The Book Of Secret Knowledge

Interactive roadmaps, guides and other educational content to help developers grow in their careers.

Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions

Collaborative cheatsheets for console commands 📚.

A black hole for Internet advertisements

🦍 The API and AI Gateway

🥧 HTTPie CLI — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

最新Docker容器技术，从真实案例中学习最佳实践！| Learn and understand Docker&Container technologies, with real DevOps practice!

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.

SQL powered operating system instrumentation, monitoring, and analytics.

The premier source of truth powering network automation. Open source under Apache 2. Try NetBox Cloud free: https://netboxlabs.com/products/free-netbox-cloud/

Pre-Built Vulnerable Environments Based on Docker-Compose

A VIM-inspired filemanager for the console

Impacket is a collection of Python classes for working with network protocols.

A community Bash framework.

Most advanced XSS scanner.

CTF framework and exploit development library

Exploitation Framework for Embedded Devices

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

Incredibly fast crawler designed for OSINT.

This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.

Linux/OSX/FreeBSD resource monitor

Fast subdomains enumeration tool for penetration testers

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

The pattern matching swiss knife

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Malicious traffic detection system

Real-time metrics for nginx server

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Automated Mass Exploiter

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Drop-down terminal for GNOME

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

Knock Subdomain Scan

Fast and powerful SSL/TLS scanning library.

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

A high performance offensive security tool for reconnaissance and vulnerability scanning

Application Security Verification Standard

Detect and bypass web application firewalls and protection systems

Collection of CTF Web challenges I made

macOS Security Compliance Project

Python frame stack sampler for CPython

Find web directories without bruteforce

CORS Misconfiguration Scanner

Find open databases - Powered by Binaryedge.io

A command-line client for SQL Server with auto-completion and syntax highlighting

A replacement for AB (Apache Bench)