220 Portable Executable reversing tool with a friendly GUI hasherezade gpl-2.0 1492 Daily updated list of IP addresses / CIDR blocks used by data centers, cloud service providers, servers, etc. jhassine   85 The Python DataFrame for Media Data Eventual-Inc apache-2.0 395 list of passwords more likely to be used by sysadmins, general nerds, and folk with access TheNerdlist mit 232 Graph database optimized for fast analysis and real-time data processing. It is provided as an extension to PostgreSQL. apache apache-2.0 942 AssemblyLine 4 - File triage and malware analysis CybercentreCanada mit 62 A python script developed to process Windows memory images based on triage type. CrowdStrike mit 192 Shellcode Compiler NytroRST gpl-3.0 860 Python3 library and command line for GreyNoise GreyNoise-Intelligence mit 134 PLDB: a Programming Language Database. A public domain knowledge graph focused on programming languages distributed as a CSV file. breck7   592 QARMA block cipher in C Phantom1003 mit 19 PRESENT block cipher kurtfu mit 3 [experimental] misp-guard is a mitmproxy addon that inspects and blocks outgoing events to external MISP instances via sync mechanisms (pull/push) based on a set of customizable block rules. MISP agpl-3.0 7 High Performance Embedded Key-Value Store vmware apache-2.0 441 ssdeep based clustering tool CIRCL mit 14 OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down LeeBrotherston other 100 Lacus is a capturing system using playwright, as a web service. ail-project bsd-3-clause 4 Code and yara rules to detect and analyze Cobalt Strike Te-k mit 220 Toolkit to emulate firmware and analyse it for security vulnerabilities attify mit 1004 A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. p0dalirius   709 An easy way to extract information from documents impira mit 1160 Capture mp3 streams from internet radio stations and store in on the local disk. DirkR   26 A fully open source & end-to-end encrypted note taking alternative to Evernote. streetwriters gpl-3.0 4200 Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Components. gl4ssesbo1 other 308 Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card. sleuthkit   1705 Get PROXY List that gets updated everyday TheSpeedX   1285 A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. codingo gpl-3.0 991 Proof of Concept of Winbox Critical Vulnerability BigNerd95 mit 188 Tries to get and parse .well-known/security.txt from a domain Lookyloo bsd-3-clause 4 This AIL feeder pushes annotated APK to an AIL instance ail-project agpl-3.0 2 a PE Loader and Windows API tracer. Useful in malware analysis. enkomio   113 Multi-platform open-source set of audio and modulation tools that focus on synthesis, live electronic music, interconnection, probability, unique sounds, and intuitive interfacing built by Akunull in Pure Data starting in 2014 akunull mit 112 Scrape Facebook public pages without an API key kevinzg mit 1430 BlackHeart is a simple python script to generate powershell scripts that demonstrate reverse shell gaining without Microsoft Defender restrictions. (FOR EDUCATIONAL PURPOSES!!) CYB3RMX mit 15 Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules binarly-io gpl-3.0 124 UEFI firmware image viewer and editor LongSoft bsd-2-clause 3015 🔮 Seamlessly visualize your JSON data instantly into graphs; paste, import or fetch! AykutSarac gpl-3.0 18788 A QoL tool to obfuscate shellcode. In the future will be able to chain encoding/encryption/compression methods. iilegacyyii mit 77 libraries for threat modeling diagrams michenriksen mit 479 🔥 The fastest and powerful Python library for Instagram Private API 2022 adw0rd mit 1547 Bochs - Cross Platform x86 Emulator Project bochs-emu lgpl-2.1 161   jonathan-dev   2 metawarc: a command-line tool for metadata extraction from files from WARC (Web ARChive) datacoon mit 13   sourceincite mit 40 ReFinED is an entity linking (EL) system. amazon-science other 51 The FLARE team’s open-source extension to add Python 3 scripting to Ghidra. mandiant apache-2.0 375 Convert HTTP Archive (HAR) -> Web Archive (WARC) format webrecorder apache-2.0 38 MISP API wrapper for Ruby ninoseki mit 2 Sandman is a NTP based backdoor for red team engagements in hardened networks. Idov31 bsd-2-clause 413 Documentation and Samples for the Official HN API HackerNews mit 9452 One true awk onetrueawk other 1520 A library to load, manipulate, dump PE files. See also: hasherezade bsd-2-clause 795 The FLARE team’s open-source library to disassemble Common Intermediate Language (CIL) instructions. mandiant apache-2.0 81 Text classification models implemented in Keras, including: FastText, TextCNN, TextRNN, TextBiRNN, TextAttBiRNN, HAN, RCNN, RCNNVariant, etc. ShawnyXiao mit 770 ALBERT: A Lite BERT for Self-supervised Learning of Language Representations google-research apache-2.0 2992 Gets updates from various clearnet domains and ransomware threat actor domains vxunderground mit 182 XEDParse: A MASM-like, single-line plaintext assembler x64dbg lgpl-3.0 134 Zimbra RCE simple poc vnhacker1337   58 Library for streaming data and incremental learning algorithms. IBM mit 10 Linrad - SDR receiver fventuri mit 5 TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts Flangvik gpl-3.0 491 TimelineJS v3: A Storytelling Timeline built in JavaScript. NUKnightLab mpl-2.0 2589 Project for tracking publicly disclosed DLL Hijacking opportunities. wietze gpl-3.0 338 Agile Threat Modeling Toolkit Threagile mit 397 The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out there, get a publication on their resume with an actual ISBN number, and ideally lower the bar for people to contribute something back to the DFIR Community. Want to write a chapter? Let me know and let’s make it happen! Digital-Forensics-Discord-Server mit 122 a small statically-linked linux system oasislinux other 1920 A statically typed language that can deeply improve the Python ecosystem erg-lang apache-2.0 2016 Bare-metal Forth implementation for RISC-V theandrew168 mit 25 Forth for RISC-V SBCs mcmenaminadrian gpl-2.0 15 A Forth CPU and System on a Chip, based on the J1, written in VHDL howerj   286 Self-Hosted alternative to GitHub Gists realaravinth agpl-3.0 44 Automated privilege escalation of the world’s most popular Docker images. trickest   35 Tool for Active Directory Certificate Services enumeration and abuse ly4k mit 1211 An automatic unpacker and logger for DotNet Framework targeting files advanced-threat-research other 126 Markdown as Web Page/Site casualwriter mit 254 Hardening code obfuscation against automated attacks RUB-SysSec agpl-3.0 32 tool for generating wordlists or extending an existing one using mutations. d4rckh   339 Adaptive Radix Trees implemented in C armon other 673 Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows. center-for-threat-informed-defense apache-2.0 286 OFRAK: unpack, modify, and repack binaries. redballoonsecurity other 1166 There can be more than Notion and Miro. AFFiNE is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable and ready to use. toeverything mit 10747 A cache hard password hash/KDF Sc00bz cc0-1.0 19 Hachoir is a Python library to view and edit a binary stream field by field vstinner gpl-2.0 506 NSA Codebreaker Challenge 2021 Write-Ups luker983   49 A web scraper to create MISP events and reports cudeso   7 ISP for the ABOV MC81F4204 jglim   11 Tear-down effort of the Pixmob wristband used in NDP2019. yeokm1   23 GeoPix is a free and open source real-time lighting control and previz software. It’s built in TouchDesigner, with a workflow and UI/UX inspired by 3d animation software. EnviralDesign mit 182 Extract files from any kind of container formats onekey-sec other 740 Elastic Security detection content for Endpoint elastic other 506 projectM - cross-platform music visualization. Open-source and Milkdrop-compatible projectM-visualizer lgpl-2.1 2460 Visualisation, analysis, and annotation of music audio recordings sonic-visualiser gpl-2.0 279 Paulstretch python version paulnasca   488 PaulStretch paulnasca gpl-2.0 732 command line wave stretching program. based on Paul stretch rumblesan bsd-2-clause 7 This Pure Data patch uses the Paul stretch algorithm to time stretch musical recordings. It is suitable for extreme sound stretching of the audio. Elektromatic gpl-3.0 9 Open Source Software Secure Supply Chain Framework microsoft other 218 Frida hook generator for Ghidra CENSUS bsd-2-clause 43 Repository to store unique seeds for DNS server fuzzing CZ-NIC   42 Tool suite for inspecting NTFS artifacts. williballenthin apache-2.0 172   GendarmerieNationale other 29 Python regular expressions made easy VerbalExpressions   1558 TweetNLP for all the NLP enthusiasts working on Twitter! The Python library tweetnlp provides a collection of useful tools to analyze/understand tweets such as sentiment analysis, emoji prediction, and named entity recognition, powered by state-of-the-art language models specialised on Twitter. cardiffnlp mit 69   microsoft mit 36   Fuziih other 30 Collection of malware source code for a variety of platforms in an array of different programming languages. luca364   3 dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team! punk-security agpl-3.0 1513 Public library of space documents and tutorials deptofdefense   487 Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver. Deputation   101 50+ Gadgets(20 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. cckuailong mit 239 USRP Hardware Driver Repository ptrkrysik other 2 Extracting URLs of a specific target based on the results of “” si9int mit 256 The Brandefense cyber threat intelligence team is always researching new threats and writing research reports. Our latest Threat Reports is available for download. This reports covers the latest activity from APT groups, as well as new information on ransomware and phishing attacks. We recommend that all Brandefense followers download this reports and keep it handy in case they need to refer to it in the future. BRANDEFENSE   17 List of unsafe ed25519 signature libs MystenLabs mit 169 — A safer, faster, and more powerful low-level edwards25519 Go implementation. FiloSottile bsd-3-clause 94 Yet another Windows DLL injector. 0vercl0k mit 26 BloodHound Attack Research Kit BloodHoundAD gpl-3.0 237 Library of blueprints usable in MISP Workflows MISP other 5   gtworek gpl-3.0 117 Synchronous multi-master replication library codership gpl-2.0 392 🌌 Fast, in-memory, typo-tolerant, full-text search engine written in TypeScript. LyraSearch other 3623 ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap aydinnyunus other 288 ∿ Oscilloscope waveform capture viewer and converter. sam210723 mit 43 Source-assisted binary analysis tool to deduce function names based on source code patterns (read: strings). novafacing   2 Windows Search App Cache parsing dfirdetective mit 7 Photogrammetry Guide. Learn all about the process of obtaining measurements and 3D models from photos. Creating topographic maps, meshes, or point clouds based on the real-world. mikeroyal   613 Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR evild3ad gpl-3.0 78 A simple message board for your organization or project planetscale mit 1652 An implementation of Org mode without the dependency of Emacs - built for mobile and desktop browsers 200ok-ch agpl-3.0 2072 The exploit generator CRAX++ is CRAX with x86_64 ROP techniques, s2e 2.0 upgrade, code selection, I/O states, dynamic ROP, and more! SQLab other 73 SymQEMU: Compilation-based symbolic execution for binaries eurecom-s3 other 219 A Python compiler, down to native code, using C++ Omyyyy mit 1091 grim reaper c2 d4rckh gpl-3.0 287 Python wrapper around sox. rabitt bsd-3-clause 440 A free open-source audio editor based on Audacity focusing on general improvements. Will be the new future codebase of Tenacity starting with 1.3 tenacityteam other 135 Wordlist to crack .zip-file password 0xsyr0   70 Privacy-preserving Firefox extension linking to Hacker News discussion; built with Bloom filters and WebAssembly jstrieb gpl-3.0 73 HashedRPZ - keep your RPZ entries secret massar bsd-3-clause 4 Automatically unpack SPLCrypt packed binaries (IcedID / BazarLoader stagers) matthw unlicense 8 A small Python library to deal with publicsuffix data (includes a bundled PSL as “package data”) in a wheel friendly format. Fork and continuation of Tomaž Šolc’s “publicsuffix” nexB   24 a-ray-grass is a yara module that provides support for DCSO-format bloom filters in yara. In the context of hashlookup, it allows quickly discard known files “pour séparer le grain de l’ivraie” hashlookup bsd-3-clause 7 Automatically updated list of valid TLDs for Python kichik mit 2 Aggregator, analyzer, transporter and logging for your DNS logs dmachard mit 54 Dnstap streams receiver in Python dmachard mit 29 Dnstap Protocol Buffers implementation in Python dmachard mit 2 Unbound is a validating, recursive, and caching DNS resolver. NLnetLabs bsd-3-clause 1972 The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more. Findomain gpl-3.0 2608 A C2 post-exploitation framework enkomio other 387 RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows last-byte mit 220 Find interesting Amazon S3 Buckets by watching certificate transparency logs. eth0izzle mit 1644 A sorted and updated list of security wargame sites. zardus gpl-3.0 606 Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files. hzqst mit 559   chip-red-pill   1435 Fleur implements a Bloom Filter library in C that is fully compatible with DCSO’s Go and python implementations. hashlookup bsd-3-clause 114 ClickHouse dialect for SQLAlchemy xzkostyan other 278 Browse Windows Prefetch properties kacos2000 mit 28 Suricata git repository maintained by the OISF OISF gpl-2.0 2810 A hex editor for romhackers Moonslate   12 See through all BGP data with a monocle. bgpkit mit 18 Obfuscator based on LLVM 12.0.1 bluesadi mit 478   DODC   36 Python implementation of the Packed Executable iDentifier (PEiD) packing-box gpl-3.0 46 Evtx Log (xml) Browser kacos2000 mit 47 DuckDB is an in-process SQL OLAP Database Management System duckdb mit 7081 A pre-authenticated RCE exploit for Inductive Automation Ignition sourceincite gpl-3.0 36 A DFIR tool to extract cryptocoin addresses and other indicators of compromise from binaries. Concinnity-Risks apache-2.0 53 A Passive DNS backend and collector D4-project agpl-3.0 26 Create simple APRS modulator using Arduino UNO handiko gpl-3.0 59 Arbitrary Speculative Code Execution with Return Instructions comsec-group   105 An XSS exploitation command-line interface and payload generator. t3l3machus mit 578 Decompiler Explorer! Compare tools on the forefront of static analysis, now in your web browser! decompiler-explorer mit 1008 Library for handling diffs for geospatial data MerginMaps mit 116 Flow collector, hydrater and visualizer akvorado agpl-3.0 488 An OSINT tool to search for accounts by username in social networks. p1ngul1n0   1193 Fast and stealthy Amazon S3 bucket enumeration tool for pentesters. koenrh isc 151 Build portable Linux binaries without using an ancient distro wheybags mit 587 Toy implementation of a Automated Exploit Generation built on Angr; stiched using radare, pwntools, pyelftools, and Angrop. rudyerudite   9 :no_entry: [DEPRECATED] - A D3-based renderer for Dagre dagrejs mit 2704 Modifying SweetPotato to support load shellcode and webshell uknowsec   512 The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator RfidResearchGroup gpl-3.0 2121 Website for ail-typo-squatting library ail-project apache-2.0 22   sartlabs   1 mmdb-server is an open source fast API server to lookup IP addresses for their geographic location. adulau agpl-3.0 64 Open Source realtime backend in 1 file pocketbase mit 15592 Community maintained fork of pdfminer - we fathom PDF pdfminer mit 3943 A pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files py-pdf other 4857 BGP and RPKI monitoring tool. Pre-configured for real-time detection of visibility loss, RPKI invalid announcements, hijacks, ROA misconfiguration, and more. nttgin bsd-3-clause 569 Easily document cables and wiring harnesses formatc1702 gpl-3.0 2616 NRSC-5 receiver for SDRplay API, SoapySDR, and RTL-SDR fventuri other 7 Out-of-tree GNU Radio module for SDRplay RSP devices - SDRplay API V3.X fventuri gpl-3.0 14 EVM disassembler Arachnid apache-2.0 456 USB Scanning device dbarzin gpl-3.0 10 Single or bulk scan of domains for SPF, DKIM, or DMARC records. GlobalCyberAlliance apache-2.0 75 [TheWebConf 2021] Radflow: A Recurrent, Aggregated, and Decomposable Model for Networks of Time Series alasdairtran   24 hashdb block hash database tool and API simsong other 2   whichbuffer apache-2.0 14 Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2 yardenshafir mit 90 SPI flash read MitM attack PoC TakahiroHaruyama bsd-2-clause 31 24 channel, 100Msps logic analyzer hardware and software gusmanb gpl-3.0 749 First seen / last seen web service based on sha256 espegro mit 3 Simple stable bloomfilter web service espegro mit 2 CLI for generating policies, standards and control procedures (PSP) documentation in Markdown and publishing to JupiterOne or Confluence JupiterOne mpl-2.0 52 Sysmon info corpus sikkerhet   7 A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities. h3xduck gpl-3.0 1206 Windows x64 handcrafted token stealing kernel-mode shellcode winterknife gpl-3.0 444 Open-source web application to keep track of all data processing activities prefigured by GDPR Article 30 “Records of processing activities”. pluribus-one other 16 This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that make use of the Security Playbook extension and MISP Security Playbook objects. cyentific-rni mit 10 Cleanup of older MISP events can require some work until now eCrimeLabs mit 13 Python interface to Graphviz’s Dot language pydot mit 721 Automated PDF Reports with Python pplonski mit 16 Fast and configurable TLS grabber focused on TLS based data collection. projectdiscovery mit 466 Commandline tool for running SQL queries against JSON, CSV, Excel, Parquet, and more. multiprocessio other 2861 this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback functions 0xsp-SRD mit 75 Malicious DLL Generator in Py3 NullArray   20 macOS Security Compliance Project usnistgov other 970 portable and minimalistic Flate decompression filter pts   4 LinkedIn Recon Tool vysecurity mit 818 Yet another way to find where to report an abuse ninoseki mit 20 Extensions for Python Markdown facelessuser other 657 Binary and CrackMapExec module to impersonate tokens on a windows machine Dfte   40 VIINA: Violent Incident Information from News Articles on the 2022 Russian Invasion of Ukraine zhukovyuri   124 Statistics of Common Crawl monthly archives mined from URL index files commoncrawl apache-2.0 61 Open source 5G UE and RAN (gNodeB) implementation. aligungr gpl-3.0 480 Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs optiv mit 671 Converts PE into a shellcode hasherezade bsd-2-clause 1570 Pretrained language model with 100B parameters yandex apache-2.0 3089   timtaylor3 apache-2.0 3 UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts. tclahr apache-2.0 271 Command-line tool to search for malware samples in various repositories mattnotmax   4 Wi-Fi Exploitation Framework D3Ext other 1361 Total Registry - enhanced Registry editor/viewer zodiacon mit 1021 AVML - Acquire Volatile Memory for Linux microsoft mit 576 Provides a multi-platform Graphical User Interface for hashlookup hashlookup agpl-3.0 9 👀 A modern watch command. Time machine and pager etc. sachaos mit 3775 Python library to carry out DFIR analysis on the Cloud google apache-2.0 327 Make a cascading timeline from markdown-like text. Supports simple American/European date styles, ISO8601, images, links, locations, and more. kochrt agpl-3.0 2027   DavidCruciani   1 Distributed PostgreSQL as an extension citusdata agpl-3.0 7516 Streaming WARC/ARC library for fast web archive IO webrecorder apache-2.0 267 C++ Dll-Encryptor, makes you able to stream a dll without touching your disk. (Can be used to prevent from cracking). unreaIuser   46 Ultra low cost HDMI-USB Video Acquisition (HDMI Capture Card) based on MS2109 YuzukiHD other 31 Gather and update all available and newest CVEs with their PoC. 0x000050 mit 1 Mind-Maps of Several Things imran-parray   1170 One Time Password generation via RFC 6238 paulmillr mit 21 Simple (relatively) things allowing you to dig a bit deeper than usual. gtworek unlicense 1760 Windows memory hacking library DarthTon mit 3768   trustedsec mit 108 Data orchestration and management. DHARPA-Project mpl-2.0 6 Crawler that retrieves commoncrawl’s crawled hosts and their corresponding IPs CAIDA other 8 A CPython extension for the Hyperscan regular expression matching library. darvid mit 115 Here are some of my malware reversing papers that I will be publishing NtQuerySystemInformation   26 Easy to use open source fast database for search Good alternative to Elasticsearch now Drop-in replacement for E in the ELK soon manticoresoftware gpl-2.0 2218 Vault Exploit Defense hardenedvault other 80 Fast lookup server for NSRL and other hash database used in digital forensic adulau agpl-3.0 32 Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks TalEliyahu gpl-2.0 347 ThePhish: an automated phishing email analysis tool emalderson agpl-3.0 649 CeresDB is a high-performance, distributed, cloud native time-series database that can handle both time-series and analytics workloads. CeresDB apache-2.0 1683 Automation script to download JSON MISP files from a SFTP server and import them via API to a MISP instance. ANSSI-FR gpl-3.0 8 The implementation of the Underground Forum Parser for the identification of related accounts. jcabrero   3 Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits SecIdiot   32 Project HashClash - MD5 & SHA-1 cryptanalysis cr-marcstevens other 500 AIL Exchange Format ail-project bsd-2-clause 3 Source code for “Packed Levitated Marker for Entity and Relation Extraction” thunlp mit 161 API gateway for MISP ninoseki mit 11 🚀 WebRTC - P2P - Simple, Secure, Fast Real-Time Video Conferences Up to 4k and 60fps, compatible with all browsers and platforms. miroslavpejic85 agpl-3.0 1347 Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE) marcinguy other 323 Zoned block device manipulation library and tools westerndigitalcorporation   38 NFC signal and protocol analyzer using SDR receiver josevcm mit 176 Cross-platform music production software LMMS gpl-2.0 6226   pierrafleur cc0-1.0 5   phiresky apache-2.0 2926 The Apache Tika toolkit detects and extracts metadata and text from over a thousand different file types (such as PPT, XLS, and PDF). apache apache-2.0 1537 Implementation of A New Burrows Wheeler Transform Markov Distance EdwardRaff   9 :id: A python library for accurate and scalable fuzzy matching, record deduplication and entity-resolution. dedupeio mit 3537 Graph Data Science: an abstraction layer in Python for building knowledge graphs, integrated with popular graph libraries – atop Pandas, NetworkX, RAPIDS, RDFlib, pySHACL, PyVis, morph-kgc, pslpython, pyarrow, etc. DerwenAI mit 444 Automated Encryption Framework latchset gpl-3.0 578 A python symbolic execution framework using radare2’s ESIL (Evaluable String Intermediate Language) radareorg mit 136 Simple Go program to stress test DNS servers MickaelBergem   37 Windows AV Evasion bats3c mit 562 :mortar_board: Path to a free self-taught education in Computer Science! ossu mit 126497 TAPIR is a multi-user, client/server, incident response framework tap-ir gpl-3.0 30 Single-document unsupervised keyword extraction LIAAD other 1197 C++ implementation of LZJD algorithm EdwardRaff apache-2.0 9 NEDAGEN - A Network traffic Dataset Generator for Network-based Intrusion Detection Systems COSSAS mpl-2.0 2 cachegrand - a modern OSS Key-Value store built for today’s hardware danielealbano bsd-3-clause 767 Powershell module for VMWare vSphere forensics ANSSI-FR gpl-3.0 93 Web based Manager for Yara Rules kevthehermit gpl-2.0 50 🚀 A self-hostable personal dashboard built for you. Includes status-checking, widgets, themes, icon packs, a UI editor and tons more! Lissy93 mit 8103 no-op statements syntactically valid only since Python X.Y jwilk   334 Execute PowerShell code at the antimalware-light protection level. mattifestation bsd-3-clause 115 Time Travel Debugging IDA plugin airbus-cert apache-2.0 413 Expriments commial   358 A WIP disassember and decompiler written in modern C++ with the goal to do as much work during compile time as possible WerWolv   12 A collaborative book on algorithms algorithm-archivists mit 2047 Automatically created C2 Feeds drb-ra other 215 Algorithme d’apprentissage statistique permettant de créer un modèle sur les lignes de commandes des évènements “Création de Processus”, afin de détecter des anomalies dans les évènements futurs ANSSI-FR gpl-3.0 45 A lightweight Svelte component library for building interactive node-based flow diagrams open-source-labs mit 1309 Community-sourced cheatsheets cheat   1303 RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check. wikiZ gpl-2.0 877 Alfred workflow to search through my notes and bookmarks nikitavoloboev mit 420 Generic Low Interaction Honeypot mushorg mit 190   openai mit 808 An open source time-series database for fast ingest and SQL queries questdb apache-2.0 9595 An open source, markdown-based, self-hosted note taking webapp. batnoter mit 1791 A tool for filtering BGP records, by AS numbers, prefixes, countries, etc … D4-project apache-2.0 9   LiveMirror   65 Stable releases of Webix UI - JavaScript library for building mobile and desktop web apps webix-hub gpl-3.0 395 Windows 平台提权漏洞大合集,长期收集各种提权漏洞利用工具。 