Open highlighted repo slot
Put your repository first
Promote a GitHub repo at the top of Awesome repository list views for 7 days.
GitHub projects from awesome lists
Search names, descriptions, topics, tags, and stacks, then tune results by ecosystem, freshness, health, and cross-list signal.
Open highlighted repo slot
Promote a GitHub repo at the top of Awesome repository list views for 7 days.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
Open-source AI penetration testing tool to find and fix your app’s vulnerabilities.
Automated Penetration Testing Agentic Framework Powered by Large Language Models
Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Infection Monkey - An open-source adversary emulation platform
Open Source Vulnerability Management Platform
A Modern Orchestration Engine for Security
Top 100 Hacking & Security E-Books (Free Download)
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Free Security and Hacking eBooks
Knock Subdomain Scan
Automated NoSQL database enumeration and web application exploitation tool.
PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.
An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
SSH man-in-the-middle tool
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Hacking Toolkit
A rapid API for the Project Sonar dataset
PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols. ⚡
Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks
This is an aspiring project aimed at accumulating knowledge from the world of cybersecurity and presenting it in a cogent way, so it is accessible to as large an audience as possible and so that everyone has a good resource to learn hacking from.
The most comprehensive Hack The Box writeup collection - 500+ machines, 400+ challenges, interactive knowledge graph, skill trees, attack path diagrams, ProLabs, Sherlocks, OSCP/CPTS/CRTO prep. Browse: momenbasel.github.io/htb-writeups
Packet crafting, injection and sniffing tool