foo.be/_pages/opensource-discoveries.md

4887 lines
No EOL
5.8 MiB
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: page
title: opensource-discoveries
permalink: /opensource-discoveries/
---
| repo_url | description | owner_name | license | stars |
|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------|:-------------------|--------:|
| [https://github.com/nao-sec/tknk_scanner](https://github.com/nao-sec/tknk_scanner) | Community-based integrated malware identification system | nao-sec | mit | 81 |
| [https://github.com/D1rkMtr/VirusTotalC2](https://github.com/D1rkMtr/VirusTotalC2) | Abusing VirusTotal API to host our C2 traffic, usefull for bypassing blocking firewall rules if VirusTotal is in the target white list , and in case you don't have C2 infrastructure , now you have a free one | D1rkMtr | | 447 |
| [https://github.com/fox-it/spookyssl-pcaps](https://github.com/fox-it/spookyssl-pcaps) | SpookySSL PCAPS and Network Coverage | fox-it | mit | 3 |
| [https://github.com/NVISOsecurity/nviso-cti](https://github.com/NVISOsecurity/nviso-cti) | | NVISOsecurity | | 33 |
| [https://github.com/threatray/tigerrat](https://github.com/threatray/tigerrat) | Scripts and IOCs for the Andariel APT group research | threatray | mit | 6 |
| [https://github.com/a0rtega/metame](https://github.com/a0rtega/metame) | metame is a metamorphic code engine for arbitrary executables | a0rtega | mit | 467 |
| [https://github.com/NCSC-NL/OpenSSL-2022](https://github.com/NCSC-NL/OpenSSL-2022) | Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3 | NCSC-NL | mit | 456 |
| [https://github.com/ek0/hxemu](https://github.com/ek0/hxemu) | Triton based symbolic emulator | ek0 | | 11 |
| [https://github.com/antonioCoco/RogueWinRM](https://github.com/antonioCoco/RogueWinRM) | Windows Local Privilege Escalation from Service Account to System | antonioCoco | gpl-3.0 | 449 |
| [https://github.com/Rogdham/python-xz](https://github.com/Rogdham/python-xz) | Pure Python implementation of the XZ file format with random access support | Rogdham | mit | 11 |
| [https://github.com/open-obfuscator/o-mvll](https://github.com/open-obfuscator/o-mvll) | :electron: O-MVLL is a LLVM-based obfuscator for native code (Android & iOS) | open-obfuscator | apache-2.0 | 159 |
| [https://github.com/eshard/obfuscator-llvm](https://github.com/eshard/obfuscator-llvm) | | eshard | other | 58 |
| [https://github.com/PayDevs/awful-oss-incidents](https://github.com/PayDevs/awful-oss-incidents) | 🤬 A categorized list of incidents caused by unappreciated OSS maintainers or underfunded OSS projects. Feedback welcome! | PayDevs | cc0-1.0 | 245 |
| [https://github.com/epilys/tade](https://github.com/epilys/tade) | tade is a discussion/forum/link aggregator application. It provides three interfaces: a regular web page, a mailing list bridge and an NNTP server | epilys | agpl-3.0 | 22 |
| [https://github.com/Accenture/Spartacus](https://github.com/Accenture/Spartacus) | Spartacus DLL Hijacking Discovery Tool | Accenture | mit | 206 |
| [https://github.com/vnmabus/dcor](https://github.com/vnmabus/dcor) | Distance correlation and related E-statistics in Python | vnmabus | mit | 105 |
| [https://github.com/roaldarbol/LaPreprint](https://github.com/roaldarbol/LaPreprint) | 📝 A nicely formatted LaTeX preprint template | roaldarbol | mit | 398 |
| [https://github.com/friendica/friendica](https://github.com/friendica/friendica) | Friendica Communications Platform | friendica | agpl-3.0 | 1076 |
| [https://github.com/GreyNoise-Intelligence/wasm_ipv4_heatmap](https://github.com/GreyNoise-Intelligence/wasm_ipv4_heatmap) | WebAssembly module to produce an IPv4 heatmap mapped to a Hilbert Curve | GreyNoise-Intelligence | | 4 |
| [https://github.com/uNetworking/uWebSockets](https://github.com/uNetworking/uWebSockets) | Simple, secure & standards compliant web server for the most demanding of applications | uNetworking | apache-2.0 | 14785 |
| [https://github.com/Cloud-Architekt/AzureAD-Attack-Defense](https://github.com/Cloud-Architekt/AzureAD-Attack-Defense) | This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected. | Cloud-Architekt | | 1065 |
| [https://github.com/Qianlitp/WatchAD](https://github.com/Qianlitp/WatchAD) | AD Security Intrusion Detection System | Qianlitp | gpl-3.0 | 1087 |
| [https://github.com/SamuelTulach/RwxMeme](https://github.com/SamuelTulach/RwxMeme) | State of the art DLL injector that took 20 minutes to make | SamuelTulach | mit | 15 |
| [https://github.com/jevinskie/aarch64-experimental-disasm](https://github.com/jevinskie/aarch64-experimental-disasm) | Experimental methods of decoding/disassembling AArch64 instructions | jevinskie | bsd-2-clause | 1 |
| [https://github.com/wikireader/wikireader](https://github.com/wikireader/wikireader) | Official Source code for the WikiReader (by Openmoko) | wikireader | other | 173 |
| [https://github.com/hashview/hashview](https://github.com/hashview/hashview) | A web front-end for password cracking and analytics | hashview | gpl-3.0 | 255 |
| [https://github.com/Tripwire/tripwire-open-source](https://github.com/Tripwire/tripwire-open-source) | Open Source Tripwire® | Tripwire | gpl-2.0 | 663 |
| [https://github.com/evilsocket/mpcfw](https://github.com/evilsocket/mpcfw) | Reverse engineering of Apple MultipeerConnectivity Framework | evilsocket | | 44 |
| [https://github.com/FreeTAKTeam/openTAKpickList](https://github.com/FreeTAKTeam/openTAKpickList) | a list of hardware and software to be used in conjunction with the ATAKplatform | FreeTAKTeam | epl-2.0 | 73 |
| [https://github.com/T145/black-mirror](https://github.com/T145/black-mirror) | Blacklists and whitelists that aim to promote security, safety, and sanity across the internet! | T145 | agpl-3.0 | 105 |
| [https://github.com/ail-project/PyLacus](https://github.com/ail-project/PyLacus) | Python module to enqueue and query a remote Lacus instance | ail-project | bsd-3-clause | 2 |
| [https://github.com/deptofdefense/AndroidTacticalAssaultKit-CIV](https://github.com/deptofdefense/AndroidTacticalAssaultKit-CIV) | | deptofdefense | other | 507 |
| [https://github.com/TAK-Product-Center/Server](https://github.com/TAK-Product-Center/Server) | TAK Server | TAK-Product-Center | other | 110 |
| [https://github.com/docintelapp/DocIntel](https://github.com/docintelapp/DocIntel) | Open Source Platform for storing, organizing, and searching documents related to cyber threats | docintelapp | other | 64 |
| [https://github.com/feathericons/feather](https://github.com/feathericons/feather) | Simply beautiful open source icons | feathericons | mit | 22783 |
| [https://github.com/EttusResearch/gr-ettus](https://github.com/EttusResearch/gr-ettus) | Out-of-tree GNU Radio Module for Experimental Ettus Research Features | EttusResearch | other | 42 |
| [https://github.com/gmh5225/YARA-yaralyzer](https://github.com/gmh5225/YARA-yaralyzer) | Visually inspect YARA and regex matches found in both binary and text data. | gmh5225 | gpl-3.0 | 3 |
| [https://github.com/akamai/akamai-security-research](https://github.com/akamai/akamai-security-research) | This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. | akamai | apache-2.0 | 176 |
| [https://github.com/matplotlib/matplotlib](https://github.com/matplotlib/matplotlib) | matplotlib: plotting with Python | matplotlib | | 16357 |
| [https://github.com/palewire/amsat-satellite-index](https://github.com/palewire/amsat-satellite-index) | An interactive list of active amateur radio satellites for amsat.org | palewire | mit | 1 |
| [https://github.com/J4NN0/linkedin-web-scraper](https://github.com/J4NN0/linkedin-web-scraper) | Python Web Scraper for LinkedIn. Collect data and store it into .xls file. | J4NN0 | gpl-3.0 | 9 |
| [https://github.com/Its-Vichy/HBot](https://github.com/Its-Vichy/HBot) | 🐛 Self spreading Botnet based on Mirai C&C Arch, spreading through SSH and Telnet protocol. Modern script fullly written in python3. | Its-Vichy | apache-2.0 | 135 |
| [https://github.com/DarkCoderSc/PsyloDbg](https://github.com/DarkCoderSc/PsyloDbg) | User-friendly Microsoft Windows Debugger for Malware Analysts. | DarkCoderSc | apache-2.0 | 125 |
| [https://github.com/horizon3ai/CVE-2022-40684](https://github.com/horizon3ai/CVE-2022-40684) | A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager | horizon3ai | | 277 |
| [https://github.com/D1rkMtr/FilelessRemotePE](https://github.com/D1rkMtr/FilelessRemotePE) | Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique | D1rkMtr | | 544 |
| [https://github.com/RansomLook/RansomLook](https://github.com/RansomLook/RansomLook) | Yet another Ransomware gang tracker | RansomLook | gpl-3.0 | 69 |
| [https://github.com/COSSAS/sacti](https://github.com/COSSAS/sacti) | SACTI - Securely aggregate CTI sightings and report them on MISP | COSSAS | apache-2.0 | 9 |
| [https://github.com/sepinf-inc/IPED](https://github.com/sepinf-inc/IPED) | IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners. | sepinf-inc | other | 464 |
| [https://github.com/mgeeky/ShellcodeFluctuation](https://github.com/mgeeky/ShellcodeFluctuation) | An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents | mgeeky | mit | 591 |
| [https://github.com/CScorza/Image-OSINT-Forensics](https://github.com/CScorza/Image-OSINT-Forensics) | Ricerca e Analisi delle Immagini | CScorza | | 71 |
| [https://github.com/NHAS/reverse_ssh](https://github.com/NHAS/reverse_ssh) | SSH based reverse shell | NHAS | bsd-3-clause | 204 |
| [https://github.com/slaeryan/AQUARMOURY](https://github.com/slaeryan/AQUARMOURY) | My musings in C and offensive tooling | slaeryan | | 499 |
| [https://github.com/ail-project/LacusCore](https://github.com/ail-project/LacusCore) | The modulable part of Lacus | ail-project | bsd-3-clause | 2 |
| [https://github.com/msiemens/tinydb](https://github.com/msiemens/tinydb) | TinyDB is a lightweight document oriented database optimized for your happiness :) | msiemens | mit | 5451 |
| [https://github.com/avast/yari](https://github.com/avast/yari) | YARI is an interactive debugger for YARA Language. | avast | mit | 71 |
| [https://github.com/Xetnus/osm-finder](https://github.com/Xetnus/osm-finder) | A "line-network" geolocation tool created for Bellingcat's September 2022 Hackathon: https://www.bellingcat.com/resources/2022/10/06/automated-map-searches-scam-busting-tools-and-twitter-search-translations-here-are-the-results-of-bellingcats-second-hackathon/ | Xetnus | mit | 82 |
| [https://github.com/mxrch/GitFive](https://github.com/mxrch/GitFive) | 🐙 Track down GitHub users. | mxrch | mpl-2.0 | 381 |
| [https://github.com/cncf/tag-security](https://github.com/cncf/tag-security) | 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more! | cncf | other | 1501 |
| [https://github.com/pry0cc/axiom](https://github.com/pry0cc/axiom) | The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more! | pry0cc | mit | 2948 |
| [https://github.com/vdjagilev/nmap-formatter](https://github.com/vdjagilev/nmap-formatter) | A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter. | vdjagilev | mit | 128 |
| [https://github.com/DISARMFoundation/DISARMframeworks](https://github.com/DISARMFoundation/DISARMframeworks) | Master copies of the DISARM frameworks, with generated files to help you explore the data | DISARMFoundation | cc-by-sa-4.0 | 37 |
| [https://github.com/e2guardian/e2guardian](https://github.com/e2guardian/e2guardian) | E2guardian is a web content filter that can work in proxy, transparent or icap server modes | e2guardian | gpl-2.0 | 399 |
| [https://github.com/codeyourweb/fastfinder](https://github.com/codeyourweb/fastfinder) | Incident Response - Fast suspicious file finder | codeyourweb | mit | 162 |
| [https://github.com/deepfence/PacketStreamer](https://github.com/deepfence/PacketStreamer) | :star: :star: Distributed tcpdump for cloud native environments :star: :star: | deepfence | apache-2.0 | 777 |
| [https://github.com/trickest/wordlists](https://github.com/trickest/wordlists) | Real-world infosec wordlists, updated regularly | trickest | mit | 445 |
| [https://github.com/tamimhasan404/image-upload-exploits](https://github.com/tamimhasan404/image-upload-exploits) | This repository contains various media files for known attacks on web applications processing media files. Useful for penetration tests and bug bounty. | tamimhasan404 | | 3 |
| [https://github.com/HavocFramework/Havoc](https://github.com/HavocFramework/Havoc) | The Havoc Framework | HavocFramework | gpl-3.0 | 2634 |
| [https://github.com/soxoj/maigret](https://github.com/soxoj/maigret) | 🕵️‍♂️ Collect a dossier on a person by username from thousands of sites | soxoj | mit | 7274 |
| [https://github.com/nccgroup/mimikatz-detector-busylight](https://github.com/nccgroup/mimikatz-detector-busylight) | USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is executed, a thread is spwaned by default that tries to locate one of the busylights that is supported. All HID devices are enumerated, if PID/VID is matching then packets are sent to flash the busylight in different colours. | nccgroup | | 16 |
| [https://github.com/raghur/mermaid-filter](https://github.com/raghur/mermaid-filter) | Pandoc filter for creating diagrams in mermaid syntax blocks in markdown docs | raghur | | 280 |
| [https://github.com/Xu0Tex1/CVE-2022-3236](https://github.com/Xu0Tex1/CVE-2022-3236) | Unauthenticated rce in sophos User Portal and Webadmin components mass exploitation tool | Xu0Tex1 | | 1 |
| [https://github.com/quarkslab/quokka](https://github.com/quarkslab/quokka) | Quokka: A Fast and Accurate Binary Exporter | quarkslab | apache-2.0 | 102 |
| [https://github.com/tintinweb/ethereum-dasm](https://github.com/tintinweb/ethereum-dasm) | An ethereum evm bytecode disassembler and static/dynamic analysis tool | tintinweb | gpl-2.0 | 169 |
| [https://github.com/CYB3RMX/C2Data](https://github.com/CYB3RMX/C2Data) | A database for captured data (malicious files etc.) from command and control servers. | CYB3RMX | mit | 3 |
| [https://github.com/DavidBuchanan314/monomorph](https://github.com/DavidBuchanan314/monomorph) | MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash | DavidBuchanan314 | mit | 683 |
| [https://github.com/ORCx41/KnownDllUnhook](https://github.com/ORCx41/KnownDllUnhook) | Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs | ORCx41 | mit | 193 |
| [https://github.com/netspooky/xx](https://github.com/netspooky/xx) | The xx file format. Turn your hex dumps into art, then into binary data. | netspooky | 0bsd | 280 |
| [https://github.com/gwen001/dnspy](https://github.com/gwen001/dnspy) | Find subdomain takeovers | gwen001 | mit | 66 |
| [https://github.com/lkarlslund/ldapnomnom](https://github.com/lkarlslund/ldapnomnom) | Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) | lkarlslund | mit | 556 |
| [https://github.com/williballenthin/EVTXtract](https://github.com/williballenthin/EVTXtract) | EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images. | williballenthin | apache-2.0 | 158 |
| [https://github.com/malfp/tormalwarefp](https://github.com/malfp/tormalwarefp) | Traffic analysis for Tor-based malware detection and classification | malfp | mit | 7 |
| [https://github.com/corkami/collisions](https://github.com/corkami/collisions) | Hash collisions and exploitations | corkami | | 1928 |
| [https://github.com/D1rkMtr/DumpThatLSASS](https://github.com/D1rkMtr/DumpThatLSASS) | Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile. | D1rkMtr | | 409 |
| [https://github.com/S12cybersecurity/Infinite-Backdoors](https://github.com/S12cybersecurity/Infinite-Backdoors) | Bash Script with 4 ways to get persistence in Linux systems WITHOUT root permisions | S12cybersecurity | | 8 |
| [https://github.com/jgromes/RadioLib](https://github.com/jgromes/RadioLib) | Universal wireless communication library for embedded devices | jgromes | mit | 724 |
| [https://github.com/Processus-Thief/HEKATOMB](https://github.com/Processus-Thief/HEKATOMB) | Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them. | Processus-Thief | gpl-3.0 | 214 |
| [https://github.com/openai/whisper](https://github.com/openai/whisper) | Robust Speech Recognition via Large-Scale Weak Supervision | openai | mit | 14019 |
| [https://github.com/memN0ps/srdi-rs](https://github.com/memN0ps/srdi-rs) | Rusty Shellcode Reflective DLL Injection (sRDI) | memN0ps | mit | 156 |
| [https://github.com/hellman/wboxkit](https://github.com/hellman/wboxkit) | White-box Design and Analysis kit | hellman | mit | 9 |
| [https://github.com/Rupan/idapin](https://github.com/Rupan/idapin) | A debugger backend for IDA Pro built on top of of Intels PIN framework | Rupan | | 17 |
| [https://github.com/benedekrozemberczki/awesome-fraud-detection-papers](https://github.com/benedekrozemberczki/awesome-fraud-detection-papers) | A curated list of data mining papers about fraud detection. | benedekrozemberczki | cc0-1.0 | 1220 |
| [https://github.com/hasherezade/pe-bear](https://github.com/hasherezade/pe-bear) | Portable Executable reversing tool with a friendly GUI | hasherezade | gpl-2.0 | 1492 |
| [https://github.com/jhassine/server-ip-addresses](https://github.com/jhassine/server-ip-addresses) | Daily updated list of IP addresses / CIDR blocks used by data centers, cloud service providers, servers, etc. | jhassine | | 85 |
| [https://github.com/Eventual-Inc/Daft](https://github.com/Eventual-Inc/Daft) | The Python DataFrame for Media Data | Eventual-Inc | apache-2.0 | 395 |
| [https://github.com/TheNerdlist/nerdlist](https://github.com/TheNerdlist/nerdlist) | list of passwords more likely to be used by sysadmins, general nerds, and folk with access | TheNerdlist | mit | 232 |
| [https://github.com/apache/age](https://github.com/apache/age) | Graph database optimized for fast analysis and real-time data processing. It is provided as an extension to PostgreSQL. | apache | apache-2.0 | 942 |
| [https://github.com/CybercentreCanada/assemblyline](https://github.com/CybercentreCanada/assemblyline) | AssemblyLine 4 - File triage and malware analysis | CybercentreCanada | mit | 62 |
| [https://github.com/CrowdStrike/SuperMem](https://github.com/CrowdStrike/SuperMem) | A python script developed to process Windows memory images based on triage type. | CrowdStrike | mit | 192 |
| [https://github.com/NytroRST/ShellcodeCompiler](https://github.com/NytroRST/ShellcodeCompiler) | Shellcode Compiler | NytroRST | gpl-3.0 | 860 |
| [https://github.com/GreyNoise-Intelligence/pygreynoise](https://github.com/GreyNoise-Intelligence/pygreynoise) | Python3 library and command line for GreyNoise | GreyNoise-Intelligence | mit | 134 |
| [https://github.com/breck7/pldb](https://github.com/breck7/pldb) | PLDB: a Programming Language Database. A public domain knowledge graph focused on programming languages distributed as a CSV file. | breck7 | | 592 |
| [https://github.com/Phantom1003/QARMA64](https://github.com/Phantom1003/QARMA64) | QARMA block cipher in C | Phantom1003 | mit | 19 |
| [https://github.com/kurtfu/present](https://github.com/kurtfu/present) | PRESENT block cipher | kurtfu | mit | 3 |
| [https://github.com/MISP/misp-guard](https://github.com/MISP/misp-guard) | [experimental] misp-guard is a mitmproxy addon that inspects and blocks outgoing events to external MISP instances via sync mechanisms (pull/push) based on a set of customizable block rules. | MISP | agpl-3.0 | 7 |
| [https://github.com/vmware/splinterdb](https://github.com/vmware/splinterdb) | High Performance Embedded Key-Value Store | vmware | apache-2.0 | 441 |
| [https://github.com/CIRCL/ssdc](https://github.com/CIRCL/ssdc) | ssdeep based clustering tool | CIRCL | mit | 14 |
| [https://github.com/LeeBrotherston/badflare](https://github.com/LeeBrotherston/badflare) | OSINT tool for discovering the real IP addresses of services which are behind Cloudflare but not properly locked down | LeeBrotherston | other | 100 |
| [https://github.com/ail-project/lacus](https://github.com/ail-project/lacus) | Lacus is a capturing system using playwright, as a web service. | ail-project | bsd-3-clause | 4 |
| [https://github.com/Te-k/cobaltstrike](https://github.com/Te-k/cobaltstrike) | Code and yara rules to detect and analyze Cobalt Strike | Te-k | mit | 220 |
| [https://github.com/attify/firmware-analysis-toolkit](https://github.com/attify/firmware-analysis-toolkit) | Toolkit to emulate firmware and analyse it for security vulnerabilities | attify | mit | 1004 |
| [https://github.com/p0dalirius/Coercer](https://github.com/p0dalirius/Coercer) | A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. | p0dalirius | | 709 |
| [https://github.com/impira/docquery](https://github.com/impira/docquery) | An easy way to extract information from documents | impira | mit | 1160 |
| [https://github.com/DirkR/capturadio](https://github.com/DirkR/capturadio) | Capture mp3 streams from internet radio stations and store in on the local disk. | DirkR | | 26 |
| [https://github.com/streetwriters/notesnook](https://github.com/streetwriters/notesnook) | A fully open source & end-to-end encrypted note taking alternative to Evernote. | streetwriters | gpl-3.0 | 4200 |
| [https://github.com/gl4ssesbo1/Nebula](https://github.com/gl4ssesbo1/Nebula) | Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Components. | gl4ssesbo1 | other | 308 |
| [https://github.com/sleuthkit/autopsy](https://github.com/sleuthkit/autopsy) | Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. | sleuthkit | | 1705 |
| [https://github.com/TheSpeedX/PROXY-List](https://github.com/TheSpeedX/PROXY-List) | Get PROXY List that gets updated everyday | TheSpeedX | | 1285 |
| [https://github.com/codingo/VHostScan](https://github.com/codingo/VHostScan) | A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages. | codingo | gpl-3.0 | 991 |
| [https://github.com/BigNerd95/WinboxExploit](https://github.com/BigNerd95/WinboxExploit) | Proof of Concept of Winbox Critical Vulnerability | BigNerd95 | mit | 188 |
| [https://github.com/Lookyloo/pysecuritytxt](https://github.com/Lookyloo/pysecuritytxt) | Tries to get and parse .well-known/security.txt from a domain | Lookyloo | bsd-3-clause | 4 |
| [https://github.com/ail-project/ail-feeder-apk](https://github.com/ail-project/ail-feeder-apk) | This AIL feeder pushes annotated APK to an AIL instance | ail-project | agpl-3.0 | 2 |
| [https://github.com/enkomio/thematrix](https://github.com/enkomio/thematrix) | a PE Loader and Windows API tracer. Useful in malware analysis. | enkomio | | 113 |
| [https://github.com/akunull/piloslib](https://github.com/akunull/piloslib) | Multi-platform open-source set of audio and modulation tools that focus on synthesis, live electronic music, interconnection, probability, unique sounds, and intuitive interfacing built by Akunull in Pure Data starting in 2014 | akunull | mit | 112 |
| [https://github.com/kevinzg/facebook-scraper](https://github.com/kevinzg/facebook-scraper) | Scrape Facebook public pages without an API key | kevinzg | mit | 1430 |
| [https://github.com/CYB3RMX/BlackHeart](https://github.com/CYB3RMX/BlackHeart) | BlackHeart is a simple python script to generate powershell scripts that demonstrate reverse shell gaining without Microsoft Defender restrictions. (FOR EDUCATIONAL PURPOSES!!) | CYB3RMX | mit | 15 |
| [https://github.com/binarly-io/fwhunt-scan](https://github.com/binarly-io/fwhunt-scan) | Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules | binarly-io | gpl-3.0 | 124 |
| [https://github.com/LongSoft/UEFITool](https://github.com/LongSoft/UEFITool) | UEFI firmware image viewer and editor | LongSoft | bsd-2-clause | 3015 |