A large collection of rights raising vulnerabilities on the windows platform, which collects various rights raising vulnerability utilization tools for a long time. lyshark   749 Scalable Bloom Filter implemented in Python adulau mit 7 POC to replicate the full ‘Follina’ Office RCE vulnerability for testing purposes chvancooten   1055 AFSK interface for Android smartphones and tablets. 4x1md mit 23 A tidy and feature-packed LORA QWERTY communication device based on a Blackberry Q10 keyboard, a nRF52840 and a 2.7’’ Sharp Memory LCD BigCorvus mit 137 Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。 moonD4rk mit 6448 List of all the Publicly disclosed vulnerabilities of Public Cloud Provider like Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Oracle Cloud, IBM Cloud etc hashishrajan apache-2.0 208 It embeds the executable file or payload inside the jpg file. The method the program uses isn’t exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the “garbage code insertion/dead-code insertion” method to prevent the payload from being caught by the antivirus at runtime. abdulkadir-gungor other 276 a high-performance, POSIX-ish Amazon S3 file system written in Go kahing apache-2.0 4363 Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers BushidoUK   279 A visualization grammar. vega bsd-3-clause 10056 A collection of my public YARA signatures for various malware families jeFF0Falltrades   20 Linux Evidence Acquisition Framework alex-cart   109 Public domain string formatting micro-library for C++, based on python-style format strings. rhoot cc0-1.0 35 Yet another library library (and tools) libyal apache-2.0 190 High-performance QEMU memory and instruction tracing MarginResearch gpl-2.0 376 linux elf injector for x86 x86_64 arm arm64 ixty   255 A community-maintained Python framework for creating mathematical animations. ManimCommunity mit 11804 A collection of papers, blogs, and resources that make up the quintessential aspects of cyber threat intelligence curated-intel   307 Monitor linux processes without root permissions DominicBreuker gpl-3.0 3187   alyakubov   19 Extract place names from a URL or text, and add context to those names – for example distinguishing between a country, region or city. somnathrakshit apache-2.0 74 Simple Driver that elevates any process to SYSTEM xct   5 :bug: A multi threads web application source leak scanner WangYihang   348 An IDA plugin to increase productivity when developing scripts for IDA 0xeb mit 192 Antivirus evasion project Ch0pin gpl-3.0 789 implementation for Python scrapy bsd-3-clause 11 👑 Easy-to-use and powerful NLP library with 🤗 Awesome model zoo, supporting wide-range of NLP tasks from research to industrial applications, including 🗂Text Classification, 🔍 Neural Search, ❓ Question Answering, ℹ️ Information Extraction, 📄 Document Intelligence, 💌 Sentiment Analysis and 🖼 Diffusion AICG system etc. PaddlePaddle apache-2.0 6263 Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking) sailay1996   233 CyLR - Live Response Collection Tool orlikoski gpl-3.0 511 NATS Streaming System nats-io apache-2.0 684 RPM packages for MISP MISP   4 Main portal of CYBERSECURITY Luxembourg: CybersecurityLuxembourg bsd-2-clause 3 SIEM Logstash parsing for more than hundred technologies Cargill apache-2.0 144 Repository to provide files related to our blog articles. DCSO   11 Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed. eCrimeLabs mit 17 Kats, a kit to analyze time series data, a lightweight, easy-to-use, generalizable, and extendable framework to perform time series analysis, from understanding the key statistics and characteristics, detecting change points and anomalies, to forecasting future trends. facebookresearch mit 4056 CERTITUDE - A python package to classify malicious URLs COSSAS mpl-2.0 16 Unofficial revival of the well known .NET debugger and assembly editor, dnSpy dnSpyEx gpl-3.0 2273 Extract all domains from a CertStream-compatible CTL websockets server to RocksDB hrbrmstr mit 5 ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era. zitadel apache-2.0 1626 Fuzzing cryptographic libraries. Magic bug printer go brrrr. guidovranken gpl-3.0 484 Cross-platform UI library written in V vlang gpl-3.0 1843 Library for reading and writing Jcat files hughsie lgpl-2.1 14 Example implementation of DNSAdmin DLL PrivEsc attack kazkansouh gpl-3.0 21 The USRP™ Hardware Driver Repository EttusResearch other 720 A sniffer for Bluetooth 5 and 4.x LE nccgroup gpl-3.0 584 A multi threaded Python script designed to brute force directories and files names on webservers. ytisf mit 62 Hide process,port,self under Linux using the ld_preload veo   99 A happy place for detection engineers, purple teamers and threat hunters focusing on macOS. iThreatopedia gpl-3.0 17 Arduino library for parsing potentially huge json streams on devices with scarce memory squix78 mit 191 Mhy Exp (exploit signed driver) HadesW   123 A Self-Contained Open-Source Cyberattack Experimentation Testbed fkie-cad gpl-3.0 18 A hex viewer for the sleuths! Nisarg12 mit 5 Sample of a Malicious baseband signed by Apple rickmark   7 A collection about macOS beerisgood gpl-3.0 39 Low-Level Software Security for Compiler Developers llsoftsec other 136 Python framework to solve crypto problems using grainofsalt and cryptominisat tinylabs   10 ZenFS is a storage backend for RocksDB that enables support for ZNS SSDs and SMR HDDs. westerndigitalcorporation gpl-2.0 136 📊 An infographics generator with 30+ plugins and 200+ options to display stats about your GitHub account and render them as SVG, Markdown, PDF or JSON! lowlighter mit 8728 Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security eurecom-s3 gpl-3.0 11 A modern, high customizable, responsive Jekyll theme for documention with built-in search. just-the-docs mit 5001 Determine the running software version of a remote F5 BIG-IP management interface. BishopFox mit 22 .NET Project for Attacking vCenter JamesCooteUK   467   lamw   31 Stupidly-simple notes app. lainsce gpl-3.0 320 Sioyek is a PDF viewer designed for reading research papers and technical books. ahrm gpl-3.0 4087 Private keys generated with vulnerable keypair versions (CVE-2021-41117) badkeys cc0-1.0 3 Automagically reverse-engineer REST APIs via capturing traffic alufers   4042 Demisto Client for Python demisto apache-2.0 61 A powerful, flexible, Markdown-based authoring framework. markdoc mit 5552 DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic COSSAS apache-2.0 24 IDA Pro plugin for recognizing known hashes of API function names KasperskyLab other 66 Cartopy - a cartographic python library with matplotlib support SciTools lgpl-3.0 1124 An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. mitmproxy mit 29166 VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform. CERTCC other 38 Demisto is now Cortex XSOAR. Automate and orchestrate your Security Operations with Cortex XSOAR’s ever-growing Content Repository. Pull Requests are always welcome and highly appreciated! demisto mit 870 eBPF-based Security Observability and Runtime Enforcement cilium apache-2.0 1902 Red Teaming Tactics and Techniques mantvydasb   2762 A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review. hysnsec cc0-1.0 778 MagSpoof is a portable device that can spoof/emulate any magnetic stripe or credit card “wirelessly”, even on standard magstripe readers. ElectronicCats   41 This script when executed searches for organisations with a specific UUID and add a dedicated local tag to the event. eCrimeLabs mit 6 Cleaning Data for Effective Data Science, published by Packt PacktPublishing mit 67 Feed parsing for language package manager updates ossf apache-2.0 51 Open Source Package Analysis ossf apache-2.0 542 DGA Detection with ML and DL hmaccelerate mit 22 In line function hooking LKM rootkit RITRedteam mit 44 Sign, verify, encrypt and decrypt data with PGP in your browser. pojntfx agpl-3.0 78 Overlay networks based on WebRTC. pojntfx agpl-3.0 1195 Tools & Interesting Things for RedTeam Ops bigb0sss mit 1577 BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review. tsale apache-2.0 28 🐀 A link aggregator and forum for the fediverse LemmyNet agpl-3.0 6874 An implementation of the Debug Adapter Protocol for Python microsoft other 990 Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc. bytecode77 bsd-2-clause 929 Tool for rebasing a PCAP file and editing layer2 and layer 3 addresses jordan2175 apache-2.0 15 Studying Python release adoptions by looking at PyPI downloads JulienPalard   9 Official electron build of jgraph apache-2.0 34943 Tool to decompile & extract Android Dex bytecode from Vdex files anestisb apache-2.0 867 This is a repo for small, useful scripts and extensions TimMisiak mit 167 Python library to match IP addresses to encompassing networks bbayles mit 4 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware. nomi-sec   4474 A supported fork of Mastodon that provides local posting and a wider range of content types. hometown-fork agpl-3.0 388 sms sniffer and imsi catcher 0xbitx   38 Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics. mikeroyal   654 A toolbox for processing and analysing air traffic data xoolive mit 251 :airplane: Multi-functional, compatible DIY general aviation proximity awareness system lyusupov gpl-3.0 515 a file-sharing tool that allows you to find the responsible person in case of a leakage utkusen bsd-3-clause 722 A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine. D4stiny gpl-3.0 553 Good dork to find vulnerable CCTV cameras the-h3x   55 Cloud-native search engine for log management & analytics quickwit-oss other 2624 A set of minimal dependency bootstrap binaries oriansj gpl-3.0 787 LD_PRELOAD rootkit RITRedteam unlicense 8 proof-of-concept firmware to stream IQ over USB from Seeed MR24D11C10 radar module marcnewlin mit 24 🍼 Plugin driven WYSIWYG markdown editor framework. Saul-Mirone mit 6766 Simple hooking library for C/C++ (x86 only, 32/64-bit, no dependencies) Zeex bsd-2-clause 646 Finding suspicious domains as they are registereed cas1m1r   4 A collection of resources/tools and analyses for the angr binary analysis framework. degrigis   94 A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. 1N3   3133 A linux kernel funtions hooking module shubham0d mit 10 A tool for visualizing yacc grammars by Aaron Kaplan (Modified slightly by me modify to build and not crash on macs) aaronkaplan gpl-2.0 7 RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. microsoft mit 1789 Using Socks4/5 or http proxies to make a multithreading Http-flood/Https-flood (cc) attack. Leeon123 gpl-2.0 594 magic-trace collects and displays high-resolution traces of what a process is doing janestreet mit 3902 Capture a URL with Playwright Lookyloo other 8 hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method ( 0x4D31 bsd-3-clause 44 Uncurled - everything I know and learned about running and maintaining Open Source projects for three decades. bagder cc-by-4.0 448 A tool for analyzing x86-64 binaries. GaloisInc bsd-3-clause 260 Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system. tillson mit 917 Binary Ninja plugin for visualizing coverage over time mechanicalnull mit 16 An interactive list of plugins for hex-rays’ IDA Pro vmallet mit 92   Cisco-Talos mit 119 Social server with an ActivityStreams API pump-io apache-2.0 2129 A Python 3 Bitcoin blockchain parser alecalve other 387 Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert sebdraven mit 26   telekom-security   5 Script for gathering IoCs from OTX (AlienVault) and sending them to MISP. aleprada   10 Deployment of MONARC with Ansible monarc-project   2 Seer is a tool that recognizes the architecture of a binary file krsh bsd-3-clause 85 Global Security Database cloudsecurityalliance cc0-1.0 176 Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL ( trinodb apache-2.0 6459 FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. FelixBer   197 Bot to create MISP events from data in Slack IRATEAU   16 🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system forensicanalysis mit 173 REST API for any Postgres database PostgREST mit 19381 A repository hosting example goodware evtx logs containing sample software installation and basic user interaction NextronSystems apache-2.0 39 Linux EDR written in Golang and based on eBPF. sourque gpl-2.0 212 A command-line tool to control 433MHz OOK based devices jcrona gpl-2.0 40 XARF - eXtended Abuse Reporting Format abusix mit 60 A lightweight document-oriented NoSQL database written in pure Golang. ostafen mit 284 OSINT Framework for Skype     61 Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. firefart other 541 誰でもMastodonサーバーを立てられるようになるやつ(主語デカ) nesosuke gpl-3.0 13 The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. minimaxir mit 44087 Wi-Fi tracking system for testing and demonstrational purpose Perdu gpl-3.0 26 Security Monitoring Resolution Categories d3sre   131 DataBase of Aggregated Time Series CAIDA other 2 Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality. kyleavery   97 Collection of private Yara rules. bartblaze mit 168 python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。 al0ne apache-2.0 1518 IOC Data Obtained From Karakurt Hacking Team’s Internal Infrastructure infinitumitlabs mit 30 a ransomware-group observatory 🧅👹 joshhighet unlicense 208 Proof of concept code for Datadog Security Labs referenced exploits. DataDog other 305 A Cross Platform multifunctional (Windows/Linux/Mac) RAT. hash3liZer mit 520 :link: Methods for Correlation Analysis easystats gpl-3.0 356 CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library herosi gpl-2.0 5 Great explanation of Process Hollowing (a Technique often used in Malware) m0n0ph1   760 Forensic Artifact Collection Tool for macOS mnrkbys apache-2.0 58 The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules. mandiant apache-2.0 129 SDR Rx/Tx software for Airspy, Airspy HF+, BladeRF, HackRF, LimeSDR, PlutoSDR, RTL-SDR, SDRplay RSP1 and FunCube f4exb gpl-3.0 1660 ISDi (IPV Spyware Discovery) tool for Android and iOS. stopipv mit 97 Remote Access Tool Written In C# arsium agpl-3.0 267 Resources and materials for DEF CON 2018 Packet Hunting Workshop packetrat   75 Research code and scripts used in the Silburt et al. (2021) EMNLP 2021 paper ‘FANATIC: FAst Noise-Aware TopIc Clustering’ bloomberg apache-2.0 7 Memray is a memory profiler for Python bloomberg apache-2.0 9504 A Python package for Bayesian forecasting with object-oriented design and probabilistic models under the hood. uber other 1508 Simple, portable automatic antenna tuner hmatuschek other 9 Fully functioning reverse shell written entirely in VBA. JohnWoodman   72 Python Web framework P0wner danghvu   73 ECPDAP allows you to program ECP5 FPGAs and attached SPI flash using CMSIS-DAP probes in JTAG mode. adamgreig apache-2.0 38 A tiny command line DNS client with support for UDP, TCP, DoT, DoH, DoQ and ODoH. natesales gpl-3.0 898 A collection of my Semgrep rules to facilitate vulnerability research. 0xdea mit 239 CoDEx: A set of knowledge graph Completion Datasets Extracted from Wikidata and Wikipedia tsafavi mit 109 OpenSSH <=6.6 SFTP misconfiguration universal exploit SECFORCE   27 PoC for breaking hypervisor ASLR using branch target buffer collisions felixwilhelm   163 ADX - Arduino Digital Modes HF Transceiver WB2CBA   32 Detect the programming language of a source code yoeo mit 600 c++ shellcode loader G73st   63 NXcrypt - ‘python backdoor’ framework Hadi999   352 📗 Score text readability using a number of formulas: Flesch-Kincaid Grade Level, Gunning Fog, ARI, Dale Chall, SMOG, and more cdimascio mit 233 📝A simple and elegant markdown editor, available for Linux, macOS and Windows. marktext mit 36838 Principled, lightweight C/C++ PE parser trailofbits mit 590 A technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process. arget13 gpl-3.0 439 Multichannel SDR based on fast convolution and IP multicasting ka9q gpl-3.0 60 Simple linux backdoors and hiding techniques iamckn   202 React component for 2D, 3D, VR and AR force directed graphs vasturiano mit 1248 An easy-to-use library to extract indices from texts. dpalmasan mit 22 Melody is a transparent internet sensor built for threat intelligence. Supports custom tagging rules and vulnerable application simulation. bonjourmalware mit 138 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. kagancapar gpl-3.0 673 IDA Migrator is an IDA Pro plugin which helps migrate existing work from one database instance to another. It Conveniently migrates function names, structures and enums. giladreich mit 65 Dump1090 is a simple Mode S decoder for RTLSDR devices g3gg0 other 1 MWDB exercises CERT-Polska   14 Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API. microsoft apache-2.0 44063 🥧 HTTPie for Terminal — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. httpie bsd-3-clause 24541 Fuzzy hashing API and fuzzy hashing tool ssdeep-project gpl-2.0 498 Crossposter to post statuses between Mastodon and Twitter renatolond agpl-3.0 567 Hiding messages in x86 programs using semantic duals woodruffw other 206 An implementation of an SSH certificate authority. cloudtools bsd-2-clause 698 A powerful and modular toolkit for record linkage and duplicate detection in Python J535D165 bsd-3-clause 725 Powershell Script to aid Incidence Response and Live Forensics Johnng007   310 A simple command line notebook for programmers dnote other 2396 A DSP SDR project using a STM32f769 Disco board to field a self contained FT8 Transceiver utilizing SoftRock, UHFSDR , HobbyPCB RS-HFIQ SDR Transceiver Board and other SDR boards. ve7it   3 3GPP data in Relaton format ietf-tools   3 A mapper that maps shellcode into loaded large page drivers VollRagm mit 112 Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application hakluke gpl-3.0 3315 python wrapper for the nfdump cli application JustinAzoff   21 A Fast (and safe) parser for the Windows XML Event Log (EVTX) format omerbenamram apache-2.0 402 A Bluetooth baseband decoding library greatscottgadgets gpl-2.0 163 This is the fully-functional GNU Radio software-defined radio (SDR) implementation of a LoRa transceiver with all the necessary transceiver components to operate correctly even at very low SNRs. This work is a collaboration of the Telecommunication Circuits Laboratory from EPFL and the Electronic Systems group from the Technical University of Eindhoven. martynvdijke gpl-3.0 19 Utility to determine if ELF binary is built with debug sections sbz   8 Mega repo for exploit development. Contains individual exploits and libraries to assist during exploitation jeffssh   19 对原版 进行了实用化修改 WhiteHSBG   642 Retrieve Memory mapped file size on windows with NtQuerySection and _SECTION_BASIC_INFORMATION Microsvuln   1 radius2 is a fast binary emulation and symbolic execution framework using radare2 aemmitt-ns mit 295 PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034) arthepsy   918 Capture HAR files from a Chrome instance cyrus-and mit 479 Headless chrome/chromium automation library (unofficial port of puppeteer) pyppeteer other 2709 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2022 Lissy93 other 9864 The OpenATS COMPASS (Compliance Assessment) tool aims at providing a generalized framework for air-traffic surveillance data analysis, visualization & evaluation. hpuhr gpl-3.0 58 C++ Library for EUROCONTROL’s ASTERIX to JSON conversion. hpuhr gpl-3.0 23 Python decoder for Mode S and ADS-B signals junzis gpl-3.0 407 ADS-B to Cursor on Target Gateway for TAK Products, including ATAK, WinTAK & iTAK. ampledata other 31 Prefix Filter: Practically and Theoretically Better Than Bloom. TomerEven other 31 Ransomware simulator written in Golang NextronSystems mit 273 VMC: a Scalable, Open Source and Free Vulnerability Management Platform DSecureMe apache-2.0 47 Server hosting providers dataplane   22 A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29 pathtofile bsd-3-clause 280 a drop-in replacement for Nmap powered by s0md3v agpl-3.0 2237 WIP shellcode loader in nim with EDR evasion techniques adamsvoboda   158 A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities. emptymonkey mit 441 Active Directory forensic framework csababarta gpl-3.0 269 A Hackable Markdown Note Application for Programmers. Version control, AI completion, mind map, documents encryption, code snippet running, integrated terminal, chart embedding, HTML applets, Reveal.js, plug-in, and macro replacement. purocean agpl-3.0 4133 Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin. krisnova apache-2.0 1228 Offline-first note taking and knowledge management application for desktop and the web. Supports nested notebooks, tags, real-time sync, images and file attachments. Optimised for efficiency with keyboard navigation, full-text search and version control. Never lose a thought. Private, fast, notorious 😈 danobot gpl-3.0 74 Import OpenOwnership BODS data opensanctions   5 FT8 decoder of RTL devices Guenael   23 A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc) CycloneDX cc0-1.0 63 🔒 A collection of cheatsheets for various infosec tools and topics. andrewjkerr mit 1007 hashlookup-nsrl is a NSRL RDSv3 importer for hashlookup server hashlookup