Open highlighted repo slot
Put your repository first
Promote a GitHub repo at the top of Awesome repository list views for 7 days.
GitHub projects from awesome lists
Search names, descriptions, topics, tags, and stacks, then tune results by ecosystem, freshness, health, and cross-list signal.
Open highlighted repo slot
Promote a GitHub repo at the top of Awesome repository list views for 7 days.
Hunt down social media accounts by username across social networks
Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
Automatic SQL injection and database takeover tool
🕵️♂️ Collect a dossier on a person by username from 3000+ sites
Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
🤖 The Modern Port Scanner 🤖
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Directory/File, DNS and VHost busting tool written in Go
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Cybersecurity AI (CAI), the framework for AI Security
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
An OSINT tool to search for accounts by username and email in social networks.
Open Source Vulnerability Management Platform
A Modern Orchestration Engine for Security
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
A high performance offensive security tool for reconnaissance and vulnerability scanning
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Find web directories without bruteforce
Reverse proxies cheatsheet
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal
A modular vulnerability scanner with automatic report generation capabilities.