| [https://github.com/AykutSarac/jsoncrack.com](https://github.com/AykutSarac/jsoncrack.com) | 🔮 Seamlessly visualize your JSON data instantly into graphs; paste, import or fetch! | AykutSarac | gpl-3.0 | 18788 |
| [https://github.com/iilegacyyii/Shellcrypt](https://github.com/iilegacyyii/Shellcrypt) | A QoL tool to obfuscate shellcode. In the future will be able to chain encoding/encryption/compression methods. | iilegacyyii | mit | 77 |
| [https://github.com/michenriksen/drawio-threatmodeling](https://github.com/michenriksen/drawio-threatmodeling) | Draw.io libraries for threat modeling diagrams | michenriksen | mit | 479 |
| [https://github.com/adw0rd/instagrapi](https://github.com/adw0rd/instagrapi) | 🔥 The fastest and powerful Python library for Instagram Private API 2022 | adw0rd | mit | 1547 |
| [https://github.com/bochs-emu/Bochs](https://github.com/bochs-emu/Bochs) | Bochs - Cross Platform x86 Emulator Project | bochs-emu | lgpl-2.1 | 161 |
| [https://github.com/jonathan-dev/tcp_reassembly_testing](https://github.com/jonathan-dev/tcp_reassembly_testing) | | jonathan-dev | | 2 |
| [https://github.com/datacoon/metawarc](https://github.com/datacoon/metawarc) | metawarc: a command-line tool for metadata extraction from files from WARC (Web ARChive) | datacoon | mit | 13 |
| [https://github.com/sourceincite/hekate](https://github.com/sourceincite/hekate) | | sourceincite | mit | 40 |
| [https://github.com/amazon-science/ReFinED](https://github.com/amazon-science/ReFinED) | ReFinED is an entity linking (EL) system. | amazon-science | other | 51 |
| [https://github.com/mandiant/Ghidrathon](https://github.com/mandiant/Ghidrathon) | The FLARE team's open-source extension to add Python 3 scripting to Ghidra. | mandiant | apache-2.0 | 375 |
| [https://github.com/webrecorder/har2warc](https://github.com/webrecorder/har2warc) | Convert HTTP Archive (HAR) -> Web Archive (WARC) format | webrecorder | apache-2.0 | 38 |
| [https://github.com/ninoseki/misp-rb](https://github.com/ninoseki/misp-rb) | MISP API wrapper for Ruby | ninoseki | mit | 2 |
| [https://github.com/Idov31/Sandman](https://github.com/Idov31/Sandman) | Sandman is a NTP based backdoor for red team engagements in hardened networks. | Idov31 | bsd-2-clause | 413 |
| [https://github.com/HackerNews/API](https://github.com/HackerNews/API) | Documentation and Samples for the Official HN API | HackerNews | mit | 9452 |
| [https://github.com/onetrueawk/awk](https://github.com/onetrueawk/awk) | One true awk | onetrueawk | other | 1520 |
| [https://github.com/hasherezade/libpeconv](https://github.com/hasherezade/libpeconv) | A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl | hasherezade | bsd-2-clause | 795 |
| [https://github.com/mandiant/dncil](https://github.com/mandiant/dncil) | The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions. | mandiant | apache-2.0 | 81 |
| [https://github.com/ShawnyXiao/TextClassification-Keras](https://github.com/ShawnyXiao/TextClassification-Keras) | Text classification models implemented in Keras, including: FastText, TextCNN, TextRNN, TextBiRNN, TextAttBiRNN, HAN, RCNN, RCNNVariant, etc. | ShawnyXiao | mit | 770 |
| [https://github.com/google-research/albert](https://github.com/google-research/albert) | ALBERT: A Lite BERT for Self-supervised Learning of Language Representations | google-research | apache-2.0 | 2992 |
| [https://github.com/vxunderground/ThreatIntelligenceDiscordBot](https://github.com/vxunderground/ThreatIntelligenceDiscordBot) | Gets updates from various clearnet domains and ransomware threat actor domains | vxunderground | mit | 182 |
| [https://github.com/x64dbg/XEDParse](https://github.com/x64dbg/XEDParse) | XEDParse: A MASM-like, single-line plaintext assembler | x64dbg | lgpl-3.0 | 134 |
| [https://github.com/vnhacker1337/CVE-2022-27925-PoC](https://github.com/vnhacker1337/CVE-2022-27925-PoC) | Zimbra RCE simple poc | vnhacker1337 | | 58 |
| [https://github.com/IBM/sail](https://github.com/IBM/sail) | Library for streaming data and incremental learning algorithms. | IBM | mit | 10 |
| [https://github.com/fventuri/linrad](https://github.com/fventuri/linrad) | Linrad - SDR receiver | fventuri | mit | 5 |
| [https://github.com/Flangvik/TeamFiltration](https://github.com/Flangvik/TeamFiltration) | TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts | Flangvik | gpl-3.0 | 491 |
| [https://github.com/NUKnightLab/TimelineJS3](https://github.com/NUKnightLab/TimelineJS3) | TimelineJS v3: A Storytelling Timeline built in JavaScript. http://timeline.knightlab.com | NUKnightLab | mpl-2.0 | 2589 |
| [https://github.com/wietze/HijackLibs](https://github.com/wietze/HijackLibs) | Project for tracking publicly disclosed DLL Hijacking opportunities. | wietze | gpl-3.0 | 338 |
| [https://github.com/Threagile/threagile](https://github.com/Threagile/threagile) | Agile Threat Modeling Toolkit | Threagile | mit | 397 |
| [https://github.com/Digital-Forensics-Discord-Server/TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts](https://github.com/Digital-Forensics-Discord-Server/TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts) | The official repo for a project involving a crowdsourced DFIR book. The main purpose of this book is to give anyone interested an opportunity to write a chapter of a book to get their name out there, get a publication on their resume with an actual ISBN number, and ideally lower the bar for people to contribute something back to the DFIR Community. Want to write a chapter? Let me know and let's make it happen! | Digital-Forensics-Discord-Server | mit | 122 |
| [https://github.com/oasislinux/oasis](https://github.com/oasislinux/oasis) | a small statically-linked linux system | oasislinux | other | 1920 |
| [https://github.com/erg-lang/erg](https://github.com/erg-lang/erg) | A statically typed language that can deeply improve the Python ecosystem | erg-lang | apache-2.0 | 2016 |
| [https://github.com/theandrew168/derzforth](https://github.com/theandrew168/derzforth) | Bare-metal Forth implementation for RISC-V | theandrew168 | mit | 25 |
| [https://github.com/mcmenaminadrian/riscyforth](https://github.com/mcmenaminadrian/riscyforth) | Forth for RISC-V SBCs | mcmenaminadrian | gpl-2.0 | 15 |
| [https://github.com/howerj/forth-cpu](https://github.com/howerj/forth-cpu) | A Forth CPU and System on a Chip, based on the J1, written in VHDL | howerj | | 286 |
| [https://github.com/realaravinth/gitpad](https://github.com/realaravinth/gitpad) | Self-Hosted alternative to GitHub Gists | realaravinth | agpl-3.0 | 44 |
| [https://github.com/trickest/containers](https://github.com/trickest/containers) | Automated privilege escalation of the world's most popular Docker images. | trickest | | 35 |
| [https://github.com/ly4k/Certipy](https://github.com/ly4k/Certipy) | Tool for Active Directory Certificate Services enumeration and abuse | ly4k | mit | 1211 |
| [https://github.com/advanced-threat-research/DotDumper](https://github.com/advanced-threat-research/DotDumper) | An automatic unpacker and logger for DotNet Framework targeting files | advanced-threat-research | other | 126 |
| [https://github.com/casualwriter/casual-markdown-page](https://github.com/casualwriter/casual-markdown-page) | Markdown as Web Page/Site | casualwriter | mit | 254 |
| [https://github.com/RUB-SysSec/loki](https://github.com/RUB-SysSec/loki) | Hardening code obfuscation against automated attacks | RUB-SysSec | agpl-3.0 | 32 |
| [https://github.com/d4rckh/gorilla](https://github.com/d4rckh/gorilla) | tool for generating wordlists or extending an existing one using mutations. | d4rckh | | 339 |
| [https://github.com/armon/libart](https://github.com/armon/libart) | Adaptive Radix Trees implemented in C | armon | other | 673 |
| [https://github.com/center-for-threat-informed-defense/attack-flow](https://github.com/center-for-threat-informed-defense/attack-flow) | Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows. | center-for-threat-informed-defense | apache-2.0 | 286 |
| [https://github.com/redballoonsecurity/ofrak](https://github.com/redballoonsecurity/ofrak) | OFRAK: unpack, modify, and repack binaries. | redballoonsecurity | other | 1166 |
| [https://github.com/toeverything/AFFiNE](https://github.com/toeverything/AFFiNE) | There can be more than Notion and Miro. AFFiNE is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable and ready to use. | toeverything | mit | 10747 |
| [https://github.com/Sc00bz/bscrypt](https://github.com/Sc00bz/bscrypt) | A cache hard password hash/KDF | Sc00bz | cc0-1.0 | 19 |
| [https://github.com/vstinner/hachoir](https://github.com/vstinner/hachoir) | Hachoir is a Python library to view and edit a binary stream field by field | vstinner | gpl-2.0 | 506 |
| [https://github.com/luker983/nsa-codebreaker-2021](https://github.com/luker983/nsa-codebreaker-2021) | NSA Codebreaker Challenge 2021 Write-Ups | luker983 | | 49 |
| [https://github.com/cudeso/misp-scraper](https://github.com/cudeso/misp-scraper) | A web scraper to create MISP events and reports | cudeso | | 7 |
| [https://github.com/jglim/ABOVISP](https://github.com/jglim/ABOVISP) | ISP for the ABOV MC81F4204 | jglim | | 11 |
| [https://github.com/yeokm1/ndp2019-wristband-teardown](https://github.com/yeokm1/ndp2019-wristband-teardown) | Tear-down effort of the Pixmob wristband used in NDP2019. | yeokm1 | | 23 |
| [https://github.com/EnviralDesign/GeoPix](https://github.com/EnviralDesign/GeoPix) | GeoPix is a free and open source real-time lighting control and previz software. It's built in TouchDesigner, with a workflow and UI/UX inspired by 3d animation software. | EnviralDesign | mit | 182 |
| [https://github.com/onekey-sec/unblob](https://github.com/onekey-sec/unblob) | Extract files from any kind of container formats | onekey-sec | other | 740 |
| [https://github.com/elastic/protections-artifacts](https://github.com/elastic/protections-artifacts) | Elastic Security detection content for Endpoint | elastic | other | 506 |
| [https://github.com/projectM-visualizer/projectm](https://github.com/projectM-visualizer/projectm) | projectM - cross-platform music visualization. Open-source and Milkdrop-compatible | projectM-visualizer | lgpl-2.1 | 2460 |
| [https://github.com/sonic-visualiser/sonic-visualiser](https://github.com/sonic-visualiser/sonic-visualiser) | Visualisation, analysis, and annotation of music audio recordings | sonic-visualiser | gpl-2.0 | 279 |
| [https://github.com/paulnasca/paulstretch_python](https://github.com/paulnasca/paulstretch_python) | Paulstretch python version | paulnasca | | 488 |
| [https://github.com/paulnasca/paulstretch_cpp](https://github.com/paulnasca/paulstretch_cpp) | PaulStretch | paulnasca | gpl-2.0 | 732 |
| [https://github.com/rumblesan/wave-stretcher](https://github.com/rumblesan/wave-stretcher) | command line wave stretching program. based on Paul stretch | rumblesan | bsd-2-clause | 7 |
| [https://github.com/Elektromatic/paulStretch](https://github.com/Elektromatic/paulStretch) | This Pure Data patch uses the Paul stretch algorithm to time stretch musical recordings. It is suitable for extreme sound stretching of the audio. | Elektromatic | gpl-3.0 | 9 |
| [https://github.com/microsoft/oss-ssc-framework](https://github.com/microsoft/oss-ssc-framework) | Open Source Software Secure Supply Chain Framework | microsoft | other | 218 |
| [https://github.com/CENSUS/ghidra-frida-hook-gen](https://github.com/CENSUS/ghidra-frida-hook-gen) | Frida hook generator for Ghidra | CENSUS | bsd-2-clause | 43 |
| [https://github.com/CZ-NIC/dns-fuzzing](https://github.com/CZ-NIC/dns-fuzzing) | Repository to store unique seeds for DNS server fuzzing | CZ-NIC | | 42 |
| [https://github.com/williballenthin/INDXParse](https://github.com/williballenthin/INDXParse) | Tool suite for inspecting NTFS artifacts. | williballenthin | apache-2.0 | 172 |
| [https://github.com/GendarmerieNationale/ReceptionInfoDrone](https://github.com/GendarmerieNationale/ReceptionInfoDrone) | | GendarmerieNationale | other | 29 |
| [https://github.com/VerbalExpressions/PythonVerbalExpressions](https://github.com/VerbalExpressions/PythonVerbalExpressions) | Python regular expressions made easy | VerbalExpressions | | 1558 |
| [https://github.com/cardiffnlp/tweetnlp](https://github.com/cardiffnlp/tweetnlp) | TweetNLP for all the NLP enthusiasts working on Twitter! The Python library tweetnlp provides a collection of useful tools to analyze/understand tweets such as sentiment analysis, emoji prediction, and named entity recognition, powered by state-of-the-art language models specialised on Twitter. | cardiffnlp | mit | 69 |
| [https://github.com/microsoft/Azure-Threat-Research-Matrix](https://github.com/microsoft/Azure-Threat-Research-Matrix) | | microsoft | mit | 36 |
| [https://github.com/Fuziih/cctv-exposure](https://github.com/Fuziih/cctv-exposure) | | Fuziih | other | 30 |
| [https://github.com/luca364/MalwareSourceCode](https://github.com/luca364/MalwareSourceCode) | Collection of malware source code for a variety of platforms in an array of different programming languages. | luca364 | | 3 |
| [https://github.com/punk-security/dnsReaper](https://github.com/punk-security/dnsReaper) | dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team! | punk-security | agpl-3.0 | 1513 |
| [https://github.com/deptofdefense/hack-a-sat-library](https://github.com/deptofdefense/hack-a-sat-library) | Public library of space documents and tutorials | deptofdefense | | 487 |
| [https://github.com/Deputation/hygieia](https://github.com/Deputation/hygieia) | Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver. | Deputation | | 101 |
| [https://github.com/cckuailong/JNDI-Injection-Exploit-Plus](https://github.com/cckuailong/JNDI-Injection-Exploit-Plus) | 50+ Gadgets(20 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. | cckuailong | mit | 239 |
| [https://github.com/ptrkrysik/uhd](https://github.com/ptrkrysik/uhd) | USRP Hardware Driver Repository | ptrkrysik | other | 2 |
| [https://github.com/si9int/cc.py](https://github.com/si9int/cc.py) | Extracting URLs of a specific target based on the results of "commoncrawl.org" | si9int | mit | 256 |
| [https://github.com/BRANDEFENSE/Threat-Intelligence-Researches](https://github.com/BRANDEFENSE/Threat-Intelligence-Researches) | The Brandefense cyber threat intelligence team is always researching new threats and writing research reports. Our latest Threat Reports is available for download. This reports covers the latest activity from APT groups, as well as new information on ransomware and phishing attacks. We recommend that all Brandefense followers download this reports and keep it handy in case they need to refer to it in the future. | BRANDEFENSE | | 17 |
| [https://github.com/MystenLabs/ed25519-unsafe-libs](https://github.com/MystenLabs/ed25519-unsafe-libs) | List of unsafe ed25519 signature libs | MystenLabs | mit | 169 |
| [https://github.com/FiloSottile/edwards25519](https://github.com/FiloSottile/edwards25519) | filippo.io/edwards25519 — A safer, faster, and more powerful low-level edwards25519 Go implementation. | FiloSottile | bsd-3-clause | 94 |
| [https://github.com/0vercl0k/inject](https://github.com/0vercl0k/inject) | Yet another Windows DLL injector. | 0vercl0k | mit | 26 |
| [https://github.com/BloodHoundAD/BARK](https://github.com/BloodHoundAD/BARK) | BloodHound Attack Research Kit | BloodHoundAD | gpl-3.0 | 237 |
| [https://github.com/MISP/misp-workflow-blueprints](https://github.com/MISP/misp-workflow-blueprints) | Library of blueprints usable in MISP Workflows | MISP | other | 5 |
| [https://github.com/gtworek/VolatileDataCollector](https://github.com/gtworek/VolatileDataCollector) | | gtworek | gpl-3.0 | 117 |
| [https://github.com/codership/galera](https://github.com/codership/galera) | Synchronous multi-master replication library | codership | gpl-2.0 | 392 |
| [https://github.com/LyraSearch/lyra](https://github.com/LyraSearch/lyra) | 🌌 Fast, in-memory, typo-tolerant, full-text search engine written in TypeScript. | LyraSearch | other | 3623 |
| [https://github.com/aydinnyunus/exifLooter](https://github.com/aydinnyunus/exifLooter) | ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap | aydinnyunus | other | 288 |
| [https://github.com/sam210723/wavebin](https://github.com/sam210723/wavebin) | ∿ Oscilloscope waveform capture viewer and converter. | sam210723 | mit | 43 |
| [https://github.com/novafacing/symstress](https://github.com/novafacing/symstress) | Source-assisted binary analysis tool to deduce function names based on source code patterns (read: strings). | novafacing | | 2 |
| [https://github.com/dfirdetective/WinSearchAppCache](https://github.com/dfirdetective/WinSearchAppCache) | Windows Search App Cache parsing | dfirdetective | mit | 7 |
| [https://github.com/mikeroyal/Photogrammetry-Guide](https://github.com/mikeroyal/Photogrammetry-Guide) | Photogrammetry Guide. Learn all about the process of obtaining measurements and 3D models from photos. Creating topographic maps, meshes, or point clouds based on the real-world. | mikeroyal | | 613 |
| [https://github.com/evild3ad/Collect-MemoryDump](https://github.com/evild3ad/Collect-MemoryDump) | Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR | evild3ad | gpl-3.0 | 78 |
| [https://github.com/planetscale/beam](https://github.com/planetscale/beam) | A simple message board for your organization or project | planetscale | mit | 1652 |
| [https://github.com/200ok-ch/organice](https://github.com/200ok-ch/organice) | An implementation of Org mode without the dependency of Emacs - built for mobile and desktop browsers | 200ok-ch | agpl-3.0 | 2072 |
| [https://github.com/SQLab/CRAXplusplus](https://github.com/SQLab/CRAXplusplus) | The exploit generator CRAX++ is CRAX with x86_64 ROP techniques, s2e 2.0 upgrade, code selection, I/O states, dynamic ROP, and more! | SQLab | other | 73 |
| [https://github.com/eurecom-s3/symqemu](https://github.com/eurecom-s3/symqemu) | SymQEMU: Compilation-based symbolic execution for binaries | eurecom-s3 | other | 219 |
| [https://github.com/Omyyyy/pycom](https://github.com/Omyyyy/pycom) | A Python compiler, down to native code, using C++ | Omyyyy | mit | 1091 |
| [https://github.com/d4rckh/grc2](https://github.com/d4rckh/grc2) | grim reaper c2 | d4rckh | gpl-3.0 | 287 |
| [https://github.com/rabitt/pysox](https://github.com/rabitt/pysox) | Python wrapper around sox. | rabitt | bsd-3-clause | 440 |
| [https://github.com/tenacityteam/saucedacity](https://github.com/tenacityteam/saucedacity) | A free open-source audio editor based on Audacity focusing on general improvements. Will be the new future codebase of Tenacity starting with 1.3 | tenacityteam | other | 135 |
| [https://github.com/0xsyr0/vx-underground-wordlist](https://github.com/0xsyr0/vx-underground-wordlist) | Wordlist to crack .zip-file password | 0xsyr0 | | 70 |
| [https://github.com/jstrieb/hackernews-button](https://github.com/jstrieb/hackernews-button) | Privacy-preserving Firefox extension linking to Hacker News discussion; built with Bloom filters and WebAssembly | jstrieb | gpl-3.0 | 73 |
| [https://github.com/massar/hashedrpz](https://github.com/massar/hashedrpz) | HashedRPZ - keep your RPZ entries secret | massar | bsd-3-clause | 4 |
| [https://github.com/matthw/icedid_stage1_unpack](https://github.com/matthw/icedid_stage1_unpack) | Automatically unpack SPLCrypt packed binaries (IcedID / BazarLoader stagers) | matthw | unlicense | 8 |
| [https://github.com/nexB/python-publicsuffix2](https://github.com/nexB/python-publicsuffix2) | A small Python library to deal with publicsuffix data (includes a bundled PSL as "package data") in a wheel friendly format. Fork and continuation of Tomaž Šolc's "publicsuffix" | nexB | | 24 |
| [https://github.com/hashlookup/a-ray-grass](https://github.com/hashlookup/a-ray-grass) | a-ray-grass is a yara module that provides support for DCSO-format bloom filters in yara. In the context of hashlookup, it allows quickly discard known files "pour séparer le grain de l'ivraie" | hashlookup | bsd-3-clause | 7 |
| [https://github.com/kichik/tlds](https://github.com/kichik/tlds) | Automatically updated list of valid TLDs for Python | kichik | mit | 2 |
| [https://github.com/dmachard/go-dns-collector](https://github.com/dmachard/go-dns-collector) | Aggregator, analyzer, transporter and logging for your DNS logs | dmachard | mit | 54 |
| [https://github.com/dmachard/python-dnstap-receiver](https://github.com/dmachard/python-dnstap-receiver) | Dnstap streams receiver in Python | dmachard | mit | 29 |
| [https://github.com/dmachard/python-dnstap-protobuf](https://github.com/dmachard/python-dnstap-protobuf) | Dnstap Protocol Buffers implementation in Python | dmachard | mit | 2 |
| [https://github.com/NLnetLabs/unbound](https://github.com/NLnetLabs/unbound) | Unbound is a validating, recursive, and caching DNS resolver. | NLnetLabs | bsd-3-clause | 1972 |
| [https://github.com/Findomain/Findomain](https://github.com/Findomain/Findomain) | The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more. | Findomain | gpl-3.0 | 2608 |
| [https://github.com/enkomio/AlanFramework](https://github.com/enkomio/AlanFramework) | A C2 post-exploitation framework | enkomio | other | 387 |
| [https://github.com/last-byte/RIPPL](https://github.com/last-byte/RIPPL) | RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows | last-byte | mit | 220 |
| [https://github.com/eth0izzle/bucket-stream](https://github.com/eth0izzle/bucket-stream) | Find interesting Amazon S3 Buckets by watching certificate transparency logs. | eth0izzle | mit | 1644 |
| [https://github.com/zardus/wargame-nexus](https://github.com/zardus/wargame-nexus) | A sorted and updated list of security wargame sites. | zardus | gpl-3.0 | 606 |
| [https://github.com/hzqst/unicorn_pe](https://github.com/hzqst/unicorn_pe) | Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files. | hzqst | mit | 559 |
| [https://github.com/chip-red-pill/MicrocodeDecryptor](https://github.com/chip-red-pill/MicrocodeDecryptor) | | chip-red-pill | | 1435 |
| [https://github.com/hashlookup/fleur](https://github.com/hashlookup/fleur) | Fleur implements a Bloom Filter library in C that is fully compatible with DCSO's Go and python implementations. | hashlookup | bsd-3-clause | 114 |
| [https://github.com/xzkostyan/clickhouse-sqlalchemy](https://github.com/xzkostyan/clickhouse-sqlalchemy) | ClickHouse dialect for SQLAlchemy | xzkostyan | other | 278 |
| [https://github.com/kacos2000/Prefetch-Browser](https://github.com/kacos2000/Prefetch-Browser) | Browse Windows Prefetch properties | kacos2000 | mit | 28 |
| [https://github.com/OISF/suricata](https://github.com/OISF/suricata) | Suricata git repository maintained by the OISF | OISF | gpl-2.0 | 2810 |
| [https://github.com/Moonslate/MoonHex](https://github.com/Moonslate/MoonHex) | A hex editor for romhackers | Moonslate | | 12 |
| [https://github.com/bgpkit/monocle](https://github.com/bgpkit/monocle) | See through all BGP data with a monocle. | bgpkit | mit | 18 |
| [https://github.com/bluesadi/Pluto-Obfuscator](https://github.com/bluesadi/Pluto-Obfuscator) | Obfuscator based on LLVM 12.0.1 | bluesadi | mit | 478 |
| [https://github.com/DODC/turncoat](https://github.com/DODC/turncoat) | | DODC | | 36 |
| [https://github.com/packing-box/peid](https://github.com/packing-box/peid) | Python implementation of the Packed Executable iDentifier (PEiD) | packing-box | gpl-3.0 | 46 |
| [https://github.com/kacos2000/Evtx_Log_Browser](https://github.com/kacos2000/Evtx_Log_Browser) | Evtx Log (xml) Browser | kacos2000 | mit | 47 |
| [https://github.com/duckdb/duckdb](https://github.com/duckdb/duckdb) | DuckDB is an in-process SQL OLAP Database Management System | duckdb | mit | 7081 |
| [https://github.com/sourceincite/randy](https://github.com/sourceincite/randy) | A pre-authenticated RCE exploit for Inductive Automation Ignition | sourceincite | gpl-3.0 | 36 |
| [https://github.com/Concinnity-Risks/RansomCoinPublic](https://github.com/Concinnity-Risks/RansomCoinPublic) | A DFIR tool to extract cryptocoin addresses and other indicators of compromise from binaries. | Concinnity-Risks | apache-2.0 | 53 |
| [https://github.com/D4-project/analyzer-d4-passivedns](https://github.com/D4-project/analyzer-d4-passivedns) | A Passive DNS backend and collector | D4-project | agpl-3.0 | 26 |
| [https://github.com/handiko/Arduino-APRS](https://github.com/handiko/Arduino-APRS) | Create simple APRS modulator using Arduino UNO | handiko | gpl-3.0 | 59 |
| [https://github.com/comsec-group/retbleed](https://github.com/comsec-group/retbleed) | Arbitrary Speculative Code Execution with Return Instructions | comsec-group | | 105 |
| [https://github.com/t3l3machus/toxssin](https://github.com/t3l3machus/toxssin) | An XSS exploitation command-line interface and payload generator. | t3l3machus | mit | 578 |
| [https://github.com/decompiler-explorer/decompiler-explorer](https://github.com/decompiler-explorer/decompiler-explorer) | Decompiler Explorer! Compare tools on the forefront of static analysis, now in your web browser! | decompiler-explorer | mit | 1008 |
| [https://github.com/MerginMaps/geodiff](https://github.com/MerginMaps/geodiff) | Library for handling diffs for geospatial data | MerginMaps | mit | 116 |
| [https://github.com/akvorado/akvorado](https://github.com/akvorado/akvorado) | Flow collector, hydrater and visualizer | akvorado | agpl-3.0 | 488 |
| [https://github.com/p1ngul1n0/blackbird](https://github.com/p1ngul1n0/blackbird) | An OSINT tool to search for accounts by username in social networks. | p1ngul1n0 | | 1193 |
| [https://github.com/koenrh/s3enum](https://github.com/koenrh/s3enum) | Fast and stealthy Amazon S3 bucket enumeration tool for pentesters. | koenrh | isc | 151 |
| [https://github.com/wheybags/glibc_version_header](https://github.com/wheybags/glibc_version_header) | Build portable Linux binaries without using an ancient distro | wheybags | mit | 587 |
| [https://github.com/rudyerudite/AngErza](https://github.com/rudyerudite/AngErza) | Toy implementation of a Automated Exploit Generation built on Angr; stiched using radare, pwntools, pyelftools, and Angrop. | rudyerudite | | 9 |
| [https://github.com/dagrejs/dagre-d3](https://github.com/dagrejs/dagre-d3) | :no_entry: [DEPRECATED] - A D3-based renderer for Dagre | dagrejs | mit | 2704 |
| [https://github.com/uknowsec/SweetPotato](https://github.com/uknowsec/SweetPotato) | Modifying SweetPotato to support load shellcode and webshell | uknowsec | | 512 |
| [https://github.com/RfidResearchGroup/proxmark3](https://github.com/RfidResearchGroup/proxmark3) | The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator | RfidResearchGroup | gpl-3.0 | 2121 |
| [https://github.com/ail-project/ail-typo-website](https://github.com/ail-project/ail-typo-website) | Website for ail-typo-squatting library | ail-project | apache-2.0 | 22 |
| [https://github.com/sartlabs/0days](https://github.com/sartlabs/0days) | | sartlabs | | 1 |
| [https://github.com/adulau/mmdb-server](https://github.com/adulau/mmdb-server) | mmdb-server is an open source fast API server to lookup IP addresses for their geographic location. | adulau | agpl-3.0 | 64 |
| [https://github.com/pocketbase/pocketbase](https://github.com/pocketbase/pocketbase) | Open Source realtime backend in 1 file | pocketbase | mit | 15592 |
| [https://github.com/pdfminer/pdfminer.six](https://github.com/pdfminer/pdfminer.six) | Community maintained fork of pdfminer - we fathom PDF | pdfminer | mit | 3943 |
| [https://github.com/py-pdf/PyPDF2](https://github.com/py-pdf/PyPDF2) | A pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files | py-pdf | other | 4857 |
| [https://github.com/nttgin/BGPalerter](https://github.com/nttgin/BGPalerter) | BGP and RPKI monitoring tool. Pre-configured for real-time detection of visibility loss, RPKI invalid announcements, hijacks, ROA misconfiguration, and more. | nttgin | bsd-3-clause | 569 |
| [https://github.com/formatc1702/WireViz](https://github.com/formatc1702/WireViz) | Easily document cables and wiring harnesses | formatc1702 | gpl-3.0 | 2616 |
| [https://github.com/fventuri/nrsc5](https://github.com/fventuri/nrsc5) | NRSC-5 receiver for SDRplay API, SoapySDR, and RTL-SDR | fventuri | other | 7 |
| [https://github.com/fventuri/gr-sdrplay3](https://github.com/fventuri/gr-sdrplay3) | Out-of-tree GNU Radio module for SDRplay RSP devices - SDRplay API V3.X | fventuri | gpl-3.0 | 14 |
| [https://github.com/Arachnid/evmdis](https://github.com/Arachnid/evmdis) | EVM disassembler | Arachnid | apache-2.0 | 456 |
| [https://github.com/dbarzin/pandora-box](https://github.com/dbarzin/pandora-box) | USB Scanning device | dbarzin | gpl-3.0 | 10 |
| [https://github.com/GlobalCyberAlliance/DomainSecurityScanner](https://github.com/GlobalCyberAlliance/DomainSecurityScanner) | Single or bulk scan of domains for SPF, DKIM, or DMARC records. | GlobalCyberAlliance | apache-2.0 | 75 |
| [https://github.com/alasdairtran/radflow](https://github.com/alasdairtran/radflow) | [TheWebConf 2021] Radflow: A Recurrent, Aggregated, and Decomposable Model for Networks of Time Series | alasdairtran | | 24 |
| [https://github.com/simsong/hashdb](https://github.com/simsong/hashdb) | hashdb block hash database tool and API | simsong | other | 2 |
| [https://github.com/whichbuffer/Lockbit-Black-3.0](https://github.com/whichbuffer/Lockbit-Black-3.0) | | whichbuffer | apache-2.0 | 14 |
| [https://github.com/yardenshafir/IoRingReadWritePrimitive](https://github.com/yardenshafir/IoRingReadWritePrimitive) | Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2 | yardenshafir | mit | 90 |
| [https://github.com/TakahiroHaruyama/SpiMitm](https://github.com/TakahiroHaruyama/SpiMitm) | SPI flash read MitM attack PoC | TakahiroHaruyama | bsd-2-clause | 31 |
| [https://github.com/gusmanb/logicanalyzer](https://github.com/gusmanb/logicanalyzer) | 24 channel, 100Msps logic analyzer hardware and software | gusmanb | gpl-3.0 | 749 |
| [https://github.com/espegro/timespotter](https://github.com/espegro/timespotter) | First seen / last seen web service based on sha256 | espegro | mit | 3 |
| [https://github.com/espegro/tulip](https://github.com/espegro/tulip) | Simple stable bloomfilter web service | espegro | mit | 2 |
| [https://github.com/JupiterOne/security-policy-builder](https://github.com/JupiterOne/security-policy-builder) | CLI for generating policies, standards and control procedures (PSP) documentation in Markdown and publishing to JupiterOne or Confluence | JupiterOne | mpl-2.0 | 52 |
| [https://github.com/sikkerhet/sysmon-info](https://github.com/sikkerhet/sysmon-info) | Sysmon info corpus | sikkerhet | | 7 |
| [https://github.com/h3xduck/TripleCross](https://github.com/h3xduck/TripleCross) | A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities. | h3xduck | gpl-3.0 | 1206 |
| [https://github.com/winterknife/PINKPANTHER](https://github.com/winterknife/PINKPANTHER) | Windows x64 handcrafted token stealing kernel-mode shellcode | winterknife | gpl-3.0 | 444 |
| [https://github.com/pluribus-one/gdpr-registry-app](https://github.com/pluribus-one/gdpr-registry-app) | Open-source web application to keep track of all data processing activities prefigured by GDPR Article 30 "Records of processing activities". | pluribus-one | other | 16 |
| [https://github.com/cyentific-rni/security-playbook-stix-misp-exchange](https://github.com/cyentific-rni/security-playbook-stix-misp-exchange) | This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that make use of the Security Playbook extension and MISP Security Playbook objects. | cyentific-rni | mit | 10 |
| [https://github.com/eCrimeLabs/MISP-PurgeEvents](https://github.com/eCrimeLabs/MISP-PurgeEvents) | Cleanup of older MISP events can require some work until now | eCrimeLabs | mit | 13 |
| [https://github.com/pydot/pydot](https://github.com/pydot/pydot) | Python interface to Graphviz's Dot language | pydot | mit | 721 |
| [https://github.com/pplonski/automated-pdf-reports-python](https://github.com/pplonski/automated-pdf-reports-python) | Automated PDF Reports with Python | pplonski | mit | 16 |
| [https://github.com/projectdiscovery/tlsx](https://github.com/projectdiscovery/tlsx) | Fast and configurable TLS grabber focused on TLS based data collection. | projectdiscovery | mit | 466 |
| [https://github.com/multiprocessio/dsq](https://github.com/multiprocessio/dsq) | Commandline tool for running SQL queries against JSON, CSV, Excel, Parquet, and more. | multiprocessio | other | 2861 |
| [https://github.com/0xsp-SRD/callback_injection-Csharp](https://github.com/0xsp-SRD/callback_injection-Csharp) | this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback functions | 0xsp-SRD | mit | 75 |
| [https://github.com/NullArray/MaliciousDLLGen](https://github.com/NullArray/MaliciousDLLGen) | Malicious DLL Generator in Py3 | NullArray | | 20 |
| [https://github.com/usnistgov/macos_security](https://github.com/usnistgov/macos_security) | macOS Security Compliance Project | usnistgov | other | 970 |
| [https://github.com/pts/pts-zcat](https://github.com/pts/pts-zcat) | portable and minimalistic Flate decompression filter | pts | | 4 |
| [https://github.com/vysecurity/LinkedInt](https://github.com/vysecurity/LinkedInt) | LinkedIn Recon Tool | vysecurity | mit | 818 |
| [https://github.com/ninoseki/abuse_whois](https://github.com/ninoseki/abuse_whois) | Yet another way to find where to report an abuse | ninoseki | mit | 20 |
| [https://github.com/facelessuser/pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | Extensions for Python Markdown | facelessuser | other | 657 |
| [https://github.com/Dfte/Impersonate](https://github.com/Dfte/Impersonate) | Binary and CrackMapExec module to impersonate tokens on a windows machine | Dfte | | 40 |
| [https://github.com/zhukovyuri/VIINA](https://github.com/zhukovyuri/VIINA) | VIINA: Violent Incident Information from News Articles on the 2022 Russian Invasion of Ukraine | zhukovyuri | | 124 |
| [https://github.com/commoncrawl/cc-crawl-statistics](https://github.com/commoncrawl/cc-crawl-statistics) | Statistics of Common Crawl monthly archives mined from URL index files | commoncrawl | apache-2.0 | 61 |
| [https://github.com/aligungr/UERANSIM](https://github.com/aligungr/UERANSIM) | Open source 5G UE and RAN (gNodeB) implementation. | aligungr | gpl-3.0 | 480 |
| [https://github.com/optiv/Mangle](https://github.com/optiv/Mangle) | Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs | optiv | mit | 671 |
| [https://github.com/hasherezade/pe_to_shellcode](https://github.com/hasherezade/pe_to_shellcode) | Converts PE into a shellcode | hasherezade | bsd-2-clause | 1570 |
| [https://github.com/yandex/YaLM-100B](https://github.com/yandex/YaLM-100B) | Pretrained language model with 100B parameters | yandex | apache-2.0 | 3089 |
| [https://github.com/timtaylor3/UAC_processor](https://github.com/timtaylor3/UAC_processor) | | timtaylor3 | apache-2.0 | 3 |
| [https://github.com/tclahr/uac](https://github.com/tclahr/uac) | UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts. | tclahr | apache-2.0 | 271 |
| [https://github.com/mattnotmax/hash_hunter](https://github.com/mattnotmax/hash_hunter) | Command-line tool to search for malware samples in various repositories | mattnotmax | | 4 |
| [https://github.com/D3Ext/WEF](https://github.com/D3Ext/WEF) | Wi-Fi Exploitation Framework | D3Ext | other | 1361 |
| [https://github.com/zodiacon/TotalRegistry](https://github.com/zodiacon/TotalRegistry) | Total Registry - enhanced Registry editor/viewer | zodiacon | mit | 1021 |
| [https://github.com/microsoft/avml](https://github.com/microsoft/avml) | AVML - Acquire Volatile Memory for Linux | microsoft | mit | 576 |
| [https://github.com/hashlookup/hashlookup-gui](https://github.com/hashlookup/hashlookup-gui) | Provides a multi-platform Graphical User Interface for hashlookup | hashlookup | agpl-3.0 | 9 |
| [https://github.com/sachaos/viddy](https://github.com/sachaos/viddy) | 👀 A modern watch command. Time machine and pager etc. | sachaos | mit | 3775 |
| [https://github.com/google/cloud-forensics-utils](https://github.com/google/cloud-forensics-utils) | Python library to carry out DFIR analysis on the Cloud | google | apache-2.0 | 327 |
| [https://github.com/kochrt/markwhen](https://github.com/kochrt/markwhen) | Make a cascading timeline from markdown-like text. Supports simple American/European date styles, ISO8601, images, links, locations, and more. | kochrt | agpl-3.0 | 2027 |
| [https://github.com/DavidCruciani/feed_Hashlookup](https://github.com/DavidCruciani/feed_Hashlookup) | | DavidCruciani | | 1 |
| [https://github.com/citusdata/citus](https://github.com/citusdata/citus) | Distributed PostgreSQL as an extension | citusdata | agpl-3.0 | 7516 |
| [https://github.com/webrecorder/warcio](https://github.com/webrecorder/warcio) | Streaming WARC/ARC library for fast web archive IO | webrecorder | apache-2.0 | 267 |
| [https://github.com/unreaIuser/dll-encryptor](https://github.com/unreaIuser/dll-encryptor) | C++ Dll-Encryptor, makes you able to stream a dll without touching your disk. (Can be used to prevent from cracking). | unreaIuser | | 46 |
| [https://github.com/YuzukiHD/YuzukiHCC](https://github.com/YuzukiHD/YuzukiHCC) | Ultra low cost HDMI-USB Video Acquisition (HDMI Capture Card) based on MS2109 | YuzukiHD | other | 31 |
| [https://github.com/0x000050/cve](https://github.com/0x000050/cve) | Gather and update all available and newest CVEs with their PoC. | 0x000050 | mit | 1 |
| [https://github.com/imran-parray/Mind-Maps](https://github.com/imran-parray/Mind-Maps) | Mind-Maps of Several Things | imran-parray | | 1170 |
| [https://github.com/paulmillr/micro-otp](https://github.com/paulmillr/micro-otp) | One Time Password generation via RFC 6238 | paulmillr | mit | 21 |
| [https://github.com/gtworek/PSBits](https://github.com/gtworek/PSBits) | Simple (relatively) things allowing you to dig a bit deeper than usual. | gtworek | unlicense | 1760 |
| [https://github.com/DarthTon/Blackbone](https://github.com/DarthTon/Blackbone) | Windows memory hacking library | DarthTon | mit | 3768 |
| [https://github.com/trustedsec/SliverKeylogger](https://github.com/trustedsec/SliverKeylogger) | | trustedsec | mit | 108 |
| [https://github.com/DHARPA-Project/kiara](https://github.com/DHARPA-Project/kiara) | Data orchestration and management. | DHARPA-Project | mpl-2.0 | 6 |
| [https://github.com/CAIDA/commoncrawl-host-ip-mapper](https://github.com/CAIDA/commoncrawl-host-ip-mapper) | Crawler that retrieves commoncrawl's crawled hosts and their corresponding IPs | CAIDA | other | 8 |
| [https://github.com/darvid/python-hyperscan](https://github.com/darvid/python-hyperscan) | A CPython extension for the Hyperscan regular expression matching library. | darvid | mit | 115 |
| [https://github.com/NtQuerySystemInformation/Malware-RE-papers](https://github.com/NtQuerySystemInformation/Malware-RE-papers) | Here are some of my malware reversing papers that I will be publishing | NtQuerySystemInformation | | 26 |
| [https://github.com/manticoresoftware/manticoresearch](https://github.com/manticoresoftware/manticoresearch) | Easy to use open source fast database for search | Good alternative to Elasticsearch now | Drop-in replacement for E in the ELK soon | manticoresoftware | gpl-2.0 | 2218 |
| [https://github.com/hardenedvault/ved](https://github.com/hardenedvault/ved) | Vault Exploit Defense | hardenedvault | other | 80 |
| [https://github.com/adulau/hashlookup-server](https://github.com/adulau/hashlookup-server) | Fast lookup server for NSRL and other hash database used in digital forensic | adulau | agpl-3.0 | 32 |
| [https://github.com/TalEliyahu/awesome-security-newsletters](https://github.com/TalEliyahu/awesome-security-newsletters) | Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks | TalEliyahu | gpl-2.0 | 347 |
| [https://github.com/emalderson/ThePhish](https://github.com/emalderson/ThePhish) | ThePhish: an automated phishing email analysis tool | emalderson | agpl-3.0 | 649 |
| [https://github.com/CeresDB/ceresdb](https://github.com/CeresDB/ceresdb) | CeresDB is a high-performance, distributed, cloud native time-series database that can handle both time-series and analytics workloads. | CeresDB | apache-2.0 | 1683 |
| [https://github.com/ANSSI-FR/sftp2misp](https://github.com/ANSSI-FR/sftp2misp) | Automation script to download JSON MISP files from a SFTP server and import them via API to a MISP instance. | ANSSI-FR | gpl-3.0 | 8 |
| [https://github.com/jcabrero/multfs_public](https://github.com/jcabrero/multfs_public) | The implementation of the Underground Forum Parser for the identification of related accounts. | jcabrero | | 3 |
| [https://github.com/SecIdiot/TransitionalPeriod](https://github.com/SecIdiot/TransitionalPeriod) | Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits | SecIdiot | | 32 |
| [https://github.com/cr-marcstevens/hashclash](https://github.com/cr-marcstevens/hashclash) | Project HashClash - MD5 & SHA-1 cryptanalysis | cr-marcstevens | other | 500 |
| [https://github.com/ail-project/ail-exchange-format](https://github.com/ail-project/ail-exchange-format) | AIL Exchange Format | ail-project | bsd-2-clause | 3 |
| [https://github.com/thunlp/PL-Marker](https://github.com/thunlp/PL-Marker) | Source code for "Packed Levitated Marker for Entity and Relation Extraction" | thunlp | mit | 161 |
| [https://github.com/ninoseki/misp-gateway](https://github.com/ninoseki/misp-gateway) | API gateway for MISP | ninoseki | mit | 11 |
| [https://github.com/miroslavpejic85/mirotalk](https://github.com/miroslavpejic85/mirotalk) | 🚀 WebRTC - P2P - Simple, Secure, Fast Real-Time Video Conferences Up to 4k and 60fps, compatible with all browsers and platforms. | miroslavpejic85 | agpl-3.0 | 1347 |
| [https://github.com/marcinguy/betterscan-ce](https://github.com/marcinguy/betterscan-ce) | Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE) | marcinguy | other | 323 |
| [https://github.com/westerndigitalcorporation/libzbd](https://github.com/westerndigitalcorporation/libzbd) | Zoned block device manipulation library and tools | westerndigitalcorporation | | 38 |
| [https://github.com/josevcm/nfc-laboratory](https://github.com/josevcm/nfc-laboratory) | NFC signal and protocol analyzer using SDR receiver | josevcm | mit | 176 |
| [https://github.com/LMMS/lmms](https://github.com/LMMS/lmms) | Cross-platform music production software | LMMS | gpl-2.0 | 6226 |
| [https://github.com/pierrafleur/bibliopen-source](https://github.com/pierrafleur/bibliopen-source) | | pierrafleur | cc0-1.0 | 5 |
| [https://github.com/phiresky/sql.js-httpvfs](https://github.com/phiresky/sql.js-httpvfs) | | phiresky | apache-2.0 | 2926 |
| [https://github.com/apache/tika](https://github.com/apache/tika) | The Apache Tika toolkit detects and extracts metadata and text from over a thousand different file types (such as PPT, XLS, and PDF). | apache | apache-2.0 | 1537 |
| [https://github.com/EdwardRaff/pyBWMD](https://github.com/EdwardRaff/pyBWMD) | Implementation of A New Burrows Wheeler Transform Markov Distance | EdwardRaff | | 9 |
| [https://github.com/dedupeio/dedupe](https://github.com/dedupeio/dedupe) | :id: A python library for accurate and scalable fuzzy matching, record deduplication and entity-resolution. | dedupeio | mit | 3537 |
| [https://github.com/DerwenAI/kglab](https://github.com/DerwenAI/kglab) | Graph Data Science: an abstraction layer in Python for building knowledge graphs, integrated with popular graph libraries atop Pandas, NetworkX, RAPIDS, RDFlib, pySHACL, PyVis, morph-kgc, pslpython, pyarrow, etc. | DerwenAI | mit | 444 |
| [https://github.com/latchset/clevis](https://github.com/latchset/clevis) | Automated Encryption Framework | latchset | gpl-3.0 | 578 |
| [https://github.com/radareorg/esilsolve](https://github.com/radareorg/esilsolve) | A python symbolic execution framework using radare2's ESIL (Evaluable String Intermediate Language) | radareorg | mit | 136 |
| [https://github.com/MickaelBergem/dnsstresss](https://github.com/MickaelBergem/dnsstresss) | Simple Go program to stress test DNS servers | MickaelBergem | | 37 |
| [https://github.com/bats3c/darkarmour](https://github.com/bats3c/darkarmour) | Windows AV Evasion | bats3c | mit | 562 |
| [https://github.com/ossu/computer-science](https://github.com/ossu/computer-science) | :mortar_board: Path to a free self-taught education in Computer Science! | ossu | mit | 126497 |
| [https://github.com/tap-ir/tapir](https://github.com/tap-ir/tapir) | TAPIR is a multi-user, client/server, incident response framework | tap-ir | gpl-3.0 | 30 |
| [https://github.com/LIAAD/yake](https://github.com/LIAAD/yake) | Single-document unsupervised keyword extraction | LIAAD | other | 1197 |
| [https://github.com/EdwardRaff/LZJD](https://github.com/EdwardRaff/LZJD) | C++ implementation of LZJD algorithm | EdwardRaff | apache-2.0 | 9 |
| [https://github.com/COSSAS/nedagen](https://github.com/COSSAS/nedagen) | NEDAGEN - A Network traffic Dataset Generator for Network-based Intrusion Detection Systems | COSSAS | mpl-2.0 | 2 |
| [https://github.com/danielealbano/cachegrand](https://github.com/danielealbano/cachegrand) | cachegrand - a modern OSS Key-Value store built for today's hardware | danielealbano | bsd-3-clause | 767 |
| [https://github.com/ANSSI-FR/DFIR4vSphere](https://github.com/ANSSI-FR/DFIR4vSphere) | Powershell module for VMWare vSphere forensics | ANSSI-FR | gpl-3.0 | 93 |
| [https://github.com/kevthehermit/YaraManager](https://github.com/kevthehermit/YaraManager) | Web based Manager for Yara Rules | kevthehermit | gpl-2.0 | 50 |
| [https://github.com/Lissy93/dashy](https://github.com/Lissy93/dashy) | 🚀 A self-hostable personal dashboard built for you. Includes status-checking, widgets, themes, icon packs, a UI editor and tons more! | Lissy93 | mit | 8103 |
| [https://github.com/jwilk/python-syntax-errors](https://github.com/jwilk/python-syntax-errors) | no-op statements syntactically valid only since Python X.Y | jwilk | | 334 |
| [https://github.com/mattifestation/AntimalwareBlight](https://github.com/mattifestation/AntimalwareBlight) | Execute PowerShell code at the antimalware-light protection level. | mattifestation | bsd-3-clause | 115 |
| [https://github.com/airbus-cert/ttddbg](https://github.com/airbus-cert/ttddbg) | Time Travel Debugging IDA plugin | airbus-cert | apache-2.0 | 413 |
| [https://github.com/commial/experiments](https://github.com/commial/experiments) | Expriments | commial | | 358 |
| [https://github.com/WerWolv/Decompiler](https://github.com/WerWolv/Decompiler) | A WIP disassember and decompiler written in modern C++ with the goal to do as much work during compile time as possible | WerWolv | | 12 |
| [https://github.com/algorithm-archivists/algorithm-archive](https://github.com/algorithm-archivists/algorithm-archive) | A collaborative book on algorithms | algorithm-archivists | mit | 2047 |
| [https://github.com/drb-ra/C2IntelFeeds](https://github.com/drb-ra/C2IntelFeeds) | Automatically created C2 Feeds | drb-ra | other | 215 |
| [https://github.com/ANSSI-FR/AnoMark](https://github.com/ANSSI-FR/AnoMark) | Algorithme d'apprentissage statistique permettant de créer un modèle sur les lignes de commandes des évènements "Création de Processus", afin de détecter des anomalies dans les évènements futurs | ANSSI-FR | gpl-3.0 | 45 |
| [https://github.com/open-source-labs/Svelvet](https://github.com/open-source-labs/Svelvet) | A lightweight Svelte component library for building interactive node-based flow diagrams | open-source-labs | mit | 1309 |
| [https://github.com/cheat/cheatsheets](https://github.com/cheat/cheatsheets) | Community-sourced cheatsheets | cheat | | 1303 |
| [https://github.com/wikiZ/RedGuard](https://github.com/wikiZ/RedGuard) | RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check. | wikiZ | gpl-2.0 | 877 |
| [https://github.com/nikitavoloboev/alfred-my-mind](https://github.com/nikitavoloboev/alfred-my-mind) | Alfred workflow to search through my notes and bookmarks | nikitavoloboev | mit | 420 |
| [https://github.com/mushorg/glutton](https://github.com/mushorg/glutton) | Generic Low Interaction Honeypot | mushorg | mit | 190 |
| [https://github.com/openai/openai-python](https://github.com/openai/openai-python) | | openai | mit | 808 |
| [https://github.com/questdb/questdb](https://github.com/questdb/questdb) | An open source time-series database for fast ingest and SQL queries | questdb | apache-2.0 | 9595 |
| [https://github.com/batnoter/batnoter](https://github.com/batnoter/batnoter) | An open source, markdown-based, self-hosted note taking webapp. | batnoter | mit | 1791 |
| [https://github.com/D4-project/bgp-monitor](https://github.com/D4-project/bgp-monitor) | A tool for filtering BGP records, by AS numbers, prefixes, countries, etc ... | D4-project | apache-2.0 | 9 |
| [https://github.com/LiveMirror/pcshare](https://github.com/LiveMirror/pcshare) | | LiveMirror | | 65 |
| [https://github.com/webix-hub/webix](https://github.com/webix-hub/webix) | Stable releases of Webix UI - JavaScript library for building mobile and desktop web apps | webix-hub | gpl-3.0 | 395 |
| [https://github.com/lyshark/Windows-exploits](https://github.com/lyshark/Windows-exploits) | Windows 平台提权漏洞大合集,长期收集各种提权漏洞利用工具。 A large collection of rights raising vulnerabilities on the windows platform, which collects various rights raising vulnerability utilization tools for a long time. | lyshark | | 749 |
| [https://github.com/adulau/python-bloomfilter](https://github.com/adulau/python-bloomfilter) | Scalable Bloom Filter implemented in Python | adulau | mit | 7 |
| [https://github.com/chvancooten/follina.py](https://github.com/chvancooten/follina.py) | POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes | chvancooten | | 1055 |
| [https://github.com/4x1md/phone_rtty_interface](https://github.com/4x1md/phone_rtty_interface) | AFSK interface for Android smartphones and tablets. | 4x1md | mit | 23 |
| [https://github.com/BigCorvus/LORA-QWERTY-Communicator](https://github.com/BigCorvus/LORA-QWERTY-Communicator) | A tidy and feature-packed LORA QWERTY communication device based on a Blackberry Q10 keyboard, a nRF52840 and a 2.7'' Sharp Memory LCD | BigCorvus | mit | 137 |
| [https://github.com/moonD4rk/HackBrowserData](https://github.com/moonD4rk/HackBrowserData) | Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。 | moonD4rk | mit | 6448 |
| [https://github.com/hashishrajan/cloud-security-vulnerabilities](https://github.com/hashishrajan/cloud-security-vulnerabilities) | List of all the Publicly disclosed vulnerabilities of Public Cloud Provider like Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Oracle Cloud, IBM Cloud etc | hashishrajan | apache-2.0 | 208 |
| [https://github.com/abdulkadir-gungor/JPGtoMalware](https://github.com/abdulkadir-gungor/JPGtoMalware) | It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime. | abdulkadir-gungor | other | 276 |
| [https://github.com/kahing/goofys](https://github.com/kahing/goofys) | a high-performance, POSIX-ish Amazon S3 file system written in Go | kahing | apache-2.0 | 4363 |
| [https://github.com/BushidoUK/Open-source-tools-for-CTI](https://github.com/BushidoUK/Open-source-tools-for-CTI) | Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers | BushidoUK | | 279 |
| [https://github.com/vega/vega](https://github.com/vega/vega) | A visualization grammar. | vega | bsd-3-clause | 10056 |
| [https://github.com/jeFF0Falltrades/YARA-Signatures](https://github.com/jeFF0Falltrades/YARA-Signatures) | A collection of my public YARA signatures for various malware families | jeFF0Falltrades | | 20 |
| [https://github.com/alex-cart/LEAF](https://github.com/alex-cart/LEAF) | Linux Evidence Acquisition Framework | alex-cart | | 109 |
| [https://github.com/rhoot/sp](https://github.com/rhoot/sp) | Public domain string formatting micro-library for C++, based on python-style format strings. | rhoot | cc0-1.0 | 35 |
| [https://github.com/libyal/libyal](https://github.com/libyal/libyal) | Yet another library library (and tools) | libyal | apache-2.0 | 190 |
| [https://github.com/MarginResearch/cannoli](https://github.com/MarginResearch/cannoli) | High-performance QEMU memory and instruction tracing | MarginResearch | gpl-2.0 | 376 |
| [https://github.com/ixty/mandibule](https://github.com/ixty/mandibule) | linux elf injector for x86 x86_64 arm arm64 | ixty | | 255 |
| [https://github.com/ManimCommunity/manim](https://github.com/ManimCommunity/manim) | A community-maintained Python framework for creating mathematical animations. | ManimCommunity | mit | 11804 |
| [https://github.com/curated-intel/CTI-fundamentals](https://github.com/curated-intel/CTI-fundamentals) | A collection of papers, blogs, and resources that make up the quintessential aspects of cyber threat intelligence | curated-intel | | 307 |
| [https://github.com/DominicBreuker/pspy](https://github.com/DominicBreuker/pspy) | Monitor linux processes without root permissions | DominicBreuker | gpl-3.0 | 3187 |
| [https://github.com/alyakubov/blockpgp](https://github.com/alyakubov/blockpgp) | | alyakubov | | 19 |
| [https://github.com/somnathrakshit/geograpy3](https://github.com/somnathrakshit/geograpy3) | Extract place names from a URL or text, and add context to those names -- for example distinguishing between a country, region or city. | somnathrakshit | apache-2.0 | 74 |
| [https://github.com/xct/elevatedrv](https://github.com/xct/elevatedrv) | Simple Driver that elevates any process to SYSTEM | xct | | 5 |
| [https://github.com/WangYihang/SourceLeakHacker](https://github.com/WangYihang/SourceLeakHacker) | :bug: A multi threads web application source leak scanner | WangYihang | | 348 |
| [https://github.com/0xeb/ida-qscripts](https://github.com/0xeb/ida-qscripts) | An IDA plugin to increase productivity when developing scripts for IDA | 0xeb | mit | 192 |
| [https://github.com/Ch0pin/AVIator](https://github.com/Ch0pin/AVIator) | Antivirus evasion project | Ch0pin | gpl-3.0 | 789 |
| [https://github.com/scrapy/xtractmime](https://github.com/scrapy/xtractmime) | https://mimesniff.spec.whatwg.org/ implementation for Python | scrapy | bsd-3-clause | 11 |
| [https://github.com/PaddlePaddle/PaddleNLP](https://github.com/PaddlePaddle/PaddleNLP) | 👑 Easy-to-use and powerful NLP library with 🤗 Awesome model zoo, supporting wide-range of NLP tasks from research to industrial applications, including 🗂Text Classification, 🔍 Neural Search, ❓ Question Answering, Information Extraction, 📄 Document Intelligence, 💌 Sentiment Analysis and 🖼 Diffusion AICG system etc. | PaddlePaddle | apache-2.0 | 6263 |
| [https://github.com/sailay1996/CdpSvcLPE](https://github.com/sailay1996/CdpSvcLPE) | Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking) | sailay1996 | | 233 |
| [https://github.com/orlikoski/CyLR](https://github.com/orlikoski/CyLR) | CyLR - Live Response Collection Tool | orlikoski | gpl-3.0 | 511 |
| [https://github.com/nats-io/stan.go](https://github.com/nats-io/stan.go) | NATS Streaming System | nats-io | apache-2.0 | 684 |
| [https://github.com/MISP/MISP-RPM](https://github.com/MISP/MISP-RPM) | RPM packages for MISP | MISP | | 4 |
| [https://github.com/CybersecurityLuxembourg/cybersecurity.lu](https://github.com/CybersecurityLuxembourg/cybersecurity.lu) | Main portal of CYBERSECURITY Luxembourg: https://cybersecurity.lu/ | CybersecurityLuxembourg | bsd-2-clause | 3 |
| [https://github.com/Cargill/OpenSIEM-Logstash-Parsing](https://github.com/Cargill/OpenSIEM-Logstash-Parsing) | SIEM Logstash parsing for more than hundred technologies | Cargill | apache-2.0 | 144 |
| [https://github.com/DCSO/Blog_CyTec](https://github.com/DCSO/Blog_CyTec) | Repository to provide files related to our blog articles. | DCSO | | 11 |
| [https://github.com/eCrimeLabs/MISP2CbR](https://github.com/eCrimeLabs/MISP2CbR) | Utilizing your Threat data from a MISP instance into CarbonBlack Response by exposing the data in the Threat Intelligence Feed. | eCrimeLabs | mit | 17 |
| [https://github.com/facebookresearch/Kats](https://github.com/facebookresearch/Kats) | Kats, a kit to analyze time series data, a lightweight, easy-to-use, generalizable, and extendable framework to perform time series analysis, from understanding the key statistics and characteristics, detecting change points and anomalies, to forecasting future trends. | facebookresearch | mit | 4056 |
| [https://github.com/COSSAS/Certitude](https://github.com/COSSAS/Certitude) | CERTITUDE - A python package to classify malicious URLs | COSSAS | mpl-2.0 | 16 |
| [https://github.com/dnSpyEx/dnSpy](https://github.com/dnSpyEx/dnSpy) | Unofficial revival of the well known .NET debugger and assembly editor, dnSpy | dnSpyEx | gpl-3.0 | 2273 |
| [https://github.com/hrbrmstr/certstream-rust](https://github.com/hrbrmstr/certstream-rust) | Extract all domains from a CertStream-compatible CTL websockets server to RocksDB | hrbrmstr | mit | 5 |
| [https://github.com/zitadel/zitadel](https://github.com/zitadel/zitadel) | ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era. | zitadel | apache-2.0 | 1626 |
| [https://github.com/guidovranken/cryptofuzz](https://github.com/guidovranken/cryptofuzz) | Fuzzing cryptographic libraries. Magic bug printer go brrrr. | guidovranken | gpl-3.0 | 484 |
| [https://github.com/vlang/ui](https://github.com/vlang/ui) | Cross-platform UI library written in V | vlang | gpl-3.0 | 1843 |
| [https://github.com/hughsie/libjcat](https://github.com/hughsie/libjcat) | Library for reading and writing Jcat files | hughsie | lgpl-2.1 | 14 |
| [https://github.com/kazkansouh/DNSAdmin-DLL](https://github.com/kazkansouh/DNSAdmin-DLL) | Example implementation of DNSAdmin DLL PrivEsc attack | kazkansouh | gpl-3.0 | 21 |
| [https://github.com/EttusResearch/uhd](https://github.com/EttusResearch/uhd) | The USRP™ Hardware Driver Repository | EttusResearch | other | 720 |
| [https://github.com/nccgroup/Sniffle](https://github.com/nccgroup/Sniffle) | A sniffer for Bluetooth 5 and 4.x LE | nccgroup | gpl-3.0 | 584 |
| [https://github.com/ytisf/BirDuster](https://github.com/ytisf/BirDuster) | A multi threaded Python script designed to brute force directories and files names on webservers. | ytisf | mit | 62 |
| [https://github.com/veo/vbackdoor](https://github.com/veo/vbackdoor) | Hide process,port,self under Linux using the ld_preload | veo | | 99 |
| [https://github.com/iThreatopedia/iThreatopedia.github.io](https://github.com/iThreatopedia/iThreatopedia.github.io) | A happy place for detection engineers, purple teamers and threat hunters focusing on macOS. | iThreatopedia | gpl-3.0 | 17 |
| [https://github.com/squix78/json-streaming-parser](https://github.com/squix78/json-streaming-parser) | Arduino library for parsing potentially huge json streams on devices with scarce memory | squix78 | mit | 191 |
| [https://github.com/HadesW/mhy_exp](https://github.com/HadesW/mhy_exp) | Mhy Exp (exploit signed driver) | HadesW | | 123 |
| [https://github.com/fkie-cad/socbed](https://github.com/fkie-cad/socbed) | A Self-Contained Open-Source Cyberattack Experimentation Testbed | fkie-cad | gpl-3.0 | 18 |
| [https://github.com/Nisarg12/Veritas](https://github.com/Nisarg12/Veritas) | A hex viewer for the sleuths! | Nisarg12 | mit | 5 |
| [https://github.com/rickmark/apple-malicious-baseband](https://github.com/rickmark/apple-malicious-baseband) | Sample of a Malicious baseband signed by Apple | rickmark | | 7 |
| [https://github.com/beerisgood/macOS_Hardening](https://github.com/beerisgood/macOS_Hardening) | A collection about macOS | beerisgood | gpl-3.0 | 39 |
| [https://github.com/llsoftsec/llsoftsecbook](https://github.com/llsoftsec/llsoftsecbook) | Low-Level Software Security for Compiler Developers | llsoftsec | other | 136 |
| [https://github.com/tinylabs/crypto-sat-solve](https://github.com/tinylabs/crypto-sat-solve) | Python framework to solve crypto problems using grainofsalt and cryptominisat | tinylabs | | 10 |
| [https://github.com/westerndigitalcorporation/zenfs](https://github.com/westerndigitalcorporation/zenfs) | ZenFS is a storage backend for RocksDB that enables support for ZNS SSDs and SMR HDDs. | westerndigitalcorporation | gpl-2.0 | 136 |
| [https://github.com/lowlighter/metrics](https://github.com/lowlighter/metrics) | 📊 An infographics generator with 30+ plugins and 200+ options to display stats about your GitHub account and render them as SVG, Markdown, PDF or JSON! | lowlighter | mit | 8728 |
| [https://github.com/eurecom-s3/noise-sdr](https://github.com/eurecom-s3/noise-sdr) | Noise-SDR: Arbitrary Modulation of Electromagnetic Noise from Unprivileged Software and Its Impact on Emission Security | eurecom-s3 | gpl-3.0 | 11 |
| [https://github.com/just-the-docs/just-the-docs](https://github.com/just-the-docs/just-the-docs) | A modern, high customizable, responsive Jekyll theme for documention with built-in search. | just-the-docs | mit | 5001 |
| [https://github.com/BishopFox/bigip-scanner](https://github.com/BishopFox/bigip-scanner) | Determine the running software version of a remote F5 BIG-IP management interface. | BishopFox | mit | 22 |
| [https://github.com/JamesCooteUK/SharpSphere](https://github.com/JamesCooteUK/SharpSphere) | .NET Project for Attacking vCenter | JamesCooteUK | | 467 |
| [https://github.com/lamw/vcenter-event-mapping](https://github.com/lamw/vcenter-event-mapping) | | lamw | | 31 |
| [https://github.com/lainsce/notejot](https://github.com/lainsce/notejot) | Stupidly-simple notes app. | lainsce | gpl-3.0 | 320 |
| [https://github.com/ahrm/sioyek](https://github.com/ahrm/sioyek) | Sioyek is a PDF viewer designed for reading research papers and technical books. | ahrm | gpl-3.0 | 4087 |
| [https://github.com/badkeys/keypairvuln](https://github.com/badkeys/keypairvuln) | Private keys generated with vulnerable keypair versions (CVE-2021-41117) | badkeys | cc0-1.0 | 3 |
| [https://github.com/alufers/mitmproxy2swagger](https://github.com/alufers/mitmproxy2swagger) | Automagically reverse-engineer REST APIs via capturing traffic | alufers | | 4042 |
| [https://github.com/demisto/demisto-py](https://github.com/demisto/demisto-py) | Demisto Client for Python | demisto | apache-2.0 | 61 |
| [https://github.com/markdoc/markdoc](https://github.com/markdoc/markdoc) | A powerful, flexible, Markdown-based authoring framework. | markdoc | mit | 5552 |
| [https://github.com/COSSAS/dgad](https://github.com/COSSAS/dgad) | DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic | COSSAS | apache-2.0 | 24 |
| [https://github.com/KasperskyLab/Apihashes](https://github.com/KasperskyLab/Apihashes) | IDA Pro plugin for recognizing known hashes of API function names | KasperskyLab | other | 66 |
| [https://github.com/SciTools/cartopy](https://github.com/SciTools/cartopy) | Cartopy - a cartographic python library with matplotlib support | SciTools | lgpl-3.0 | 1124 |
| [https://github.com/mitmproxy/mitmproxy](https://github.com/mitmproxy/mitmproxy) | An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. | mitmproxy | mit | 29166 |
| [https://github.com/CERTCC/VINCE](https://github.com/CERTCC/VINCE) | VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform. | CERTCC | other | 38 |
| [https://github.com/demisto/content](https://github.com/demisto/content) | Demisto is now Cortex XSOAR. Automate and orchestrate your Security Operations with Cortex XSOAR's ever-growing Content Repository. Pull Requests are always welcome and highly appreciated! | demisto | mit | 870 |
| [https://github.com/cilium/tetragon](https://github.com/cilium/tetragon) | eBPF-based Security Observability and Runtime Enforcement | cilium | apache-2.0 | 1902 |
| [https://github.com/mantvydasb/RedTeaming-Tactics-and-Techniques](https://github.com/mantvydasb/RedTeaming-Tactics-and-Techniques) | Red Teaming Tactics and Techniques | mantvydasb | | 2762 |
| [https://github.com/hysnsec/awesome-threat-modelling](https://github.com/hysnsec/awesome-threat-modelling) | A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review. | hysnsec | cc0-1.0 | 778 |
| [https://github.com/ElectronicCats/magspoof](https://github.com/ElectronicCats/magspoof) | MagSpoof is a portable device that can spoof/emulate any magnetic stripe or credit card "wirelessly", even on standard magstripe readers. | ElectronicCats | | 41 |
| [https://github.com/eCrimeLabs/MISP-autotagging](https://github.com/eCrimeLabs/MISP-autotagging) | This script when executed searches for organisations with a specific UUID and add a dedicated local tag to the event. | eCrimeLabs | mit | 6 |
| [https://github.com/PacktPublishing/Cleaning-Data-for-Effective-Data-Science](https://github.com/PacktPublishing/Cleaning-Data-for-Effective-Data-Science) | Cleaning Data for Effective Data Science, published by Packt | PacktPublishing | mit | 67 |
| [https://github.com/ossf/package-feeds](https://github.com/ossf/package-feeds) | Feed parsing for language package manager updates | ossf | apache-2.0 | 51 |
| [https://github.com/ossf/package-analysis](https://github.com/ossf/package-analysis) | Open Source Package Analysis | ossf | apache-2.0 | 542 |
| [https://github.com/hmaccelerate/DGA_Detection](https://github.com/hmaccelerate/DGA_Detection) | DGA Detection with ML and DL | hmaccelerate | mit | 22 |
| [https://github.com/RITRedteam/goofkit](https://github.com/RITRedteam/goofkit) | In line function hooking LKM rootkit | RITRedteam | mit | 44 |
| [https://github.com/pojntfx/keygaen](https://github.com/pojntfx/keygaen) | Sign, verify, encrypt and decrypt data with PGP in your browser. | pojntfx | agpl-3.0 | 78 |
| [https://github.com/pojntfx/weron](https://github.com/pojntfx/weron) | Overlay networks based on WebRTC. | pojntfx | agpl-3.0 | 1195 |
| [https://github.com/bigb0sss/RedTeam-OffensiveSecurity](https://github.com/bigb0sss/RedTeam-OffensiveSecurity) | Tools & Interesting Things for RedTeam Ops | bigb0sss | mit | 1577 |
| [https://github.com/tsale/BlueSploit](https://github.com/tsale/BlueSploit) | BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review. | tsale | apache-2.0 | 28 |
| [https://github.com/LemmyNet/lemmy](https://github.com/LemmyNet/lemmy) | 🐀 A link aggregator and forum for the fediverse | LemmyNet | agpl-3.0 | 6874 |
| [https://github.com/microsoft/debugpy](https://github.com/microsoft/debugpy) | An implementation of the Debug Adapter Protocol for Python | microsoft | other | 990 |
| [https://github.com/bytecode77/r77-rootkit](https://github.com/bytecode77/r77-rootkit) | Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc. | bytecode77 | bsd-2-clause | 929 |
| [https://github.com/jordan2175/rewritecap](https://github.com/jordan2175/rewritecap) | Tool for rebasing a PCAP file and editing layer2 and layer 3 addresses | jordan2175 | apache-2.0 | 15 |
| [https://github.com/JulienPalard/python-versions](https://github.com/JulienPalard/python-versions) | Studying Python release adoptions by looking at PyPI downloads | JulienPalard | | 9 |
| [https://github.com/jgraph/drawio-desktop](https://github.com/jgraph/drawio-desktop) | Official electron build of draw.io | jgraph | apache-2.0 | 34943 |
| [https://github.com/anestisb/vdexExtractor](https://github.com/anestisb/vdexExtractor) | Tool to decompile & extract Android Dex bytecode from Vdex files | anestisb | apache-2.0 | 867 |
| [https://github.com/TimMisiak/WinDbgCookbook](https://github.com/TimMisiak/WinDbgCookbook) | This is a repo for small, useful scripts and extensions | TimMisiak | mit | 167 |
| [https://github.com/bbayles/network-finder](https://github.com/bbayles/network-finder) | Python library to match IP addresses to encompassing networks | bbayles | mit | 4 |
| [https://github.com/nomi-sec/PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub) | 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware. | nomi-sec | | 4474 |
| [https://github.com/hometown-fork/hometown](https://github.com/hometown-fork/hometown) | A supported fork of Mastodon that provides local posting and a wider range of content types. | hometown-fork | agpl-3.0 | 388 |
| [https://github.com/0xbitx/dedsecimsi](https://github.com/0xbitx/dedsecimsi) | sms sniffer and imsi catcher | 0xbitx | | 38 |
| [https://github.com/mikeroyal/Digital-Forensics-Guide](https://github.com/mikeroyal/Digital-Forensics-Guide) | Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics. | mikeroyal | | 654 |
| [https://github.com/xoolive/traffic](https://github.com/xoolive/traffic) | A toolbox for processing and analysing air traffic data | xoolive | mit | 251 |
| [https://github.com/lyusupov/SoftRF](https://github.com/lyusupov/SoftRF) | :airplane: Multi-functional, compatible DIY general aviation proximity awareness system | lyusupov | gpl-3.0 | 515 |
| [https://github.com/utkusen/wholeaked](https://github.com/utkusen/wholeaked) | a file-sharing tool that allows you to find the responsible person in case of a leakage | utkusen | bsd-3-clause | 722 |
| [https://github.com/D4stiny/spectre](https://github.com/D4stiny/spectre) | A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine. | D4stiny | gpl-3.0 | 553 |
| [https://github.com/the-h3x/H3X-CCTV](https://github.com/the-h3x/H3X-CCTV) | Good dork to find vulnerable CCTV cameras | the-h3x | | 55 |
| [https://github.com/quickwit-oss/quickwit](https://github.com/quickwit-oss/quickwit) | Cloud-native search engine for log management & analytics | quickwit-oss | other | 2624 |
| [https://github.com/oriansj/stage0](https://github.com/oriansj/stage0) | A set of minimal dependency bootstrap binaries | oriansj | gpl-3.0 | 787 |
| [https://github.com/RITRedteam/Father](https://github.com/RITRedteam/Father) | LD_PRELOAD rootkit | RITRedteam | unlicense | 8 |
| [https://github.com/marcnewlin/human-detector-detector](https://github.com/marcnewlin/human-detector-detector) | proof-of-concept firmware to stream IQ over USB from Seeed MR24D11C10 radar module | marcnewlin | mit | 24 |
| [https://github.com/Saul-Mirone/milkdown](https://github.com/Saul-Mirone/milkdown) | 🍼 Plugin driven WYSIWYG markdown editor framework. | Saul-Mirone | mit | 6766 |
| [https://github.com/Zeex/subhook](https://github.com/Zeex/subhook) | Simple hooking library for C/C++ (x86 only, 32/64-bit, no dependencies) | Zeex | bsd-2-clause | 646 |
| [https://github.com/cas1m1r/Titleist](https://github.com/cas1m1r/Titleist) | Finding suspicious domains as they are registereed | cas1m1r | | 4 |
| [https://github.com/degrigis/awesome-angr](https://github.com/degrigis/awesome-angr) | A collection of resources/tools and analyses for the angr binary analysis framework. | degrigis | | 94 |
| [https://github.com/1N3/IntruderPayloads](https://github.com/1N3/IntruderPayloads) | A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists. | 1N3 | | 3133 |
| [https://github.com/shubham0d/low-level-hooker](https://github.com/shubham0d/low-level-hooker) | A linux kernel funtions hooking module | shubham0d | mit | 10 |
| [https://github.com/aaronkaplan/yaccviso](https://github.com/aaronkaplan/yaccviso) | A tool for visualizing yacc grammars by Aaron Kaplan (Modified slightly by me modify to build and not crash on macs) | aaronkaplan | gpl-2.0 | 7 |