other 4 A ransomware created for Windows OS. It is easy to test in a safe environment before deploying it to the victims. Developed using Python CYBERDEVILZ mit 119 Open Source Security Guide. Learn all about Security Standards, Frameworks, Threat Models, Encryption, and Benchmarks. mikeroyal   602 Additional material for our paper “Breaking all the Things - A Systematic Survey of Firmware Extraction Techniques for IoT Devices” (CARDIS 2018) david-oswald   13 Resources related to GitHub Security Lab github mit 1007 C# Lsass parser cube0x0   227 GNU Radio RC DSMX decoder lscardoso   10 JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap’s scripting abilities to discover information about services. Generate report. nullt3r mit 348 A simple Windows kernel rootkit. amitschendel   64 Dumping credentials through windbg and pykd uf0o   34 A real-time Grafana dashboard using MISP ZeroMQ message queue and InfluxDB MISP agpl-3.0 9 Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory. snovvcrash bsd-3-clause 78   nesg-ugr other 9 A Python library for calculating a large variety of statistics from text HLasse apache-2.0 142 A mini project to exfiltrate data via QR codes sourcefrenchy mit 19 Simple local scanner for applications containing vulnerable Spring libraries hillu gpl-3.0 130 A framework for managing and maintaining multi-language pre-commit hooks. pre-commit mit 9092 Tool for automatic list generation of known TOR and VPN exit nodes uforia gpl-2.0 25 Super timeline all the things log2timeline apache-2.0 1363 Create static timeline webpages. molly mit 169 operative framework is a investigation OSINT framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules. graniet apache-2.0 591 MISP usage statistics using bokeh (as a static webpage) MISP bsd-2-clause 3 Spring-cloud-function-SpEL-RCE 批量检测脚本,反弹shell_EXP,欢迎师傅们试用 chaosec2021   239 Pascal Offsec repo for malware dev and red teaming 🚩 0xsp-SRD   122 A YARA Rule Performance Measurement Tool Neo23x0 mit 51 Python and WMI based incident response script caliskanfurkan   4 A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet. disclose cc0-1.0 200 Mumble is an open-source, low-latency, high quality voice chat software. mumble-voip other 5076 IDA Pro plugin to make bitfield accesses easier to grep JustasMasiulis mpl-2.0 172 a structural diff that understands syntax 🟥🟩 Wilfred mit 13362 Ostorlab is a security scanning orchestrator for the modern age. Ostorlab apache-2.0 255 A POC Remote Desktop (RDP) session hijack utility for disconnected sessions bohops bsd-3-clause 323 CVE-2022-0995 exploit Bonfee   483 Suzuki connect app is used to get the car information like Fuel, Ignition status, Current location, Seat buckle status etc. In Ignis, Zeta variant car if the Fuel CAN messages and Seat buckle status is spoofed via OBD 2 port with the crafted value (e.g. zero percent fuel and Car seat is buckled ), then the same value is reflected on Suzuki connect app, which can mislead the user. nsbogam   2 Bypassing AppLocker with C# o1mate   131 spring-cloud / spring-cloud-function,,RCE,0day,0-day,POC,EXP,CVE-2022-22963 hktalent   340 capture SSL/TLS text content without CA cert using eBPF. supports Linux x86_64/Aarch64, Android Aarch64. ehids agpl-3.0 4972 Collection of Yara Rules saferwall apache-2.0 3 TikTok Scraper. Download video posts, collect user/trend/hashtag/music feed metadata, sign URL and etc. soxoj   39 Started from i updated sig and kaspersky driver alexcard144803   11 Collection of various WINAPI tricks / features used or abused by Malware vxunderground   1207 Galileo OSNMA (Open Service Navigation Message Authentication) daniestevez apache-2.0 24 hashlookup insert pipeline Python library hashlookup agpl-3.0 6 Implementations of the GEA-1 and GEA-2 (GPRS Encryption Algorithm) stream ciphers in C, Python and Rust. P1sec agpl-3.0 12 Signal Analysis Toolbox for GNU Radio gnuradio gpl-3.0 230 Examples of Solidity security issues crytic apache-2.0 1754 Public datasets to help you address various cyber security problems. gfek   95 Small tool to get a SYSTEM shell xpn   113 GNURadio TS Streaming server block that can be used to watch ATSC TV streams with a player like VLC in real-time provided your system can handle the processing of the rest of the flowgraph. bkerler gpl-3.0 3 GNURadio OOT Module Providing Signal Cross-Correlation ghostop14 gpl-3.0 14 GNURadio blocks to remove that IQ DC spike just like some software and drivers do! Three techniques available: auto, auto-tune to dc offset, and manual. ghostop14 gpl-3.0 68 JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc) welk1n mit 2039 A small collection of potentially useful contract templates cure53   299 Face-meltingly fast, thread-safe, marshalable, unionable, probability- and optimal-size-calculating Bloom filter in go steakknife mit 340 A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments. tcostam   276 A python library to extract TCP sessions from PCAPs. PaloAltoNetworks mit 12 httpflow - extract http requests from tcpflow output caiiiycuk   8 Risk Evaluation of Kaspersky related Risk, if subject to Coercion by Russian Government for Intelligence and Military Purposes fpietrosanti   7 GNU Radio DAB (digital audio broadcasting) module andrmuel gpl-3.0 73 A collaborative reversing plugin for cross-decompiler collaboration, built on git. angr bsd-2-clause 122 RfCat - swiss-army knife of ISM band radio atlas0fd00m other 439 Styled Terminal Markdown Viewer axiros other 1651 Python binding to Modest and Lexbor engines (fast HTML5 parser with CSS selectors). rushter mit 619 A registry of publicly available datasets on AWS awslabs apache-2.0 1036 OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises. snovvcrash gpl-3.0 79 Volatility plugin for extracts configuration data of known malware JPCERTCC other 436 Pure python parser for Snort/Suricata rules. m-chrome apache-2.0 10 A C library and binary for generating machine code of x86_64 assembly language and executing on the fly without invoking another compiler, assembler or linker. 0xADE1A1DE apache-2.0 151 Full text search engine powering - the open search engine. alexandria-org other 151 A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side karma9874 mit 1310 Layout is a rust library and a command line tool that renders Graphviz dot files. nadavrot mit 505 Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA. claroty mit 161 Attack code for UHEPRNG (Ultra High Entropy Pseudo-Random Number Generator) Sc00bz mit 5   Sc00bz mit 24   post-cyberlabs   268 Open Source REST API for named entity extraction, named entity linking, named entity disambiguation, recommendation & reconciliation of entities like persons, organizations and places for (semi)automatic semantic tagging & analysis of documents by linked data knowledge graph like SKOS thesaurus, RDF ontology, database(s) or list(s) of names opensemanticsearch gpl-3.0 142 GNU Radio module for La Crosse weather stations. tkuester   21 Redteam operation platform with webui 图形化红队行动辅助平台 FunnyWolf bsd-3-clause 2626 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目 knownsec   4225 注入JVM进程 动态获取目标进程连接的数据库 BeichenDream   237 Windows 权限提升 BadPotato BeichenDream   570 Practical Information Sharing between Law Enforcement and CSIRT communities using MISP MISP   22 Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email khast3x other 2809 IP obfuscator made to make a malicious ip a bit cuter D4Vinci gpl-3.0 515 Meterpreter Reverse shell over TOR network using hidden services CalfCrusher mit 76 Low budget VirusTotal Intelligence Cosplay r00tten gpl-3.0 20 IP address lookup service mpolden bsd-3-clause 3598 Collection of tools for processing storage media images log2timeline apache-2.0 6 WTF are these binaries doing?! A list of benign applications that mimic malicious behavior. mttaggart mit 62 Runtime Process Manipulation zeroSteiner bsd-3-clause 216 Decompilation as a Service. Explore multiple decompilers and compare their output with minimal effort. Upload binary, get decompilation. mborgerson other 414   cocaman   5 Reverse Tunneling made easy for pentesters, by pentesters sysdream gpl-3.0 1270 🐉 Export ghidra decompiled code to dwarf sections inside ELF binary cesena mit 133 Google Filestream Forensic Tool net-protect mit 14 Mini-Internet using LXC for practical works flesueur agpl-3.0 327 No-root network monitor, firewall and PCAP dumper for Android emanuele-f gpl-3.0 742 A command-line utility for taking automated screenshots of websites simonw apache-2.0 760 BOF and Shellcode for full DLL unhooking using dynamic syscalls cube0x0   229 List of companies or individuals offering cybersecurity services, data, or other tangible assets to assist in Ukraine’s defense of its independence. r-cybersecurity other 68 A root exploit for CVE-2022-0847 (Dirty Pipe) Arinerron gpl-2.0 989 The best resources for learning exploit development midnightslacker   63 Forensics tool for NTFS (parser, mft, bitlocker, deleted files) thewhiteninja mit 288   ail-project   2 Select, put and delete data from JSON, TOML, YAML, XML and CSV files with a single tool. Supports conversion between formats and can be used as a Go package. TomWright mit 3768 Example nginx backdoor via malicious plugin vgo0   19 A simple LD_PRELOAD library to disable SSL certificate verification. Inspired by libeatmydata. DavidBuchanan314 mit 153 Hex diff viewer using alignment algorithms from biology 8051Enthusiast mit 478 usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to prevent modern anti-cheats (BattlEye, EAC) from finding your driver and having the power to hook anything due to being inside of legit memory (signed legit driver). armvirus   160 Display tabular data in a visually appealing ASCII table format jazzband other 878 Android Dynamic Binary Instrumentation Toolkit crmulliner   1214 Miscellaneous code cryptax   58 Repo for archiving research and investigation related to the recent Trickbot leaks. Cybernite-Technologies gpl-3.0 54 Plugin packages that provide custom visualizations and analytics capabilities to Trisul Network Analytics. trisulnsm   13 The Binarly Firmware Hunt (FwHunt) rule format was designed to scan for known vulnerabilities in UEFI firmware. binarly-io cc0-1.0 143 eBPF Sockmap Proxy vinhjaxt   9 Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks qeeqbox agpl-3.0 114 Read local Chrome cookies without root or decrypting defaultnamehere mit 506 DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat detection DynamiteAI gpl-3.0 139 Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Django and Vue.js Gerapy mit 2849 Like jq, but for HTML. mgdm mit 6172 Crack legacy zip encryption with Biham and Kocher’s known plaintext attack. kimci86 zlib 786 a patched sshd for red team activities QAX-A-Team   66 A training environment, with docker. MISP mit 7 Code written as part of our various malware investigations eset bsd-2-clause 322 Voluntary Ukraine security platform to protect us from Russian forces in the Internet opengs unlicense 1089 Standalone password candidate generator using the PRINCE algorithm hashcat other 358 A collection of tips for using MISP. cudeso   41 Scalpel: The Python Static Analysis Framework SMAT-Lab apache-2.0 167 Global Socket Server hackerschoice other 13 Connect like there is no firewall. Securely. hackerschoice bsd-2-clause 982 HP Data Protector Arbitrary Remote Command Execution adipinto   11 dyld_shared_cache processing / Single-Image loading for BinaryNinja cxnder mit 74   mandiant apache-2.0 231 A special DOS application to stop pro-Russian aggression websites. Support Ukraine! erkexzcx gpl-3.0 465 Volunteer DoS tool via HTML + JS ajax-lives gpl-3.0 399 Russia / Ukraine 2022 conflict related IOCs from CERT Orange Cyberdefense Threat Intelligence Datalake Orange-Cyberdefense   155 Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. curated-intel   845 External twitter feeder for AIL framework ail-project agpl-3.0 16 An advanced Twitter scraping & OSINT tool written in Python that doesn’t use Twitter’s API, allowing you to scrape a user’s followers, following, Tweets and more while evading most API limitations. ail-project mit 13 A Firefox and Google Chrome extension to clip websites and download them into a readable markdown file. deathau apache-2.0 1120 A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts. dashingsoft other 1833 Ail feeder for certificate transparency ail-project   2   rjbhide   82 AIL feeder for GitHub Repository ail-project   1 simple scripts which fetch CIDR blocks by country code and add them to iptables/ipset blocklists aaronkaplan gpl-3.0 8 A D3.js Time Data Availability Visualization flrs mit 280 Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software. github cc-by-4.0 1184 Open-source symbolic execution framework: trailofbits other 493 CLI and Go package for fast, offline ASN lookups banviktor apache-2.0 9 Code snippets for bare-metal malware development redcode-labs mit 80 This is a set of tools for doing forensics analysis on Microsoft ESE databases. MarkBaggett   108 A Flask-based HTTP(S) command and control (C2) framework with a web interface. Custom Windows EXE/DLL implants written in C++. For educational use only. JrM2628   57 Daily archiver & triage issue creator for new releases of CISA’s Known Exploited Vulnerabilities list hrbrmstr mit 16 DNS server daemon dataplane   2 A C++11 library for reading Microsoft Program DataBase PDB files MolecularMatters bsd-2-clause 453 Heuristic based boilerplate removal tool miso-belica bsd-2-clause 485 Parsing of YARA rules into AST and building new rulesets in C++. avast mit 83   mlodic mit 6 This repository contains helper scripts and custom configs to get the best out of Google’s Timesketch project. blueteam0ps apache-2.0 32 DoublePulsar (Position-Independent) Shellcode (Windows 7 SP1 x64) bhassani   19 A framework for easy payloads development and deployment, collection of customizable XSS payloads redcode-labs isc 22 A graph-relational database with declarative schema, built-in migration system, and a next-generation query language edgedb apache-2.0 9508 A series of increasingly complex programs demonstrating function hooking on 64 bit Windows. Culminating in a program that hooks mspaint to make it always paint orange. khalladay mit 134 A simple COM server which provides a component to run shellcode leoloobeek   129 PDBRipper is a utility for extract an information from PDB-files. horsicq mit 619 Pyrite is a web(RTC) client for the Galène videoconference server. garage44 mit 258 Modlishka. Reverse Proxy. drk1wi other 4092 An anomaly detection library comprising state-of-the-art algorithms and features such as experiment management, hyper-parameter optimization, and edge inference. openvinotoolkit apache-2.0 1370 Deobfuscator for Android Application Gyoonus mit 271 Lua plugin to extract data from Wireshark and convert it into MISP format MISP   19 Lua Library to create and manipulate MISP entities MISP mit 3 A computer science textbook algorithmica-org   1183 Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes SecurityBrewery agpl-3.0 126 A QRP on-off keying digital transmission device profdc9   17 Lightweight plotting to the terminal. 4x resolution via Unicode. olavolav mit 190 Python library for Representational Similarity Analysis rsagroup mit 91 Complex payload encoder ffuf mit 143 Accent Classification in Speech nkrao220   13 The personal, minimalist, super-fast, database free, bookmarking service - community repo shaarli other 2788 Single-file alternative to python-requests slingamn 0bsd 260 Create highly interactive web pages purely in Python idom-team mit 671 FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware. mandiant apache-2.0 2434 Sample of Python codes from mathematical problems FelixChop   100 Topic modeling (abstract topics) with LDA (Latent Dirichlet Allocation) in python sanchikagn   3 Another piece of your extended mind karlicoss mit 1425 RF side of Radiocapture’s SDR based trunked radio bulk collection system MattMills gpl-3.0 48 A statistical framework for graph anomaly detection. sudrich gpl-3.0 15 Linux Kernel hooking engine (x86) milabs gpl-2.0 239 This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. JonathanSalwan other 3166 Gather and update all available and newest CVEs with their PoC. trickest mit 3734 OneDrive log .ODL reader ydkhatri mit 44   obfuscator-llvm   3180 Yet another variant of Process Hollowing hasherezade   288 Perkeep (née Camlistore) is your personal storage system for life: a way of storing, syncing, sharing, modelling and backing up content. perkeep apache-2.0 6046 awesome-linux-rootkits milabs cc0-1.0 1164 SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Cyb0r9 mit 1038 (subjective) overview of projects which are related both to python and semantic technologies (RDF, OWL, Reasoning, …) pysemtec cc0-1.0 414 Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE jbaines-r7 bsd-3-clause 9 LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems (ACSAC 2021) intellisec gpl-3.0 57 Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading Flangvik   399   syloktools   2 This is budget Raspberry Pi SDR project. bg3mdo   12 Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network berty other 6175 An Interactive Binary Patching Plugin for IDA Pro gaasedelen mit 559 Simple, fast, safe, compiled language for developing maintainable software. Compiles itself in <1s with zero library dependencies. Supports automatic C => V translation. vlang mit 30779 Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories malrev other 1009 Pcap editing and replay tools for *NIX and Windows - Users please download source from appneta   931 Pympress is a simple yet powerful PDF reader designed for dual-screen presentations Cimbali gpl-2.0 745 Binary Code Similarity Analysis (BCSA) Tool SoftSec-KAIST mit 84 Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE) ly4k mit 650 detect AV on windows via process name chuanjiesun   9 WIP Post-exploitation framework tailored for hypervisors. Psmths gpl-3.0 43 Emulates the VirusTotal “vt” YARA module for livehunt rule debugging/testing usualsuspect mit 18 USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types RUB-SysSec gpl-2.0 160 Load any Beacon Object File using Powershell! airbus-cert apache-2.0 217 An IDA plugin for making pseudocode better. P4nda0s   196 Process hiding library nbqofficial   16 Modular personalized dictionary generator. MichaelDim02 gpl-3.0 166 A malware dataset curation tool which helps identify packed samples. cylance agpl-3.0 29 M17 standard specification M17-Project gpl-2.0 115 Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks bl4de   198 Generate a cryptographically-random hexadecimal string with the given number of bytes of entropy. fabiospampinato mit 1 Merging DLLs with a PE32 EXE without LoadLibrary ytk2128 mit 201   CronUp   76 A small POC to make defender useless by removing its token privileges and lowering the token integrity pwn1sher   559 Capa analysis importer for Ghidra. reb311ion mit 48 EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode boku7   201 Scripts and cheatsheets for IDAPython inforion   551 🔍 Colourful, human-friendly hexdump tool FireyFly mit 131 Sloc, Cloc and Code: scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go boyter mit 3903 🛰 Your geospatial intelligence tool belt for digital investigations cartographia   82 Powershell tool to automate Active Directory enumeration. 61106960   416 Radiosonde decoder plugin for SDR++ dbdexter-dev mit 32 🤖 A community repository for Ansible Playbook of OpenSearch Project. remil1000 apache-2.0 3 A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks. xenoscr mit 67 The Tahoe-LAFS decentralized secure filesystem. tahoe-lafs other 1191 Yara station is a management portal for Neo23x0-Loki. The mission is to transform the standalone nature of the Loki scanner into a centralized management solution that facilitates result investigation and easier scanning capabilities. NumLocK15   27 💻📖 Laws, Theories, Principles and Patterns that developers will find useful. #hackerlaws dwmkerr cc-by-sa-4.0 24314 TLS & SNI aware netcat CTFd apache-2.0 19 A lightning-fast search engine that fits effortlessly into your apps, websites, and workflow. meilisearch mit 30591 OASIS TC Open Repository: TAXII 2 Server Library Written in Python oasis-open bsd-3-clause 82 Supporting Data Archives for Ghidra 0x6d696368 apache-2.0 184 Template-Driven AV/EDR Evasion Framework klezVirus other 1060 Generate list of potential typo squatting domains with domain name permutation engine to feed AIL and other systems. ail-project bsd-2-clause 27 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engineering. czs108 gpl-3.0 162 A portable fork of the high-performance regular expression matching library VectorCamp other 257 VOYEUR’s main purpose is to generate a fast (and pretty) Active Directory report. The tool is developed entirely in PowerShell (a powerful scripting language) without dependencies (just .Net Framework 3.5 and Ofiice Excel if you want an useful and pretty report). The generated report is a perfect starting point for well-established forensic, incident response team, or security researchers who want to quickly analyze threats in Active Directory Services. silverhack mit 146 Fake Windows logon screen to steal passwords bitsadmin bsd-3-clause 1069 Mercury: network metadata capture and analysis cisco other 340 A novel embedding training algorithm leveraging ANN search and achieved SOTA retrieval on Trec DL 2019 and OpenQA benchmarks microsoft mit 274 The goal of this repo is to archive artifacts from all versions of various OS’s and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore. AndrewRathbun mit 179 One of the fastest embeddable key-value ACID database without WAL. libmdbx surpasses the legendary LMDB in terms of reliability, features and performance. erthink other 1040 MinHash, LSH, LSH Forest, Weighted MinHash, HyperLogLog, HyperLogLog++, LSH Ensemble ekzhu mit 1820 A monitor of resources aristocratos apache-2.0 9349 A Windows user minidump C++ parser library. 