#Infosec
Showing 60 of 621 repositories tagged #infosec, ranked by stars
Hunt down social media accounts by username across social networks
๐ต๏ธโโ๏ธ Collect a dossier on a person by username from 3000+ sites
817 structured cybersecurity skills for AI agents ยท Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) ยท agentskills.io standard ยท Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms ยท 29 security domains ยท Apache 2.0
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Fast web fuzzer written in Go
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Web path scanner
Damn Vulnerable Web Application (DVWA)
Exploitation Framework for Embedded Devices
An HTTP toolkit for security research.
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
Gather and update all available and newest CVEs with their PoC.
๐ A collection of interesting, funny, and depressing search queries to plug into shodan.io ๐ฉโ๐ป
Everything about Web Application Firewalls (WAFs) from Security Standpoint! ๐ฅ
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
All about bug bounty (bypasses, payloads, and etc)
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password ๐ก๏ธ
Open Source Vulnerability Management Platform
A curated list of GPT agents for cybersecurity
A list of interesting payloads, tips and tricks for bug bounty hunters.
A collection of awesome security hardening guides, tools and other resources
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
"Can I take over XYZ?" โ a list of services and how to claim (sub)domains with dangling DNS records.
A curated list of awesome infosec courses and training resources.
ffffffff0x ๅข้็ปดๆค็ๅฎๅ จ็ฅ่ฏๆกๆถ,ๅ ๅฎนๅ ๆฌไธไป ้ไบ webๅฎๅ จใๅทฅๆงๅฎๅ จใๅ่ฏใๅบๆฅใ่้่ฎพๆฝ้จ็ฝฒใๅๆธ้ใLinuxๅฎๅ จใๅ็ฑป้ถๆบwritup
The Network Execution Tool
:computer:๐ก๏ธ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
Cameradar hacks its way into RTSP videosurveillance cameras
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
A collected list of awesome security talks
Snoop โ ะธะฝััััะผะตะฝั ัะฐะทะฒะตะดะบะธ ะฝะฐ ะพัะฝะพะฒะต ะพัะบััััั ะดะฐะฝะฝัั (OSINT world)
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
Hide secrets with invisible characters in plain text securely using passwords ๐ง๐ปโโ๏ธโญ
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
ๅทก้ฃๆฏไธๆฌพ้็จไบไผไธๅ ็ฝ็ๆผๆดๅฟซ้ๅบๆฅ๏ผๅทก่ชๆซๆ็ณป็ปใ
EMBA - The firmware security analyzer
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Awesome Node.js Security resources
Pentest Report Generator
Vulnerability Intelligence Platform
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
๐ต๏ธ OSINT Tools for gathering information and actions forensics ๐ต๏ธ
CTF challenge (mostly pwn) files, scripts etc
Fast, multi-protocol credential brute-forcer. Parses Nmap, Nessus, and Nexpose output to automatically test default and custom credentials across 30+ protocols.
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
Maintained collection of OSINT related resources. (All Free & Actionable)
The Swiss Army knife for automated Web Application Testing
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
This challenge is Inon Shkedy's 31 days API Security Tips.
DNS Takeover tool written in Go
Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.
VirusTotal Wanna Be - Now with 100% more Hipster
A proposed standard that allows websites to define security policies.
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. ๐ก๏ธโ๏ธ๐ง
Metlo is an open-source API security platform.
Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome.