A curated list of my GitHub stars! Generated by starred
[Jupyter Notebook](#jupyter notebook)
mysql-sniffer - mysql-sniffer is a network traffic analyzer tool for mysql, it is developed by Qihoo DBA and infrastructure team
vuzzer -
python-Levenshtein - The Levenshtein Python C extension module contains functions for fast computation of Levenshtein distance and string similarity
json-c - https://github.com/json-c/json-c is the official code repository for json-c. See the wiki for release tarballs for download.
netdata - Get control of your servers. Simple. Effective. Awesome. https://my-netdata.io/
rsyslog - a Rocket-fast SYStem for LOG processing
rooty - libpcap based ICMP encrypted backdoor for linux.
mf_nonce_brute - 1st phase of mifare classic nested auth key recovery
naxsi - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
lanmap2 - builds database/visualizations of LAN structure from passively sifted information
icmptunnel - Transparently tunnel your IP traffic through ICMP echo and reply packets.
http-sniffer - A multi-threading tool to sniff TCP flow statistics and embedded HTTP headers from PCAP file. Each TCP flow carrying HTTP is exported to text file in json format.
keysniffer - Linux kernel mode debugfs keylogger
sslnuke - Transparent proxy that decrypts SSL traffic and prints out IRC messages.
Kadimus - Kadimus is a tool to check sites to lfi vulnerability , and also exploit it...
Auto_EAP - Automated Brute-Force Login Attacks Against EAP Networks.
icmpsh - Simple reverse ICMP shell
public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups
wifi-arsenal - WiFi arsenal
goaccess - GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
metasploit-payloads - Unified repository for different Metasploit Framework payloads
s2e - S2E - A Platform for In-Vivo Multi-Path Software Analysis
Mirai-Source-Code - Leaked Mirai Source Code for Research/IoC Development Purposes
zmap - ZMap Internet Scanner
thc-ipv6 - IPv6 attack toolkit
FreeRDP - FreeRDP is a free remote desktop protocol client
how2heap - A repository for learning various heap exploitation techniques.
osxtun - create tun in osx
ssocks - sSocks fork for windows support; original: https://sourceforge.net/projects/ssocks/
kcp - KCP - A Fast and Reliable ARQ Protocol
go-opencl - Go language binding to the OpenCL library
skynet - A lightweight online game framework
tcpcopy - An online request replication tool, also a tcp stream replay tool, fit for real testing, performance testing, stability testing, stress testing, load testing, smoke testing, etc
poco - POCO C++ Libraries - Cross-platform C++ libraries with a network/internet focus.
socks5_c - 一个轻量级的 socks5 代理, 带简单加密传输功能, 可穿透 GFW
sshinner - A fast network solution for desktop user including intra-network export, ss5 proxy, dns proxy
shadowsocks-libev - libev port of shadowsocks
redsocks - transparent redirector of any TCP connection to proxy
pwnat - pwnat punches holes in firewalls and NATs allowing any numbers of clients behind NATs to directly connect to a server behind a different NAT using a newly developed technique with no 3rd party, port forwarding, DMZ or spoofing
proxychains - proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.
proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
icmpsh - Simple reverse ICMP shell
disque - Disque is a distributed message broker
yar - Light, concurrent RPC framework for PHP & C
passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
webdis - A Redis HTTP interface with JSON output
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
wkhtmltopdf - Convert HTML to PDF using Webkit (QtWebKit)
protobuf - Protocol Buffers - Google's data interchange format
dnscat2 -
hunter - (l)user hunter using WinAPI calls only
mxnet - Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more
Pebble - Pebble分布式开发框架
Teaf - Tencent Easy ACE Framework,基于ACE的高性能服务框架,有完善的监控统计,数据库访问等功能
libco - libco is a coroutine library which is widely used in wechat back-end service. It has been running on tens of thousands of machines since 2013.
s3fs-fuse - FUSE-based file system backed by Amazon S3
tensorflow - Computation using data flow graphs for scalable machine learning
Paddle - PArallel Distributed Deep LEarning
udp2tcp_tunnel - UDP to TCP tunnel for sending datagrams through weak network
udp_client_server - Simple udp client and server for udp2tcp_tunnel testing
dns-tcp2udp - DNS TCP to UDP proxy
fhscanhttplibrary - Automatically exported from code.google.com/p/fhscanhttplibrary
libtins - High-level, multiplatform C++ network packet sniffing and crafting library.
ChromeLogger - Chrome Keylogger Extension
gobyexample - Go by Example
normalize.css - A collection of HTML element and attribute style-normalizations
agent - linux monitor agent
cayley - An open-source graph database
wuzz - Interactive cli tool for HTTP inspection
onionscan - OnionScan is a free and open source tool for investigating the Dark Web.
zdns - DNS Lookup and Manipulation Tools
goquery - Jquery style selector engine for HTML documents, in Go.
keytransparency - A transparent and secure way to look up public keys.
sonar-es-go - Go scripts to import sonar (https://scans.io/study/sonar.ssl) into elasticsearch
httpparse - Capture and parse http traffics
ssllabs-scan - A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
zgrab - Application layer scanner that operates with ZMap
poseidon - A search engine which can hold 100 trillion lines of log data.
clair - Vulnerability Static Analysis for Containers
rpcx - A RPC service framework based on net/rpc like alibaba Dubbo and weibo Motan. One of best performance RPC frameworks.
sshbf - Simple SSH brute-forcer written in Go
sshhipot - High-interaction MitM SSH honeypot
pprof - pprof is a tool for visualization and analysis of profiling data
go - my golang lib
go-mysql-elasticsearch - Sync MySQL data into elasticsearch
go-mysql - a powerful mysql toolset with Go
initials-avatar - Initials avatar for golang
bro-pdns - Passive DNS collection using Bro
s5.go - Socks5 proxy server by golang
whois-parser-go - Go module for whois info parser
whois-go - Go module for domain whois
whois - Whois client for Go.
blacksheepwall - blacksheepwall is a hostname reconnaissance tool
render - Go package for easily rendering JSON, XML, binary data, and HTML templates responses.
IP-resolver - A command-line tool for getting a domain's IPs from multiple name servers.
goquery - A little like that j-thing, only in Go.
go-libxml2 - Interface to libxml2, with DOM interface
go-pkg-xmlx - Extension to the standard Go XML package. Maintains a node tree that allows forward/backwards browsing and exposes some simple single/multi-node search functions.
gokogiri - A light libxml wrapper for Go
xurls - Extract urls from text
grpc-go - The Go language implementation of gRPC. HTTP/2 based RPC
gorpc - Simple, fast and scalable golang rpc library for high load
netstack - IPv4 and IPv6 userland network stack
vitess - Vitess is a database clustering system for horizontal scaling of MySQL.
nosurf - CSRF protection middleware for Go.
toxiproxy - ⏰ 🔥 A TCP proxy to simulate network and system conditions for chaos and resiliency testing
gopcap - A simple wrapper around libpcap for the Go programming language
go-stun - A go implementation of the STUN client (RFC 3489 and RFC 5389)
pool - 🚤 a limited consumer goroutine or unlimited goroutine pool for easier goroutine handling and cancellation
goworker - goworker is a Go-based background worker that runs 10 to 100,000* times faster than Ruby-based workers.
redigo - Go client for Redis
go-commons-pool - a generic object pool for golang
chisel - A fast TCP tunnel over HTTP
s3gof3r - Fast, concurrent, streaming access to Amazon S3, including gof3r, a CLI. http://godoc.org/github.com/rlmcpherson/s3gof3r
gin - Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
containerd - An open and reliable container runtime
machinery - Machinery is an asynchronous task queue/job queue based on distributed message passing.
dingo - An easy-to-use, distributed, extensible task/job queue framework for #golang
goqless - Redis job queue for Go (golang)
negroni - Idiomatic HTTP Middleware for Golang
grpool - Lightweight Goroutine pool
tunny - A goroutine pool for golang
go-fetcher - 爬虫器(golang), 模拟浏览器特征保存cookie,referer,以达到爬虫的目的
tunnel -
gopkg - example for the go pkg's function
golang-set - A simple set type for the Go language. Also used in Docker.
gobook - The Go Programming Language
go-daemon - A library for writing system daemons in golang.
daemon - A daemon package for use with Go (golang) services with no dependencies
grimd - ⚡ fast dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers
martian - Martian is a library for building custom HTTP/S proxies
kingshard - A high-performance MySQL proxy
httpstat - It's like curl -v, with colours.
gocode - An autocompletion daemon for the Go programming language
shadowsocks-go - go port of shadowsocks
hey - HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom
vegeta - HTTP load testing tool and library. It's over 9000!
cadvisor - Analyzes resource usage and performance characteristics of running containers.
cli - A simple, fast, and fun package for building command line apps in Go
terraform - Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.
nsq - A realtime distributed messaging platform
consul - Consul is a tool for service discovery, monitoring and configuration.
ngrok - Introspected tunnels to localhost
syncthing - Open Source Continuous File Synchronization
kubernetes - Production-Grade Container Scheduling and Management
dns - DNS library in Go
lantern - ??Lantern Latest Download https://github.com/getlantern/lantern/releases/tag/latest ??蓝灯最新版本下载 https://github.com/getlantern/forum/issues/833 ??