0vercl0k mit 92 Vulkan/CUDA/HIP/OpenCL/Level Zero/Metal Fast Fourier Transform library DTolm mit 925 Raccoon BLE Sniffer bluekitchen   63 Distributed advertisement-based BTLE presence detection reported via mqtt andrewjfreyer   1402 CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools csirt-tooling-org   11 Frida CLI tools frida other 211 Guide journalisation Microsoft ANSSI-FR   44 abyss - augmentation of Hexrays decompiler output patois mit 287 visualise your iptables chains Nudin lgpl-3.0 543 HardeningKitty - Checks and hardens your Windows configuration scipag mit 549 Signatures and IoCs from public Volexity blog posts. volexity other 124 Static Analyzer for Solidity crytic agpl-3.0 3357 ip to location database by ASN, GeoFeed, Whois,, db-ip lite, GeoLite2 sapics other 247 SDR software for capturing trunked radio systems norasector gpl-3.0 92 Grep Web pages with extra features like JS deobfuscation and OCR dhondta gpl-3.0 87 Digital Forensics Artifacts Knowledge Base ForensicArtifacts apache-2.0 42 Qt Visual Graph Editor ArsMasiuk mit 424 The official Python 3 client library for VirusTotal VirusTotal apache-2.0 276 a Fast Fourier Transform (FFT) library that tries to Keep it Simple, Stupid mborgerding other 1017 Building SDR apps by mapping IQ streams with pipes in CLI or bash scripts. hirve mit 7 FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic 0x4D31 bsd-3-clause 588 Rip Raw is a small tool to analyse the memory of compromised Linux systems. cado-security apache-2.0 127 Analyses in IDA/Hex-Rays RolfRolles   63 An open-source x64/x32 debugger for windows. x64dbg other 39331 Repository of tools, YARA rules, and code-snippets from Stairwell’s research team. stairwell-inc mit 14 IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes igogo-x86   1136 dynamic binary analysis via platform emulation lunixbochs mit 824 DLL and PowerShell script to assist with finding DLL hijacks slyd0g   283 Scripts to integrate DFIR-IRIS, MISP and TimeSketch cudeso agpl-3.0 19 Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all. cybersecsi gpl-3.0 1100 Android App that genereates passcode authentication codes for Postfinance cards davidgfnet bsd-3-clause 10 A parser for invalid JSON RyanMarcus agpl-3.0 173 Repository for information about 0-days exploited in-the-wild. googleprojectzero apache-2.0 516 Detection in the form of Yara, Snort and ClamAV signatures. ditekshen other 90 Useful OSINT hints and links seintpl   66 win32k LPE KaLendsi   435 JPCERT/CC public YARA rules repository JPCERTCC   75 Decompile binary MOF file (BMF) from WMI buffer pali   37 Markdown editor with pandoc integration and paginated preview. mb21 gpl-3.0 762 This tool emulates an EMV-CAP device, to illustrate the article “Banque en ligne : à la decouverte d’EMV-CAP” published in MISC, issue #56 doegox gpl-3.0 27 Stop Windows Defender using the Win32 API APTortellini   158 Script collection to bypass Network Access Control (NAC, 802.1x) scipag mit 165 Small, fast tool for performing reverse DNS lookups en masse. hakluke mit 587 SPI flash MITM and emulation (QSPI is a WIP) jevinskie   18 Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results pandora-analysis agpl-3.0 158 CVE-2021-4034 1day berdav mit 1686 C# DLL Injection Library capable of injecting x86 DLLs to x86 process from x64 processes. Reloaded-Project lgpl-3.0 79 Scrapes an instagram user’s photos and videos arc298 unlicense 7296 BL602/BL702 SDK. Any technical topic, please access the following link. bouffalolab apache-2.0 189 eBPF-based Networking, Security, and Observability cilium apache-2.0 13403 RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array. hlldz   389 A new shellcode injection technique. Given as C++ header, standalone Rust program or library. Idov31 bsd-2-clause 592 A STIX 2.1 Extension Definition for the Course of Action (COA) object type. The nested property extension allows a COA to share machine-readable security playbooks such as CACAO Security Playbooks cyentific-rni mit 14 This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter. ZephrFish gpl-3.0 9 OpenStreetMap’s Blinking Beacons geodienst mit 271 Kernel mode WinDbg extension and PoCs for token privilege investigation. daem0nc0re bsd-3-clause 366   executemalware   315 Economics of Ransomware Dataset behas   16 Arduino adapter for a NeXT keyboard to work over USB spenczar bsd-3-clause 16 Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. lgandx gpl-3.0 3901 Python3 o365 User Enumeration Tool dievus mit 400 Please no pull requests for this repository. Thanks! DidierStevens   1418 “Socialx” is a Social Engineering And Remote Access Trojan Tool. You can generate fud backdoor and you can embed any file you want inside of the exe file. AzizKpln mit 198 Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs forrest-orr gpl-3.0 365 A central place for offensive (and sometimes not) cybersecurity tools and resources. tid4l gpl-3.0 8 6kb subset of Vue optimized for progressive enhancement vuejs mit 7056 Rust-based high performance domain permutation generator. resyncgg   185 The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file. p0dalirius   63 Open-source scientific and technical publishing system built on Pandoc. quarto-dev other 1413 A compilation of network scanning strategies to find vulnerable devices adulau   61 cwe_checker finds vulnerable patterns in binary executables fkie-cad lgpl-3.0 745 Threat Intel IoCs + bits and pieces of dark matter avast   251 A simple IDA Pro plugin to show all HexRays decompiler comments written by user MrNox   19 100 Days of YARA to be updated with rules & ideas as the year progresses g-les   27 Automatically photograph planes that fly by! IQTLabs apache-2.0 237 A Python-based client for the Cisco openVuln API CiscoPSIRT mit 20 Emoji images and names. github mit 4072 Python codecs extension featuring CLI tools for encoding/decoding anything dhondta gpl-3.0 199 A Redis module that provides rate limiting in Redis as a single command. brandur mit 1050 🎧 🐈🐈🐈 Podcats generates RSS feeds for podcast episodes from local audio files and, optionally, exposes both via a built-in web server. jakubroztocil other 106 macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research. sevagas apache-2.0 1725 Open Source Threat Intelligence Platform typedb-osi apache-2.0 100 🥧 A SDR Linux Distro for the Raspberry Pi and other SBC. Compatible out of the box with multiple SDR. luigifcruz other 679 A deep learning-based vulnerability detection framework DanielLin1986   55 VMUnprotect can dynamically log and manipulate calls from virtualized methods by VMProtect. void-stack mit 250 Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI, Google CloudBuild. No server required! AppThreat mit 275   geoacumen apache-2.0 35 Python MaxMind DB reader extension maxmind apache-2.0 138 look up records for one or more IPs/networks in one or more .mmdb databases maxmind apache-2.0 62 Create mmdb files to encode prefix lists. cloudflare bsd-3-clause 27 UPX - the Ultimate Packer for eXecutables upx other 10245 fast, standalone, language-agnostic WebSocket server RFC6455 compliant allinurl mit 656 Static unpacker for FinSpy VM RolfRolles   90 A kernel driver for reading and writing memory ryan-weil   81 Executes position independent shellcode from an encrypted zip jfmaes gpl-3.0 293 A curated list of awesome YARA rules, tools, and people. InQuest other 2369 ADS-B Exchange Linux Setup Scripts adsbxchange mit 192 Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured. StamusNetworks gpl-3.0 36 flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code. PyCQA other 2394 Wavestone’s web interface for password cracking with hashcat wavestone-cdt   151 Simple flow library 🖥️🖱️ jerosoler mit 2700 Public release of Telepathy, an OSINT toolkit for investigating Telegram chats. jordanwildon mit 449 FFT-based visualizer for RTL-SDR devices. (RTL2832/DVB-T) orhun gpl-3.0 59 The entrance repository of Markdown presentation ecosystem marp-team mit 4349 The little ASGI framework that shines. 🌟 encode bsd-3-clause 7534 Explores the python bytecode, provides some tools to access it for fun and profit. MoserMichael mit 275 Python library and command line tool for interacting with the ThreatFox API. seanmcfeely gpl-3.0 6 A simple yet highly functional jekyll theme with backlinks, wiki-style links, context menu, page preview, sidenote etc raghudotcc   160 rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries. 0vercl0k mit 1383 Ghidra’s development plugins, scripts, contributing. Presentation saruman9   10 An Arduino-based debugWIRE hardware-debugger felias-fogg gpl-3.0 21 All-in-One malware analysis tool. CYB3RMX gpl-3.0 418 Some files for bruteforcing certain things. random-robbie apache-2.0 746 A curated list of awesome resources related to executable packing packing-box cc0-1.0 664 LdrLoadDll Unhooking trickster0   73 Status page that keeps track of Tox bootstrap nodes Tox agpl-3.0 32 REDHAWK is a software-defined radio (SDR) framework designed to support the development, deployment, and management of real-time software radio applications RedhawkSDR lgpl-3.0 39 A submodule repository for distributing REDHAWK artifacts and the latest REDHAWK source code. Use ‘git clone –recurse-submodules’ to also clone all submodules. RedhawkSDR other 362 A computer from 1948 in ICMP packets hrvach mit 74 Exfiltrate blind remote code execution output over DNS via Burp Collaborator. 0xC01DF00D gpl-3.0 226   klinix5 mit 267 Open Source research tool to search, browse, analyze and explore large document collections by Semantic Search Engine and Open Source Text Mining & Text Analytics platform (Integrates ETL for document processing, OCR for images & PDF, named entity recognition for persons, organizations & locations, metadata management by thesaurus & ontologies, search user interface & search apps for fulltext search, faceted search & knowledge graph) opensemanticsearch gpl-3.0 659 Quickly analyze and reverse engineer Android packages 1N3   586 Elegant Scraper and Crawler Framework for Golang gocolly apache-2.0 18145 The Signal Metadata Format Specification gnuradio cc-by-sa-4.0 227 android analysis tools, jni trace by native hook, libc hook, write log with caller’s addr in file or AndroidLog xbyl1234   61 Network Analysis Tool odedshimon gpl-3.0 2519 library for turning a RTL2832 based DVB dongle into a Software DefinedReceiver; mirror from osmocom gpl-2.0 483 The Toolkit API, app, and browser extension. Start preserving now. digitalevidencetoolkit other 40 LLVM Obfuscation Pass via Extracted Basic Blocks shareef12   15 Figure sizes, font sizes, fonts, and more configurations at minimal overhead. Fix your journal papers, conference proceedings, and other scientific publications. pnkraemer mit 476 Synthetic Adversarial Log Objects: A Framework for synthentic log generation splunk apache-2.0 40 🧬 The data structure for unstructured multimodal data · Neural Search · Vector Search · Document Store jina-ai apache-2.0 1274 ☠️ Common Security Exploits and Protections on Solana coral-xyz   337 A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*) knight0x07   87 Active Directory Assessment and Privilege Escalation Script hausec   1018 A Python package to interact with the Mitre ATT&CK Framework swimlane mit 402 FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares FirmWire bsd-3-clause 552 A simple code complexity analyser without caring about the C/C++ header files or Java imports, supports most of the popular languages. terryyin other 1460   3vangel1st   24 Find abuse contacts for observables certsocietegenerale gpl-3.0 54 python library to simplify working with jsonlines and ndjson data wbolster other 203 Extract and Visualize Data from URLs using Unfurl obsidianforensics apache-2.0 468 A fast, extensible and spec-compliant Markdown parser in pure Python. sthagen mit 2 MS-FSRVP coercion abuse PoC ShutdownRepo gpl-3.0 211 Utilities for SDR digital television drmpeg gpl-3.0 46   puckiestyle mit 19 RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration. Li4n0 apache-2.0 322   getCUJO bsd-3-clause-clear 102 Plugin for Ghidra to assist reversing Golang binaries hijiki51 mit 6 Some of my publicly available Malware analysis and Reverse engineering. Dump-GUY   460 Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays fidgetingbits gpl-3.0 94 Different tools, cudeso other 87 Bro Log Cheatsheets corelight other 232 windows-kernel-exploits Windows平台提权漏洞集合 SecWiki mit 6754 Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode. optiv mit 639 Cross-Platform SDR Software AlexandreRouma gpl-3.0 2070 A linux-based assembly REPL for x86, amd64, armv7, and armv8 yrp604 other 1002 Terrain rendering algorithm in less than 20 lines of code s-macke mit 5533 Offline speech recognition API for Android, iOS, Raspberry Pi and servers with Python, Java, C# and Node alphacep apache-2.0 4760 Threat Intel Platform for T-POTs intelowlproject mit 62 APRS tracker with an SDR rgerganov mit 19 Crispy Doom is a limit-removing enhanced-resolution Doom source port based on Chocolate Doom. fabiangreffrath gpl-2.0 609 An open source icons library with 1K+ icons, supporting React, React Native, Flutter, CSS, Figma, and Framer. iconoir-icons mit 2858 a featureful union filesystem trapexit other 2734 scraper for facebook, gab, google and tiktok niczem   20 GRR Rapid Response: remote live forensics for incident response google apache-2.0 4223 Loading dbk64.sys and grabbing a handle to it ioncodes   120 A collection of public data sets curran mit 450 Test Suites for Validating ML Models & Data. Deepchecks is a Python package for comprehensively validating your machine learning models and data with minimal effort. deepchecks other 2175 Layout of WA2EBY amplifier in Kicad, licensed CC-BY-SA 4.0 profdc9   15   FChannel0 agpl-3.0 82 Pseudo API for Google Trends GeneralMills other 2556 A collection of various licenses, with mild commentary upon them. benlk other 75 A tool for performing network timing attacks on plaintext and hashed password authentication. aj-code gpl-3.0 20 Documentation that simply works squidfunk mit 11548   NVISOsecurity gpl-3.0 17 Private and self-hosted file sharing over the Tor network written in golang R4yGM apache-2.0 105 Stop the Steal / J6 Twitter user profiles travisbrown   18 Audio fingerprinting and recognition in Python worldveil mit 5919 decompiled pegasus_spyware jonathandata1 mit 1574   tillmannw   8 Symbolic execution tool trailofbits agpl-3.0 3183 A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I’ve written to be used in conjunction with these exploits. forrest-orr gpl-3.0 80 Magic hashes – PHP hash “collisions” spaze   505   uubs   5 Glue - Robust Go and Javascript Socket Library (Alternative to desertbit mit 406 Logbook for Digital Forensics and Incident Response MattETurner   40 Qt-based digital signal analyzer, using Suscan core and Sigutils DSP library BatchDrake gpl-3.0 607 The Modern Data Stack 🐰 — Directus is an instant REST+GraphQL API and intuitive no-code data collaboration app for any SQL database. directus gpl-3.0 18144 Local file inclusion exploitation tool mzfr gpl-3.0 523 Awesome multilingual OCR toolkits based on PaddlePaddle (practical ultra lightweight OCR system, support 80+ languages recognition, provide data annotation and synthesis tools, support training and deployment among server, mobile, embedded and IoT devices) PaddlePaddle apache-2.0 26342 An open Apple AirDrop implementation written in Python seemoo-lab gpl-3.0 7380 Cuckoo 3 is a Python 3 open source automated malware analysis system. cert-ee eupl-1.2 409 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator pussycat0x bsd-2-clause 163 Docker image for MISP NUKIB gpl-3.0 43 HTTP worker tb0hdan bsd-3-clause 9 World’s single largest Internet domains dataset tb0hdan bsd-3-clause 394 Labs for Practical Malware Analysis & Triage HuskyHacks   436 Sample staging & detonation utility to be used in combination with Cuckoo Sandbox. doomedraven   8 #️⃣ 👀👆🏽Query and Orchestrate the CIRCL Hash Lookup Service hrbrmstr other 4 Benthos plugin examples benthosdev mit 59 Sample staging & detonation utility to be used in combination with Cuckoo Sandbox. hatching   74 💉 A Windows dynamic-link library injection tool written in C++20. It can inject a dynamic-link library into a running process by its window title or create a new process with an injection. Zhuagenborn gpl-3.0 48 Extracting high level semantic information from binary code sdasgup3 other 57 dcfldd - enhanced version of dd for forensics and security adulau gpl-2.0 58 The CIA Hive source code as released by Wikileaks infoskirmish   46 Free Zip / Unzip software and Rar file extractor. Cross-platform file and archive manager. Features volume spanning, compression, authenticated encryption. Supports 7Z, 7-Zip sfx, ACE, ARJ, Brotli, BZ2, CAB, CHM, CPIO, DEB, GZ, ISO, JAR, LHA/LZH, NSIS, OOo, PAQ/LPAQ, PEA, QUAD, RAR, RPM, split, TAR, Z, ZIP, ZIPX, Zstandard. peazip lgpl-3.0 2232 Tools to do lexicometry on media magwyz agpl-3.0 40 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List payloadbox mit 3806 Forensic Artifact Collection Tool Matrix swisscom other 29 The most powerful and customizable binary pattern scanner HoShiMin mit 143 CaribouLite turns any 40-pin Raspberry-Pi into a Tx/Rx 6GHz SDR cariboulabs   846 Transform Linux Audit logs for SIEM usage threathunters-io gpl-3.0 440 Fancy stream processing made operationally mundane benthosdev mit 4912 Volatility Symbol Generator for Linux Kernels kevthehermit   14 A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures. mytechnotalent apache-2.0 7459 AV/EDR evasion via direct system calls. jthuraisamy apache-2.0 1410 Collaborative Incident Response platform dfir-iris lgpl-3.0 538 EXOCET - AV-evading, undetectable, payload delivery tool tanc7   662   Ne0nd0g gpl-3.0 95 :mag: Haystack is an open source NLP framework that leverages pre-trained Transformer models. It enables developers to quickly implement production-ready semantic search, question answering, summarization and document ranking for a wide range of NLP applications. deepset-ai apache-2.0 5986 Fuzzing Unification Framework fuzzuf agpl-3.0 298 Procedurally generated Chinese landscape painting. LingDong- mit 4922 🤖 CDN assets - The #1 free and open source CDN built to make life easier for developers. cdnjs mit 9689 Enhancing {ggplot2} plots with statistical analysis 📊🎨📣 IndrajeetPatil gpl-3.0 1586 Install hashlookup-server, minimal and fast open source server (ReST/API) to lookup quickly hash value from large datase t. juju4 bsd-2-clause 1 Assorted Jupyter notebooks by Daniel Estévez daniestevez gpl-3.0 97 A graph-focused data visualisation and interactive analysis application. constellation-app apache-2.0 349 This is a Project Designed for Security Analysts and all SOC audiences who wants to play with implementation and explore the Modern SOC architecture. archanchoudhury cc0-1.0 247 Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - hashlookup other 91 Ghidra Extension to integrate BinDiff for function matching ubfx   174 KaynLdr is a Reflective Loader written in C/ASM Cracked5pider   406 A reverse engineering tool to interactively reconstruct structures and generate header files cursey mit 79 Comprehensive evaluation framework for Open Information Extraction. gkiril other 26 WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ) Yamato-Security gpl-3.0 462 The Swiss Army Knife of System Recovery rescuezilla gpl-3.0 667 Docker image for MISP modules NUKIB gpl-3.0 4 Just the facts – web page content extraction dragnet-org mit 1075 This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware. jstrosch   124 Tool aimed to provide a binary analysis of different file formats through the use of an Intermmediate Representation. Fare9 mit 75 PoC EFI runtime driver for memory r/w & kdmapper fork SamuelTulach   330 Reverse-engineer a Dockerfile from a Docker image. LanikSJ mit 208 Flexible tree chart using Canvas and Svg, powered by D3.js; ✅Support Vue, Vue3 and React; ssthouse mit 328 A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses … StrangerealIntel   112 A post exploitation framework designed to operate covertly on heavily monitored environments bats3c mit 1796 DKMC - Dont kill my cat - Malicious payload evasion tool Mr-Un1k0d3r other 1220 Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. Yamato-Security gpl-3.0 815 A way to backdoor every process Srakai gpl-3.0 58 Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems ChrisTheCoolHut gpl-3.0 950 TinySSH is small server (less than 100000 words of code) janmojzis other 881 Software defined radio receiver powered by GNU Radio and Qt. gqrx-sdr gpl-3.0 2257 Finding potential software vulnerabilities from git commit messages cve-search   320 jq for binary formats wader other 4534 - The best and simplest self-hosted free open source website change detection tracking, monitoring and notification service. An alternative to Visualping, Watchtower etc. Designed for simplicity - the main goal is to simply monitor which websites had a text change for free. Free Open source web page change detection dgtlmoon apache-2.0 6310 DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS! dafthack mit 1254 A Workflow Engine for Offensive Security j3ssie mit 4082 Provides various Windows Server Active Directory (AD) security-focused reports. ziesemer   44 Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. mufeedvh mit 1043 The RELX Dataset and Matching the Multilingual Blanks for Cross-Lingual Relation Classification, EMNLP-Findings 2020. boun-tabi mit 19 🌀 A nonsense activity generator svenstaro mit 6632 Efi Driver Access is a simply project to load a driver during system boot with the idea to give the user kernel access for read/write memory without restrictions TheCruZ   212 The “Quite OK Image Format” for fast, lossless image compression phoboslab   5855   tylerhou apache-2.0 225 Rogue Assembly Hunter is a utility for discovering ‘interesting’ .NET CLR modules in running processes. bohops mit 104 ’>”><img src=x onerror=alert(1) />asd msrkp   46 Git with a cup of tea, painless self-hosted git service go-gitea mit 33084 Python library to parse and convert Sigma rules into queries (and whatever else you could imagine) SigmaHQ lgpl-2.1 143 Common Exercise Format - CEXF MISP   9 Miller is like awk, sed, cut, join, and sort for name-indexed data such as CSV, TSV, and tabular JSON johnkerl other 5779 The CSIRTs Network is a network composed of EU Member States’ appointed CSIRTs and CERT-EU. It provides a forum where members can cooperate, exchange information and build trust. enisaeu   17 A tool for exploring each layer in a docker image wagoodman mit 34295 🐼 IoT worm written in pure golang. Its-Vichy gpl-3.0 68 :milky_way: Procedural art with vanilla JavaScript MaxHalford mit 85 Banana for Solr - A Port of Kibana lucidworks other 667 An architecture-agnostic ELF file flattener for shellcode gamozolabs mit 188 A Rust crate to load a shared library into a Linux process without using ptrace. vfsfitvnm mit 85 A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations. saferwall mit 152 Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode) bongtrop mit 185 Pretty good call graphs for dynamic languages scottrogowski mit 2812 rsatool can be used to calculate RSA and RSA-CRT parameters ius bsd-2-clause 856 Fomantic-UI is the official community fork of Semantic-UI fomantic mit 3074 Semantic is a UI component framework based around useful principles from natural language. Semantic-Org mit 50214 Encode/decode Java’s META-INF/MANIFEST.MF in Python. elihunter173 agpl-3.0 4 Vulnerability detection scripts for Red Hat Enterprise Linux RedHatProductSecurity gpl-3.0 15 Tools for examining Java bytecode in Python obriencj lgpl-3.0 80 Turn a $30 USB switch into a full-featured multi-monitor KVM switch haimgel mit 2250 A collection of intelligence about Log4Shell and its exploitation activity. curated-intel   170 x86-64 Assembler based on Zydis zyantific mit 158 A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. frohoff mit 5833 x64dbg Malware Plugin. Detect malicious materials push0ebp mit 13 Hosted Reverse Shell generator with a ton of functionality. – (Great for CTFs) 0dayCTF mit 1548 StdFuzzer is the reference implementation of a generic bit-level fuzzer with LibAFL AFLplusplus   41 Automatic and platform-independent unpacker for Windows binaries based on emulation unipacker gpl-2.0 493 Trap dns requests staaldraad   4 Reverse engineering and pentesting for Android applications androguard apache-2.0 4163 Finally, a JSONPath implementation for Python that aims to be standard compliant. That’s all. Enjoy it. h2non apache-2.0 358 log4jScanner provides the ability to scan internal subnets for vulnerable log4j web services proferosec gpl-3.0 479 One rule to crack all passwords. or atleast we hope so. NotSoSecure mit 977 Ekphrasis is a text processing tool, geared towards text from social networks, such as Twitter or Facebook. Ekphrasis performs tokenization, word normalization, word segmentation (for splitting hashtags) and spell correction, using word statistics from 2 big corpora (english Wikipedia, twitter - 330mil english tweets). cbaziotis mit 587 Text preprocessing, representation and visualization from zero to hero. jbesomi mit 2616 NLP, before and after spaCy chartbeat-labs other 1991 Tools to download and cleanup Common Crawl data facebookresearch mit 469 A private Lumina server for IDA Pro naim94a mit 557 Livecoding networked visuals in the browser hydra-synth agpl-3.0 1796 An easy-to-use library for emulating code in minidump files. mrexodia bsl-1.0 339 A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories. trailofbits lgpl-3.0 265 Our security focused static analysis tool for Android and Java applications. facebook mit 896 Python API for BGP Ranking D4-project bsd-3-clause 3 Small programs and scripts that do not require their own repositories RolfRolles gpl-3.0 110 :art: Visualisation toolbox for beautiful and publication-ready figures easystats gpl-3.0 677 Vector database for scalable similarity search and AI applications. milvus-io apache-2.0 14128 ssldump - (de-facto repository gathering patches around the cyberspace) adulau other 168 A proxy server that helps to bypass the DPI systems implemented by various ISPs. hectorm mit 8 EMBArk - The firmware security scanning environment e-m-b-a mit 169 Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode monoxgas other 1523 Focus on promoting the evolution of tools in different aspects of security research.