| [https://github.com/microsoft/restler-fuzzer](https://github.com/microsoft/restler-fuzzer) | RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. | microsoft | mit | 1789 |
| [https://github.com/Leeon123/CC-attack](https://github.com/Leeon123/CC-attack) | Using Socks4/5 or http proxies to make a multithreading Http-flood/Https-flood (cc) attack. | Leeon123 | gpl-2.0 | 594 |
| [https://github.com/janestreet/magic-trace](https://github.com/janestreet/magic-trace) | magic-trace collects and displays high-resolution traces of what a process is doing | janestreet | mit | 3902 |
| [https://github.com/Lookyloo/PlaywrightCapture](https://github.com/Lookyloo/PlaywrightCapture) | Capture a URL with Playwright | Lookyloo | other | 8 |
| [https://github.com/0x4D31/hassh-utils](https://github.com/0x4D31/hassh-utils) | hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh) | 0x4D31 | bsd-3-clause | 44 |
| [https://github.com/bagder/uncurled](https://github.com/bagder/uncurled) | Uncurled - everything I know and learned about running and maintaining Open Source projects for three decades. | bagder | cc-by-4.0 | 448 |
| [https://github.com/GaloisInc/reopt](https://github.com/GaloisInc/reopt) | A tool for analyzing x86-64 binaries. | GaloisInc | bsd-3-clause | 260 |
| [https://github.com/tillson/git-hound](https://github.com/tillson/git-hound) | Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system. | tillson | mit | 917 |
| [https://github.com/mechanicalnull/phantasm](https://github.com/mechanicalnull/phantasm) | Binary Ninja plugin for visualizing coverage over time | mechanicalnull | mit | 16 |
| [https://github.com/vmallet/ida-plugins](https://github.com/vmallet/ida-plugins) | An interactive list of plugins for hex-rays' IDA Pro | vmallet | mit | 92 |
| [https://github.com/Cisco-Talos/binary_function_similarity](https://github.com/Cisco-Talos/binary_function_similarity) | | Cisco-Talos | mit | 119 |
| [https://github.com/pump-io/pump.io](https://github.com/pump-io/pump.io) | Social server with an ActivityStreams API | pump-io | apache-2.0 | 2129 |
| [https://github.com/alecalve/python-bitcoin-blockchain-parser](https://github.com/alecalve/python-bitcoin-blockchain-parser) | A Python 3 Bitcoin blockchain parser | alecalve | other | 387 |
| [https://github.com/sebdraven/IOCmite](https://github.com/sebdraven/IOCmite) | Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert | sebdraven | mit | 26 |
| [https://github.com/telekom-security/misp-releases](https://github.com/telekom-security/misp-releases) | | telekom-security | | 5 |
| [https://github.com/aleprada/otx_2_misp](https://github.com/aleprada/otx_2_misp) | Script for gathering IoCs from OTX (AlienVault) and sending them to MISP. | aleprada | | 10 |
| [https://github.com/monarc-project/ansible-ubuntu](https://github.com/monarc-project/ansible-ubuntu) | Deployment of MONARC with Ansible | monarc-project | | 2 |
| [https://github.com/krsh/seer](https://github.com/krsh/seer) | Seer is a tool that recognizes the architecture of a binary file | krsh | bsd-3-clause | 85 |
| [https://github.com/cloudsecurityalliance/gsd-database](https://github.com/cloudsecurityalliance/gsd-database) | Global Security Database | cloudsecurityalliance | cc0-1.0 | 176 |
| [https://github.com/trinodb/trino](https://github.com/trinodb/trino) | Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io) | trinodb | apache-2.0 | 6459 |
| [https://github.com/FelixBer/FindFunc](https://github.com/FelixBer/FindFunc) | FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. | FelixBer | | 197 |
| [https://github.com/IRATEAU/sam-bot](https://github.com/IRATEAU/sam-bot) | Bot to create MISP events from data in Slack | IRATEAU | | 16 |
| [https://github.com/forensicanalysis/artifactcollector](https://github.com/forensicanalysis/artifactcollector) | 🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system | forensicanalysis | mit | 173 |
| [https://github.com/PostgREST/postgrest](https://github.com/PostgREST/postgrest) | REST API for any Postgres database | PostgREST | mit | 19381 |
| [https://github.com/NextronSystems/evtx-baseline](https://github.com/NextronSystems/evtx-baseline) | A repository hosting example goodware evtx logs containing sample software installation and basic user interaction | NextronSystems | apache-2.0 | 39 |
| [https://github.com/sourque/louis](https://github.com/sourque/louis) | Linux EDR written in Golang and based on eBPF. | sourque | gpl-2.0 | 212 |
| [https://github.com/jcrona/rf-ctrl](https://github.com/jcrona/rf-ctrl) | A command-line tool to control 433MHz OOK based devices | jcrona | gpl-2.0 | 40 |
| [https://github.com/abusix/xarf](https://github.com/abusix/xarf) | XARF - eXtended Abuse Reporting Format | abusix | mit | 60 |
| [https://github.com/ostafen/clover](https://github.com/ostafen/clover) | A lightweight document-oriented NoSQL database written in pure Golang. | ostafen | mit | 284 |
| [https://github.com/8C/skypehunt](https://github.com/8C/skypehunt) | OSINT Framework for Skype | | | 61 |
| [https://github.com/firefart/stunner](https://github.com/firefart/stunner) | Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. | firefart | other | 541 |
| [https://github.com/nesosuke/mastodon-install-script](https://github.com/nesosuke/mastodon-install-script) | 誰でもMastodonサーバーを立てられるようになるやつ(主語デカ) | nesosuke | gpl-3.0 | 13 |
| [https://github.com/minimaxir/big-list-of-naughty-strings](https://github.com/minimaxir/big-list-of-naughty-strings) | The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. | minimaxir | mit | 44087 |
| [https://github.com/Perdu/wombat](https://github.com/Perdu/wombat) | Wi-Fi tracking system for testing and demonstrational purpose | Perdu | gpl-3.0 | 26 |
| [https://github.com/d3sre/Use_Case_Applicability](https://github.com/d3sre/Use_Case_Applicability) | Security Monitoring Resolution Categories | d3sre | | 131 |
| [https://github.com/CAIDA/dbats](https://github.com/CAIDA/dbats) | DataBase of Aggregated Time Series | CAIDA | other | 2 |
| [https://github.com/kyleavery/TitanLdr](https://github.com/kyleavery/TitanLdr) | Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality. | kyleavery | | 97 |
| [https://github.com/bartblaze/Yara-rules](https://github.com/bartblaze/Yara-rules) | Collection of private Yara rules. | bartblaze | mit | 168 |
| [https://github.com/al0ne/Vxscan](https://github.com/al0ne/Vxscan) | python3写的综合扫描工具主要用来存活验证敏感文件探测(目录扫描/js泄露接口/html注释泄露)WAF/CDN识别端口扫描指纹/服务识别操作系统识别POC扫描SQL注入绕过CDN查询旁站等功能主要用来甲方自测或乙方授权测试请勿用来搞破坏。 | al0ne | apache-2.0 | 1518 |
| [https://github.com/infinitumitlabs/Karakurt-Hacking-Team-CTI](https://github.com/infinitumitlabs/Karakurt-Hacking-Team-CTI) | IOC Data Obtained From Karakurt Hacking Team's Internal Infrastructure | infinitumitlabs | mit | 30 |
| [https://github.com/joshhighet/ransomwatch](https://github.com/joshhighet/ransomwatch) | a ransomware-group observatory 🧅👹 | joshhighet | unlicense | 208 |
| [https://github.com/DataDog/security-labs-pocs](https://github.com/DataDog/security-labs-pocs) | Proof of concept code for Datadog Security Labs referenced exploits. | DataDog | other | 305 |
| [https://github.com/hash3liZer/SillyRAT](https://github.com/hash3liZer/SillyRAT) | A Cross Platform multifunctional (Windows/Linux/Mac) RAT. | hash3liZer | mit | 520 |
| [https://github.com/easystats/correlation](https://github.com/easystats/correlation) | :link: Methods for Correlation Analysis | easystats | gpl-3.0 | 356 |
| [https://github.com/herosi/CDIR](https://github.com/herosi/CDIR) | CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library | herosi | gpl-2.0 | 5 |
| [https://github.com/m0n0ph1/Process-Hollowing](https://github.com/m0n0ph1/Process-Hollowing) | Great explanation of Process Hollowing (a Technique often used in Malware) | m0n0ph1 | | 760 |
| [https://github.com/mnrkbys/macosac](https://github.com/mnrkbys/macosac) | Forensic Artifact Collection Tool for macOS | mnrkbys | apache-2.0 | 58 |
| [https://github.com/mandiant/thiri-notebook](https://github.com/mandiant/thiri-notebook) | The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules. | mandiant | apache-2.0 | 129 |
| [https://github.com/f4exb/sdrangel](https://github.com/f4exb/sdrangel) | SDR Rx/Tx software for Airspy, Airspy HF+, BladeRF, HackRF, LimeSDR, PlutoSDR, RTL-SDR, SDRplay RSP1 and FunCube | f4exb | gpl-3.0 | 1660 |
| [https://github.com/stopipv/isdi](https://github.com/stopipv/isdi) | ISDi (IPV Spyware Discovery) tool for Android and iOS. | stopipv | mit | 97 |
| [https://github.com/arsium/EagleMonitorRAT](https://github.com/arsium/EagleMonitorRAT) | Remote Access Tool Written In C# | arsium | agpl-3.0 | 267 |
| [https://github.com/packetrat/packethunting](https://github.com/packetrat/packethunting) | Resources and materials for DEF CON 2018 Packet Hunting Workshop | packetrat | | 75 |
| [https://github.com/bloomberg/fast-noise-aware-topic-clustering](https://github.com/bloomberg/fast-noise-aware-topic-clustering) | Research code and scripts used in the Silburt et al. (2021) EMNLP 2021 paper 'FANATIC: FAst Noise-Aware TopIc Clustering' | bloomberg | apache-2.0 | 7 |
| [https://github.com/bloomberg/memray](https://github.com/bloomberg/memray) | Memray is a memory profiler for Python | bloomberg | apache-2.0 | 9504 |
| [https://github.com/uber/orbit](https://github.com/uber/orbit) | A Python package for Bayesian forecasting with object-oriented design and probabilistic models under the hood. | uber | other | 1508 |
| [https://github.com/hmatuschek/ATU](https://github.com/hmatuschek/ATU) | Simple, portable automatic antenna tuner | hmatuschek | other | 9 |
| [https://github.com/JohnWoodman/VBA-Macro-Reverse-Shell](https://github.com/JohnWoodman/VBA-Macro-Reverse-Shell) | Fully functioning reverse shell written entirely in VBA. | JohnWoodman | | 72 |
| [https://github.com/danghvu/pwp](https://github.com/danghvu/pwp) | Python Web framework P0wner | danghvu | | 73 |
| [https://github.com/adamgreig/ecpdap](https://github.com/adamgreig/ecpdap) | ECPDAP allows you to program ECP5 FPGAs and attached SPI flash using CMSIS-DAP probes in JTAG mode. | adamgreig | apache-2.0 | 38 |
| [https://github.com/natesales/q](https://github.com/natesales/q) | A tiny command line DNS client with support for UDP, TCP, DoT, DoH, DoQ and ODoH. | natesales | gpl-3.0 | 898 |
| [https://github.com/0xdea/semgrep-rules](https://github.com/0xdea/semgrep-rules) | A collection of my Semgrep rules to facilitate vulnerability research. | 0xdea | mit | 239 |
| [https://github.com/tsafavi/codex](https://github.com/tsafavi/codex) | CoDEx: A set of knowledge graph Completion Datasets Extracted from Wikidata and Wikipedia | tsafavi | mit | 109 |
| [https://github.com/SECFORCE/sftp-exploit](https://github.com/SECFORCE/sftp-exploit) | OpenSSH <=6.6 SFTP misconfiguration universal exploit | SECFORCE | | 27 |
| [https://github.com/felixwilhelm/mario_baslr](https://github.com/felixwilhelm/mario_baslr) | PoC for breaking hypervisor ASLR using branch target buffer collisions | felixwilhelm | | 163 |
| [https://github.com/WB2CBA/ADX](https://github.com/WB2CBA/ADX) | ADX - Arduino Digital Modes HF Transceiver | WB2CBA | | 32 |
| [https://github.com/yoeo/guesslang](https://github.com/yoeo/guesslang) | Detect the programming language of a source code | yoeo | mit | 600 |
| [https://github.com/G73st/BypassAV](https://github.com/G73st/BypassAV) | c++ shellcode loader | G73st | | 63 |
| [https://github.com/Hadi999/NXcrypt](https://github.com/Hadi999/NXcrypt) | NXcrypt - 'python backdoor' framework | Hadi999 | | 352 |
| [https://github.com/cdimascio/py-readability-metrics](https://github.com/cdimascio/py-readability-metrics) | 📗 Score text readability using a number of formulas: Flesch-Kincaid Grade Level, Gunning Fog, ARI, Dale Chall, SMOG, and more | cdimascio | mit | 233 |
| [https://github.com/marktext/marktext](https://github.com/marktext/marktext) | 📝A simple and elegant markdown editor, available for Linux, macOS and Windows. | marktext | mit | 36838 |
| [https://github.com/trailofbits/pe-parse](https://github.com/trailofbits/pe-parse) | Principled, lightweight C/C++ PE parser | trailofbits | mit | 590 |
| [https://github.com/arget13/DDexec](https://github.com/arget13/DDexec) | A technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process. | arget13 | gpl-3.0 | 439 |
| [https://github.com/ka9q/ka9q-radio](https://github.com/ka9q/ka9q-radio) | Multichannel SDR based on fast convolution and IP multicasting | ka9q | gpl-3.0 | 60 |
| [https://github.com/iamckn/backdoors](https://github.com/iamckn/backdoors) | Simple linux backdoors and hiding techniques | iamckn | | 202 |
| [https://github.com/vasturiano/react-force-graph](https://github.com/vasturiano/react-force-graph) | React component for 2D, 3D, VR and AR force directed graphs | vasturiano | mit | 1248 |
| [https://github.com/dpalmasan/TRUNAJOD2.0](https://github.com/dpalmasan/TRUNAJOD2.0) | An easy-to-use library to extract indices from texts. | dpalmasan | mit | 22 |
| [https://github.com/bonjourmalware/melody](https://github.com/bonjourmalware/melody) | Melody is a transparent internet sensor built for threat intelligence. Supports custom tagging rules and vulnerable application simulation. | bonjourmalware | mit | 138 |
| [https://github.com/kagancapar/CVE-2022-29072](https://github.com/kagancapar/CVE-2022-29072) | 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. | kagancapar | gpl-3.0 | 673 |
| [https://github.com/giladreich/ida_migrator](https://github.com/giladreich/ida_migrator) | IDA Migrator is an IDA Pro plugin which helps migrate existing work from one database instance to another. It Conveniently migrates function names, structures and enums. | giladreich | mit | 65 |
| [https://github.com/g3gg0/dump1090](https://github.com/g3gg0/dump1090) | Dump1090 is a simple Mode S decoder for RTLSDR devices | g3gg0 | other | 1 |
| [https://github.com/CERT-Polska/training-mwdb](https://github.com/CERT-Polska/training-mwdb) | MWDB exercises | CERT-Polska | | 14 |
| [https://github.com/microsoft/playwright](https://github.com/microsoft/playwright) | Playwright is a framework for Web Testing and Automation. It allows testing Chromium, Firefox and WebKit with a single API. | microsoft | apache-2.0 | 44063 |
| [https://github.com/httpie/httpie](https://github.com/httpie/httpie) | 🥧 HTTPie for Terminal — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. | httpie | bsd-3-clause | 24541 |
| [https://github.com/ssdeep-project/ssdeep](https://github.com/ssdeep-project/ssdeep) | Fuzzy hashing API and fuzzy hashing tool | ssdeep-project | gpl-2.0 | 498 |
| [https://github.com/renatolond/mastodon-twitter-poster](https://github.com/renatolond/mastodon-twitter-poster) | Crossposter to post statuses between Mastodon and Twitter | renatolond | agpl-3.0 | 567 |
| [https://github.com/woodruffw/steg86](https://github.com/woodruffw/steg86) | Hiding messages in x86 programs using semantic duals | woodruffw | other | 206 |
| [https://github.com/cloudtools/ssh-cert-authority](https://github.com/cloudtools/ssh-cert-authority) | An implementation of an SSH certificate authority. | cloudtools | bsd-2-clause | 698 |
| [https://github.com/J535D165/recordlinkage](https://github.com/J535D165/recordlinkage) | A powerful and modular toolkit for record linkage and duplicate detection in Python | J535D165 | bsd-3-clause | 725 |
| [https://github.com/Johnng007/Live-Forensicator](https://github.com/Johnng007/Live-Forensicator) | Powershell Script to aid Incidence Response and Live Forensics | Johnng007 | | 310 |
| [https://github.com/dnote/dnote](https://github.com/dnote/dnote) | A simple command line notebook for programmers | dnote | other | 2396 |
| [https://github.com/ve7it/STM32F769-FT8-Transceiver](https://github.com/ve7it/STM32F769-FT8-Transceiver) | A DSP SDR project using a STM32f769 Disco board to field a self contained FT8 Transceiver utilizing SoftRock, UHFSDR , HobbyPCB RS-HFIQ SDR Transceiver Board and other SDR boards. | ve7it | | 3 |
| [https://github.com/ietf-tools/relaton-data-3gpp](https://github.com/ietf-tools/relaton-data-3gpp) | 3GPP data in Relaton format | ietf-tools | | 3 |
| [https://github.com/VollRagm/lpmapper](https://github.com/VollRagm/lpmapper) | A mapper that maps shellcode into loaded large page drivers | VollRagm | mit | 112 |
| [https://github.com/hakluke/hakrawler](https://github.com/hakluke/hakrawler) | Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application | hakluke | gpl-3.0 | 3315 |
| [https://github.com/JustinAzoff/pynfdump](https://github.com/JustinAzoff/pynfdump) | python wrapper for the nfdump cli application | JustinAzoff | | 21 |
| [https://github.com/omerbenamram/evtx](https://github.com/omerbenamram/evtx) | A Fast (and safe) parser for the Windows XML Event Log (EVTX) format | omerbenamram | apache-2.0 | 402 |
| [https://github.com/greatscottgadgets/libbtbb](https://github.com/greatscottgadgets/libbtbb) | A Bluetooth baseband decoding library | greatscottgadgets | gpl-2.0 | 163 |
| [https://github.com/martynvdijke/gr-lora_sdr](https://github.com/martynvdijke/gr-lora_sdr) | This is the fully-functional GNU Radio software-defined radio (SDR) implementation of a LoRa transceiver with all the necessary transceiver components to operate correctly even at very low SNRs. This work is a collaboration of the Telecommunication Circuits Laboratory from EPFL and the Electronic Systems group from the Technical University of Eindhoven. | martynvdijke | gpl-3.0 | 19 |
| [https://github.com/sbz/elfdbg](https://github.com/sbz/elfdbg) | Utility to determine if ELF binary is built with debug sections | sbz | | 8 |
| [https://github.com/jeffssh/exploits](https://github.com/jeffssh/exploits) | Mega repo for exploit development. Contains individual exploits and libraries to assist during exploitation | jeffssh | | 19 |
| [https://github.com/WhiteHSBG/JNDIExploit](https://github.com/WhiteHSBG/JNDIExploit) | 对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改 | WhiteHSBG | | 642 |
| [https://github.com/Microsvuln/NtQuerySection-sample](https://github.com/Microsvuln/NtQuerySection-sample) | Retrieve Memory mapped file size on windows with NtQuerySection and _SECTION_BASIC_INFORMATION | Microsvuln | | 1 |
| [https://github.com/aemmitt-ns/radius](https://github.com/aemmitt-ns/radius) | radius2 is a fast binary emulation and symbolic execution framework using radare2 | aemmitt-ns | mit | 295 |
| [https://github.com/arthepsy/CVE-2021-4034](https://github.com/arthepsy/CVE-2021-4034) | PoC for PwnKit: Local Privilege Escalation Vulnerability in polkits pkexec (CVE-2021-4034) | arthepsy | | 918 |
| [https://github.com/cyrus-and/chrome-har-capturer](https://github.com/cyrus-and/chrome-har-capturer) | Capture HAR files from a Chrome instance | cyrus-and | mit | 479 |
| [https://github.com/pyppeteer/pyppeteer](https://github.com/pyppeteer/pyppeteer) | Headless chrome/chromium automation library (unofficial port of puppeteer) | pyppeteer | other | 2709 |
| [https://github.com/Lissy93/personal-security-checklist](https://github.com/Lissy93/personal-security-checklist) | 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2022 | Lissy93 | other | 9864 |
| [https://github.com/hpuhr/COMPASS](https://github.com/hpuhr/COMPASS) | The OpenATS COMPASS (Compliance Assessment) tool aims at providing a generalized framework for air-traffic surveillance data analysis, visualization & evaluation. | hpuhr | gpl-3.0 | 58 |
| [https://github.com/hpuhr/jASTERIX](https://github.com/hpuhr/jASTERIX) | C++ Library for EUROCONTROL's ASTERIX to JSON conversion. | hpuhr | gpl-3.0 | 23 |
| [https://github.com/junzis/pyModeS](https://github.com/junzis/pyModeS) | Python decoder for Mode S and ADS-B signals | junzis | gpl-3.0 | 407 |
| [https://github.com/ampledata/adsbcot](https://github.com/ampledata/adsbcot) | ADS-B to Cursor on Target Gateway for TAK Products, including ATAK, WinTAK & iTAK. | ampledata | other | 31 |
| [https://github.com/TomerEven/Prefix-Filter](https://github.com/TomerEven/Prefix-Filter) | Prefix Filter: Practically and Theoretically Better Than Bloom. | TomerEven | other | 31 |
| [https://github.com/NextronSystems/ransomware-simulator](https://github.com/NextronSystems/ransomware-simulator) | Ransomware simulator written in Golang | NextronSystems | mit | 273 |
| [https://github.com/DSecureMe/vmc](https://github.com/DSecureMe/vmc) | VMC: a Scalable, Open Source and Free Vulnerability Management Platform | DSecureMe | apache-2.0 | 47 |
| [https://github.com/dataplane/serverhosting](https://github.com/dataplane/serverhosting) | Server hosting providers | dataplane | | 22 |
| [https://github.com/pathtofile/bad-bpf](https://github.com/pathtofile/bad-bpf) | A collection of eBPF programs demonstrating bad behavior, presented at DEF CON 29 | pathtofile | bsd-3-clause | 280 |
| [https://github.com/s0md3v/Smap](https://github.com/s0md3v/Smap) | a drop-in replacement for Nmap powered by shodan.io | s0md3v | agpl-3.0 | 2237 |
| [https://github.com/adamsvoboda/nim-loader](https://github.com/adamsvoboda/nim-loader) | WIP shellcode loader in nim with EDR evasion techniques | adamsvoboda | | 158 |
| [https://github.com/emptymonkey/revsh](https://github.com/emptymonkey/revsh) | A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities. | emptymonkey | mit | 441 |
| [https://github.com/csababarta/ntdsxtract](https://github.com/csababarta/ntdsxtract) | Active Directory forensic framework | csababarta | gpl-3.0 | 269 |
| [https://github.com/purocean/yn](https://github.com/purocean/yn) | A Hackable Markdown Note Application for Programmers. Version control, AI completion, mind map, documents encryption, code snippet running, integrated terminal, chart embedding, HTML applets, Reveal.js, plug-in, and macro replacement. | purocean | agpl-3.0 | 4133 |
| [https://github.com/krisnova/boopkit](https://github.com/krisnova/boopkit) | Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin. | krisnova | apache-2.0 | 1228 |
| [https://github.com/danobot/notorious](https://github.com/danobot/notorious) | Offline-first note taking and knowledge management application for desktop and the web. Supports nested notebooks, tags, real-time sync, images and file attachments. Optimised for efficiency with keyboard navigation, full-text search and version control. Never lose a thought. Private, fast, notorious 😈 | danobot | gpl-3.0 | 74 |
| [https://github.com/opensanctions/bods-ftm](https://github.com/opensanctions/bods-ftm) | Import OpenOwnership BODS data | opensanctions | | 5 |
| [https://github.com/Guenael/rtlsdr-ft8d](https://github.com/Guenael/rtlsdr-ft8d) | FT8 decoder of RTL devices | Guenael | | 23 |
| [https://github.com/CycloneDX/bom-examples](https://github.com/CycloneDX/bom-examples) | A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc) | CycloneDX | cc0-1.0 | 63 |
| [https://github.com/andrewjkerr/security-cheatsheets](https://github.com/andrewjkerr/security-cheatsheets) | 🔒 A collection of cheatsheets for various infosec tools and topics. | andrewjkerr | mit | 1007 |
| [https://github.com/hashlookup/hashlookup-nsrl](https://github.com/hashlookup/hashlookup-nsrl) | hashlookup-nsrl is a NSRL RDSv3 importer for hashlookup server | hashlookup | other | 4 |
| [https://github.com/CYBERDEVILZ/Cryptonite](https://github.com/CYBERDEVILZ/Cryptonite) | A ransomware created for Windows OS. It is easy to test in a safe environment before deploying it to the victims. Developed using Python | CYBERDEVILZ | mit | 119 |