go-nsq - The official Go package for NSQ
go_spider - [爬虫框架 (golang)] An awesome Go concurrent Crawler(spider) framework. The crawler is flexible and modular. It can be expanded to an Individualized crawler easily or you can use the default crawl components only.
kcptun - A Secure Tunnel Based On KCP with N:M Multiplexing
socks - A SOCKS (SOCKS4, SOCKS4A and SOCKS5) Proxy Package for Go
socks - socks -- a proxy server.
tools - [mirror] Go Tools
net - [mirror] Go supplementary network libraries
everynet - golang for http socks5 proxy
socket - socket lib
stew - Stew is a very high performance package that extends common Go objects providing better alternatives or wrappers.
gorequest - GoRequest -- Simplified HTTP client ( inspired by nodejs SuperAgent )
tls-example - Golang crypto/tls example. x509 certificate create and sign.
goreq - A Simplified Golang Http Client
the-way-to-go_ZH_CN - 《The Way to Go》中文译本,中文正式名《Go入门指南》
golang -
cow - HTTP proxy written in Go. COW can automatically identify blocked sites and use parent proxies to access.
fasthttp - Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http
go-fundamental-programming - 《Go 编程基础》是一套针对 Google 出品的 Go 语言的视频语音教程,主要面向新手级别的学习者。
gorm - The fantastic ORM library for Golang, aims to be developer friendly
configor - Golang Configuration tool that support YAML, JSON, TOML, Shell Environment
The-Golang-Standard-Library-by-Example - Golang标准库。对于程序员而言,标准库与语言本身同样重要,它好比一个百宝箱,能为各种常见的任务提供完美的解决方案。以示例驱动的方式讲解Golang的标准库。
toml - TOML parser for Golang with reflection.
etcd - Distributed reliable key-value store for the most critical data of a distributed system
db - A productive data access layer for Go.
build-web-application-with-golang - A golang ebook intro how to build a web with golang
gotunnel2 - socks5 proxy.
go-socks - SOCKS5 proxy library for Go
goproxy - An HTTP proxy library for Go
tour - Go 语言官方教程中文版
go - Go 编程语言中文翻译
qtunnel - A secure socket tunnel works on getqujing.com
xtunnel -
skynet - Skynet is a framework for distributed services in Go.
goreplay - GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.
glow - Glow is an easy-to-use distributed computation system written in Go, similar to Hadoop Map Reduce, Spark, Flink, Storm, etc. I am also working on another similar pure Go system, https://github.com/chrislusf/gleam , which is more flexible and more performant.
go-simplejson - a Go package to interact with arbitrary JSON
mysql - Go MySQL Driver is a MySQL driver for Go's (golang) database/sql package
awesome-go - A curated list of awesome Go frameworks, libraries and software
gopl-zh - Go圣经中文读书笔记(你懂的)
transocks - Transparent SOCKS5 / HTTP proxy in Go
go-socks5 - SOCKS5 server in Golang
vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
gryffin - Gryffin is a large scale web security scanning platform
hyperfox - HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation.
- jd-gui - A standalone Java Decompiler GUI
xhtml2pdf - A library for converting HTML into PDFs using ReportLab
osx-installer - Docker installer for Mac OS X
pcapy - Pcapy is a Python extension module that interfaces with the libpcap packet capture library.
metasploitable3 - Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
DVRF - The Damn Vulnerable Router Firmware Project
PacketStorm-Exploits - Collection of publicly available exploits from Packetstorm
phantomjs - Scriptable Headless WebKit
webdriver_guide - webdriver guide
NPWG_zh - Network programming with Go 中文翻译版本
domxssscanner - DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
GoogleScraper - A Python module to scrape several search engines (like Google, Yandex, Bing, Duckduckgo, Baidu and others) by using proxies (socks4/5, http proxy) and with many different IP's, including asynchronous networking support (very fast).
- regex-genex - Given a list of regexes, generate all possible strings that matches all of them.
S2-046-PoC - S2-046-PoC
burp-ysoserial - YSOSERIAL Integration with burp suite
elasticsearch-knapsack - Knapsack plugin is an import/export tool for Elasticsearch
wycheproof - Project Wycheproof tests crypto libraries against known attacks.
android - cSploit - The most complete and advanced IT security professional toolkit on Android.
android-oss - Kickstarter for Android. Bring new ideas to life, anywhere.
AwesomeValidation - Android validation library which helps developer boil down the tedious work to three easy steps.
ghostdriver - Ghost Driver is an implementation of the Remote WebDriver Wire protocol, using PhantomJS as back-end
browsermob-proxy - A free utility to help web developers watch and manipulate network traffic from their AJAX applications.
parallec - Fast Parallel Async HTTP/SSH/TCP/UDP/Ping Client Java Library. Aggregate 100,000 APIs & send anywhere in 20 lines of code. Ping/HTTP Calls 8000 servers in 12 seconds. (Akka) www.parallec.io
restcommander - Fast Parallel Async HTTP client as a Service to monitor and manage 10,000 web servers. (Java+Akka)
ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
crawljax - Crawljax: Crawling JavaScript-based Ajax Web Applications
ajvm - A hobby jvm, just want to know how a java virtual machine works.
csv2md - Convert csv data to markdown tables
betwixt - ⚡ Web Debugging Proxy based on Chrome DevTools Network panel.
JudasDNS - Nameserver DNS poisoning attacks made easy
intrigue-core - Discover your attack surface!
elasticsearch-head - A web front end for an elastic search cluster
WhoDat - Pivotable Reverse WhoIs / PDNS Fusion with Registrant Tracking & Alerting plus API for automated queries (JSON/CSV/TXT)
AtEar - Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration
ssrfDetector - Server-side request forgery detector
hexo - A fast, simple & powerful blog framework, powered by Node.js.
chrome-remote-interface - Chrome Debugging Protocol interface for Node.js
scans - AWS security scanning checks
cropper - A simple jQuery image cropping plugin.
Wappalyzer - Cross-platform utility that uncovers the technologies used on websites.
ServiceWorkersDemos - Demo apps utilizing Service Workers.
webdriverio - Webdriver/Selenium JavaScript bindings for Node.js
phantomas - PhantomJS-based web performance metrics collector and monitoring tool
hackathon-casperjs - CasperJS tests on Magento
page-monitor - capture webpage and diff the dom change with phantomjs ?
casperjs - Navigation scripting and testing utility for PhantomJS and SlimerJS
phantom-proxy - a lightweight proxy that lets you to drive phantomjs from node.
selenium - A browser automation framework and ecosystem.
domain-regex - A regular expression for most valid domains (including the latest TLDs)
livepool - Fiddler like cross platform debugging proxy for web developers base on NodeJS
DataTables - Tables plug-in for jQuery
OnlinePythonTutor - Visualize Python, Java, JavaScript, TypeScript, Ruby, C, and C++ code execution in your Web browser
pm2 - Production process manager for Node.js apps with a built-in load balancer.
easy-pie-chart - easy pie chart is a lightweight plugin to draw simple, animated pie charts for single values
code2flow - Turn your Python and Javascript code into DOT flowcharts
Semantic-UI - Semantic is a UI component framework based around useful principles from natural language.
- OTX-Python-SDK - Open Threat Exchange is an open community that allows participants to learn about the latest threats, research indicators of compromise observed in their environments, share threats they have identified, and automatically update their security infrastructure with the latest indicators to defend their environment.
yinyangshi-touchelf - 阴阳师的触摸精灵脚本
ngx_lua_waf - ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙
- lscan - lscan is a library identification tool on statically linked/stripped binaries
- manpages-zh - Chinese Manual Page
GCDWebServer - Lightweight GCD based HTTP server for OS X & iOS (includes web based uploader & WebDAV server)
Today-Scripts - A widget for running scripts in the Today View in OS X Yosemite's Notification Center
AutoGetRedEnv - 微信自动抢红包动态库
trip-to-iOS - A curated list of delightful iOS resources.
SXNews - High imitation Neteasy News. (include list,detail,photoset,weather,feedback)
be-a-professional-programmer - 成为专业程序员路上用到的各种优秀资料、神器及框架
Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources
awesome-reversing - A curated list of awesome reversing resources
bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Blog_Backup - A repository with various tutorials on how to do things in Pentesting, setup environments and other things
pentest-bookmarks - A collection of penetration testing related sites
wordpress_plugin_security_testing_cheat_sheet - WordPress Plugin Security Testing Cheat Sheet
ThreatHunting - An informational repo about hunting for adversaries in your IT environment.
security-cheatsheets - ?? A collection of cheatsheets for various infosec tools and topics.
pentest-bookmarks - a collection of handy bookmarks
AndroidWifiCracker - This was a project to create an android based wifi cracking tool as a proof of concept. It seemed to work well.
snmpdos - Create a DDOS attack using SNMP servers
Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
DeviceGuardBypassMitigationRules - A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses
awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things
Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
viewdns_api - ViewDNS API documentation
GreatiOSJailbreakMaterial - Great iOS Jailbreak Material! - I read hundreds of papers and PPTs. Only list the most useful materials here!
awesome-regex - A curated collection of awesome Regex libraries, tools, frameworks and software
oh-my-free-data - 整理一些 DNSPod 开放数据
APTnotes - Various public documents, whitepapers and articles about APT campaigns
APTnotes - Various public documents, whitepapers and articles about APT campaigns
Potatso - Potatso is an iOS client that implements Shadowsocks proxy with the leverage of NetworkExtension framework in iOS 9.
iOS-Pro - 《 iOS 开发进阶》随书示例程序和勘误
finalspeed - 高速双边加速软件,在高丢包,延迟环境下仍可达到90%物理带宽利用率.
book - 学习笔记
awesome-flask - A curated list of awesome Flask resources and plugins
awesome-python-cn - Python资源大全中文版,包括:Web框架、网络爬虫、模板引擎、数据库、数据可视化、图片处理等,由伯乐在线持续更新。
awesome - 😎 Curated list of awesome lists
Awesome-Networking - A curated list of awesome networking libraries, resources and shiny things
awesome-lua - A curated list of quality Lua packages and resources.
python-pentest-tools - Python tools for penetration testers
awesome-django - A curated list of awesome Django apps, projects and resources.
Scapy_zh-cn - Scapy中文使用文档
python-github-projects - Collect and classify python projects on Github
chinese_docker - docker中文文档,docker Chinese Documation
Scanners-Box - [Project-Kob-6]The toolbox of open source scanners - 安全行业从业人员自研开源扫描器合集??
SecLists - SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
dvws - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.
SQLMAP-Web-GUI - PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!
php-malware-finder - Detect potentially malicious PHP files
phpvulhunter - A tool that can scan php vulnerabilities automatically using static analysis methods
DVWA - Damn Vulnerable Web Application (DVWA)
Sn1per - Automated Pentest Recon Scanner
My-CTF-Web-Challenges - Collection of CTF Web challenges I made
IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
webshell - This is a webshell open source project
domain - domain for website
PHPidler - IRC bot
falcon - Falcon是一款基于inotify-tools 开发的Web服务器文件监控平台 能够实时监控Web目录文件变化(新增,修改,删除),判断文件内容是否包含恶意代码,自动隔离常见Webshell,保证Web目录文件安全
- VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)
nginx_syslog_patch - add the full syslog feature to Nginx
O-Saft - O-Saft - OWASP SSL advanced forensic tool
httpry - HTTP logging and information retrieval tool
nikto - Nikto web server scanner
- IoTSeeker - Created by Jin Qian via the GitHub Connector
dnscat2-powershell - A Powershell client for dnscat2, an encrypted DNS command and control tool.
Azurite - Enumeration and reconnaissance activities in the Microsoft Azure Cloud.
nishang - Nishang - PowerShell for penetration testing and offensive security.
CrackMapExec - A swiss army knife for pentesting networks
incubator-airflow - Apache Airflow (Incubating)
luigi - Luigi is a Python module that helps you build complex pipelines of batch jobs. It handles dependency resolution, workflow management, visualization etc. It also comes with Hadoop support built in.
md2pdf - Markdown to PDF conversion tool
pdf-to-markdown - Convert PDF files into markdown files
flare-ida - IDA Pro utilities from FLARE team
anaconda - Anaconda turns your Sublime Text 3 in a full featured Python development IDE including autocompletion, code linting, IDE features, autopep8 formating, McCabe complexity checker Vagrant and Docker support for Sublime Text 3 using Jedi, PyFlakes, pep8, MyPy, PyLint, pep257 and McCabe that will never freeze your Sublime Text 3
DottedDict - Python library that provides a method of accessing lists and dicts with a dotted path notation.
docker-nfqueue-scapy - Docker container for intercepting packets with scapy from a netfilter queue (nfqueue)
raven-python - Raven is a Python client for Sentry (getsentry.com)
supervisor - Supervisor process control system for UNIX
evilarc - Create tar/zip archives that can exploit directory traversal vulnerabilities
SublimeLinter-flake8 - SublimeLinter plugin for python, using flake8.
dockerscan - Docker security analysis & hacking tools
werkzeug - A flexible WSGI implementation and toolkit
pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
python-nameparser - A simple Python module for parsing human names into their individual components
fuzzywuzzy - Fuzzy String Matching in Python
cinspect - Code inspection for Python builtins
pywifi - A cross-platform module for manipulating WiFi devices.
reGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
java_deserialization_exploits - A collection of Java Deserialization Exploits
nimbostratus-target - This repository holds a target infrastructure you can use for running the nimbostratus tools.
reppy - Modern robots.txt Parser for Python
sre_yield - Python module to generate regular all expression matches
wfuzz - Web application fuzzer
cansina - Web Content Discovery Tool
python3-wappalyzer - python3-wappalyzer
PyV8-OS-X - Compiled PyV8 for Mac OS X
wappalyzer-python - Python wrapper for Wappalyzer (utility that uncovers the technologies used on websites)
python-libnmap - libnmap is a python library to run nmap scans, parse and diff scan results. It supports python 2.6 up to 3.4. It's wonderful.