专注于推动安全研究各个领域工具化.(项目收录逐步迁移至 knownsec   738 reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine’s correlation, it just makes recon effortless. yogeshojha gpl-3.0 4818 Obfuscate Go binaries and packages unixpickle bsd-2-clause 1216 evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR) 0xsp-SRD mit 980 Volatile ELF payloads generator with Metasploit integrations for testing GNU/Linux ecosystems redcode-labs   53 A vulnerability scanner for container images and filesystems anchore apache-2.0 4730 Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation) ly4k mit 247 Best Practices on Recommendation Systems microsoft mit 14336 A community sourced list of log4j-affected software cisagov cc0-1.0 1111 Artifacts for integrating MISP with Velociraptor weslambert   3 A collection of java reverse engineering tools and informational links GenericException   192 Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user WazeHell   860 A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x “JNDI LDAP” vulnerability. nccgroup apache-2.0 72 stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device objects. paradoxwastaken   188 Log4j jndi injects the Payload generator woodpecker-appstore   462 Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload LeakIX   11 Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis CycloneDX apache-2.0 185 Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Ridter   465 Operational information regarding the log4shell vulnerabilities in the Log4j logging library. NCSC-NL   1887 CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions. CycloneDX apache-2.0 117 Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments. CycloneDX apache-2.0 104 nse script to inject jndi payloads righel   42 This Buffer Overflow Toolkit works through FTP, SMTP, POP, HTTP protocols as well file outputs for playlists exploiting customized variables/commands. Payloads can be generated through MSFVENOM or you can use your own ASM files. danieljs777   17 alternative to procdump Mr-Un1k0d3r   177 :scream: A curated list of amazingly awesome OSINT jivoi other 10738 Generative art in Common Lisp inconvergent other 1472 Convert graphs generated by Graphviz to LaTeX friendly formats kjellmf other 133 Collection of rules created using YARA-Signator over Malpedia malpedia   62 AFLTeam Collaborative Parallel Fuzzing MelbourneFuzzingHub apache-2.0 63 Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell Cybereason mit 1726 CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. cube0x0   1152 Ghidra Wasm plugin with disassembly and decompilation support nneonneo gpl-3.0 88 Distributed & real time digital forensics at the speed of the cloud mozilla mpl-2.0 1194 🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks Puliczek   858 Drawing utilities for publication quality plots of networks paulbrodersen gpl-3.0 428 Graphoscope is a solution to access multiple independent data sources from a common UI and show data relations as a graph cert-lv   29   YfryTchsGD   2091 Flutter Reverse Engineering Framework ptswarm gpl-3.0 874 Warning lists to inform users of MISP about potential false-positives or other information in indicators MISP   311 A tasty, self-hostable Git server for the command line🍦 charmbracelet mit 2712 Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077 horizon3ai   26 A tiny tool for embedding CoSWID tags in EFI binaries hughsie lgpl-2.1 10 Mirror of - The Quake engine that powers Xonotic xonotic gpl-2.0 158 The Volatility Collaborative GUI LDO-CERT mit 136 static binaries for linux minos-org   307 An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data. CRED-CLUB mit 224 CRC32 Demystified Michaelangel007   123 Repository of public reference frameworks for the DFIR community. joshlemon gpl-3.0 87 A zero dependency shell script that makes it really simple to manage your text notes. nickjj mit 105 ZincSearch. A lightweight alternative to elasticsearch that requires minimal resources, written in Go. zinclabs other 12603 indexing library for Go blugelabs apache-2.0 1474 Convert an objdump output into a CFG via Binary Ninja mahaloz bsd-2-clause 6 XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. idealeer apache-2.0 184 A code-completion engine for Vim ycm-core gpl-3.0 24377 Patched fonts for Powerline users. powerline   24032 JavaScript-style async programming for Python. miguelgrinberg mit 190   SpiderLabs apache-2.0 53   enisaeu eupl-1.2 5 An IDA processor for eBPF bytecode zandi   52 orbit-agents CIRCL   2 Your favourite Graphviz editor nikeee mit 145 Publishing advisories for CVEs found by POST Cyberforce post-cyberlabs   8 A novel data lake based on super-structured data brimdata bsd-3-clause 883 My experiments in weaponizing Nim ( byt3bl33d3r bsd-2-clause 1867 similarity digest hashing tool hashdd apache-2.0 2 Nov 20 2017 – A distributed open source search engine and spider/crawler written in C/C++ for Linux on Intel/AMD. From gigablast dot com, which has binaries for download. See the file at the very bottom of this page for instructions. gigablast apache-2.0 1391 This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version. p0dalirius   387 Website for IPv6 Hitlist Service with data, software, paper of “Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists” IMC’18 publication. ipv6hitlist   25 Leptonica is an open source library containing software that is broadly useful for image processing and image analysis applications. The official github repository for Leptonica is: danbloomberg/leptonica. See for more documentation and recent releases. DanBloomberg other 1313 CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network. crowdsecurity mit 5727 📅 Create a fully customizable, interactive timelines and 2d-graphs with items and ranges. visjs other 1138 :dizzy: Display dynamic, automatically organised, customizable network views. visjs apache-2.0 2241 Kunyu, more efficient corporate asset collection knownsec gpl-2.0 744 Parallel programming with Python luispedro mit 385 Implementation of Content Defined Chunking (CDC) in Go restic bsd-2-clause 263 RSS-proxy allows you to do create an RSS or ATOM feed of almost any website, just by analyzing just the static HTML structure. damoeb   1362 Apache Solr open-source search software apache apache-2.0 565 Universal Extractor 2 is a tool to extract files from any type of archive or installer. Bioruebe gpl-2.0 2450   dodancs gpl-3.0 2 Dynamic unpacker based on PE-sieve hasherezade bsd-2-clause 458 A set of useful perceptually uniform colormaps for plotting scientific data holoviz other 584 A repository that maps commonly used attacks using MSRPC protocols to ATT&CK jsecurity101 bsd-3-clause 213 Build SVG charts from a Git repository. flashcode gpl-3.0 51 Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine. CIRCL agpl-3.0 66 Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems — without the downtime risk. fleetdm other 961 A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances. mazen160 mit 363 Flubot DGA domains NCSC-NL isc 18   TingPing gpl-3.0 2   DoctorWebLtd   127 A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0. icyguider gpl-3.0 116 Python Service for MISP Feed Management phage-nz   7 CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of machine data in real-time. Built on top of Lucene. crate apache-2.0 3527 Python bindings for xorfilter(faster and smaller than bloom and cuckoo filters) glitzflitz apache-2.0 56 Go library implementing binary fuse and xor filters FastFilter apache-2.0 595 Source code and validation tests for “wide odd regenerative multiplication,” or “worm hashing” pdillinger mit 6 SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab dirtyfilthy gpl-3.0 34 Windows update managemetn tool for windows 10 DavidXanatos gpl-3.0 1067 🎲 A Tiny and Platform-Independent True Random Number Generator for any FPGA. stnolting bsd-3-clause 65   klinix5 mit 1673 🌊 Online machine learning in Python online-ml bsd-3-clause 3784 Prometheus Exporter for Kvrocks Metrics KvrocksLabs mit 13 Python bindings to libmagic dveselov mit 20 :snake: :arrow_right: :scroll: Auto-generate API documentation for Python projects pdoc3 agpl-3.0 894 Interactive Redis: A Terminal Client for Redis with AutoCompletion and Syntax Highlighting. laixintao bsd-3-clause 2175 A convenient and useful tool for migrating data between redis group. vipshop apache-2.0 902 Nmap script to detect a Microsoft Exchange instance version with OWA enabled. righel apache-2.0 26 The NFT Bay is the galaxy’s most resilient NFT BitTorrent site! You wouldn’t steal a JPEG (or would you) ghuntley mit 319 ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation ssh-mitm gpl-3.0 970 Emotet detection tool for Windows OS JPCERTCC other 616 VIM Configuration for Python / Cython / C Development ets-labs bsd-3-clause 603 SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) jtesta mit 1380 BlackBerry Threat Research & Intelligence blackberry apache-2.0 38 An informative and fancy bash prompt for Git users magicmonty bsd-2-clause 6326 Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free! matusf agpl-3.0 385 OWASP Honeypot, Automated Deception Framework. OWASP apache-2.0 328 Private key usage verification trufflesecurity apache-2.0 309   jmdx mit 639 A Binary Genetic Traits Lexer Framework c3rb3ru5d3d53c unlicense 303 Better audio quality, increase recording processing speed, dynamic video profile, pagination, fix 1007/1020 errors and use to manage your customizations are some key techniques for you to optimize and smoothly run your BigBlueButton servers. manishkatyan mit 75 open-source USB analyzer toolkit with support for a variety of capture hardware greatscottgadgets bsd-3-clause 287 A powerful web publishing system nanoc mit 2013 📷 Diff Git versioned images graphically. niedzielski   69 Pika is a nosql compatible with redis, it is developed by Qihoo’s DBA and infrastructure team OpenAtomFoundation bsd-3-clause 4844 An ATSC 3.0 Transmitter for GNU Radio drmpeg gpl-3.0 14   sagpant apache-2.0 3 SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled. searxng agpl-3.0 3435 Discover the location of nearby Telegram users 📡🌍 tejado gpl-3.0 433 Python implementation of the rank-biased overlap list similarity measure. dlukes   58 A crappy LSASS dumper with no ASCII art helpsystems apache-2.0 1022 This repository contains the tools we used in our research on the Google Titan M chip quarkslab apache-2.0 147 Welcome to the SEKOIA.IO Community repository! SEKOIA-IO   37 Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague. stratosphereips other 336 Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel. opencybersecurityalliance apache-2.0 183 Command line interface to interact with escrow service. PlumLulz   22 Web extension to submit a URL with its context to a Lookyloo instance Lookyloo bsd-3-clause 2 LD_PRELOAD rootkit mav8557 unlicense 73 Implementation of the ClausIE information extraction system for python+spacy mmxgn gpl-3.0 181 Graphviz DOT rendering and animated transitions using D3 magjac bsd-3-clause 1354 A toolbox for extracting RSA private keys from public keys. b4den   150 Nmap script to guess* a GitLab version. righel apache-2.0 118 Simplest ultrasonic ANTISPY voice recording jammer based on ATTINY13 / ATTINY85 / ARDUINO with PAM8403 module driving piezo ultrasonic transducers (and optionally AD8933 signal generator) mcore1976   54 A toolkit for the post-mortem examination of Docker containers from forensic HDD copies docker-forensics-toolkit apache-2.0 54 AIL feeder for GitHub archive - ail-project   2 Multiplex: visualizations that tell stories—A Python library to create and annotate beautiful network graph visualizations, text visualizations and more. NicholasMamo gpl-3.0 90 Implementation of the key recovery attack against GEA-1 keys (Eurocrypt 2021) airbus-seclab gpl-2.0 47 Reads and prints information from the website Squiblydoo gpl-3.0 15 High Octane Triage Analysis binref other 300 A truly Open Source MongoDB alternative FerretDB apache-2.0 4901 A golang CLI tool to download malware from a variety of sources. xorhex   107 High performance sFlow/IPFIX/NetFlow Collector netsampler bsd-3-clause 210 John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs kholia   13 A simple CLI for synchronously encrypting and decrypting text files modeled on the classic hacker film Sneakers, because there’s no technical reason hacking can’t look the way it does in the movies. nbriz gpl-3.0 11 A methodology for mapping MITRE ATT&CK techniques to vulnerability records to describe the impact of a vulnerability. center-for-threat-informed-defense apache-2.0 127 NCRF++, a Neural Sequence Labeling Toolkit. Easy use to any sequence labeling tasks (e.g. NER, POS, Segmentation). It includes character LSTM/CNN, word LSTM/CNN and softmax/CRF components. jiesutd apache-2.0 1833 Bootstrap 4 & 5 helper for your Flask projects. helloflask other 767 This repository serves as a place for community created Targets and Modules for use with KAPE. EricZimmerman mit 391 Collect different versions of Crucial modules. MiroKaku   93 Lightweight CLI for taking markdown notes in a journal-like (time-seried) fashion scottashipp gpl-3.0 67 Yet another Linux Rootkit KB5201314   17   bestpractical   4 ReClassEx ajkhoury mit 736 This project is a SIEM with SIRP and Threat Intel, all in one. V1D1AN   262 Directory importer for hashlookup server hashlookup   2 Repository of constants used in TLS and X509 parsing zmap   10 CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is the primary, canonical repository for this project – file bug reports and wishes here! CERTCC other 168 A multi-platform GUI for bit-based analysis, processing, and visualization Mahlet-Inc mit 524   cerebrate-project agpl-3.0 2 Umap2 is the second revision of NCC Group’s python based USB host security assessment tool. nccgroup agpl-3.0 223 Jekyll theme inspired by Swiss design broccolini mit 444 A library and tool for generating .pex (Python EXecutable) files pantsbuild apache-2.0 2168 Kaitai Struct: Visualizer and Hex Viewer GUI in Python Dvd848 other 95 B2R2 is a collection of useful algorithms, functions, and tools for binary analysis. B2R2-org mit 359 A visualized overview of the Initial Access Broker (IAB) cybercrime landscape curated-intel   91 Section operation hacks canonical mit 3 Multi Layer Archive - A pure rust encrypted and compressed archive file format ANSSI-FR lgpl-3.0 272 An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains the REST API service for storing, querying, and editing ATT&CK objects. center-for-threat-informed-defense apache-2.0 19 Provision on-demand anonymous shells via SMS Shell-Company   8 Convert ACSM files to PDFs/EPUBs with one command on Linux BentonEdmondson gpl-3.0 564 IDApython Scripts for Analyzing Golang Binaries SentineLabs gpl-3.0 350 Python library for threat intelligence RH-ISAC gpl-3.0 54 ScareCrow - Payload creation framework designed around EDR bypass. optiv mit 2069 Practice CTI Quiz BushidoUK   7 API client for IPASN History D4-project   3 Windows NTLM Authentication Backdoor kindtime   189 Article extraction benchmark: dataset and evaluation scripts scrapinghub mit 146 Python & command-line tool to gather text on the Web: web crawling/scraping, extraction of text, metadata, comments adbar gpl-3.0 634 Create polls and surveys directly within Mattermost matterpoll mit 223 Script to install rita and zeek and then analyze related logs tsale   6 A high-level Python library for Quantum Natural Language Processing CQCL apache-2.0 304 🧹 Python package for text cleaning jfilter other 716 Repository for the Georgetown University Multilayer Corpus (GUM) amir-zeldes other 71 Mobile first Note Taking integrated with Git GitJournal agpl-3.0 2715 Kanidm: A simple, secure and fast identity management platform kanidm mpl-2.0 1179 Download market data from Yahoo! Finance’s API ranaroussi apache-2.0 7852 Topic Modelling for Humans RaRe-Technologies lgpl-2.1 13667 A tool for recognizing function symbol aliyunav gpl-3.0 319 Linux Runtime Security and Forensics using eBPF aquasecurity apache-2.0 2258 Multilingual domain typo permutation engine used to perform or detect typosquatting, brandjacking, URL hijacking, fraud, phishing attacks, corporate espionage and threat intelligence. jubairsaidi mit 4 Page Integrity is a web browser extension for Firefox, for verifying the integrity of web pages. meixler   5 Taranis NG is an OSINT gathering and analysis tool for CSIRT teams and organisations. It allows team-to-team collaboration, and contains a user portal for simple self asset management. Taranis NG was developed by SK-CERT with a help from wide CSIRT community. SK-CERT eupl-1.2 45   ail-project gpl-3.0 4 End-to-end encryption plugin for Mattermost quarkslab apache-2.0 48 HashDB API hash lookup plugin for IDA Pro OALabs bsd-3-clause 223 Assortment of hashing algorithms used in malware OALabs apache-2.0 197 IDA Pro utilities from FLARE team mandiant apache-2.0 1801 Process the exported Telegram chat history .html and generate a report message count by date, and most used words. zqtay   22 An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM mncoppola mit 580 A command line tool that queries the Open Corporates Database and returns data on corporations under the copyleft Open Database License. rly0nheart gpl-3.0 30 LoadLibrary for offensive operations bats3c   728 Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard. okbob bsd-2-clause 1910 Call Tree Overviewer herosi mit 255 PowerForensics provides an all in one platform for live disk forensic analysis Invoke-IR mit 1242 CLI and local web plain text note‑taking, bookmarking, and archiving with linking, tagging, filtering, search, Git versioning & syncing, Pandoc conversion, + more, in a single portable script. xwmx agpl-3.0 4872 Reverse Engineered Sigfox Stack - Library Jeija   20 A collection of small corpuses of interesting data for the creation of bots and similar stuff. dariusk   4536 A simple Python interface for Darius Kazemi’s Corpora Project. aparrish mit 113 Scalable identity resolution, entity resolution, data mastering and deduplication using ML zinggAI agpl-3.0 632 An OOB interaction gathering server and client library projectdiscovery mit 1978 Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor nil0x42 gpl-3.0 1808 A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs wagga40   420 Fast and efficient osquery management jmpsec mit 251 Zentral provides a unified view for endpoint monitoring. Comprehensive features include Santa binary authorization and patch management orchestration on macOS, as well as detailed Qsquery fleet management - all paired with event based stream processing and direct support for a range of data store backends (Elastic, OpenSearch, SumoLogic, Splunk, e.g.). zentralopensource other 650 Better analyze information, in all its forms ICIJ agpl-3.0 438 Backup all the repositories of a github user or organization automatically. clockfort cc0-1.0 267 recover Firefox and more browsers logins HugoLB0   42 Implements a security connection using untrusted non3GPP my5G apache-2.0 30 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc) qeeqbox agpl-3.0 234 :atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit: SocialConnect mit 511 An example of batching for operations with Elixir and Broadway mcrumm apache-2.0 20 NLTK Source nltk apache-2.0 11185 Go package for working with the Flickr API aaronland bsd-3-clause 1 High-speed Bloom filters and taffy filters for C, C++, and Java jbapple apache-2.0 24 A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies ( and disclosure notifications. ossf cc-by-4.0 72 Retrive torrent files from an Internet Archive search gallypette other 2 Collection of Event ID ressources useful for Digital Forensics and Incident Response stuhli mit 384 The best exploitation tool for SSL VPN 0day vulnerabilities. shelld3v   71 External monitoring for organization assets cisagov cc0-1.0 234   advanced-threat-research   30 patool is a portable command line archive file manager wummel gpl-3.0 312 Redpanda is a streaming data platform for developers. Kafka API compatible. 