| [https://github.com/mikeroyal/Open-Source-Security-Guide](https://github.com/mikeroyal/Open-Source-Security-Guide) | Open Source Security Guide. Learn all about Security Standards, Frameworks, Threat Models, Encryption, and Benchmarks. | mikeroyal | | 602 |
| [https://github.com/david-oswald/iot-fw-extraction](https://github.com/david-oswald/iot-fw-extraction) | Additional material for our paper "Breaking all the Things - A Systematic Survey of Firmware Extraction Techniques for IoT Devices" (CARDIS 2018) | david-oswald | | 13 |
| [https://github.com/github/securitylab](https://github.com/github/securitylab) | Resources related to GitHub Security Lab | github | mit | 1007 |
| [https://github.com/cube0x0/MiniDump](https://github.com/cube0x0/MiniDump) | C# Lsass parser | cube0x0 | | 227 |
| [https://github.com/lscardoso/gr-dsmx-rc](https://github.com/lscardoso/gr-dsmx-rc) | GNU Radio RC DSMX decoder | lscardoso | | 10 |
| [https://github.com/nullt3r/jfscan](https://github.com/nullt3r/jfscan) | JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate report. | nullt3r | mit | 348 |
| [https://github.com/amitschendel/venom-rootkit](https://github.com/amitschendel/venom-rootkit) | A simple Windows kernel rootkit. | amitschendel | | 64 |
| [https://github.com/uf0o/PykDumper](https://github.com/uf0o/PykDumper) | Dumping credentials through windbg and pykd | uf0o | | 34 |
| [https://github.com/MISP/misp-grafana](https://github.com/MISP/misp-grafana) | A real-time Grafana dashboard using MISP ZeroMQ message queue and InfluxDB | MISP | agpl-3.0 | 9 |
| [https://github.com/snovvcrash/KeeThief](https://github.com/snovvcrash/KeeThief) | Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory. | snovvcrash | bsd-3-clause | 78 |
| [https://github.com/nesg-ugr/c4darknet](https://github.com/nesg-ugr/c4darknet) | | nesg-ugr | other | 9 |
| [https://github.com/HLasse/TextDescriptives](https://github.com/HLasse/TextDescriptives) | A Python library for calculating a large variety of statistics from text | HLasse | apache-2.0 | 142 |
| [https://github.com/sourcefrenchy/goqrexfil](https://github.com/sourcefrenchy/goqrexfil) | A mini project to exfiltrate data via QR codes | sourcefrenchy | mit | 19 |
| [https://github.com/hillu/local-spring-vuln-scanner](https://github.com/hillu/local-spring-vuln-scanner) | Simple local scanner for applications containing vulnerable Spring libraries | hillu | gpl-3.0 | 130 |
| [https://github.com/pre-commit/pre-commit](https://github.com/pre-commit/pre-commit) | A framework for managing and maintaining multi-language pre-commit hooks. | pre-commit | mit | 9092 |
| [https://github.com/uforia/exitgather](https://github.com/uforia/exitgather) | Tool for automatic list generation of known TOR and VPN exit nodes | uforia | gpl-2.0 | 25 |
| [https://github.com/log2timeline/plaso](https://github.com/log2timeline/plaso) | Super timeline all the things | log2timeline | apache-2.0 | 1363 |
| [https://github.com/molly/static-timeline-generator](https://github.com/molly/static-timeline-generator) | Create static timeline webpages. | molly | mit | 169 |
| [https://github.com/graniet/operative-framework](https://github.com/graniet/operative-framework) | operative framework is a investigation OSINT framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules. | graniet | apache-2.0 | 591 |
| [https://github.com/MISP/misp-usage-statistics](https://github.com/MISP/misp-usage-statistics) | MISP usage statistics using bokeh (as a static webpage) | MISP | bsd-2-clause | 3 |
| [https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE](https://github.com/chaosec2021/Spring-cloud-function-SpEL-RCE) | Spring-cloud-function-SpEL-RCE 批量检测脚本反弹shell_EXP,欢迎师傅们试用 | chaosec2021 | | 239 |
| [https://github.com/0xsp-SRD/OffensivePascal](https://github.com/0xsp-SRD/OffensivePascal) | Pascal Offsec repo for malware dev and red teaming 🚩 | 0xsp-SRD | | 122 |
| [https://github.com/Neo23x0/panopticon](https://github.com/Neo23x0/panopticon) | A YARA Rule Performance Measurement Tool | Neo23x0 | mit | 51 |
| [https://github.com/caliskanfurkan/quick-ir](https://github.com/caliskanfurkan/quick-ir) | Python and WMI based incident response script | caliskanfurkan | | 4 |
| [https://github.com/disclose/bug-bounty-platforms](https://github.com/disclose/bug-bounty-platforms) | A community-powered collection of all known bug bounty platforms, vulnerability disclosure platforms, and crowdsourced security platforms currently active on the Internet. | disclose | cc0-1.0 | 200 |
| [https://github.com/mumble-voip/mumble](https://github.com/mumble-voip/mumble) | Mumble is an open-source, low-latency, high quality voice chat software. | mumble-voip | other | 5076 |
| [https://github.com/JustasMasiulis/ida_bitfields](https://github.com/JustasMasiulis/ida_bitfields) | IDA Pro plugin to make bitfield accesses easier to grep | JustasMasiulis | mpl-2.0 | 172 |
| [https://github.com/Wilfred/difftastic](https://github.com/Wilfred/difftastic) | a structural diff that understands syntax 🟥🟩 | Wilfred | mit | 13362 |
| [https://github.com/Ostorlab/ostorlab](https://github.com/Ostorlab/ostorlab) | Ostorlab is a security scanning orchestrator for the modern age. | Ostorlab | apache-2.0 | 255 |
| [https://github.com/bohops/SharpRDPHijack](https://github.com/bohops/SharpRDPHijack) | A POC Remote Desktop (RDP) session hijack utility for disconnected sessions | bohops | bsd-3-clause | 323 |
| [https://github.com/Bonfee/CVE-2022-0995](https://github.com/Bonfee/CVE-2022-0995) | CVE-2022-0995 exploit | Bonfee | | 483 |
| [https://github.com/nsbogam/CVE-2022-26269](https://github.com/nsbogam/CVE-2022-26269) | Suzuki connect app is used to get the car information like Fuel, Ignition status, Current location, Seat buckle status etc. In Ignis, Zeta variant car if the Fuel CAN messages and Seat buckle status is spoofed via OBD 2 port with the crafted value (e.g. zero percent fuel and Car seat is buckled ), then the same value is reflected on Suzuki connect app, which can mislead the user. | nsbogam | | 2 |
| [https://github.com/o1mate/AppLocker-Bypass](https://github.com/o1mate/AppLocker-Bypass) | Bypassing AppLocker with C# | o1mate | | 131 |
| [https://github.com/hktalent/spring-spel-0day-poc](https://github.com/hktalent/spring-spel-0day-poc) | spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963 | hktalent | | 340 |
| [https://github.com/ehids/ecapture](https://github.com/ehids/ecapture) | capture SSL/TLS text content without CA cert using eBPF. supports Linux x86_64/Aarch64, Android Aarch64. | ehids | agpl-3.0 | 4972 |
| [https://github.com/saferwall/yara-rules](https://github.com/saferwall/yara-rules) | Collection of Yara Rules | saferwall | apache-2.0 | 3 |
| [https://github.com/soxoj/tiktok-scraper](https://github.com/soxoj/tiktok-scraper) | TikTok Scraper. Download video posts, collect user/trend/hashtag/music feed metadata, sign URL and etc. | soxoj | | 39 |
| [https://github.com/alexcard144803/KasperskyHook_NewKSDriver](https://github.com/alexcard144803/KasperskyHook_NewKSDriver) | Started from https://github.com/iPower/KasperskyHook i updated sig and kaspersky driver | alexcard144803 | | 11 |
| [https://github.com/vxunderground/VX-API](https://github.com/vxunderground/VX-API) | Collection of various WINAPI tricks / features used or abused by Malware | vxunderground | | 1207 |
| [https://github.com/daniestevez/galileo-osnma](https://github.com/daniestevez/galileo-osnma) | Galileo OSNMA (Open Service Navigation Message Authentication) | daniestevez | apache-2.0 | 24 |
| [https://github.com/hashlookup/hashlookup-lib](https://github.com/hashlookup/hashlookup-lib) | hashlookup insert pipeline Python library | hashlookup | agpl-3.0 | 6 |
| [https://github.com/P1sec/gea-implementation](https://github.com/P1sec/gea-implementation) | Implementations of the GEA-1 and GEA-2 (GPRS Encryption Algorithm) stream ciphers in C, Python and Rust. | P1sec | agpl-3.0 | 12 |
| [https://github.com/gnuradio/gr-inspector](https://github.com/gnuradio/gr-inspector) | Signal Analysis Toolbox for GNU Radio | gnuradio | gpl-3.0 | 230 |
| [https://github.com/crytic/not-so-smart-contracts](https://github.com/crytic/not-so-smart-contracts) | Examples of Solidity security issues | crytic | apache-2.0 | 1754 |
| [https://github.com/gfek/Real-CyberSecurity-Datasets](https://github.com/gfek/Real-CyberSecurity-Datasets) | Public datasets to help you address various cyber security problems. | gfek | | 95 |
| [https://github.com/xpn/getsystem-offline](https://github.com/xpn/getsystem-offline) | Small tool to get a SYSTEM shell | xpn | | 113 |
| [https://github.com/bkerler/gr-atsc2](https://github.com/bkerler/gr-atsc2) | GNURadio TS Streaming server block that can be used to watch ATSC TV streams with a player like VLC in real-time provided your system can handle the processing of the rest of the flowgraph. | bkerler | gpl-3.0 | 3 |
| [https://github.com/ghostop14/gr-xcorrelate](https://github.com/ghostop14/gr-xcorrelate) | GNURadio OOT Module Providing Signal Cross-Correlation | ghostop14 | gpl-3.0 | 14 |
| [https://github.com/ghostop14/gr-correctiq](https://github.com/ghostop14/gr-correctiq) | GNURadio blocks to remove that IQ DC spike just like some software and drivers do! Three techniques available: auto, auto-tune to dc offset, and manual. | ghostop14 | gpl-3.0 | 68 |
| [https://github.com/welk1n/JNDI-Injection-Exploit](https://github.com/welk1n/JNDI-Injection-Exploit) | JNDI注入测试工具A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc | welk1n | mit | 2039 |
| [https://github.com/cure53/Contracts](https://github.com/cure53/Contracts) | A small collection of potentially useful contract templates | cure53 | | 299 |
| [https://github.com/steakknife/bloomfilter](https://github.com/steakknife/bloomfilter) | Face-meltingly fast, thread-safe, marshalable, unionable, probability- and optimal-size-calculating Bloom filter in go | steakknife | mit | 340 |
| [https://github.com/tcostam/awesome-command-control](https://github.com/tcostam/awesome-command-control) | A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments. | tcostam | | 276 |
| [https://github.com/PaloAltoNetworks/tcpsession](https://github.com/PaloAltoNetworks/tcpsession) | A python library to extract TCP sessions from PCAPs. | PaloAltoNetworks | mit | 12 |
| [https://github.com/caiiiycuk/httpflow](https://github.com/caiiiycuk/httpflow) | httpflow - extract http requests from tcpflow output | caiiiycuk | | 8 |
| [https://github.com/fpietrosanti/kaspersky-risks](https://github.com/fpietrosanti/kaspersky-risks) | Risk Evaluation of Kaspersky related Risk, if subject to Coercion by Russian Government for Intelligence and Military Purposes | fpietrosanti | | 7 |
| [https://github.com/andrmuel/gr-dab](https://github.com/andrmuel/gr-dab) | GNU Radio DAB (digital audio broadcasting) module | andrmuel | gpl-3.0 | 73 |
| [https://github.com/angr/binsync](https://github.com/angr/binsync) | A collaborative reversing plugin for cross-decompiler collaboration, built on git. | angr | bsd-2-clause | 122 |
| [https://github.com/atlas0fd00m/rfcat](https://github.com/atlas0fd00m/rfcat) | RfCat - swiss-army knife of ISM band radio | atlas0fd00m | other | 439 |
| [https://github.com/axiros/terminal_markdown_viewer](https://github.com/axiros/terminal_markdown_viewer) | Styled Terminal Markdown Viewer | axiros | other | 1651 |
| [https://github.com/rushter/selectolax](https://github.com/rushter/selectolax) | Python binding to Modest and Lexbor engines (fast HTML5 parser with CSS selectors). | rushter | mit | 619 |
| [https://github.com/awslabs/open-data-registry](https://github.com/awslabs/open-data-registry) | A registry of publicly available datasets on AWS | awslabs | apache-2.0 | 1036 |
| [https://github.com/snovvcrash/OffensivePipeline](https://github.com/snovvcrash/OffensivePipeline) | OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises. | snovvcrash | gpl-3.0 | 79 |
| [https://github.com/JPCERTCC/MalConfScan](https://github.com/JPCERTCC/MalConfScan) | Volatility plugin for extracts configuration data of known malware | JPCERTCC | other | 436 |
| [https://github.com/m-chrome/py-suricataparser](https://github.com/m-chrome/py-suricataparser) | Pure python parser for Snort/Suricata rules. | m-chrome | apache-2.0 | 10 |
| [https://github.com/0xADE1A1DE/AssemblyLine](https://github.com/0xADE1A1DE/AssemblyLine) | A C library and binary for generating machine code of x86_64 assembly language and executing on the fly without invoking another compiler, assembler or linker. | 0xADE1A1DE | apache-2.0 | 151 |
| [https://github.com/alexandria-org/alexandria](https://github.com/alexandria-org/alexandria) | Full text search engine powering Alexandria.org - the open search engine. | alexandria-org | other | 151 |
| [https://github.com/karma9874/AndroRAT](https://github.com/karma9874/AndroRAT) | A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side | karma9874 | mit | 1310 |
| [https://github.com/nadavrot/layout](https://github.com/nadavrot/layout) | Layout is a rust library and a command line tool that renders Graphviz dot files. | nadavrot | mit | 505 |
| [https://github.com/claroty/arya](https://github.com/claroty/arya) | Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA. | claroty | mit | 161 |
| [https://github.com/Sc00bz/break-uheprng](https://github.com/Sc00bz/break-uheprng) | Attack code for UHEPRNG (Ultra High Entropy Pseudo-Random Number Generator) | Sc00bz | mit | 5 |
| [https://github.com/Sc00bz/copilot-hash-collider](https://github.com/Sc00bz/copilot-hash-collider) | | Sc00bz | mit | 24 |
| [https://github.com/post-cyberlabs/Offensive_tools](https://github.com/post-cyberlabs/Offensive_tools) | | post-cyberlabs | | 268 |
| [https://github.com/opensemanticsearch/open-semantic-entity-search-api](https://github.com/opensemanticsearch/open-semantic-entity-search-api) | Open Source REST API for named entity extraction, named entity linking, named entity disambiguation, recommendation & reconciliation of entities like persons, organizations and places for (semi)automatic semantic tagging & analysis of documents by linked data knowledge graph like SKOS thesaurus, RDF ontology, database(s) or list(s) of names | opensemanticsearch | gpl-3.0 | 142 |
| [https://github.com/tkuester/gr-lacrosse](https://github.com/tkuester/gr-lacrosse) | GNU Radio module for La Crosse weather stations. | tkuester | | 21 |
| [https://github.com/FunnyWolf/Viper](https://github.com/FunnyWolf/Viper) | Redteam operation platform with webui 图形化红队行动辅助平台 | FunnyWolf | bsd-3-clause | 2626 |
| [https://github.com/knownsec/404StarLink](https://github.com/knownsec/404StarLink) | 404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目 | knownsec | | 4225 |
| [https://github.com/BeichenDream/InjectJDBC](https://github.com/BeichenDream/InjectJDBC) | 注入JVM进程 动态获取目标进程连接的数据库 | BeichenDream | | 237 |
| [https://github.com/BeichenDream/BadPotato](https://github.com/BeichenDream/BadPotato) | Windows 权限提升 BadPotato | BeichenDream | | 570 |
| [https://github.com/MISP/misp-training-lea](https://github.com/MISP/misp-training-lea) | Practical Information Sharing between Law Enforcement and CSIRT communities using MISP | MISP | | 22 |
| [https://github.com/khast3x/h8mail](https://github.com/khast3x/h8mail) | Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email | khast3x | other | 2809 |
| [https://github.com/D4Vinci/Cuteit](https://github.com/D4Vinci/Cuteit) | IP obfuscator made to make a malicious ip a bit cuter | D4Vinci | gpl-3.0 | 515 |
| [https://github.com/CalfCrusher/Poiana](https://github.com/CalfCrusher/Poiana) | Meterpreter Reverse shell over TOR network using hidden services | CalfCrusher | mit | 76 |
| [https://github.com/r00tten/VTI-Cosplay](https://github.com/r00tten/VTI-Cosplay) | Low budget VirusTotal Intelligence Cosplay | r00tten | gpl-3.0 | 20 |
| [https://github.com/mpolden/echoip](https://github.com/mpolden/echoip) | IP address lookup service | mpolden | bsd-3-clause | 3598 |
| [https://github.com/log2timeline/dfimagetools](https://github.com/log2timeline/dfimagetools) | Collection of tools for processing storage media images | log2timeline | apache-2.0 | 6 |
| [https://github.com/mttaggart/wtfbins](https://github.com/mttaggart/wtfbins) | WTF are these binaries doing?! A list of benign applications that mimic malicious behavior. | mttaggart | mit | 62 |
| [https://github.com/zeroSteiner/mayhem](https://github.com/zeroSteiner/mayhem) | Runtime Process Manipulation | zeroSteiner | bsd-3-clause | 216 |
| [https://github.com/mborgerson/mdec](https://github.com/mborgerson/mdec) | Decompilation as a Service. Explore multiple decompilers and compare their output with minimal effort. Upload binary, get decompilation. | mborgerson | other | 414 |
| [https://github.com/cocaman/russian_root_ca](https://github.com/cocaman/russian_root_ca) | | cocaman | | 5 |
| [https://github.com/sysdream/ligolo](https://github.com/sysdream/ligolo) | Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/ | sysdream | gpl-3.0 | 1270 |
| [https://github.com/cesena/ghidra2dwarf](https://github.com/cesena/ghidra2dwarf) | 🐉 Export ghidra decompiled code to dwarf sections inside ELF binary | cesena | mit | 133 |
| [https://github.com/net-protect/google-fs-recover](https://github.com/net-protect/google-fs-recover) | Google Filestream Forensic Tool | net-protect | mit | 14 |
| [https://github.com/flesueur/mi-lxc](https://github.com/flesueur/mi-lxc) | Mini-Internet using LXC for practical works | flesueur | agpl-3.0 | 327 |
| [https://github.com/emanuele-f/PCAPdroid](https://github.com/emanuele-f/PCAPdroid) | No-root network monitor, firewall and PCAP dumper for Android | emanuele-f | gpl-3.0 | 742 |
| [https://github.com/simonw/shot-scraper](https://github.com/simonw/shot-scraper) | A command-line utility for taking automated screenshots of websites | simonw | apache-2.0 | 760 |
| [https://github.com/cube0x0/SyscallPack](https://github.com/cube0x0/SyscallPack) | BOF and Shellcode for full DLL unhooking using dynamic syscalls | cube0x0 | | 229 |
| [https://github.com/r-cybersecurity/list-of-security-resources-for-ukraine](https://github.com/r-cybersecurity/list-of-security-resources-for-ukraine) | List of companies or individuals offering cybersecurity services, data, or other tangible assets to assist in Ukraine's defense of its independence. | r-cybersecurity | other | 68 |
| [https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit](https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit) | A root exploit for CVE-2022-0847 (Dirty Pipe) | Arinerron | gpl-2.0 | 989 |
| [https://github.com/midnightslacker/exploit_training](https://github.com/midnightslacker/exploit_training) | The best resources for learning exploit development | midnightslacker | | 63 |
| [https://github.com/thewhiteninja/ntfstool](https://github.com/thewhiteninja/ntfstool) | Forensics tool for NTFS (parser, mft, bitlocker, deleted files) | thewhiteninja | mit | 288 |
| [https://github.com/ail-project/ail-feeder-atom-rss](https://github.com/ail-project/ail-feeder-atom-rss) | | ail-project | | 2 |
| [https://github.com/TomWright/dasel](https://github.com/TomWright/dasel) | Select, put and delete data from JSON, TOML, YAML, XML and CSV files with a single tool. Supports conversion between formats and can be used as a Go package. | TomWright | mit | 3768 |
| [https://github.com/vgo0/nginx-backdoor](https://github.com/vgo0/nginx-backdoor) | Example nginx backdoor via malicious plugin | vgo0 | | 19 |
| [https://github.com/DavidBuchanan314/libleakmydata](https://github.com/DavidBuchanan314/libleakmydata) | A simple LD_PRELOAD library to disable SSL certificate verification. Inspired by libeatmydata. | DavidBuchanan314 | mit | 153 |
| [https://github.com/8051Enthusiast/biodiff](https://github.com/8051Enthusiast/biodiff) | Hex diff viewer using alignment algorithms from biology | 8051Enthusiast | mit | 478 |
| [https://github.com/armvirus/SinMapper](https://github.com/armvirus/SinMapper) | usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to prevent modern anti-cheats (BattlEye, EAC) from finding your driver and having the power to hook anything due to being inside of legit memory (signed legit driver). | armvirus | | 160 |
| [https://github.com/jazzband/prettytable](https://github.com/jazzband/prettytable) | Display tabular data in a visually appealing ASCII table format | jazzband | other | 878 |
| [https://github.com/crmulliner/adbi](https://github.com/crmulliner/adbi) | Android Dynamic Binary Instrumentation Toolkit | crmulliner | | 1214 |
| [https://github.com/cryptax/misc-code](https://github.com/cryptax/misc-code) | Miscellaneous code | cryptax | | 58 |
| [https://github.com/Cybernite-Technologies/trickbot-leak](https://github.com/Cybernite-Technologies/trickbot-leak) | Repo for archiving research and investigation related to the recent Trickbot leaks. | Cybernite-Technologies | gpl-3.0 | 54 |
| [https://github.com/trisulnsm/apps](https://github.com/trisulnsm/apps) | Plugin packages that provide custom visualizations and analytics capabilities to Trisul Network Analytics. | trisulnsm | | 13 |
| [https://github.com/binarly-io/FwHunt](https://github.com/binarly-io/FwHunt) | The Binarly Firmware Hunt (FwHunt) rule format was designed to scan for known vulnerabilities in UEFI firmware. | binarly-io | cc0-1.0 | 143 |
| [https://github.com/vinhjaxt/eBPF-sockmap-proxy](https://github.com/vinhjaxt/eBPF-sockmap-proxy) | eBPF Sockmap Proxy | vinhjaxt | | 9 |
| [https://github.com/qeeqbox/url-sandbox](https://github.com/qeeqbox/url-sandbox) | Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks | qeeqbox | agpl-3.0 | 114 |
| [https://github.com/defaultnamehere/cookie_crimes](https://github.com/defaultnamehere/cookie_crimes) | Read local Chrome cookies without root or decrypting | defaultnamehere | mit | 506 |
| [https://github.com/DynamiteAI/dynamite-nsm](https://github.com/DynamiteAI/dynamite-nsm) | DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat detection | DynamiteAI | gpl-3.0 | 139 |
| [https://github.com/Gerapy/Gerapy](https://github.com/Gerapy/Gerapy) | Distributed Crawler Management Framework Based on Scrapy, Scrapyd, Django and Vue.js | Gerapy | mit | 2849 |
| [https://github.com/mgdm/htmlq](https://github.com/mgdm/htmlq) | Like jq, but for HTML. | mgdm | mit | 6172 |
| [https://github.com/kimci86/bkcrack](https://github.com/kimci86/bkcrack) | Crack legacy zip encryption with Biham and Kocher's known plaintext attack. | kimci86 | zlib | 786 |
| [https://github.com/QAX-A-Team/openssh-7.6p1-patch](https://github.com/QAX-A-Team/openssh-7.6p1-patch) | a patched sshd for red team activities | QAX-A-Team | | 66 |
| [https://github.com/MISP/dockerized_training_environment](https://github.com/MISP/dockerized_training_environment) | A training environment, with docker. | MISP | mit | 7 |
| [https://github.com/eset/malware-research](https://github.com/eset/malware-research) | Code written as part of our various malware investigations | eset | bsd-2-clause | 322 |
| [https://github.com/opengs/uashield](https://github.com/opengs/uashield) | Voluntary Ukraine security platform to protect us from Russian forces in the Internet | opengs | unlicense | 1089 |
| [https://github.com/hashcat/princeprocessor](https://github.com/hashcat/princeprocessor) | Standalone password candidate generator using the PRINCE algorithm | hashcat | other | 358 |
| [https://github.com/cudeso/misp-tip-of-the-week](https://github.com/cudeso/misp-tip-of-the-week) | A collection of tips for using MISP. | cudeso | | 41 |
| [https://github.com/SMAT-Lab/Scalpel](https://github.com/SMAT-Lab/Scalpel) | Scalpel: The Python Static Analysis Framework | SMAT-Lab | apache-2.0 | 167 |