burp-HttpFuzzer - Burp plugin to do random fuzzing of HTTP requests
python_learn - 郭帅用于学习的python's code
hacking_script - 开发或收集的一些网络安全方面的脚本、小工具
gunicorn - gunicorn 'Green Unicorn' is a WSGI HTTP Server for UNIX, fast clients and sleepy applications.
webpwn3r - WebPwn3r - Web Applications Security Scanner.
operative-framework - This is a framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules (Viadeo search,Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics ...)
celerybeat-mongo - A Celery Beat Scheduler that uses MongoDB to store both schedule definitions and status information
ztag - Tagging and annotation framework for scan data
wig - WebApp Information Gatherer
Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
wdb - An improbable web debugger through WebSockets
pysandbox - WARNING: pysandbox is BROKEN BY DESIGN, please move to a new sandboxing solution (run python in a sandbox, not the opposite!)
exitmap - A fast and modular scanner for Tor exit relays.
truffleHog - Searches through git repositories for high entropy strings, digging deep into commit history
aiomysql - aiomysql is a library for accessing a MySQL database from the asyncio
sslstrip - A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
zschema - A schema language for JSON documents that allows validation and compilation into various database engines
domain-scan - A standard pipeline for running open source scanning tools on domains to measure things like speed, accessibiity, and HTTPS.
osint-combiner - Combining OSINT sources in Elastic Stack
elasticsearch-py - Official Python low-level client for Elasticsearch.
Kvasir - Kvasir: Penetration Test Data Management
pyes - Python connector for ElasticSearch - the pythonic way to use ElasticSearch
python-logstash - Python logging handler for Logstash.
scansio-sonar-es - Python scripts to parse scans.io ssl data and ingest into elasticsearch for searching
autoDANE - Auto Domain Admin and Network Exploitation.
iSniff-GPS - Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices
CMSmap -
PyJFuzz - PyJFuzz - Python JSON Fuzzer
SQLViking - sniff/log database traffic or actively execute arbitrary queries via TCP injection
ivre - Network recon framework.
impacket - Impacket is a collection of Python classes for working with network protocols.
smbmap - SMBMap is a handy SMB enumeration tool
python-evtx - Pure Python parser for recent Windows Event Log files (.evtx)
spraywmi - SprayWMI is an easy way to get mass shells on systems that support WMI. Much more effective than PSEXEC as it does not leave remnants on a system.
http-sniffer - A simple implementation of HTTP proxy server in Twisted which applies some transformations for content
nosqlpot - The NoSQL Honeypot Framework
Keylogger - A simple keylogger for Windows, Linux and Mac by Giacomo Lawrance
routersploit - The Router Exploitation Framework
shellfire - Exploitation shell for exploiting LFI, RFI, and command injection vulnerabilities
rainmap-lite - Rainmap Lite - Responsive web based interface that allows users to launch Nmap scans from their mobiles/tablets/web browsers!
POC-T - 渗透测试插件化并发框架
wifijammer - Continuously jam all wifi clients/routers
commix - Automated All-in-One OS command injection and exploitation tool.
LaZagne - Credentials recovery project
foghorn - The foghorn project is a DNS proxy intended to reduce user exposure to phishing and other malicious items that can be interdicted by DNS greylisting
wifite -
apt2 - automated penetration toolkit
python-wpa-supplicant - WPA Supplicant wrapper for Python
pwnypack - Certified Edible Dinosaurs official CTF toolkit
Routerhunter-2.0 - Testing vulnerabilities in devices and routers connected to the Internet.
dnsrecon - DNS Enumeration Script
HoneyPy - A low interaction honeypot.
creak - Poison, reset, spoof, redirect MITM script
ABPTTS - TCP tunneling over HTTP/HTTPS for web application servers
multitun - Tunnel arbitrary traffic through an innocuous WebSocket. Clients can 'see' each other, resulting in a stealth WebSocket VPN.
lianwifi - wifi万能钥匙api
OpenDoor - OWASP WEB Directory Scanner
WAFNinja - WAFNinja is a tool which contains two functions to attack Web Application Firewalls.
xsser - From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016
binwalk - Firmware Analysis Tool
Fireaway - Next Generation Firewall Audit and Bypass Tool
DPAT - Domain Password Audit Tool for Pentesters
cloudflare_enum - Cloudflare DNS Enumeration Tool for Pentesters
AuthMatrix - AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
Haveibeenpwn-script - Simple python script to find pwned email with a nickname
research - dataset and code for 2016 paper "Learning a Driving Simulator"
macOS-Security-and-Privacy-Guide - A practical guide to securing macOS.