10x faster. No ZooKeeper. No JVM! redpanda-data   5150 Ronn-NG: An updated fork of ronn. Build man pages from Markdown. apjanke mit 48 the opposite of roff rtomayko other 1306 a library for audio and music analysis aubio gpl-3.0 2819 Supply-chain Levels for Software Artifacts slsa-framework other 918 Hugo documentation theme as simple as plain book alex-shpak mit 2062   CESNET bsd-3-clause 15 System for network traffic analysis and anomaly detection. CESNET other 70 Fake Protocol Server fofapro   1324 Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported! blacklanternsecurity   591 Cosma is a document graph visualization tool. It modelizes interlinked Markdown files and renders them as an interactive network in a web interface. graphlab-fr gpl-3.0 40 A distributed, fast open-source graph database featuring horizontal scalability and high availability vesoft-inc apache-2.0 8170 ACHE is a web crawler for domain-specific search. VIDA-NYU apache-2.0 374 Wrapper around tarfile to add support for more compression formats ascoderu apache-2.0 6 Probabilistic data structures for processing continuous, unbounded streams. tylertreat apache-2.0 1487 A highly efficient Bloom filter library and command line tool written in Go. DCSO other 56 TIE Feed Generator for MISP (replaces tie2misp) DCSO bsd-3-clause 5 Offensive Software Exploitation Course ashemery   762 Library for building WebSocket servers and clients in Python aaugustin bsd-3-clause 4234 CVE-2021-40444 PoC lockedbyte   1444 A repository of curated datasets from various attacks splunk apache-2.0 336 scraper that consolidates tens of thousands of financial records into a SQLite relational database. Class ‘dataframes’ easily converts the SQLite data into pandas DataFrames (see Jupyter notebook for examples) caiobran mit 137 Raw-packet Project raw-packet mit 197 A Python library to provide functions to handle, parse and validate standard numbers. arthurdejong lgpl-2.1 385 Web Application for domain name monitoring / alerting PassiveDNS agpl-3.0 54 A Qt5-based IM client for Matrix quotient-im gpl-3.0 550 A simple OCR API server, seriously easy to be deployed by Docker, on Heroku as well otiai10 mit 531 Sampler, Sequencer, Multi-engine synth and effects - in a box! [WIP] bitfieldaudio other 2510 GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly] austinsonger mit 963 Script examples to interact with Telecom Data / Objects via PyMISP post-cyberlabs agpl-3.0 6 List of pastebin sites. lorien   47 RestApiToText Notepad++ plugin that uses input from an editor tab to make a REST call and display the results in a new tab. eljefe7000 gpl-3.0 13 :wolf: Malware analysis platform cristianzsh agpl-3.0 357 A (nearly) production ready Dockered MISP coolacid gpl-3.0 181 Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++. geemion apache-2.0 1375 APSI is a C++ library for Asymmetric (unlabeled or labeled) Private Set Intersection. microsoft mit 107 Curated research at the intersection of causal inference and natural language processing. causaltext   573 A caching Git HTTP server jonasmalacofilho other 68 PowerShell script to collect memory and (triage) disk forensics dwmetz mit 188 Pure Python hash length extension module stephenbradshaw other 75 AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically ail-project agpl-3.0 8 A set of over 2800 free MIT-licensed high-quality SVG icons for you to use in your web projects. tabler mit 13024   doegox   58 Rapidly Search and Hunt through Windows Forensic Artefacts WithSecureLabs gpl-3.0 1717 Synapse Central Intelligence System vertexproject apache-2.0 247 Scalable real-time messaging server in a language-agnostic way. Set up once and forever. centrifugal apache-2.0 6505 Privacy-respecting metasearch engine searx agpl-3.0 12141 A set of Hugo doc templates for launching open source content. google apache-2.0 1942 Security-related flags and options for C compilers airbus-seclab cc-by-sa-4.0 128 Python implementation of the LZJD algorithm EdwardRaff apache-2.0 18 C++ implementation of ssdeep-compatible fast fuzzy hashing a4lg other 35 Fast ssdeep comparison library a4lg other 11 Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. libyal lgpl-3.0 305 FM-Index full-text index implementation using RRR Wavelet trees (libcds) and fast suffix sorting (libdivsufsort) including experimental results. mpetri gpl-3.0 87 Parallel ssdeep clustering kit a4lg   16 Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,… mdecrevoisier bsd-2-clause 778 🤖 A Python library for learning and evaluating knowledge graph embeddings pykeen mit 1015 A repository of DFIR-related Mind Maps geared towards the visual learners! AndrewRathbun mit 390 A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows. opsdisk apache-2.0 121 A fast and secure multi protocol honeypot. evilsocket other 268 Dumping processes using the power of kernel space ! EquiFox mit 771 The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation. center-for-threat-informed-defense apache-2.0 54 The no-magic web data plane API and microservices framework for Python developers, with a focus on reliability, correctness, and performance at scale. falconry apache-2.0 8930 GNU Radio decoder for Amateur satellites daniestevez gpl-3.0 602 Domain-driven e-commerce for Django django-oscar bsd-3-clause 5506 Host Apple Software Updates on the hardware and OS of your choice. wdas other 840 Deep ghidra decompiler and sleigh disassembler integration for rizin rizinorg lgpl-3.0 667 UNIX-like reverse engineering framework and command-line toolset. rizinorg lgpl-3.0 1635 Official QT frontend of radare2 radareorg gpl-3.0 448 LZFSE compression library and command line tool lzfse bsd-3-clause 1690 A small set of Python functions to draw pretty maps from OpenStreetMap data. Based on osmnx, matplotlib and shapely libraries. marceloprates agpl-3.0 8841 Implementation of precomputed PSI for smartphone encryptogroup   10 A Python library for private set intersection eric-vader apache-2.0 9 The most powerful screen recorder & annotation tool for Chrome 🎥 alyssaxuu mit 7714 Collection of Cyber Threat Intelligence sources from the deep and dark web fastfire gpl-3.0 1152 PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call. IlanKalendarov bsd-3-clause 156 Read rmp archive files srossross mit 20 Service Readiness Levels (SRL) are a type of measurement system used to assess the maturity of software services deployed in an orchestration and management platform. SRL are loosely based on the NASA Technology Readiness Levels. maana-io mit 2 🍃 Organic Maps is a free Android & iOS offline maps app for travelers, tourists, hikers, and cyclists. It uses crowd-sourced OpenStreetMap data and is developed with love by MapsWithMe (MapsMe) founders and our community. No ads, no tracking, no data collection, no crapware. Your donations and positive reviews motivate and inspire our small team! organicmaps apache-2.0 4032 A screamingly fast Python 2/3 WSGI server written in C. jonashaag other 2851 List SID of rules used by publics sandbox for hunting StrangerealIntel   2 Crack hashes in seconds. s0md3v mit 1393 cmix is a lossless data compression program aimed at optimizing compression ratio at the cost of high CPU/memory usage. byronknoll gpl-3.0 472 Python hashlib-like wrapper for several fuzzy hash algorithms. sptonkin gpl-3.0 12 Python library for reading Debian package files and comparing version strings TheClimateCorporation other 26 Extends Pathlib to archives, images, remote filesystems, etc barneygale gpl-3.0 25 AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. Includes TTPs and countermeasures. cogsec-collaborative cc-by-sa-4.0 145 Cuckoo Filter go implement, better than Bloom Filter, configurable and space optimized 布谷鸟过滤器的Go实现,优于布隆过滤器,可以定制化过滤器参数,并进行了空间优化 linvon mit 232 SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as MISP. hpthreatresearch mit 117 This is just a running list of notes without any unifying theme or structure, however it will generally be somewhere in the realm of web development. Archive-42   6 This tool can decrypt a BitLocker-locked partition with the TPM vulnerability kkamagui other 135 Container Signing sigstore apache-2.0 2681 Specification and other related documents. in-toto mit 25 Software Supply Chain Transparency Log sigstore apache-2.0 610 IceFireDB is a database built for web3 and web2. It strives to fill the gap between web2 and web3 with a friendly database experience, making web3 application data storage more convenient, and making it easier for web2 applications to achieve decentralization and data immutability. IceFireDB mit 939 Data science on data without acquiring a copy OpenMined apache-2.0 8399 Universal payment handling for Django. jazzband other 798 Private Set Intersection Cardinality protocol based on ECDH and Bloom Filters OpenMined apache-2.0 80 fast string matching trie library farsightsec apache-2.0 8 Convert Apple NeuralHash model for CSAM Detection to ONNX. AsuharietYgvar apache-2.0 1480 A network filesystem client to connect to MinIO and Amazon S3 compatible cloud storage servers minio agpl-3.0 418 💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or jonaslejon bsd-2-clause 1867 PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents. guelfoweb   542 The high-scalability sFlow/NetFlow/IPFIX collector used internally at Cloudflare. cloudflare bsd-3-clause 651 FEVER<->Threat Bus connector satta   5 A simple Flask boilerplate app with SQLAlchemy, Redis, User Authentication, and more. hack4impact mit 2816 Repository of yara rules Yara-Rules gpl-2.0 3315 Python source code auditing and static analysis on a large scale SourceCode-AI gpl-3.0 103 Password-based key derivation function and password hashing scheme building upon scrypt openwall   60   jaraco mit 928 :aquarius: Create maps made of lines riatelab   108 A collection of links related to VMware escape exploits xairy cc-by-4.0 1178 CSIRT Jump Bag cudeso   25 Visualize your Markdown as mindmaps with Markmap. markmap mit 4145 SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature. med0x2e mit 728   ml874   2217 An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework. G-Research apache-2.0 159 High speed/Low cost CommonCrawl RegExp in Node.js c6fc other 205 An open-source digital image forensic toolset GuidoBartoli gpl-3.0 2072 hBPF = eBPF in hardware rprinz08 bsd-3-clause 326 Zuthaka is an open source application designed to assist red-teaming efforts, by simplifying the task of managing different APTs and other post-exploitation tools. pucarasec other 159 External ActivityPub feeder for AIL-framework. ail-project   4 BaikalDB, A Distributed HTAP Database. baidu apache-2.0 982 Greybox Synthesizer geared for deobfuscation of assembly instructions. quarkslab agpl-3.0 89 Orchestrate end-to-end encryption, mutual authentication, key management, credential management & authorization policy enforcement — at scale. build-trust apache-2.0 2622 Logging Made Easy ukncsc apache-2.0 660 Firefox Extension Workshop mozilla   70 A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-)) cfalta bsd-3-clause 897 A Unix-style personal search engine and web crawler for your digital footprint. amirgamil mit 1296 HumHub is an Open Source Enterprise Social Network. Easy to install, intuitive to use and extendable with countless freely available modules. humhub other 5922 The lektor static file content management system lektor bsd-3-clause 3623 Chepy is a python lib/cli equivalent of the awesome CyberChef tool. securisec gpl-3.0 466 Radio Signals Recognition Manual AresValley gpl-3.0 165 A Github Action to verify that new commits are present in the sigstore transparency log. sigstore apache-2.0 7 Forward Secure Pseudo Random Generator poettering   7 DeepDiff: Deep Difference and search of any Python object/data. DeepHash: Hash of any object based on its contents. Delta: Use deltas to reconstruct objects by adding deltas together. seperman other 1508 stix-icons is a collection of colourful and clean icons for use in software, training and marketing material to visualize cyber threats according to the STIX language for intelligence exchange, defined by OASIS Cyber Threat Intelligence (CTI) TC eclecticiq other 17 Command-line utility for multipattern search using liblightgrep strozfriedberg gpl-3.0 36 AdiDoks is a mordern documentation theme, which is a port of the Hugo theme Doks for Zola. aaranxu mit 123 MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. mvt-project other 8168 A Python library to extract tabular data from PDFs camelot-dev mit 1716 Indicators from Amnesty International’s investigations AmnestyTech   1400 This package contains deep learning models and related scripts for RoseTTAFold RosettaCommons mit 1606 Extractive Text Summarization Using LDA For Topic Modeling g-deoliveira   33 Old repository. Tenacity is an easy-to-use, privacy-friendly, FLOSS, cross-platform multi-track audio editor/recorder for Windows, macOS, Linux and other operating systems. tenacityteam other 7217 Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes mozilla other 2407 IP submodules, formatted for easier CI integration betrusted-io other 21 mud-visualizer is a tool to visualize MUD files iot-onboarding bsd-3-clause 11 Repository of Yara rules dedicated to Phishing Kits Zip files t4d gpl-3.0 91 Very basic rust client: listen for a message on stdin, write the message on stdout. D4-project bsd-2-clause 2 App that makes building attack decision trees from the Security Chaos Engineering report easy rpetrich gpl-2.0 100 Python library providing function decorators for configurable backoff and retry litl mit 1966 📶 Print a QR code for connecting to your WiFi ( bndw mit 6095 A list of cool features of Git and GitHub. tiimgreen mit 37616 Sophos-originated indicators-of-compromise from published reports sophoslabs   359 Fast & memory efficient hashtable based on robin hood hashing for C++11/14/17/20 martinus mit 1240 Splunk Security Content splunk apache-2.0 738 CLI tool to filter JSON and JSON Lines data with Python syntax. (Similar to jq) kellyjonbrazil mit 327 Piotr - IoT firmware emulation instrumentation for training and research virtualabs mit 52 This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts. telekom-security   72 Configuration file for REvil / Kaseya July campaign SpiderLabs   4 An Open Source Conversational AI Platform for Deep-Domain Voice Interfaces and Chatbots. cisco apache-2.0 599 📛 An open source status page system for everyone. CachetHQ bsd-3-clause 12934 Trax — Deep Learning with Clear Code and Speed google apache-2.0 7156 MISP expansion - a browser extension (Firefox and Chrome) to lookup on MISP MISP bsd-2-clause 5 Discord feeder for AIL ail-project agpl-3.0 6   imuledx   112 Perform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing. m8sec gpl-3.0 583 plotting on terminal piccolomo mit 1161 Karate Club: An API Oriented Open-source Python Framework for Unsupervised Learning on Graphs (CIKM 2020) benedekrozemberczki gpl-3.0 1760 Jimi is an automation first no-code platform designed and developed originally for Security Orchestration and Response. Since its launch jimi has developed into a fully fledged IT automation platform which effortlessly integrates with your existing tools unlocking the potential for autonomous IT and Security operations. z1pti3 apache-2.0 124 Zeek-Formatted Threat Intelligence Feeds CriticalPathSecurity mit 176 This project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about. center-for-threat-informed-defense apache-2.0 239 Security Scorecards - Security health metrics for Open Source ossf apache-2.0 3011 YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents. hm-seclab apache-2.0 24 Markdown filter module for Apache HTTPD Server hamano apache-2.0 81 ct-scrutinize is a set of tools extract information from Certificate Transparency logs D4-project agpl-3.0 3 Simple executable generator with encrypted shellcode. aniqfakhrul   269 :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens ticarpi gpl-3.0 3512 Great utility for computing hash sums rhash 0bsd 445 Mirage is a powerful and modular framework dedicated to the security analysis of wireless communications. RCayre mit 160 A simple and robust caching solution for FastAPI that interprets request header values and creates proper response header values (powered by Redis) a-luna mit 85 A library for efficient similarity search and clustering of dense vectors. facebookresearch mit 18317 Library for fast text representation and classification. facebookresearch mit 24007 Your personal markdown scribe with template-engine and Git(Hub) & RSS powers 📜 muesli mit 249 A Python package that implements the HierarchicalPartition data structure. rayohauno gpl-2.0 5 Open source vulnerability DB and triage service. google apache-2.0 653 Electronic Health Certificates Specification ehn-dcc-development   363 Obfuscation method using virtual machine. eaglx gpl-3.0 551 Peer-to-peer overlay routing for the Matrix ecosystem matrix-org apache-2.0 303 Clustering for arbitrary data and dissimilarity function matteodellamico bsd-3-clause 57 ELF visualizer. Generates HTML files from ELF binaries. ruslashev zlib 870 A data augmentations library for audio, image, text, and video. facebookresearch other 4595 I wanted to call this repo “Nuclear Football Codes”. I was outvoted.. EmergingThreats   64 Storytelling with maps template mapbox bsd-3-clause 424 Probabilistic data structures in python barrust mit 84 Python CLI and module for CIRCL hash lookup hashlookup gpl-3.0 8 Command line client for Kimai2, the open source, self-hosted time tracker infeeeee mit 19 Kimai v2 is a web-based multiuser time-tracking application. Free for everyone: freelancers, agencies, companies, organizations - all can track their times, generate invoices and more. SaaS version available at kevinpapst mit 1901 Encrypt and Decrypt files securely in your browser. sh-dv mit 1560 cPanel Security Scan CpanelInc other 29 Python based CLI for MalwareBazaar 3c7 mit 17 EMBA - The firmware security analyzer e-m-b-a gpl-3.0 1463   otgrkiss   2 Work fast, think well. vimoutliner other 554 🎨 Simplistic, responsive jekyll based open source theme sylhare mit 671 Digging Deeper…. Velocidex other 1481 A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD) facebookincubator apache-2.0 358 Fast fuzzy string search on Redis using Lua. UTF-8 ready. krt mit 40   iCopy-X-Community   36 Create single line SVG illustrations from your pictures javierbyte bsd-3-clause 678   zautomata bsd-3-clause 10 PDB Downloader - An easier way to download Microsoft’s public symbols for Libraries and Executables. rajkumar-rangaraj   252 A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock: SAP apache-2.0 218 Althttpd is a simple webserver that has run the website since 2004. Althttpd strives for simplicity, security, and low resource usage. jiabailie mit 12 Go package implementing Bloom filters bits-and-blooms bsd-2-clause 1710 Passive DNS Capture and Monitoring Toolkit mosajjal gpl-2.0 212   eTextile other 9 TikTok Scraper. Download video posts, collect user/trend/hashtag/music feed metadata, sign URL and etc. drawrowfly   3115 OSINT Tools for the Dark Web apurvsinghgautam   276 Utilities for programmatic analysis of Cartography data. marco-lancini apache-2.0 27 Base45 kirei bsd-2-clause 19 Setting up a training environment for MISP cudeso   10 Terminal Linux Syscall Reference Table for x86, x64, arm32 and arm64 berkgoksel mit 18 Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection airbus-seclab   1416 Fast Python Bloom Filter using Mmap jampp mit 3 Fast Python Bloom Filter using Mmap prashnts mit 89 Convert scans of handwritten notes to beautiful, compact PDFs mzucker mit 4750 Kernel-Mode extended version of MiroKaku mit 69 Extract stored credentials from Internet Explorer and Edge HanseSecure gpl-3.0 303 Mundana is a free Jekyll theme, Medium styled. wowthemesnet   572 a python tool to check French covid-19 vaccination certificate ECDSA signature lclevy gpl-2.0 7 BerylDB is a fully modular data structure data manager that can be used to store data as key-value entries. The server allows channel subscription and is optimized to be used as a cache repository. Supported structures include lists, sets, multimaps, and keys. beryldb bsd-3-clause 201 This cheatsheet is aimed at the Red Teamers to help them understand the fundamentals of Credential Dumping (Sub Technique of Credential Access) with examples. There are multiple ways to perform the same tasks Ignitetechnologies   309 Malware similarity platform with modularity in mind. W3ndige other 71 This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. Viralmaniar mit 76 Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases. mdecrevoisier   327 Apache Superset is a Data Visualization and Data Exploration Platform apache apache-2.0 48897 A fast, offline reverse geocoder in Python sthagen lgpl-2.1 2 Python DNS Name Server Framework nhairs mit 6 The Unofficial TikTok API Wrapper In Python davidteather mit 2744 A minimal Jekyll theme inspired by Tufte CSS bradleytaunt mit 135 Hashashin: A Fuzzy Matching Tool for Binary Ninja riverloopsec mit 69 NinjaDiff is a binary diffing plugin for Binary Ninja. Read more on our blog, and contribute code & improvements! riverloopsec mit 46 Run executables from memory, over the network, on Windows, Linux, OpenVMS… routers… spaceships… toasters etc. XiphosResearch   265 A concise API for exploratory data visualization observablehq isc 2134 High performance, self-hosted, newsletter and mailing list manager with a modern dashboard. Single binary app. knadh agpl-3.0 8804 similarity digest hashing tool sdhash apache-2.0 144 A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies ( and disclosure notifications. google cc-by-4.0 102 Cryptanalysis of KIASU-BC medsec other 2 Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pages and see the returned values detectify mit 460 Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more) brimdata bsd-3-clause 36 Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber nsacyber other 730 Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities. Spacial gpl-3.0 260 True Random Number Generator core implemented in Verilog. secworks bsd-2-clause 51 Encyclopedia for Executables strontic mit 289 An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs. center-for-threat-informed-defense apache-2.0 814 Future-proof content collaboration platform pydio agpl-3.0 1360 Threat Response integration for MISP Project CiscoSecurity mit 6 Yet another whois parser for Python ninoseki mit 3 arxiv_miner is a toolkit for mining research papers on CS ArXiv. valayDave mit 96 The Intelligent Process Lifecycle of Active Cyber Defenders d3sre   29 API back-end server including crawlers CyCat-project agpl-3.0 23 Monty, Mongo tinified. MongoDB implemented in Python ! davidlatwe bsd-3-clause 516 🌐 Wikipedia for Web APIs. Directory of REST API definitions in OpenAPI 2.0/3.x format APIs-guru cc0-1.0 2956 A RESTful whois ninoseki mit 4 An open etymology dataset created using Wiktionary data. Contains 3.8M entries, 1.8M terms, 2900 languages, and 31 unique relationship types. droher apache-2.0 21 Fast by default, flexible 2D plotting library. wwwtyro unlicense 399 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it’ll tell you what it is! 🧙‍♀️ bee-san mit 5537 BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in several seconds. CodingGay apache-2.0 4142 Built-in Panther detection rules and policies panther-labs agpl-3.0 202 A collection of well labeled ELF binaries compiled from benign and malicious code in various ways. Great for exploring similarity in executables and training various ML models. nimrodpar mit 74 此项目将不定期从棱角社区对外进行公布一些最新漏洞。 