| [https://github.com/hackerschoice/gsocket-relay](https://github.com/hackerschoice/gsocket-relay) | Global Socket Server | hackerschoice | other | 13 |
| [https://github.com/hackerschoice/gsocket](https://github.com/hackerschoice/gsocket) | Connect like there is no firewall. Securely. | hackerschoice | bsd-2-clause | 982 |
| [https://github.com/adipinto/HP-Data-Protector-RCE](https://github.com/adipinto/HP-Data-Protector-RCE) | HP Data Protector Arbitrary Remote Command Execution | adipinto | | 11 |
| [https://github.com/cxnder/bn-dyldsharedcache](https://github.com/cxnder/bn-dyldsharedcache) | dyld_shared_cache processing / Single-Image loading for BinaryNinja | cxnder | mit | 74 |
| [https://github.com/mandiant/ADFSDump](https://github.com/mandiant/ADFSDump) | | mandiant | apache-2.0 | 231 |
| [https://github.com/erkexzcx/stoppropaganda](https://github.com/erkexzcx/stoppropaganda) | A special DOS application to stop pro-Russian aggression websites. Support Ukraine! | erkexzcx | gpl-3.0 | 465 |
| [https://github.com/ajax-lives/NoRussian](https://github.com/ajax-lives/NoRussian) | Volunteer DoS tool via HTML + JS | ajax-lives | gpl-3.0 | 399 |
| [https://github.com/Orange-Cyberdefense/russia-ukraine_IOCs](https://github.com/Orange-Cyberdefense/russia-ukraine_IOCs) | Russia / Ukraine 2022 conflict related IOCs from CERT Orange Cyberdefense Threat Intelligence Datalake | Orange-Cyberdefense | | 155 |
| [https://github.com/curated-intel/Ukraine-Cyber-Operations](https://github.com/curated-intel/Ukraine-Cyber-Operations) | Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. | curated-intel | | 845 |
| [https://github.com/ail-project/ail-feeder-twitter](https://github.com/ail-project/ail-feeder-twitter) | External twitter feeder for AIL framework | ail-project | agpl-3.0 | 16 |
| [https://github.com/ail-project/twint](https://github.com/ail-project/twint) | An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. | ail-project | mit | 13 |
| [https://github.com/deathau/markdownload](https://github.com/deathau/markdownload) | A Firefox and Google Chrome extension to clip websites and download them into a readable markdown file. | deathau | apache-2.0 | 1120 |
| [https://github.com/dashingsoft/pyarmor](https://github.com/dashingsoft/pyarmor) | A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts. | dashingsoft | other | 1833 |
| [https://github.com/ail-project/ail-feeder-ct](https://github.com/ail-project/ail-feeder-ct) | Ail feeder for certificate transparency | ail-project | | 2 |
| [https://github.com/rjbhide/wireshark-forensics-plugin](https://github.com/rjbhide/wireshark-forensics-plugin) | | rjbhide | | 82 |
| [https://github.com/ail-project/ail-feeder-github-repo](https://github.com/ail-project/ail-feeder-github-repo) | AIL feeder for GitHub Repository | ail-project | | 1 |
| [https://github.com/aaronkaplan/countryblocker](https://github.com/aaronkaplan/countryblocker) | simple scripts which fetch CIDR blocks by country code and add them to iptables/ipset blocklists | aaronkaplan | gpl-3.0 | 8 |
| [https://github.com/flrs/visavail](https://github.com/flrs/visavail) | A D3.js Time Data Availability Visualization | flrs | mit | 280 |
| [https://github.com/github/advisory-database](https://github.com/github/advisory-database) | Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software. | github | cc-by-4.0 | 1184 |
| [https://github.com/trailofbits/maat](https://github.com/trailofbits/maat) | Open-source symbolic execution framework: https://maat.re | trailofbits | other | 493 |
| [https://github.com/banviktor/asnlookup](https://github.com/banviktor/asnlookup) | CLI and Go package for fast, offline ASN lookups | banviktor | apache-2.0 | 9 |
| [https://github.com/redcode-labs/BMJ](https://github.com/redcode-labs/BMJ) | Code snippets for bare-metal malware development | redcode-labs | mit | 80 |
| [https://github.com/MarkBaggett/ese-analyst](https://github.com/MarkBaggett/ese-analyst) | This is a set of tools for doing forensics analysis on Microsoft ESE databases. | MarkBaggett | | 108 |
| [https://github.com/JrM2628/httpworker](https://github.com/JrM2628/httpworker) | A Flask-based HTTP(S) command and control (C2) framework with a web interface. Custom Windows EXE/DLL implants written in C++. For educational use only. | JrM2628 | | 57 |
| [https://github.com/hrbrmstr/cisa-known-exploited-vulns](https://github.com/hrbrmstr/cisa-known-exploited-vulns) | Daily archiver & triage issue creator for new releases of CISA's Known Exploited Vulnerabilities list | hrbrmstr | mit | 16 |
| [https://github.com/dataplane/fdns](https://github.com/dataplane/fdns) | Dataplane.org DNS server daemon | dataplane | | 2 |
| [https://github.com/MolecularMatters/raw_pdb](https://github.com/MolecularMatters/raw_pdb) | A C++11 library for reading Microsoft Program DataBase PDB files | MolecularMatters | bsd-2-clause | 453 |
| [https://github.com/miso-belica/jusText](https://github.com/miso-belica/jusText) | Heuristic based boilerplate removal tool | miso-belica | bsd-2-clause | 485 |
| [https://github.com/avast/yaramod](https://github.com/avast/yaramod) | Parsing of YARA rules into AST and building new rulesets in C++. | avast | mit | 83 |
| [https://github.com/mlodic/pdfid](https://github.com/mlodic/pdfid) | | mlodic | mit | 6 |
| [https://github.com/blueteam0ps/AllthingsTimesketch](https://github.com/blueteam0ps/AllthingsTimesketch) | This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project. | blueteam0ps | apache-2.0 | 32 |
| [https://github.com/bhassani/doublepulsar](https://github.com/bhassani/doublepulsar) | DoublePulsar (Position-Independent) Shellcode (Windows 7 SP1 x64) | bhassani | | 19 |
| [https://github.com/redcode-labs/poXSSon](https://github.com/redcode-labs/poXSSon) | A framework for easy payloads development and deployment, collection of customizable XSS payloads | redcode-labs | isc | 22 |
| [https://github.com/edgedb/edgedb](https://github.com/edgedb/edgedb) | A graph-relational database with declarative schema, built-in migration system, and a next-generation query language | edgedb | apache-2.0 | 9508 |
| [https://github.com/khalladay/hooking-by-example](https://github.com/khalladay/hooking-by-example) | A series of increasingly complex programs demonstrating function hooking on 64 bit Windows. Culminating in a program that hooks mspaint to make it always paint orange. | khalladay | mit | 134 |
| [https://github.com/leoloobeek/COMRunner](https://github.com/leoloobeek/COMRunner) | A simple COM server which provides a component to run shellcode | leoloobeek | | 129 |
| [https://github.com/horsicq/PDBRipper](https://github.com/horsicq/PDBRipper) | PDBRipper is a utility for extract an information from PDB-files. | horsicq | mit | 619 |
| [https://github.com/garage44/pyrite](https://github.com/garage44/pyrite) | Pyrite is a web(RTC) client for the Galène videoconference server. | garage44 | mit | 258 |
| [https://github.com/drk1wi/Modlishka](https://github.com/drk1wi/Modlishka) | Modlishka. Reverse Proxy. | drk1wi | other | 4092 |
| [https://github.com/openvinotoolkit/anomalib](https://github.com/openvinotoolkit/anomalib) | An anomaly detection library comprising state-of-the-art algorithms and features such as experiment management, hyper-parameter optimization, and edge inference. | openvinotoolkit | apache-2.0 | 1370 |
| [https://github.com/Gyoonus/deoptfuscator](https://github.com/Gyoonus/deoptfuscator) | Deobfuscator for Android Application | Gyoonus | mit | 271 |
| [https://github.com/MISP/misp-wireshark](https://github.com/MISP/misp-wireshark) | Lua plugin to extract data from Wireshark and convert it into MISP format | MISP | | 19 |
| [https://github.com/MISP/LuaMISP](https://github.com/MISP/LuaMISP) | Lua Library to create and manipulate MISP entities | MISP | mit | 3 |
| [https://github.com/algorithmica-org/algorithmica](https://github.com/algorithmica-org/algorithmica) | A computer science textbook | algorithmica-org | | 1183 |
| [https://github.com/SecurityBrewery/catalyst](https://github.com/SecurityBrewery/catalyst) | Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes | SecurityBrewery | agpl-3.0 | 126 |
| [https://github.com/profdc9/RFBitBanger](https://github.com/profdc9/RFBitBanger) | A QRP on-off keying digital transmission device | profdc9 | | 17 |
| [https://github.com/olavolav/uniplot](https://github.com/olavolav/uniplot) | Lightweight plotting to the terminal. 4x resolution via Unicode. | olavolav | mit | 190 |
| [https://github.com/rsagroup/rsatoolbox](https://github.com/rsagroup/rsatoolbox) | Python library for Representational Similarity Analysis | rsagroup | mit | 91 |
| [https://github.com/ffuf/pencode](https://github.com/ffuf/pencode) | Complex payload encoder | ffuf | mit | 143 |
| [https://github.com/nkrao220/accent-classification](https://github.com/nkrao220/accent-classification) | Accent Classification in Speech | nkrao220 | | 13 |
| [https://github.com/shaarli/Shaarli](https://github.com/shaarli/Shaarli) | The personal, minimalist, super-fast, database free, bookmarking service - community repo | shaarli | other | 2788 |
| [https://github.com/slingamn/mureq](https://github.com/slingamn/mureq) | Single-file alternative to python-requests | slingamn | 0bsd | 260 |
| [https://github.com/idom-team/idom](https://github.com/idom-team/idom) | Create highly interactive web pages purely in Python | idom-team | mit | 671 |
| [https://github.com/mandiant/flare-floss](https://github.com/mandiant/flare-floss) | FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware. | mandiant | apache-2.0 | 2434 |
| [https://github.com/FelixChop/MediumArticles](https://github.com/FelixChop/MediumArticles) | Sample of Python codes from mathematical problems | FelixChop | | 100 |
| [https://github.com/sanchikagn/topic-modeling-with-LDA](https://github.com/sanchikagn/topic-modeling-with-LDA) | Topic modeling (abstract topics) with LDA (Latent Dirichlet Allocation) in python | sanchikagn | | 3 |
| [https://github.com/karlicoss/promnesia](https://github.com/karlicoss/promnesia) | Another piece of your extended mind | karlicoss | mit | 1425 |
| [https://github.com/MattMills/radiocapture-rf](https://github.com/MattMills/radiocapture-rf) | RF side of Radiocapture's SDR based trunked radio bulk collection system | MattMills | gpl-3.0 | 48 |
| [https://github.com/sudrich/sf-gad](https://github.com/sudrich/sf-gad) | A statistical framework for graph anomaly detection. | sudrich | gpl-3.0 | 15 |
| [https://github.com/milabs/khook](https://github.com/milabs/khook) | Linux Kernel hooking engine (x86) | milabs | gpl-2.0 | 239 |
| [https://github.com/JonathanSalwan/ROPgadget](https://github.com/JonathanSalwan/ROPgadget) | This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. | JonathanSalwan | other | 3166 |
| [https://github.com/trickest/cve](https://github.com/trickest/cve) | Gather and update all available and newest CVEs with their PoC. | trickest | mit | 3734 |
| [https://github.com/ydkhatri/OneDrive](https://github.com/ydkhatri/OneDrive) | OneDrive log .ODL reader | ydkhatri | mit | 44 |
| [https://github.com/obfuscator-llvm/obfuscator](https://github.com/obfuscator-llvm/obfuscator) | | obfuscator-llvm | | 3180 |
| [https://github.com/hasherezade/process_overwriting](https://github.com/hasherezade/process_overwriting) | Yet another variant of Process Hollowing | hasherezade | | 288 |
| [https://github.com/perkeep/perkeep](https://github.com/perkeep/perkeep) | Perkeep (née Camlistore) is your personal storage system for life: a way of storing, syncing, sharing, modelling and backing up content. | perkeep | apache-2.0 | 6046 |
| [https://github.com/milabs/awesome-linux-rootkits](https://github.com/milabs/awesome-linux-rootkits) | awesome-linux-rootkits | milabs | cc0-1.0 | 1164 |
| [https://github.com/Cyb0r9/SocialBox](https://github.com/Cyb0r9/SocialBox) | SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi | Cyb0r9 | mit | 1038 |
| [https://github.com/pysemtec/semantic-python-overview](https://github.com/pysemtec/semantic-python-overview) | (subjective) overview of projects which are related both to python and semantic technologies (RDF, OWL, Reasoning, ...) | pysemtec | cc0-1.0 | 414 |
| [https://github.com/jbaines-r7/staystaystay](https://github.com/jbaines-r7/staystaystay) | Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE | jbaines-r7 | bsd-3-clause | 9 |
| [https://github.com/intellisec/lasershark](https://github.com/intellisec/lasershark) | LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems (ACSAC 2021) | intellisec | gpl-3.0 | 57 |
| [https://github.com/Flangvik/SharpDllProxy](https://github.com/Flangvik/SharpDllProxy) | Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading | Flangvik | | 399 |
| [https://github.com/syloktools/misp_automation](https://github.com/syloktools/misp_automation) | | syloktools | | 2 |
| [https://github.com/bg3mdo/pisdr_hat](https://github.com/bg3mdo/pisdr_hat) | This is budget Raspberry Pi SDR project. | bg3mdo | | 12 |
| [https://github.com/berty/berty](https://github.com/berty/berty) | Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network | berty | other | 6175 |
| [https://github.com/gaasedelen/patching](https://github.com/gaasedelen/patching) | An Interactive Binary Patching Plugin for IDA Pro | gaasedelen | mit | 559 |
| [https://github.com/vlang/v](https://github.com/vlang/v) | Simple, fast, safe, compiled language for developing maintainable software. Compiles itself in <1s with zero library dependencies. Supports automatic C => V translation. https://vlang.io | vlang | mit | 30779 |
| [https://github.com/malrev/ABD](https://github.com/malrev/ABD) | Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories | malrev | other | 1009 |
| [https://github.com/appneta/tcpreplay](https://github.com/appneta/tcpreplay) | Pcap editing and replay tools for *NIX and Windows - Users please download source from | appneta | | 931 |
| [https://github.com/Cimbali/pympress](https://github.com/Cimbali/pympress) | Pympress is a simple yet powerful PDF reader designed for dual-screen presentations | Cimbali | gpl-2.0 | 745 |
| [https://github.com/SoftSec-KAIST/TikNib](https://github.com/SoftSec-KAIST/TikNib) | Binary Code Similarity Analysis (BCSA) Tool | SoftSec-KAIST | mit | 84 |
| [https://github.com/ly4k/SpoolFool](https://github.com/ly4k/SpoolFool) | Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE) | ly4k | mit | 650 |
| [https://github.com/chuanjiesun/whatAV](https://github.com/chuanjiesun/whatAV) | detect AV on windows via process name | chuanjiesun | | 9 |
| [https://github.com/Psmths/reave](https://github.com/Psmths/reave) | WIP Post-exploitation framework tailored for hypervisors. | Psmths | gpl-3.0 | 43 |
| [https://github.com/usualsuspect/yara_vt_mock](https://github.com/usualsuspect/yara_vt_mock) | Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing | usualsuspect | mit | 18 |
| [https://github.com/RUB-SysSec/Nyx](https://github.com/RUB-SysSec/Nyx) | USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types | RUB-SysSec | gpl-2.0 | 160 |
| [https://github.com/airbus-cert/Invoke-Bof](https://github.com/airbus-cert/Invoke-Bof) | Load any Beacon Object File using Powershell! | airbus-cert | apache-2.0 | 217 |
| [https://github.com/P4nda0s/IDABeautify](https://github.com/P4nda0s/IDABeautify) | An IDA plugin for making pseudocode better. | P4nda0s | | 196 |
| [https://github.com/nbqofficial/CTHD](https://github.com/nbqofficial/CTHD) | Process hiding library | nbqofficial | | 16 |
| [https://github.com/MichaelDim02/Narthex](https://github.com/MichaelDim02/Narthex) | Modular personalized dictionary generator. | MichaelDim02 | gpl-3.0 | 166 |
| [https://github.com/cylance/PyPackerDetect](https://github.com/cylance/PyPackerDetect) | A malware dataset curation tool which helps identify packed samples. | cylance | agpl-3.0 | 29 |
| [https://github.com/M17-Project/M17_spec](https://github.com/M17-Project/M17_spec) | M17 standard specification | M17-Project | gpl-2.0 | 115 |
| [https://github.com/bl4de/dictionaries](https://github.com/bl4de/dictionaries) | Misc dictionaries for directory/file enumeration, username enumeration, password dictionary/bruteforce attacks | bl4de | | 198 |
| [https://github.com/fabiospampinato/crypto-random-hexadecimal](https://github.com/fabiospampinato/crypto-random-hexadecimal) | Generate a cryptographically-random hexadecimal string with the given number of bytes of entropy. | fabiospampinato | mit | 1 |
| [https://github.com/ytk2128/dll-merger](https://github.com/ytk2128/dll-merger) | Merging DLLs with a PE32 EXE without LoadLibrary | ytk2128 | mit | 201 |
| [https://github.com/CronUp/Malware-IOCs](https://github.com/CronUp/Malware-IOCs) | | CronUp | | 76 |
| [https://github.com/pwn1sher/KillDefender](https://github.com/pwn1sher/KillDefender) | A small POC to make defender useless by removing its token privileges and lowering the token integrity | pwn1sher | | 559 |
| [https://github.com/reb311ion/CapaExplorer](https://github.com/reb311ion/CapaExplorer) | Capa analysis importer for Ghidra. | reb311ion | mit | 48 |
| [https://github.com/boku7/HOLLOW](https://github.com/boku7/HOLLOW) | EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode | boku7 | | 201 |
| [https://github.com/inforion/idapython-cheatsheet](https://github.com/inforion/idapython-cheatsheet) | Scripts and cheatsheets for IDAPython | inforion | | 551 |
| [https://github.com/FireyFly/hexd](https://github.com/FireyFly/hexd) | 🔍 Colourful, human-friendly hexdump tool | FireyFly | mit | 131 |
| [https://github.com/boyter/scc](https://github.com/boyter/scc) | Sloc, Cloc and Code: scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go | boyter | mit | 3903 |
| [https://github.com/cartographia/geospatial-intelligence-library](https://github.com/cartographia/geospatial-intelligence-library) | 🛰 Your geospatial intelligence tool belt for digital investigations | cartographia | | 82 |
| [https://github.com/61106960/adPEAS](https://github.com/61106960/adPEAS) | Powershell tool to automate Active Directory enumeration. | 61106960 | | 416 |
| [https://github.com/dbdexter-dev/sdrpp_radiosonde](https://github.com/dbdexter-dev/sdrpp_radiosonde) | Radiosonde decoder plugin for SDR++ | dbdexter-dev | mit | 32 |
| [https://github.com/remil1000/opensearch-ansible-playbook](https://github.com/remil1000/opensearch-ansible-playbook) | 🤖 A community repository for Ansible Playbook of OpenSearch Project. | remil1000 | apache-2.0 | 3 |
| [https://github.com/xenoscr/manual-syscall-detect](https://github.com/xenoscr/manual-syscall-detect) | A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks. | xenoscr | mit | 67 |
| [https://github.com/tahoe-lafs/tahoe-lafs](https://github.com/tahoe-lafs/tahoe-lafs) | The Tahoe-LAFS decentralized secure filesystem. | tahoe-lafs | other | 1191 |
| [https://github.com/NumLocK15/YaraStation](https://github.com/NumLocK15/YaraStation) | Yara station is a management portal for Neo23x0-Loki. The mission is to transform the standalone nature of the Loki scanner into a centralized management solution that facilitates result investigation and easier scanning capabilities. | NumLocK15 | | 27 |
| [https://github.com/dwmkerr/hacker-laws](https://github.com/dwmkerr/hacker-laws) | 💻📖 Laws, Theories, Principles and Patterns that developers will find useful. #hackerlaws | dwmkerr | cc-by-sa-4.0 | 24314 |
| [https://github.com/CTFd/snicat](https://github.com/CTFd/snicat) | TLS & SNI aware netcat | CTFd | apache-2.0 | 19 |
| [https://github.com/meilisearch/meilisearch](https://github.com/meilisearch/meilisearch) | A lightning-fast search engine that fits effortlessly into your apps, websites, and workflow. | meilisearch | mit | 30591 |
| [https://github.com/oasis-open/cti-taxii-server](https://github.com/oasis-open/cti-taxii-server) | OASIS TC Open Repository: TAXII 2 Server Library Written in Python | oasis-open | bsd-3-clause | 82 |
| [https://github.com/0x6d696368/ghidra-data](https://github.com/0x6d696368/ghidra-data) | Supporting Data Archives for Ghidra | 0x6d696368 | apache-2.0 | 184 |
| [https://github.com/klezVirus/inceptor](https://github.com/klezVirus/inceptor) | Template-Driven AV/EDR Evasion Framework | klezVirus | other | 1060 |
| [https://github.com/ail-project/ail-typo-squatting](https://github.com/ail-project/ail-typo-squatting) | Generate list of potential typo squatting domains with domain name permutation engine to feed AIL and other systems. | ail-project | bsd-2-clause | 27 |
| [https://github.com/czs108/PE-Packer](https://github.com/czs108/PE-Packer) | 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engineering. | czs108 | gpl-3.0 | 162 |
| [https://github.com/VectorCamp/vectorscan](https://github.com/VectorCamp/vectorscan) | A portable fork of the high-performance regular expression matching library | VectorCamp | other | 257 |
| [https://github.com/silverhack/voyeur](https://github.com/silverhack/voyeur) | VOYEUR's main purpose is to generate a fast (and pretty) Active Directory report. The tool is developed entirely in PowerShell (a powerful scripting language) without dependencies (just .Net Framework 3.5 and Ofiice Excel if you want an useful and pretty report). The generated report is a perfect starting point for well-established forensic, incident response team, or security researchers who want to quickly analyze threats in Active Directory Services. | silverhack | mit | 146 |
| [https://github.com/bitsadmin/fakelogonscreen](https://github.com/bitsadmin/fakelogonscreen) | Fake Windows logon screen to steal passwords | bitsadmin | bsd-3-clause | 1069 |
| [https://github.com/cisco/mercury](https://github.com/cisco/mercury) | Mercury: network metadata capture and analysis | cisco | other | 340 |
| [https://github.com/microsoft/ANCE](https://github.com/microsoft/ANCE) | A novel embedding training algorithm leveraging ANN search and achieved SOTA retrieval on Trec DL 2019 and OpenQA benchmarks | microsoft | mit | 274 |
| [https://github.com/AndrewRathbun/DFIRArtifactMuseum](https://github.com/AndrewRathbun/DFIRArtifactMuseum) | The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore. | AndrewRathbun | mit | 179 |
| [https://github.com/erthink/libmdbx](https://github.com/erthink/libmdbx) | One of the fastest embeddable key-value ACID database without WAL. libmdbx surpasses the legendary LMDB in terms of reliability, features and performance. | erthink | other | 1040 |
| [https://github.com/ekzhu/datasketch](https://github.com/ekzhu/datasketch) | MinHash, LSH, LSH Forest, Weighted MinHash, HyperLogLog, HyperLogLog++, LSH Ensemble | ekzhu | mit | 1820 |
| [https://github.com/aristocratos/btop](https://github.com/aristocratos/btop) | A monitor of resources | aristocratos | apache-2.0 | 9349 |
| [https://github.com/0vercl0k/udmp-parser](https://github.com/0vercl0k/udmp-parser) | A Windows user minidump C++ parser library. | 0vercl0k | mit | 92 |
| [https://github.com/DTolm/VkFFT](https://github.com/DTolm/VkFFT) | Vulkan/CUDA/HIP/OpenCL/Level Zero/Metal Fast Fourier Transform library | DTolm | mit | 925 |
| [https://github.com/bluekitchen/raccoon](https://github.com/bluekitchen/raccoon) | Raccoon BLE Sniffer | bluekitchen | | 63 |
| [https://github.com/andrewjfreyer/monitor](https://github.com/andrewjfreyer/monitor) | Distributed advertisement-based BTLE presence detection reported via mqtt | andrewjfreyer | | 1402 |
| [https://github.com/csirt-tooling-org/csirt-tooling-best-practices](https://github.com/csirt-tooling-org/csirt-tooling-best-practices) | CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools | csirt-tooling-org | | 11 |
| [https://github.com/frida/frida-tools](https://github.com/frida/frida-tools) | Frida CLI tools | frida | other | 211 |