the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode
mallory - Mallory - MiTM TCP and UDP Proxy
rollmac - Automated WiFi limit evasion
neural-style - Neural style in TensorFlow! 🎨
DeepLearningFlappyBird - Flappy Bird hack using Deep Reinforcement Learning (Deep Q-learning).
cve-search - cve-search - a tool to perform local searches for known vulnerabilities
ntpdos - Create a DDOS attack using NTP servers
sqlmap - Automatic SQL injection and database takeover tool
MITMf - Framework for Man-In-The-Middle attacks
pycookiecheat - Borrow cookies from your browser's authenticated session for use in Python scripts.
curlc - ➰ curl wrapper that uses chrome cookies
pycurl - PycURL - Python interface to libcurl
curl_to_requests - Python module for converting cURL commands into equivalent Python code using the requests library
HTTPretty - HTTP client mocking tool for Python, it's like ruby's FakeWeb for python
moto - Moto is a library that allows your python tests to easily mock out the boto library
uncurl - A library to convert curl requests to python-requests.
HT_infra - VPS infrastructure found in HT dumps
ThreatExchange - Share threat information with vetted partners
social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
aws_pwn - A collection of AWS penetration testing junk
tlsnotary - This project is an old version. Do not use it. New development moved to https://github.com/tlsnotary/tlsnotary. Prove to an auditor that an HTTPS page was in your browser
flint - The python client of passivedns.cn
PyPDNS - Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.
python_api - Python abstract API for PassiveTotal services in the form of libraries and command line utilities.
NoSQLMap - Automated Mongo database and NoSQL web application exploitation tool
boto3 - AWS SDK for Python
aliyun-oss-python-sdk - Aliyun OSS SDK for Python
note - 学习笔记
python-cymruwhois - Python client for the whois.cymru.com service
whois - Collects WHOIS details for every IPv4 netblock. Reports supported via Elasticsearch.
ipwhois - Retrieve and parse whois data for IPv4 and IPv6 addresses
python-whois - A python module for retrieving and parsing WHOIS data
viewdns-api - API en python para viewdns
fetch-some-proxies - Simple Python script for fetching "some" (usable) proxies
pypress - flask team blog
CloudTesting - 云计算产品性能测试指南(A Simple Guide on Testing Cloud Products)
ProxyBroker - Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS
tldextract - Accurately separate the TLD from the registered domain and subdomains of a URL, using the Public Suffix List.
flask-restful - Simple framework for creating REST APIs
flask-mail - Flask-Mail adds SMTP mail sending to your Flask applications
flask-login - Flask user session management.
flask-celery - Celery integration for Flask (SINCE CELERY 3.0 THIS IS NO LONGER NEEDED)
pluginbase - A simple but flexible plugin system for Python.
Tornado-MySQL - PyMySQL fork for Tornado
flask-celery-example - A simple example for using Flask + Celery
tornado - Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.
reddit - the code that powers reddit.com
zhihu-python - 获取知乎内容信息,包括问题,答案,用户,收藏夹信息
lxml - The lxml XML toolkit for Python
kidole - Passively fingerprint web applications based on their URLs
stormtrooper - A machine learning approach to fingerprinting web traffic
wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
dejavu - Audio fingerprinting and recognition in Python
mwebfp - LNHG - Mass Web Fingerprinter
python-Wappalyzer - Python driver for Wappalyzer, a web application detection utility.
plecost - Plecost - Wordpress finger printer Tool
WeRoBot - WeRoBot 是一个微信公众号开发框架
python - IP数据库Python语言解析代码(IPIP.net)
subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.
fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality.
ansible - Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications? automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.
iOSBlogCN - 中文 iOS/Mac 开发博客列表
noteshrink - Convert scans of handwritten notes to beautiful, compact PDFs
ungoogled-chromium - Modifications to Google Chromium for removing Google integration and enhancing privacy, control, and transparency
Nscan - Nscan: Fast internet-wide scanner
Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
Flask-SocketIO - Socket.IO integration for Flask applications.
flask-rq - RQ (Redis Queue) integration for Flask applications
PyMySQL - Pure Python MySQL Client
MySQLdb1 - MySQL database connector for Python (legacy version)
proxy2 - HTTP/HTTPS proxy in a single python script
arq - Fast job queuing and RPC in python with asyncio, redis and msgpack.
rq-scheduler - A light library that adds job scheduling capabilities to RQ (Redis Queue)
rq - Simple job queues for Python
docopt - Pythonic command line arguments parser, that will make you smile
w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.
sentry - Sentry is a cross-platform crash reporting and aggregation platform.