EdgeSecurityTeam   2738 Create a minidump of TermService for clear text pw extraction jfmaes   88 The Exploitation Toolkit Icarus is a cross platform software exploitation library that assists in the development of proof of concept exploit code. georgenicolaou   17 Fork of Flask-RESTPlus: Fully featured framework for fast, easy and documented API development with Flask python-restx other 1650 Open standard for machine learning interoperability onnx apache-2.0 13496 Security Tool to Look For Interesting Files in S3 Buckets jordanpotti mit 1184 A command-line syndication feed monitor gvalkov other 42 Nearest Neighbor Search with Neighborhood Graph and Tree for High-dimensional Data yahoojapan apache-2.0 941 A database for storing, querying and doing stats on credential leaks EC-DIGIT-CSIRC   25 Alternative Twitter front-end zedeus agpl-3.0 6032 Naïve Bayesian Text Classifier on Redis jart   108 A utility to fix intentionally corrupted UPX packed files. lcashdol apache-2.0 52 A set of old and crappy RSS scripts to handle RSS in an Unix way. adulau   3 Photo Sharing. For Everyone. pixelfed agpl-3.0 3914 A Python implementation of John Gruber’s Markdown with Extension support. Python-Markdown other 3041 a third party module that extends keycloak by SCIM functionality Captain-P-Goldfish bsd-3-clause 110 WS-Federation implementation for keycloak cloudtrust agpl-3.0 32 Official Matplotlib cheat sheets matplotlib bsd-2-clause 6603   smdu57   2 Dictionary of CTI-related acronyms, terms, and jargon BushidoUK   117 Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). hasherezade bsd-2-clause 1456 Collaboration suite, end-to-end encrypted and open-source. xwiki-labs agpl-3.0 3948 HedgeDoc container image resources hedgedoc   178 Yet another windows internals repo vxcute   189 Presentation Slides for Developers slidevjs mit 23154 command line tool to use the DNSDB Flexible Search API extensions. farsightsec   12 Abusing Certificate Transparency logs for getting HTTPS websites subdomains. UnaPibaGeek gpl-3.0 1651 One Stop Anomaly Shop: Anomaly detection using two-phase approach: (a) pre-labeling using statistics, Natural Language Processing and static rules; (b) anomaly scoring using supervised and unsupervised machine learning. adobe apache-2.0 145 A Modular MWDB Utility to Collect Fresh Malware Samples c3rb3ru5d3d53c bsd-3-clause 32 Small and convenient C2 tool for Windows targets. [ Русский – значит нахуй! ] Cr4sh gpl-3.0 449 A library for generating high-quality, printable maps on the browser. camptocamp other 77 The Witchcraft Compiler Collection endrazine other 1707 TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere. D4-project apache-2.0 3 Fully fledged Python Pinterest client bstoilov mit 218 Scan for open S3 buckets and dump the contents sa7mon mit 1903 Create adversarial attacks against machine learning Windows malware detectors pralab gpl-3.0 137 Sysmon EDR POC Build within Powershell to prove ability. ion-storm   186 Sigma Detection Rule Repository P4T12ICK gpl-3.0 69 This tool downloads, installs, and configures a shiny new copy of Chromium. nccgroup apache-2.0 391 Cracking encrypted wechat message history from android ppwwyyxx gpl-3.0 1479 A .NET tool for exporting and importing certificates without touching disk. TheWover mit 383 🔍NEW ugrep v3.9: ultra fast grep with interactive TUI, fuzzy search, boolean queries, hexdumps and more: search file systems, source code, text, binary files, archives (cpio/tar/pax/zip), compressed files (gz/Z/bz2/lzma/xz/lz4/zstd), documents etc. A faster, user-friendly and compatible grep replacement. Genivia bsd-3-clause 1363 A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention. JSCU-NL apache-2.0 215 IntelMQ Enhancement Proposals certtools   4   mandiant other 23 Easing tor proxies botnet analysis D4-project   4   0xrawsec gpl-3.0 32 Python library using the AIL Rest API ail-project other 6 RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. BSI-Bund   172 A Deep Learning Approach for Password Guessing ( brannondorsey mit 813 Ghidra analyzer for UEFI firmware. DSecurity apache-2.0 233 A Python package and CLI for parsing aggregate and forensic DMARC reports domainaware apache-2.0 610 Shadowsocks Crypto shadowsocks mit 32 A tool to add simple inline patches to a binary to rearrange its stack frames, and other things! angr bsd-2-clause 43   GaretJax   1 🔎 Open source distributed and RESTful search engine. opensearch-project apache-2.0 5939 Python libary to normalize Yara signatures chrislee35   19 Binary instrumentation framework based on FRIDA Ch0pin   790 Bloomberg’s distributed RDBMS bloomberg other 1169 The OpenAPI Specification Repository OAI apache-2.0 25230 An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments. microsoft mit 1460 Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders cyb3rfox apache-2.0 553 GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows) ValdikSS apache-2.0 7772 Collection of YARA-L 2.0 sample rules for the Chronicle Detection API chronicle apache-2.0 107 An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need. Frustation Killer!!! glitchedgitz mit 466 Sentiment Analysis with BERT in Turkish Tweets akoksal gpl-3.0 101 Open-source realtime location sharing bilde2910 apache-2.0 428   fboldewin   37 borb is a library for reading, creating and manipulating PDF files in python. jorisschellekens other 2835 Generates YARA rules to detect malware using API hashing tbarabosch apache-2.0 14 r package for cartogram creation sjewo   131 The Leek group guide to data sharing jtleek   6199 The Leek group guide to data sharing ekamioka   1 Cmulator is ( x86 - x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries . Based on Unicorn & Zydis Engine & javascript Coldzer0 agpl-3.0 262 PageBuster - dump all executable pages of packed processes. revng gpl-2.0 188 Countdown timer and stopwatch in your terminal trehn gpl-3.0 1090 Next generation web scanner urbanadventurer gpl-2.0 4178 A browser extension for OSINT search ninoseki mit 918 SLAE x86 Assembly Language and Shellcoding on Linux dibsy   7 function identification signatures williballenthin apache-2.0 8 Handy utilities for the angr binary analysis framework, most notably CFG visualization axt bsd-2-clause 225 A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. trimstray mit 81702 Global Travel Assessment System A passenger data screening and analysis system for enhancing global security US-CBP other 93 GitHub Actions runner images actions mit 6819 Simple yara rule manager 3c7 mit 65 A preservation experiment to save photos from Flickr to your disk with the metadata embedded. ayman mit 16 EML analyzer is an application to analyze the EML file ninoseki mit 146 Tantivy is a full-text search engine library inspired by Apache Lucene and written in Rust quickwit-oss mit 7224 enpoint detection / live analysis & sandbox host / signatures quality test codeyourweb mit 31 Network Diffusion Library - (for NetworkX and iGraph) GiulioRossetti bsd-2-clause 225 4K Executable Graphics framework lunasorcery other 174 A tool for generating fake code signing certificates or signing real ones Tylous mit 683 🔍 A collection of interesting, funny, and depressing search queries to plug into 👩‍💻 jakejarvis cc0-1.0 3548 Scanning APK file for URIs, endpoints & secrets. dwisiswant0 apache-2.0 3337 Simulate firmware with one click of firmadyne (使用 firmadyne 一键模拟固件) liyansong2018 mit 174 Pure Bash HTTP client falzm mit 38 Project on text topics evolution over time analysis newsviz gpl-3.0 74 A browser extension and API server for detecting corporate password use on external websites palantir apache-2.0 73 Debugger for the Shannon Baseband synacktiv   52 🕵️‍♂️ Offensive Google framework. mxrch mpl-2.0 12131 MISP-STIX-Converter - Python library to handle the conversion between MISP and STIX formats MISP bsd-2-clause 20 DRAKVUF Sandbox - automated hypervisor-level malware analysis system CERT-Polska other 729 tools for creating, inspecting and modifying torrent files arvidn bsd-3-clause 8   gracenolan   929 OSINT tool to get information from a Github and Gitlab profile and find user’s email addresses leaked on commits. GONZOsint gpl-3.0 208   DIVD-NL   2 Golang implementation of PyMISP-feedgenerator KaanSK gpl-3.0 15 Fetch information about a public Google document. Malfrats gpl-3.0 634 A static devirtualizer for VMProtect x64 3.x. powered by VTIL. can1357 gpl-3.0 1501 Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features from the Office 365 Audit Log. PwC-IR   14 The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL) PwC-IR   157 Python package contains a set of basic tools that can help to create a markdown file. didix21 mit 135 A bash script that automates the exfiltration of data over dns in case we have blind command execution on a server with egress filtering vp777   207 A DFIR tool written in Python. cisagov cc0-1.0 1041 Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana. mattermost other 13402 Python 3 bridge to Ghidra’s Python scripting justfoxing mit 232 Use Ghidra Structs in Python domenukk mit 26 generate CobaltStrike’s cross-platform payload gloxec   1516 Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT. alexandreborges gpl-3.0 1959 speedata Publisher - a professional database Publishing system speedata agpl-3.0 245 Multifunctional java deobfuscation tool suite GraxCode gpl-3.0 684 Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale intelowlproject agpl-3.0 2441 🏛 Museo is a tool for finding images in the public domain from some of the best museums in the world. chasemccoy   50 Reverse Engineer’s Toolkit mentebinaria apache-2.0 3436 Creating a Feed of MISP Events from ThreatFox (by marjatech gpl-3.0 18 Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service) doyensec apache-2.0 641 Leave and Overtime Management System bbalet agpl-3.0 329   ancailliau agpl-3.0 6 HedgeDoc - The best platform to write and share markdown. hedgedoc agpl-3.0 3327 A tiny CLI for HedgeDoc hedgedoc agpl-3.0 126 Brython (Browser Python) is an implementation of Python 3 running in the browser brython-dev bsd-3-clause 5851 CKAN is an open-source DMS (data management system) for powering data hubs and data portals. CKAN makes it easy to publish, share and use data. It powers,, among many other sites. ckan other 3579 This repository holds proof-of-concepts for the VOOdoo vulnerabilities found in NETGEAR CG3100 and CG3700B cable modems provided by VOO to its subscribers. QKaiser   14 RPM packages for MISP amuehlem   24 Binary Grep rsharo   42 MQTT client/broker using Python asynchronous I/O beerfactory mit 768 Markdown parser, done right. 100% CommonMark support, extensions, syntax plugins & high speed markdown-it mit 14391 API, CLI, and Web App for analyzing and finding a person’s profile in 1000 social media \ websites qeeqbox agpl-3.0 9414 19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap) qeeqbox agpl-3.0 516 A 35mm camera, based on the Canonet G-III QL17 rangefinder, modelled in Python. evildmp   146 Implementation of Ariana1729   92 Exchange Server support tools and scripts microsoft mit 1071 A screencasting program created with design in mind.( hzbd gpl-3.0 294 使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个靶场。 c0ny1   1717 Tools used by CSIRT and especially in the scope of CNW csirt-tooling-org   10 User guide of MISP MISP   193   mbrengel   54 a utility to extract the title from a PDF file metebalci gpl-3.0 86 build-once run-anywhere c library jart isc 9485 🐚📊 Show off your most used shell commands irevenko mit 431 A semantic diff utility and library for tree-like files such as JSON, JSON5, XML, HTML, YAML, and CSV. trailofbits lgpl-3.0 2171 Nym provides strong network-level privacy against sophisticated end-to-end attackers, and anonymous transactions using blinded, re-randomizable, decentralized credentials. nymtech   621 A command line tool that creates bibtex entries for IETF RFCs and Internet Drafts. iluxonchik mit 43 N-D labeled arrays and datasets in Python pydata apache-2.0 2733 A diagram of my personal infrastructure karlicoss mit 37 C2/post-exploitation framework loseys mit 866 RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software. FrenchCisco mit 217   cert-orangecyberdefense   3 Repository for the last open source version of Booked Scheduler. The “develop” branch contains the most current working code of the project and should be considered beta. The “master” branch is the most current stable release of BookedScheduler. Please read doc/ for further details. effgarces gpl-3.0 239 :book: HonKit is building beautiful books using Markdown - Fork of GitBook honkit apache-2.0 2344 A list of private and public (more or less) blackhat boards misterch0c   214 Cisco Threat Intelligence API threatgrid epl-1.0 51 Small utility program to perform multiple operations for a given subnet/CIDR ranges. projectdiscovery mit 566 Setup scripts for my Malware Analysis VMs f0wl gpl-3.0 210 Fast and customizable vulnerability scanner based on simple YAML based DSL. projectdiscovery mit 10399 EasyList filter subscription (EasyList, EasyPrivacy, EasyList Cookie, Fanboy’s Social/Annoyances/Notifications Blocking List) easylist   1408 ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server nitefood mit 680 Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012) itm4n   397   jeffjbowie   23 tree is a library for working with nested data structures deepmind apache-2.0 783 MOBIB-extractor allows you to read the data stored on your STIB Mobib card zoobab   17 PoC capable of detecting manual syscalls from usermode. jackullrich   120 Online network diagram editor pablomarle mit 86 MBC content in markdown MBCProject   195 NCD scripting language, tun2socks proxifier, P2P VPN ambrop72 other 1702 Ralph is the CMDB / Asset Management system for data center and back office hardware. allegro apache-2.0 1898 Find exposed data in Azure with this public blob scanner cyberark mit 240 A data structure for storing points. tidwall mit 17 Universal (IPv4/IPv6) CIDR calculator sthagen isc 4 fun with GSM superbaud   1 ⚠️ Browser fingerprinting via favicon! jonasstrehle mit 3987 open-source IEEE 802.11 WiFi baseband FPGA (chip) design: driver, software open-sdr agpl-3.0 2736 Open source SDR 4G/5G software suite from Software Radio Systems (SRS) srsran agpl-3.0 2805 Vixie Cron, an open source implementation of POSIX Cron, later imported into BSD and Linux vixie other 27   dataspectra gpl-3.0 4 Carles Pina Estany’s 2020 Tool Fund: data managers and researchers collaborate to write the Frictionless Data packages, tabular schemas, etc. frictionlessdata mit 15 A webmining CLI tool & library for python. medialab gpl-3.0 156 A data retrieval & exploration protocol designed to investigate science and policy processes Guillaume-Levrier mit 5 Twitter stream + search API grabber medialab gpl-3.0 94 Browser version of Hyphe (WIP) medialab agpl-3.0 25 Helping allocate resources to secure the critical open source projects we all depend on. ossf apache-2.0 244 Gives criticality score for an open source project ossf apache-2.0 1095 Official repository for Spyder - The Scientific Python Development Environment spyder-ide mit 7235 A collection of infosec related scripts and information. phage-nz   55 External telegram feeder for AIL framework ail-project agpl-3.0 6 Python package for graph statistics microsoft mit 268 A concise, directive, specific, flexible, and free incident response plan template counteractive other 355 Python Binding for xxHash ifduyue bsd-2-clause 294 Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions. m8sec gpl-3.0 300 taxonomies CyCat-project   13   CyCat-project mit 3 a simple tool for hassle-free open-source contribution licensing berneout   31 HID attack payload generator for Arduinos RedLectroid gpl-3.0 145 Generate Google Slides from markdown googleworkspace apache-2.0 4270 Various capabilities for static malware analysis. MITRECND other 65 Automate the creation of a lab environment complete with security tooling and logging best practices clong mit 3946 weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883 0xn0ne   1536   theevilbit   699 The new phuzzing framework! angr bsd-2-clause 132 This tutorial explains the benefits, pitfalls, and limitations of scraping, and why Lookyloo is an important tool. Lookyloo mit 8 A Python Matrix client library, designed according to sans I/O ( principles poljar other 386 Timeflake is a 128-bit, roughly-ordered, URL-safe UUID. anthonynsimon mit 795 Logo of the project CyCat-project   1 Very basic MISP bot for matrix. MISP apache-2.0 5 :mortar_board:RESEARCH [NLP :thought_balloon:] We use different feature sets and machine learning classifiers to determine the best combination for sentiment analysis of twitter. ayushoriginal   726 FIRM-AFL is the first high-throughput greybox fuzzer for IoT firmware. zyw-200   354 SMDA is a minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps. danielplohmann bsd-2-clause 179 novelWriter is an open source plain text editor designed for writing novels. It supports a minimal markdown-like syntax for formatting text. It is written with Python 3 (3.7+) and Qt 5 (5.10+) for cross-platform support. vkbo gpl-3.0 1402 Firmware for Pinetime smartwatch written in C/C++ and based on FreeRTOS InfiniTimeOrg gpl-3.0 1858 Source for tasks I have used with Covenant py7hagoras   123 A simple OpenPGP public key server that validates email address ownership of uploaded keys. mailvelope agpl-3.0 311 Resources I’ve found useful for my CTI work ForensicITGuy mit 5 Re-play Security Events OTRF mit 1311 Fix Go obfuscated binaries that were obfuscated using gobfuscator kryptoslogic mit 42 GH Archive is a project to record the public GitHub timeline, archive it, and make it easily accessible for further analysis. igrigorik mit 2334 Cartographie du système d’information / Mapping the information system dbarzin gpl-3.0 77 Exports MISP events to STIX and ingest into McAfee ESM mohlcyber   14 A collection of scripts for dealing with Cobalt Strike beacons in Python nccgroup   161 The Atari ST, STE, TT and Falcon emulator. This is a mirror repository, the official one can be found on hatari   51 A transparent, highly scalable and cryptographically verifiable data store. google apache-2.0 3151 DFF (Digital Forensics Framework) vertrex gpl-2.0 9 RSD: RISC-V Out-of-Order Superscalar Processor rsd-devel apache-2.0 719 A list of JARM hashes for different ssl implementations used by some C2/red team tools. cedowens   101 A set of free MIT-licensed high-quality SVG icons for UI development. tailwindlabs mit 17016 Tools, data, and contact lists relevant to The Project. disclose gpl-3.0 304 gramfuzz is a grammar-based fuzzer that lets one define complex grammars to generate text and binary data formats. d0c-s4vage mit 229 Redress - A tool for analyzing stripped Go binaries goretk agpl-3.0 651 A MicroPython based development environment for smart watches (including Pine64 PineTime) daniel-thompson gpl-3.0 598 Defences against Cobalt Strike MichaelKoczwara mit 1151 Simple secure asynchronous message queue mori-b apache-2.0 18 immudb - immutable database based on zero trust, SQL and Key-Value, tamperproof, data change history codenotary apache-2.0 7940 Websocket server written in bash VeryBueno   11 Collections of tools and methods created to aid in OSINT collection sinwindie   1795 Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot. ethereal-vx   641 STUMPY is a powerful and scalable Python library for modern time series analysis TDAmeritrade other 2402 A CVE Heatmap Using CalPlot jgamblin mit 98 ♾ A Graph Visualization Framework in JavaScript antvis mit 9299   salesforce bsd-3-clause 808 Distributed malware processing framework based on Python, Redis and S3. CERT-Polska bsd-3-clause 294 Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process. center-for-threat-informed-defense apache-2.0 333 python implementation of the parquet columnar file format. dask apache-2.0 614 Apache Parquet apache apache-2.0 1200   madaidans-insecurities   92 crawl and scrape web pages in rust mattsse apache-2.0 532 The Purpose of this research tool is to provide a Python client into RiskIQ API services. NoDataFound   21 Notes on managing and coordinating the response to major cyber incidents WillOram other 24 Limier est un petit outil en CLI permettant de trouver un flux RSS quand il est planqué sur un site. darcosion mpl-2.0 17 Calculate fingerprints of a website for OSINT search ninoseki mit 38 A browser extension for navigating burgeoning Twitter conversations paulgb mit 469 安全、可靠、简单、免费的企业级蜜罐 hacklcx   3388 A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests projectdiscovery mit 2733 Distributed WebSocket broker Cretezy mit 215 TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere. KasperskyLab apache-2.0 2608 Sparrow.ps1 was created by CISA’s Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment. cisagov cc0-1.0 1348 The decryption implementation of Chrome cookie(encrypted_value) and password(password_value) on Windows with Java mlkui   15 A rapid API for the Project Sonar dataset Cgboal mit 592 IP lookup by favicon using Shodan pielco11 mit 781 Making Favicon.ico based Recon Great again ! devanshbatham mit 846 CLI tool for open source and threat intelligence Te-k gpl-3.0 995 A RocksDB compatible KV storage engine with better performance bytedance apache-2.0 1776 The Galène videoconference server jech mit 702 Turn any program that uses STDIN/STDOUT into a WebSocket server. Like inetd, but for WebSockets. joewalnes bsd-2-clause 16397 The following repository contains a modified version of SUNBURST with cracekd hashes, comments and annotations. ITAYC0HEN   57 Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for .NET, Rust, Python, JavaScript icedland mit 1976 Pazuzu: Reflective DLL to run binaries from memory BorjaMerino   215 Internal Network Penetration Test Playbook sdcampbell   706 A WebSocket message router based on Python/Redis/asyncio closeio mit 83 Open source information security policies 0xdefendA mpl-2.0 13 Proof-of-concept codes created as part of security research done by Google Security Team. google apache-2.0 1798 Take control over your live stream video by running it yourself. Streaming + chat out of the box. owncast mit 6625 CveXplore cve-search gpl-3.0 21 Certificate Transparency Log aggregation, parsing, and streaming service written in Elixir CaliDog mit 165 An advanced memory forensics framework volatilityfoundation gpl-2.0 5710 PowerShell Runspace Post Exploitation Toolkit Cn33liz bsd-3-clause 1449 Finds Instagram location IDs near a specified latitude and longitude. bellingcat mit 302   bambenek cc0-1.0 98 Tiny botnet client that is controlled by a remote blog davidsonmizael   5 :coffee: A tool to generate requirements.txt for Python project, and more than that. (IT IS NOT A PACKAGE MANAGEMENT TOOL) damnever bsd-3-clause 1336 The Personal Database about CNVD DongyunLee other 2 SunBurst DGA Decode Script RedDrip7   206   mandiant other 548 A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows. rackerlabs apache-2.0 684 Source code and data for The Economist’s covid-19 excess deaths tracker TheEconomist   632 Binary Analysis Platform BinaryAnalysisPlatform mit 1716 The Time Series Visualization Tool that you deserve. facontidavide mpl-2.0 3124 a memory-bound graph-theoretic proof-of-work system tromp other 780   mandiant other 2544 Lists of public DNSCrypt / DoH DNS servers and DNS relays DNSCrypt   865 No Indicators of Compromise RichieB2B agpl-3.0 3 CoreDNS is a DNS server that chains plugins coredns apache-2.0 9918   oskarsve   1085 FileSender server software filesender bsd-3-clause 157 The Memory Process File System ufrisk agpl-3.0 1580 Industrial IR-based static analysis framework for Java bytecode LLVM-but-worse gpl-3.0 47 Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384) gallypette gpl-3.0 1 Recovers passwords from pixelized screenshots beurtschipper other 22897 search Google and extract results directly. skip all the click-through links and other sketchiness deepseagirl mit 469   3c7 mit 22 A modern tool for Windows kernel exploration and tracing with a focus on security rabbitstack other 1657 Symbolic execution in radare2 with angr 0xchase   40 A fast high compression read-only file system mhx gpl-3.0 1001 Common User Passwords Profiler (CUPP) Mebus gpl-3.0 3066   ioerror other 3 Graphviz to ASCII converter using Graph::Easy ggerganov mit 324 a curated list of useful threat modeling resources redshiftzero apache-2.0 91 Twitter as an extra entropy source x0rz gpl-3.0 93 Dendrite is a second-generation Matrix homeserver written in Go! matrix-org apache-2.0 4013 BONOMEN - Hunt for Malware Critical Process Impersonation 0xcpu gpl-3.0 42 Scan files or process memory for CobaltStrike beacons and parse their configuration Apr4h mit 756 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. WerWolv gpl-2.0 22314 A glossy