493 Open Source Infosec Software Projects
Free and open source infosec code projects including engines, APIs, generators, and tools.
Spiderfoot 7111 ⭐
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Nishang 6061 ⭐
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Red Teaming Toolkit 5809 ⭐
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Infosec_reference 4205 ⭐
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Pwdb Public 2503 ⭐
A collection of all the data i could extract from 1 billion leaked credentials from internet.
Can I Take Over Xyz 2855 ⭐
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Securityadvisories 2305 ⭐
:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily
Stegcloak 2409 ⭐
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
Awesome Shodan Queries 2840 ⭐
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Cloakify 1242 ⭐
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Awesome Cybersecurity Blueteam 2169 ⭐
:computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
Dumpsterfire 826 ⭐
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Awesome Security Gists 762 ⭐
A collection of various GitHub gists for hackers, pentesters and security researchers
Chashell 861 ⭐
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Bashfuscator 821 ⭐
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Assessment Mindset 646 ⭐
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Integration It Active Directory Exploitation Cheat Sheet 1170 ⭐
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Infosec_getting_started 533 ⭐
A collection of resources/documentation/links/etc to help people learn about Infosec and break into the field.
Android Reports And Resources 866 ⭐
A big list of Android Hackerone disclosed reports and other resources.
Nzyme 1008 ⭐
Nzyme is a free and open next-generation WiFi defense system. Go to www.nzyme.org for more information.
Security Tools 580 ⭐
My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
Passphrase Wordlist 710 ⭐
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Securitymanageframwork 395 ⭐
Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Cs7038 Malware Analysis 538 ⭐
Course Repository for University of Cincinnati Malware Analysis Class (CS038)
Race The Web 455 ⭐
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Bxss 353 ⭐
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Bugbountyguide 383 ⭐
Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
Natlas 466 ⭐
Scaling Network Scanning. Changes prior to 1.0 may cause difficult to avoid backwards incompatibilities. You've been warned.
Vixentael My Talks 274 ⭐
List of my talks and workshops: security engineering, applied cryptography, secure software development
Alulsh Personal Security Checklist 257 ⭐
Personal security checklist for securing your devices and accounts.
Credsleaker 275 ⭐
Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.
Autosqli 234 ⭐
An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.
Stalkphish 328 ⭐
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Application Security Engineer Interview Questions 394 ⭐
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Crithit 183 ⭐
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.