ShadowDNS - A DNS forwarder using Shadowsocks as the server
shadowsocks - backup of https://github.com/shadowsocks/shadowsocks
PySocksipyChain - Modified socks.py which supports chained proxies
tcpprox - A small command-line TCP proxy utility written in Python
Tcp-DNS-proxy - A TCP dns proxy which can get the RIGHT ip address
rtcp2udp - Reverse TCP Port to UDP Forwarding Tools
udp2tcp-bridge - a python script to translate a udp stream to tcp
tcp2udp - Tool for convert tcp traffic to udp. Firewall bypassing
python-pty-shells - Python PTY backdoors - full PTY or nothing!
django-debug-toolbar - A configurable set of panels that display various debug information about the current request/response.
maltrail - Malicious traffic detection system
flask - A microframework based on Werkzeug, Jinja2 and good intentions
httpie - Modern command line HTTP client ? user-friendly curl alternative with intuitive UI, JSON support, syntax highlighting, wget-like downloads, extensions, etc. https://httpie.org
algorithms - An educational library of algorithms in Python
schedule - Python job scheduling for humans.
django-taggit - Simple tagging for django
furl - URL parsing and manipulation made easy.
flanker - Python email address and Mime parsing library
requests-futures - Asynchronous Python HTTP Requests for Humans using Futures
django-q - A multiprocessing distributed task queue for Django
exploit-database-bin-sploits - Exploit Database binary exploits located in the /sploits directory
dnspython - a powerful DNS toolkit for python
python-daemon - Python daemonizer for Unix, Linux and OS X
daemonocle - A Python library for creating super fancy Unix daemons
awesome-python - A curated list of awesome Python frameworks, libraries, software and resources
envoy - Python Subprocesses for Humans?.
grequests - Requests + Gevent = <3
dnsyo - Check your DNS against over 1000 global DNS servers
mrq - Mr. Queue - A distributed worker task queue in Python using Redis & gevent
huey - a little task queue for python
bandit - Python AST-based static analyzer from OpenStack Security Group
django-websocket-redis - Websockets for Django applications using Redis as message queue
weakfilescan - 动态多线程敏感信息泄露检测工具
cupp - Common User Passwords Profiler (CUPP)
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers
xsscrapy - XSS spider - 66/66 wavsep XSS detected
popper -
docker-py - A Python library for the Docker Engine API
bogeyman - Socks5 Proxy over HTTP
dirsearch - Web path scanner
thorns - thorns_project 分布式异步队列系统
wyportmap - 目标端口扫描+系统服务指纹识别
wydomain - to discover subdomains of your target domain
inetdata - Internet data acquisition
wordpress-exploit-framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
octopress - Octopress is an obsessively designed framework for Jekyll blogging. It’s easy to configure and easy to deploy. Sweet huh?
metasploit-framework - Metasploit Framework
sslkeylog - A Ruby library that logs SSL session keys in NSS Key Log Format.
passivetotal_tools - Tools to aid in the usage of PassiveTotal (https://www.passivetotal.org)
book - Redis Cookbook 一书的原文件
WhatWeb - Website Fingerprinter
BinProxy - BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.
WhatWeb - Website Fingerprinter
- geckodriver - WebDriver <-> Marionette proxy
radamsa - a general-purpose fuzzer
pywebkitgtk - Python bindings to the WebKit GTK+ port
payloads - Git All the Payloads! A collection of web attack payloads.
fish-shell - The user-friendly command line shell.
theme-bobthefish - A Powerline-style, Git-aware fish theme optimized for awesome.
vscan - vulnerability scanner tool using nmap and nse scripts
BruteX - Automatically brute force all services running on a target.
HT-WPS-Breaker - HT-WPS Breaker (High Touch WPS Breaker)
yi-hack - Xiaomi Yi Ants camera hack
pentestpackage - a package of Pentest scripts I have made or commonly use
rfc-reader - this is a command line (linux, osx) rfc reader
pentest - ⛔ offsec batteries included
backdoor-apk - backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.
sslkeylog - My copy of the sslkeylog utility
concourse - BOSH Release
m-cli - ? Swiss Army Knife for macOS
LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks
brootkit - Lightweight rootkit implemented by bash shell scripts v0.10
ios-oss - Kickstarter for iOS. Bring new ideas to life, anywhere.
SwiftGuide - 这份指南汇集了Swift语言主流学习资源,并以开发者的视角整理编排。http://dev.swiftguide.cn
awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects
swift-package-manager - The Package Manager for the Swift Programming Language
- tensorflow-zh - 谷歌全新开源人工智能系统TensorFlow官方文档中文版
- growth - Growth - App to help you Be Awesome Developer & Awesome Hacker
To the extent possible under law, ring04h has waived all copyright and related or neighboring rights to this work.