Matrix collaboration client for iOS vector-im apache-2.0 1468 A Matrix client for iOS tchapgouv apache-2.0 51 Synapse: Matrix homeserver written in Python/Twisted. matrix-org apache-2.0 10110 UNOFFICIAL Python API to interface with KonradIT   54 Federated Matrix Identity Server (formerly fork of kamax/mxisd) ma1uta agpl-3.0 154 Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros) DissectMalware apache-2.0 500 A parser for Microsoft PDB (Program Database) debugging information willglynn apache-2.0 267 An open database of international sanctions data, persons of interest and politically exposed persons opensanctions mit 318 A shell script to pretty print tabular data into the terminal jakobwesthoff bsd-2-clause 28 Declarative web scraping MontFerret apache-2.0 5108   nrdmn   58 DEPRECATED - A cross-platform implant written in Nim MythicAgents bsd-3-clause 152 Link RSIT with ATT&CK cudeso   3 Collection of malware source code for a variety of platforms in an array of different programming languages. vxunderground   11493 FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic benreardon-sfdc bsd-3-clause 3 An OK way to manage CTFs for teams playing CTFs hugsy   52 :speech_balloon: An On-Premises, Streaming Speech Recognition System iceychris mit 683 Open EDR public repository ComodoSecurity other 1593 Human and machine readable web vulnerability testing format telekom-security gpl-3.0 152 Reverse Engineers’ Hex Editor solemnwarning gpl-2.0 2032 A single .exe binary which runs DOOM on DOS 6, Windows 95 and Windows 10 (and probably everything in between). nneonneo   252 A Passive SSH back-end and scanner. D4-project agpl-3.0 92 The web scraper that’s nearly impossible to block - now called @ulixee/hero ulixee mit 537 An effort to track security vendors’ use of Microsoft’s Antimalware Scan Interface subat0mik gpl-3.0 149 Sample queries for Advanced hunting in Microsoft 365 Defender microsoft mit 1556   davidpany   241 Python library and client for token manipulations and impersonations for privilege escalation on Windows quentinhardy   115 Module to generate and verify PE signatures ralphje other 28 Network forensic tool. Please use pom-ng instead. gmsoft-tuxicoman   1 Authentication, authorization, traceability and auditability for SSH accesses. ovh other 1140 CobaltStrike’s source code Freakboy   1361   DevoInc mit 1 CLI tool to analyze PE files Te-k mit 67 An RPKI Validator and RTR server written in Rust NLnetLabs bsd-3-clause 328   cerebrate-project agpl-3.0 4 Fast Avro for Python fastavro mit 531 Etherify - bringing the ether back to ethernet sq5bpf gpl-3.0 335 Master the command line, in one page jlevy   114958 Firmware scraper firmadyne mit 97 MasterParser is a simple, all-in-one, digital forensics artifact parser alwashmi gpl-3.0 18 This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive. muteb gpl-3.0 131 grap: define and match graph patterns within binaries QuoSecGmbH mit 149 bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior. bitdefender apache-2.0 706 100Gbps Intrusion Detection and Prevention System crossroadsfpga   599 A better interface to metapost for generating graphs for the web yogsototh   5 Cisco Threat Intellligence Model threatgrid epl-1.0 55 RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird rnpgp other 147 🎈 Simple reactive notebooks for Julia fonsp mit 4188 Ephemeral file sharing engine somenonymous wtfpl 98 MachObfuscator is a programming-language-agnostic Mach-O apps obfuscator for Apple platforms. kam800 mit 476 NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim’s network visiting a website samyk   1748 DeepSpeech is an open source embedded (offline, on-device) speech-to-text engine which can run in real time on devices ranging from a Raspberry Pi 4 to high power GPU servers. mozilla mpl-2.0 20503 Automatically create YARA rules from malicious documents. target mit 191 Extremely fast non-cryptographic hash algorithm Cyan4973 other 6722 Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process. jxy-s mit 898 Library and tools to access the Windows Event Log (EVT) format libyal lgpl-3.0 52 Toolkit for building encrypted file loaders for single source file NASM projects (uses AES-NI instructions) linuxthor   3 Jana-Marie mit 93 Python bindings for omerbenamram   35 All Subjects of 42 School Binary-Hackers   930 RedisGraph python client RedisGraph bsd-3-clause 185 A graph database as a Redis module RedisGraph other 1749   Lichtsinnig   9 Adversarial Threat Landscape for AI Systems mitre   917 This content is analysis and research of the data sources currently listed in ATT&CK. mitre-attack apache-2.0 325 Check yopmail mails and inboxes from command line. antham mit 26 Data for place names from OpenStreetMap prepared for fulltext search. Downloadable. Ranked. With bbox and hierarchy. Ready for geocoding. OSMNames gpl-2.0 287 \B\C\M\C\ Open Source Software bcmc   17 BGP sessions management tool peering-manager apache-2.0 345 The GeoCorpora project aims at creating corpora of fully geo-annotated texts (in particular microblog texts) and developing tools to support the corpus building process using crowd-sourcing and visual analytics approaches. Created corpora will be made publicly available in this repository. A first corpus of ~6000 geo-annotated tweets will be published here in the near future. geovista   15   geovista lgpl-3.0 20 A fast, offline reverse geocoder in Python thampiman lgpl-2.1 1787   gaspardpetit   77 Bidirectional LSTM-CRF and ELMo for Named-Entity Recognition, Part-of-Speech Tagging and so on. Hironsan mit 1463 The fastai deep learning library fastai apache-2.0 22940 Repository to track the progress in Natural Language Processing (NLP), including the datasets and the current state-of-the-art for the most common NLP tasks. sebastianruder mit 21029 Cross-Browser Plugin to open Sci-Hub 🗝 page with the article from your current tab RoiArthurB gpl-3.0 226 Stringlifier is on Opensource ML Library for detecting random strings in raw text. It can be used in sanitising logs, detecting accidentally exposed credentials and as a pre-processing step in unsupervised ML-based analysis of application text data. adobe apache-2.0 143 Symbol hash for ELF files trendmicro apache-2.0 70 Aggregate json log lines and push to AIL framework. ail-project agpl-3.0 1 EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more. americanexpress apache-2.0 514 Microsoft Graph Security API applications and services. microsoftgraph mit 189 Convert HTML to Markdown matthewwithanm mit 354 OnionSearch is a script that scrapes urls on different .onion search engines. megadose gpl-3.0 647 Compare html similarity using structural and style metrics matiskay bsd-3-clause 186 A Simple Ransomware Vaccine Neo23x0 unlicense 846 nanomsg-next-generation – light-weight brokerless messaging nanomsg mit 2947 Indexes for SANS Courses and GIAC Certifications ancailliau   124 A Global Exhaustive First and Last Name Database Debdut apache-2.0 712 Browser extension to curate, annotate, and discuss the most valuable content and ideas on the web. As individuals, teams and communities. WorldBrain   3552 Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. thalesgroup-cert agpl-3.0 646   google apache-2.0 585 A portable framework for low-level network packet construction libnet bsd-2-clause 762 Six Degrees of Domain Admin BloodHoundAD gpl-3.0 7537 Kinda useful notes collated together publicly unprovable   475 “Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting” by Erik Hemberg, Jonathan Kelly, Michal Shlapentokh-Rothman, Bryn Reinstadler, Katherine Xu, Nick Rutar, Una-May O’Reilly ALFA-group mit 39 An HTTP toolkit for security research. dstotijn mit 4987 This analyzer creates a pewpew map out of d4 data D4-project agpl-3.0 5 🔎 Hunt down social media accounts by username across social networks sherlock-project mit 36753 Python library and CLI for accurately querying username and email usage on online platforms iojw mpl-2.0 953 #Hacktoberfest + Git Resources Contributions beginners just like you. Jump in! 🎯 ahmadawais mit 91 Yet Another Yara Automaton - Automatically curate open source yara rules and run scans EFForg gpl-3.0 201 A License Classifier google apache-2.0 263 A generator of weird files (binary polyglots, near polyglots…) corkami mit 958 MNE: Magnetoencephalography (MEG) and Electroencephalography (EEG) in Python mne-tools bsd-3-clause 2054 :busts_in_silhouette: A bash-tool to store your private data inside a git repository. sobolevn mit 3059 A social networking service scraper in Python JustAnotherArchivist gpl-3.0 1999 A minimalist command line knowledge base manager gnebbia gpl-3.0 2901 SSH tarpit that slowly sends an endless banner skeeto unlicense 5633 A static analysis tool for security designsecurity mit 269 Lightshot scraper on steroids with OCR. mxrch mpl-2.0 232 Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more. oryon-osint   130 Maltego Transforms for Yeti yeti-platform apache-2.0 7 Perpetual Access To The Scholarly Record internetarchive other 95 :duck: Malduck is your ducky companion in malware analysis journeys CERT-Polska gpl-3.0 203 DFIRTrack - The Incident Response Tracking Application dfirtrack other 405   Sentinel-One other 795 The FLARE team’s open-source tool to identify capabilities in executable files. mandiant apache-2.0 2442 Tafferugli is a Twitter Analysis Framework sowdust agpl-3.0 357 Extract bits from photos SiliconAnalysis bsd-2-clause 60 A simple (work in progress) script to extract transcripts from Google-indexed Facebook videos containing high quality transcripts lorenzoromani1983   11 FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow. fossology gpl-2.0 597 pyinfra automates infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployment, configuration management and more. Fizzadar mit 2066 The knowledge base reference to the MeliCERTes project melicertes cc0-1.0 4 A free utility to help web developers watch and manipulate network traffic from their AJAX applications. lightbody apache-2.0 1878 KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”. keepassxreboot other 14161   viper-framework bsd-3-clause 5 Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory. Flangvik other 649 The FRRouting Protocol Suite FRRouting gpl-2.0 2340 Userspace eBPF VM iovisor apache-2.0 552 Barcode keyboard for Android (not actively maintained) raphaelm   31 A Python library to access Instagram’s private API. ping mit 2563 morphHTA - Morphing Cobalt Strike’s evil.HTA vysecurity   490 Custom Infotainment UI for older Mercedes vehicles (2000-2007), inspired loosely by the 2021 S Class MBUX UI rnd-ash   95 Create multiple TOR instances with a load-balancing. trimstray gpl-3.0 832 Dedicated Reverse Proxy for Tor Hidden Services sarciszewski wtfpl 4 LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64) m0nad other 1130 Python utilities for Manubot: Manuscripts, open and automated manubot other 354 Collaborative pentest tool with highly customizable tools AlgoSecure gpl-3.0 66 📖 A curated list of awesome resources dedicated to Relation Extraction, one of the most important tasks in Natural Language Processing (NLP). roomylee   1013 DC11331 DCG website repository, talks, news and archives DC11331   2 Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. returntocorp other 7348 A python package to analyze and compare voices with deep learning resemble-ai apache-2.0 2050 Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname Datalux gpl-3.0 5379 This Bufferflow Guide includes instructions and the scripts necessary for Buffer Overflow Exploitation. This guide is a supplement for TheCyberMentor’s walkthrough. Please watch his walkthrough if you’re confused. Feel free to implement Pull Requests or raise Issues. johnjhacking   456 Napkin is a simple tool to produce statistical analysis of a text adulau agpl-3.0 11 A set of YARA rules for the AIL framework to detect leak or information disclosure ail-project agpl-3.0 31 Easy way to create a MISP event related to a Phishing page eCrimeLabs mit 15 Transparent Security is a solution for identify the source devices of a DDoS attack and mitigates the attack in the customer premises or the access network. This solution leverages a P4 based programmable data plane for add in-band network telemetry (INT) for device identification and in-band mitigation. cablelabs apache-2.0 25 The repository for the CRITS based DDoS Information Sharing platform cablelabs   5 A place to share attack chains for testing people, process, and technology with the entire community. The largest, public library of adversary emulation and adversary simulation plans! #ThreatThursday scythe-io mit 547 Proxy based Redis cluster solution supporting pipeline and scaling dynamically CodisLabs mit 12690 A collection of all the data i could extract from 1 billion leaked credentials from internet. ignis-sec mit 2679 Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise SixGenInc   636 ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡ Ciphey mit 10904 :book: A Golang library for text processing, including tokenization, part-of-speech tagging, and named-entity extraction. jdkato mit 2952 Binary data diffing for multiple objects or streams of data juhakivekas mit 297 Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters TheWover bsd-3-clause 2281 📂 Additional lookup tables and data resources for spaCy explosion mit 74 Very loud vBulletin exploit darrenmartyn   15 A developer’s guide to management: an open-sourced handbook for leading software engineering teams. raylene gpl-3.0 1210 Universal Radio Hacker: Experimental PlutoSDR support (via gnuradio). reald gpl-3.0 7 ReversingLabs YARA Rules reversinglabs mit 502 Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports. blackberry apache-2.0 1241 pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) cytopia mit 1493 Comprehensive Python Cheatsheet gto76   30554 Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification. souffle-lang upl-1.0 625 A fast and accurate disassembler GrammaTech agpl-3.0 469 Mimikatz implementation in pure Python skelsec mit 2048 Fast, easy and reliable testing for anything that runs in a browser. cypress-io mit 41383 A lightweight native DLL mapping library that supports mapping directly from memory Dewera mit 529 A Markdown-based note-taking app for mobile devices. redsolver mit 447 A polyglot payload generator redcode-labs mit 221 Semi-automatic OSINT framework and package manager kpcyrd gpl-3.0 1349 Facebook Information xHak9x gpl-2.0 1058 Stand-alone language identification system saffsd other 2003 struggled with finding cute words to call boys so I automated this Gamithra   4 Open source training materials for law-enforcement and organisations interested in DFIR. neolea   47 Accurately find/replace/remove emojis in text strings bsolomon1124 apache-2.0 130 A modular scanner for finding open data store (MongoDB, Redis or alike) and feed result into AIL ail-project agpl-3.0 6 Test and measurement hardware abstraction library and protocol decodes. This is the library only. Most users should use scopehal-apps. glscopeclient bsd-3-clause 120 Cerebrate training materials cerebrate-project   7 Virtual whiteboard for sketching hand-drawn like diagrams excalidraw mit 34603 A personal knowledge management and sharing system for VSCode foambubble other 13015 This repository holds the data, source code and resulting model weights for the paper “Towards end-to-end Cyberthreat Detection from Twitter using Multi-Task Learning” to be presented at IJCNN 2020. ndionysus mit 14 Ça reste ouvert - the collaborative map of open places during the lockdown caresteouvert agpl-3.0 56 s3eker is an extensible way to find open S3 buckets. scriptingislife   17 Threat Hunting tool about Sysmon and graphs lucky-luk3 lgpl-3.0 245 A Python library to help with some common threat hunting data analysis operations target mit 123 💥 Fast State-of-the-Art Tokenizers optimized for Research and Production huggingface apache-2.0 5995 🤗 The largest hub of ready-to-use datasets for ML models with fast, easy-to-use and efficient data manipulation tools huggingface apache-2.0 14676 Analysis of DNS records to find popular trends bitquark mit 412 Resources About Persistence, Multiple Platforms. Including ~80 Tools and 300+ Posts. alphaSeclab   84 Linkedin Employee Profile Scrapper bigb0sss mit 45 An asynchronous TCP and UDP port scanner developed by the late Jack C. Louis. IFGHou other 9 State-of-the-art native debugging tool HyperDbg gpl-3.0 1877 Vulnerability checker for Callstranger (CVE-2020-12695) yunuscadirci mit 386 High-speed packet processing framework ntop lgpl-2.1 2319 CVE-2020-0796 Remote Code Execution POC ZecOps   479 Powerful yet simple to use screenshot software :desktop_computer: :camera_flash: flameshot-org gpl-3.0 19243 CVE-2020-1206 Uninitialized Kernel Memory Read POC ZecOps other 144 Import specific data sources into the Sigma generic and open signature format. 0xThiebaut eupl-1.2 69 A collection of useful .gitignore templates github cc0-1.0 140235 Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems. CERTCC bsd-3-clause 167 SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files m4ll0k gpl-3.0 1180 publishing - 2020 book paperbay   3 Raw binary firmware analysis software quarkslab apache-2.0 360 The aim of this repository is to provide a list of examples of tools, sources and measures available to incident response teams enisaeu   47 A LaTeX class for books, reports or theses based on and fmarotta lppl-1.3c 594 Extract and aggregate threat intelligence. InQuest gpl-2.0 604 Extract AutoIt scripts embedded in PE binaries nazywam mit 116 Converting data from services like Censys and Shodan to a common data model 3c7 mit 34 Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3. secdev gpl-2.0 8124   C00kie- cc-by-sa-4.0 5 Open source 5G core network base on 3GPP R15 free5gc apache-2.0 1468   chompie1337   1189 A lightweight dynamic instrumentation library googleprojectzero apache-2.0 837 Daniel’s Hosting - 8350 DBs KingNull-dumps   4 Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools. cerebrate-project agpl-3.0 64 Various small scripts that make life easier with RT(IR) certat agpl-3.0 3 A from-scratch rewrite of The Backdoor Factory - a MitM tool for inserting shellcode into all types of binaries on the wire. Binject gpl-3.0 339 Build your personal knowledge base with Trilium Notes zadam agpl-3.0 18514 Java Library wrapper for Ghidra Headless Analysis + Java Samples nshalabi   13 The Shadow Attack Framework JoelGMSec gpl-3.0 911 Python rewrite of passive OS fingerprinting tool xnih gpl-2.0 74 Automated IOC-scanner for FinCERT BardinPetr gpl-3.0 6 Rich is a Python library for rich text and beautiful formatting in the terminal. Textualize mit 40549 a recon tool that finds sensitive data inside the screenshots uploaded to utkusen bsd-3-clause 553 inject or convert shellcode to PE 0xballistics gpl-3.0 22 A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber nsacyber other 1106 CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks. WithSecureLabs mit 238 A Telegram Mass Surveillance Bot in Python paulpierre mit 1088 Dump messages and media info from list of Telegram channels to CSV and monitor for changes citcheese   17 Baseband Receiver IP for GPS like DSSS signals j-core other 21 DVB transmit and receive F5OEO gpl-3.0 31 Code for the paper “Scanning the Internet for Liveness” sheharbano   10 Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. WithSecureLabs other 1222 convert SQL dumps and other leaked db dump formats to CSV citcheese   28 The real deal java-deobfuscator apache-2.0 1245 OpenDyslexic, a typeface that uses typeface shapes & features to help offset some visual symptoms of Dyslexia. Now in SIL-OFL. antijingoist other 347 VGA and BIOS rom font extraction spacerace   495 Convert HTML to Markdown-formatted text. Alir3z4 gpl-3.0 1318 american fuzzy lop - a security-oriented fuzzer google apache-2.0 2931 A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows. outflanknl gpl-3.0 1777 Tool to submit / delete data from MISP to opendata portal MISP agpl-3.0 5 identify and investigate open ElasticSearch servers nemec mit 6 An implementation of TEMPEST en GNU Radio git-artes other 414 Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing. Shuffle agpl-3.0 812 TwitterMon is a module developed for AIL framework which allows to monitor the content published in Twitter either within a certain period of time or in real time, in addition to performing a sentiment analysis and a statistical analysis of the publications collected. S1sirocks agpl-3.0 8 Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier. byt3bl33d3r gpl-3.0 641 Notes and utilities for reverse engineering the MediaTek LTE baseband and its Coresonic DSP. cyrozap gpl-3.0 142 xlrd2 is a variant of xlrd that is actively maintained DissectMalware apache-2.0 21 The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with a list of components and versions. intel gpl-3.0 588 Python multi-engine PCAP analysis kit. JarryShaw bsd-3-clause 155 Impacket is a collection of Python classes for working with network protocols. SecureAuthCorp other 10061 Placeholder for my research content stricaud   1 Investigate suspicious activity by visualizing Sysmon’s event log JPCERTCC other 371 We have made you a wrapper you can’t refuse python-telegram-bot gpl-3.0 20051 Contact Tracing BLE sniffer PoC oseiskar agpl-3.0 75 JPL designed 3D and tested printed respirators to help with the COVID-19 pandemic response. nasa-jpl apache-2.0 118 AIL project training materials ail-project   12 Universal markup converter jgm other 26845 Concurrent data pipelines in Python  »> cgarciae mit 1382 A research-validated stethoscope whose plans are available Freely and openly. The cost of the entire stethoscope is between $2.5 to $5 to produce GliaX other 688 Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups StrangerealIntel   588 BGP implemented in the Rust Programming Language osrg apache-2.0 340 MALLET is a Java-based package for statistical natural language processing, document classification, clustering, topic modeling, information extraction, and other machine learning applications to text. mimno other 889 The Java Graphical Authorship Attribution Program evllabs   233 Telegram scenario-based API aimed at OSINT Postuf mit 129 Kvrocks is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Redis protocol. apache apache-2.0 1805 symmetric key encryption compatible with GPG in Python pts mit 2 Guidance for mitigation web shells. #nsacyber nsacyber other 871 This is a taxonomy of infantry small arms based on Alexiskln   2 MISP module which displays informations about an URL based on a google search engine API. In order to use this hover type module you need to download the following API : No API key is needed. M0un   1 Projet Threat Intelligence - PyMisp - Stolen Cars US N1col4s5742   1 Foundations for Meta-Analysis by Rob Johnston for MISP-Instance Nedfire2347   1 AIL framework - Analysis Information Leak framework ail-project agpl-3.0 333 A Python 3 compatible version of goose goose3 apache-2.0 590 A fastai2 based Covid-19 classifier deep-insights-ai gpl-3.0 16 OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories that have the data you care about exposing citcheese mit 41 A OSINT tool to obtain a target’s phone number just by having his email address martinvigo mit 1090–W/cookie-manager Cookie Manager for Firefox (Desktop/Android), Chrome.