| [https://github.com/ANSSI-FR/guide-journalisation-microsoft](https://github.com/ANSSI-FR/guide-journalisation-microsoft) | Guide journalisation Microsoft | ANSSI-FR | | 44 |
| [https://github.com/patois/abyss](https://github.com/patois/abyss) | abyss - augmentation of Hexrays decompiler output | patois | mit | 287 |
| [https://github.com/Nudin/iptable_vis](https://github.com/Nudin/iptable_vis) | visualise your iptables chains | Nudin | lgpl-3.0 | 543 |
| [https://github.com/scipag/HardeningKitty](https://github.com/scipag/HardeningKitty) | HardeningKitty - Checks and hardens your Windows configuration | scipag | mit | 549 |
| [https://github.com/volexity/threat-intel](https://github.com/volexity/threat-intel) | Signatures and IoCs from public Volexity blog posts. | volexity | other | 124 |
| [https://github.com/crytic/slither](https://github.com/crytic/slither) | Static Analyzer for Solidity | crytic | agpl-3.0 | 3357 |
| [https://github.com/sapics/ip-location-db](https://github.com/sapics/ip-location-db) | ip to location database by ASN, GeoFeed, Whois, iptoasn.com, db-ip lite, GeoLite2 | sapics | other | 247 |
| [https://github.com/norasector/turbine](https://github.com/norasector/turbine) | SDR software for capturing trunked radio systems | norasector | gpl-3.0 | 92 |
| [https://github.com/dhondta/webgrep](https://github.com/dhondta/webgrep) | Grep Web pages with extra features like JS deobfuscation and OCR | dhondta | gpl-3.0 | 87 |
| [https://github.com/ForensicArtifacts/artifacts-kb](https://github.com/ForensicArtifacts/artifacts-kb) | Digital Forensics Artifacts Knowledge Base | ForensicArtifacts | apache-2.0 | 42 |
| [https://github.com/ArsMasiuk/qvge](https://github.com/ArsMasiuk/qvge) | Qt Visual Graph Editor | ArsMasiuk | mit | 424 |
| [https://github.com/VirusTotal/vt-py](https://github.com/VirusTotal/vt-py) | The official Python 3 client library for VirusTotal | VirusTotal | apache-2.0 | 276 |
| [https://github.com/mborgerding/kissfft](https://github.com/mborgerding/kissfft) | a Fast Fourier Transform (FFT) library that tries to Keep it Simple, Stupid | mborgerding | other | 1017 |
| [https://github.com/hirve/sdr-mini-kit](https://github.com/hirve/sdr-mini-kit) | Building SDR apps by mapping IQ streams with pipes in CLI or bash scripts. | hirve | mit | 7 |
| [https://github.com/0x4D31/fatt](https://github.com/0x4D31/fatt) | FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic | 0x4D31 | bsd-3-clause | 588 |
| [https://github.com/cado-security/rip_raw](https://github.com/cado-security/rip_raw) | Rip Raw is a small tool to analyse the memory of compromised Linux systems. | cado-security | apache-2.0 | 127 |
| [https://github.com/RolfRolles/IDBs](https://github.com/RolfRolles/IDBs) | Analyses in IDA/Hex-Rays | RolfRolles | | 63 |
| [https://github.com/x64dbg/x64dbg](https://github.com/x64dbg/x64dbg) | An open-source x64/x32 debugger for windows. | x64dbg | other | 39331 |
| [https://github.com/stairwell-inc/threat-research](https://github.com/stairwell-inc/threat-research) | Repository of tools, YARA rules, and code-snippets from Stairwell's research team. | stairwell-inc | mit | 14 |
| [https://github.com/igogo-x86/HexRaysPyTools](https://github.com/igogo-x86/HexRaysPyTools) | IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes | igogo-x86 | | 1136 |
| [https://github.com/lunixbochs/usercorn](https://github.com/lunixbochs/usercorn) | dynamic binary analysis via platform emulation | lunixbochs | mit | 824 |
| [https://github.com/slyd0g/DLLHijackTest](https://github.com/slyd0g/DLLHijackTest) | DLL and PowerShell script to assist with finding DLL hijacks | slyd0g | | 283 |
| [https://github.com/cudeso/dfir-iris-misp-timesketch](https://github.com/cudeso/dfir-iris-misp-timesketch) | Scripts to integrate DFIR-IRIS, MISP and TimeSketch | cudeso | agpl-3.0 | 19 |
| [https://github.com/cybersecsi/HOUDINI](https://github.com/cybersecsi/HOUDINI) | Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all. | cybersecsi | gpl-3.0 | 1100 |
| [https://github.com/davidgfnet/card-cap-authenticator-android](https://github.com/davidgfnet/card-cap-authenticator-android) | Android App that genereates passcode authentication codes for Postfinance cards | davidgfnet | bsd-3-clause | 10 |
| [https://github.com/RyanMarcus/dirty-json](https://github.com/RyanMarcus/dirty-json) | A parser for invalid JSON | RyanMarcus | agpl-3.0 | 173 |
| [https://github.com/googleprojectzero/0days-in-the-wild](https://github.com/googleprojectzero/0days-in-the-wild) | Repository for information about 0-days exploited in-the-wild. | googleprojectzero | apache-2.0 | 516 |
| [https://github.com/ditekshen/detection](https://github.com/ditekshen/detection) | Detection in the form of Yara, Snort and ClamAV signatures. | ditekshen | other | 90 |
| [https://github.com/seintpl/osint](https://github.com/seintpl/osint) | Useful OSINT hints and links | seintpl | | 66 |
| [https://github.com/KaLendsi/CVE-2022-21882](https://github.com/KaLendsi/CVE-2022-21882) | win32k LPE | KaLendsi | | 435 |
| [https://github.com/JPCERTCC/jpcert-yara](https://github.com/JPCERTCC/jpcert-yara) | JPCERT/CC public YARA rules repository | JPCERTCC | | 75 |
| [https://github.com/pali/bmfdec](https://github.com/pali/bmfdec) | Decompile binary MOF file (BMF) from WMI buffer | pali | | 37 |
| [https://github.com/mb21/panwriter](https://github.com/mb21/panwriter) | Markdown editor with pandoc integration and paginated preview. | mb21 | gpl-3.0 | 762 |
| [https://github.com/doegox/EMV-CAP](https://github.com/doegox/EMV-CAP) | This tool emulates an EMV-CAP device, to illustrate the article "Banque en ligne : à la decouverte d'EMV-CAP" published in MISC, issue #56 | doegox | gpl-3.0 | 27 |
| [https://github.com/APTortellini/DefenderSwitch](https://github.com/APTortellini/DefenderSwitch) | Stop Windows Defender using the Win32 API | APTortellini | | 158 |
| [https://github.com/scipag/nac_bypass](https://github.com/scipag/nac_bypass) | Script collection to bypass Network Access Control (NAC, 802.1x) | scipag | mit | 165 |
| [https://github.com/hakluke/hakrevdns](https://github.com/hakluke/hakrevdns) | Small, fast tool for performing reverse DNS lookups en masse. | hakluke | mit | 587 |
| [https://github.com/jevinskie/litespih4x](https://github.com/jevinskie/litespih4x) | SPI flash MITM and emulation (QSPI is a WIP) | jevinskie | | 18 |
| [https://github.com/pandora-analysis/pandora](https://github.com/pandora-analysis/pandora) | Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results | pandora-analysis | agpl-3.0 | 158 |
| [https://github.com/berdav/CVE-2021-4034](https://github.com/berdav/CVE-2021-4034) | CVE-2021-4034 1day | berdav | mit | 1686 |
| [https://github.com/Reloaded-Project/Reloaded.Injector](https://github.com/Reloaded-Project/Reloaded.Injector) | C# DLL Injection Library capable of injecting x86 DLLs to x86 process from x64 processes. | Reloaded-Project | lgpl-3.0 | 79 |
| [https://github.com/arc298/instagram-scraper](https://github.com/arc298/instagram-scraper) | Scrapes an instagram user's photos and videos | arc298 | unlicense | 7296 |
| [https://github.com/bouffalolab/bl_iot_sdk](https://github.com/bouffalolab/bl_iot_sdk) | BL602/BL702 SDK. Any technical topic, please access the following link. | bouffalolab | apache-2.0 | 189 |
| [https://github.com/cilium/cilium](https://github.com/cilium/cilium) | eBPF-based Networking, Security, and Observability | cilium | apache-2.0 | 13403 |
| [https://github.com/hlldz/RefleXXion](https://github.com/hlldz/RefleXXion) | RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array. | hlldz | | 389 |
| [https://github.com/Idov31/FunctionStomping](https://github.com/Idov31/FunctionStomping) | A new shellcode injection technique. Given as C++ header, standalone Rust program or library. | Idov31 | bsd-2-clause | 592 |
| [https://github.com/cyentific-rni/stix2.1-coa-playbook-extension](https://github.com/cyentific-rni/stix2.1-coa-playbook-extension) | A STIX 2.1 Extension Definition for the Course of Action (COA) object type. The nested property extension allows a COA to share machine-readable security playbooks such as CACAO Security Playbooks | cyentific-rni | mit | 14 |
| [https://github.com/ZephrFish/Red-Teaming-Toolkit](https://github.com/ZephrFish/Red-Teaming-Toolkit) | This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter. | ZephrFish | gpl-3.0 | 9 |
| [https://github.com/geodienst/lighthousemap](https://github.com/geodienst/lighthousemap) | OpenStreetMap's Blinking Beacons | geodienst | mit | 271 |
| [https://github.com/daem0nc0re/PrivFu](https://github.com/daem0nc0re/PrivFu) | Kernel mode WinDbg extension and PoCs for token privilege investigation. | daem0nc0re | bsd-3-clause | 366 |
| [https://github.com/executemalware/Malware-IOCs](https://github.com/executemalware/Malware-IOCs) | | executemalware | | 315 |
| [https://github.com/behas/ransomware-dataset](https://github.com/behas/ransomware-dataset) | Economics of Ransomware | Dataset | behas | | 16 |
| [https://github.com/spenczar/usb-next](https://github.com/spenczar/usb-next) | Arduino adapter for a NeXT keyboard to work over USB | spenczar | bsd-3-clause | 16 |
| [https://github.com/lgandx/Responder](https://github.com/lgandx/Responder) | Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. | lgandx | gpl-3.0 | 3901 |
| [https://github.com/dievus/Oh365UserFinder](https://github.com/dievus/Oh365UserFinder) | Python3 o365 User Enumeration Tool | dievus | mit | 400 |
| [https://github.com/DidierStevens/DidierStevensSuite](https://github.com/DidierStevens/DidierStevensSuite) | Please no pull requests for this repository. Thanks! | DidierStevens | | 1418 |
| [https://github.com/AzizKpln/Social_X](https://github.com/AzizKpln/Social_X) | "Socialx" is a Social Engineering And Remote Access Trojan Tool. You can generate fud backdoor and you can embed any file you want inside of the exe file. | AzizKpln | mit | 198 |
| [https://github.com/forrest-orr/moneta](https://github.com/forrest-orr/moneta) | Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs | forrest-orr | gpl-3.0 | 365 |
| [https://github.com/tid4l/offensive-cybersec-toolkit](https://github.com/tid4l/offensive-cybersec-toolkit) | A central place for offensive (and sometimes not) cybersecurity tools and resources. | tid4l | gpl-3.0 | 8 |
| [https://github.com/vuejs/petite-vue](https://github.com/vuejs/petite-vue) | 6kb subset of Vue optimized for progressive enhancement | vuejs | mit | 7056 |
| [https://github.com/resyncgg/ripgen](https://github.com/resyncgg/ripgen) | Rust-based high performance domain permutation generator. | resyncgg | | 185 |
| [https://github.com/p0dalirius/ldap2json](https://github.com/p0dalirius/ldap2json) | The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file. | p0dalirius | | 63 |
| [https://github.com/quarto-dev/quarto-cli](https://github.com/quarto-dev/quarto-cli) | Open-source scientific and technical publishing system built on Pandoc. | quarto-dev | other | 1413 |
| [https://github.com/adulau/active-scanning-techniques](https://github.com/adulau/active-scanning-techniques) | A compilation of network scanning strategies to find vulnerable devices | adulau | | 61 |
| [https://github.com/fkie-cad/cwe_checker](https://github.com/fkie-cad/cwe_checker) | cwe_checker finds vulnerable patterns in binary executables | fkie-cad | lgpl-3.0 | 745 |
| [https://github.com/avast/ioc](https://github.com/avast/ioc) | Threat Intel IoCs + bits and pieces of dark matter | avast | | 251 |
| [https://github.com/MrNox/XRaysComments](https://github.com/MrNox/XRaysComments) | A simple IDA Pro plugin to show all HexRays decompiler comments written by user | MrNox | | 19 |
| [https://github.com/g-les/100DaysofYARA](https://github.com/g-les/100DaysofYARA) | 100 Days of YARA to be updated with rules & ideas as the year progresses | g-les | | 27 |
| [https://github.com/IQTLabs/SkyScan](https://github.com/IQTLabs/SkyScan) | Automatically photograph planes that fly by! | IQTLabs | apache-2.0 | 237 |
| [https://github.com/CiscoPSIRT/openVulnQuery](https://github.com/CiscoPSIRT/openVulnQuery) | A Python-based client for the Cisco openVuln API | CiscoPSIRT | mit | 20 |
| [https://github.com/github/gemoji](https://github.com/github/gemoji) | Emoji images and names. | github | mit | 4072 |
| [https://github.com/dhondta/python-codext](https://github.com/dhondta/python-codext) | Python codecs extension featuring CLI tools for encoding/decoding anything | dhondta | gpl-3.0 | 199 |
| [https://github.com/brandur/redis-cell](https://github.com/brandur/redis-cell) | A Redis module that provides rate limiting in Redis as a single command. | brandur | mit | 1050 |
| [https://github.com/jakubroztocil/podcats](https://github.com/jakubroztocil/podcats) | 🎧 🐈🐈🐈 Podcats generates RSS feeds for podcast episodes from local audio files and, optionally, exposes both via a built-in web server. | jakubroztocil | other | 106 |
| [https://github.com/sevagas/macro_pack](https://github.com/sevagas/macro_pack) | macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research. | sevagas | apache-2.0 | 1725 |
| [https://github.com/typedb-osi/typedb-cti](https://github.com/typedb-osi/typedb-cti) | Open Source Threat Intelligence Platform | typedb-osi | apache-2.0 | 100 |
| [https://github.com/luigifcruz/pisdr-image](https://github.com/luigifcruz/pisdr-image) | 🥧 A SDR Linux Distro for the Raspberry Pi and other SBC. Compatible out of the box with multiple SDR. | luigifcruz | other | 679 |
| [https://github.com/DanielLin1986/Function-level-Vulnerability-Detection](https://github.com/DanielLin1986/Function-level-Vulnerability-Detection) | A deep learning-based vulnerability detection framework | DanielLin1986 | | 55 |
| [https://github.com/void-stack/VMUnprotect](https://github.com/void-stack/VMUnprotect) | VMUnprotect can dynamically log and manipulate calls from virtualized methods by VMProtect. | void-stack | mit | 250 |
| [https://github.com/AppThreat/dep-scan](https://github.com/AppThreat/dep-scan) | Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI, Google CloudBuild. No server required! | AppThreat | mit | 275 |
| [https://github.com/geoacumen/geoacumen-country](https://github.com/geoacumen/geoacumen-country) | | geoacumen | apache-2.0 | 35 |
| [https://github.com/maxmind/MaxMind-DB-Reader-python](https://github.com/maxmind/MaxMind-DB-Reader-python) | Python MaxMind DB reader extension | maxmind | apache-2.0 | 138 |
| [https://github.com/maxmind/mmdbinspect](https://github.com/maxmind/mmdbinspect) | look up records for one or more IPs/networks in one or more .mmdb databases | maxmind | apache-2.0 | 62 |
| [https://github.com/cloudflare/py-mmdb-encoder](https://github.com/cloudflare/py-mmdb-encoder) | Create mmdb files to encode prefix lists. | cloudflare | bsd-3-clause | 27 |
| [https://github.com/upx/upx](https://github.com/upx/upx) | UPX - the Ultimate Packer for eXecutables | upx | other | 10245 |
| [https://github.com/allinurl/gwsocket](https://github.com/allinurl/gwsocket) | fast, standalone, language-agnostic WebSocket server RFC6455 compliant | allinurl | mit | 656 |
| [https://github.com/RolfRolles/FinSpyVM](https://github.com/RolfRolles/FinSpyVM) | Static unpacker for FinSpy VM | RolfRolles | | 90 |
| [https://github.com/ryan-weil/ReadWriteDriver](https://github.com/ryan-weil/ReadWriteDriver) | A kernel driver for reading and writing memory | ryan-weil | | 81 |
| [https://github.com/jfmaes/SharpZipRunner](https://github.com/jfmaes/SharpZipRunner) | Executes position independent shellcode from an encrypted zip | jfmaes | gpl-3.0 | 293 |
| [https://github.com/InQuest/awesome-yara](https://github.com/InQuest/awesome-yara) | A curated list of awesome YARA rules, tools, and people. | InQuest | other | 2369 |
| [https://github.com/adsbxchange/adsb-exchange](https://github.com/adsbxchange/adsb-exchange) | ADS-B Exchange Linux Setup Scripts | adsbxchange | mit | 192 |
| [https://github.com/StamusNetworks/suricata-language-server](https://github.com/StamusNetworks/suricata-language-server) | Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured. | StamusNetworks | gpl-3.0 | 36 |
| [https://github.com/PyCQA/flake8](https://github.com/PyCQA/flake8) | flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code. | PyCQA | other | 2394 |
| [https://github.com/wavestone-cdt/wavecrack](https://github.com/wavestone-cdt/wavecrack) | Wavestone's web interface for password cracking with hashcat | wavestone-cdt | | 151 |
| [https://github.com/jerosoler/Drawflow](https://github.com/jerosoler/Drawflow) | Simple flow library 🖥️🖱️ | jerosoler | mit | 2700 |
| [https://github.com/jordanwildon/Telepathy](https://github.com/jordanwildon/Telepathy) | Public release of Telepathy, an OSINT toolkit for investigating Telegram chats. | jordanwildon | mit | 449 |
| [https://github.com/orhun/rtl_map](https://github.com/orhun/rtl_map) | FFT-based visualizer for RTL-SDR devices. (RTL2832/DVB-T) | orhun | gpl-3.0 | 59 |
| [https://github.com/marp-team/marp](https://github.com/marp-team/marp) | The entrance repository of Markdown presentation ecosystem | marp-team | mit | 4349 |
| [https://github.com/encode/starlette](https://github.com/encode/starlette) | The little ASGI framework that shines. 🌟 | encode | bsd-3-clause | 7534 |
| [https://github.com/MoserMichael/pyasmtool](https://github.com/MoserMichael/pyasmtool) | Explores the python bytecode, provides some tools to access it for fun and profit. | MoserMichael | mit | 275 |
| [https://github.com/seanmcfeely/ThreatFox](https://github.com/seanmcfeely/ThreatFox) | Python library and command line tool for interacting with the ThreatFox API. | seanmcfeely | gpl-3.0 | 6 |
| [https://github.com/raghudotcc/simply-jekyll](https://github.com/raghudotcc/simply-jekyll) | A simple yet highly functional jekyll theme with backlinks, wiki-style links, context menu, page preview, sidenote etc | raghudotcc | | 160 |
| [https://github.com/0vercl0k/rp](https://github.com/0vercl0k/rp) | rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries. | 0vercl0k | mit | 1383 |
| [https://github.com/saruman9/ghidra_dev_pres](https://github.com/saruman9/ghidra_dev_pres) | Ghidra's development plugins, scripts, contributing. Presentation | saruman9 | | 10 |
| [https://github.com/felias-fogg/dw-link](https://github.com/felias-fogg/dw-link) | An Arduino-based debugWIRE hardware-debugger | felias-fogg | gpl-3.0 | 21 |
| [https://github.com/CYB3RMX/Qu1cksc0pe](https://github.com/CYB3RMX/Qu1cksc0pe) | All-in-One malware analysis tool. | CYB3RMX | gpl-3.0 | 418 |
| [https://github.com/random-robbie/bruteforce-lists](https://github.com/random-robbie/bruteforce-lists) | Some files for bruteforcing certain things. | random-robbie | apache-2.0 | 746 |
| [https://github.com/packing-box/awesome-executable-packing](https://github.com/packing-box/awesome-executable-packing) | A curated list of awesome resources related to executable packing | packing-box | cc0-1.0 | 664 |
| [https://github.com/trickster0/LdrLoadDll-Unhooking](https://github.com/trickster0/LdrLoadDll-Unhooking) | LdrLoadDll Unhooking | trickster0 | | 73 |
| [https://github.com/Tox/ToxStatus](https://github.com/Tox/ToxStatus) | Status page that keeps track of Tox bootstrap nodes | Tox | agpl-3.0 | 32 |
| [https://github.com/RedhawkSDR/core-framework](https://github.com/RedhawkSDR/core-framework) | REDHAWK is a software-defined radio (SDR) framework designed to support the development, deployment, and management of real-time software radio applications | RedhawkSDR | lgpl-3.0 | 39 |
| [https://github.com/RedhawkSDR/redhawk](https://github.com/RedhawkSDR/redhawk) | A submodule repository for distributing REDHAWK artifacts and the latest REDHAWK source code. Use 'git clone --recurse-submodules git@github.com:RedhawkSDR/redhawk.git' to also clone all submodules. | RedhawkSDR | other | 362 |
| [https://github.com/hrvach/babyping](https://github.com/hrvach/babyping) | A computer from 1948 in ICMP packets | hrvach | mit | 74 |
| [https://github.com/0xC01DF00D/Collabfiltrator](https://github.com/0xC01DF00D/Collabfiltrator) | Exfiltrate blind remote code execution output over DNS via Burp Collaborator. | 0xC01DF00D | gpl-3.0 | 226 |
| [https://github.com/klinix5/ReverseRDP_RCE](https://github.com/klinix5/ReverseRDP_RCE) | | klinix5 | mit | 267 |
| [https://github.com/opensemanticsearch/open-semantic-search](https://github.com/opensemanticsearch/open-semantic-search) | Open Source research tool to search, browse, analyze and explore large document collections by Semantic Search Engine and Open Source Text Mining & Text Analytics platform (Integrates ETL for document processing, OCR for images & PDF, named entity recognition for persons, organizations & locations, metadata management by thesaurus & ontologies, search user interface & search apps for fulltext search, faceted search & knowledge graph) | opensemanticsearch | gpl-3.0 | 659 |
| [https://github.com/1N3/ReverseAPK](https://github.com/1N3/ReverseAPK) | Quickly analyze and reverse engineer Android packages | 1N3 | | 586 |
| [https://github.com/gocolly/colly](https://github.com/gocolly/colly) | Elegant Scraper and Crawler Framework for Golang | gocolly | apache-2.0 | 18145 |
| [https://github.com/gnuradio/SigMF](https://github.com/gnuradio/SigMF) | The Signal Metadata Format Specification | gnuradio | cc-by-sa-4.0 | 227 |
| [https://github.com/xbyl1234/android_analysis](https://github.com/xbyl1234/android_analysis) | android analysis tools, jni trace by native hook, libc hook, write log with caller's addr in file or AndroidLog | xbyl1234 | | 61 |
| [https://github.com/odedshimon/BruteShark](https://github.com/odedshimon/BruteShark) | Network Analysis Tool | odedshimon | gpl-3.0 | 2519 |
| [https://github.com/osmocom/rtl-sdr](https://github.com/osmocom/rtl-sdr) | library for turning a RTL2832 based DVB dongle into a Software DefinedReceiver; mirror from https://gitea.osmocom.org/sdr/rtl-sdr | osmocom | gpl-2.0 | 483 |
| [https://github.com/digitalevidencetoolkit/deptoolkit](https://github.com/digitalevidencetoolkit/deptoolkit) | The Toolkit API, app, and browser extension. Start preserving now. | digitalevidencetoolkit | other | 40 |
| [https://github.com/shareef12/ExtractBB](https://github.com/shareef12/ExtractBB) | LLVM Obfuscation Pass via Extracted Basic Blocks | shareef12 | | 15 |
| [https://github.com/pnkraemer/tueplots](https://github.com/pnkraemer/tueplots) | Figure sizes, font sizes, fonts, and more configurations at minimal overhead. Fix your journal papers, conference proceedings, and other scientific publications. | pnkraemer | mit | 476 |
| [https://github.com/splunk/salo](https://github.com/splunk/salo) | Synthetic Adversarial Log Objects: A Framework for synthentic log generation | splunk | apache-2.0 | 40 |
| [https://github.com/jina-ai/docarray](https://github.com/jina-ai/docarray) | 🧬 The data structure for unstructured multimodal data · Neural Search · Vector Search · Document Store | jina-ai | apache-2.0 | 1274 |
| [https://github.com/coral-xyz/sealevel-attacks](https://github.com/coral-xyz/sealevel-attacks) | ☠️ Common Security Exploits and Protections on Solana | coral-xyz | | 337 |
| [https://github.com/knight0x07/pyc2bytecode](https://github.com/knight0x07/pyc2bytecode) | A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*) | knight0x07 | | 87 |
| [https://github.com/hausec/ADAPE-Script](https://github.com/hausec/ADAPE-Script) | Active Directory Assessment and Privilege Escalation Script | hausec | | 1018 |
| [https://github.com/swimlane/pyattck](https://github.com/swimlane/pyattck) | A Python package to interact with the Mitre ATT&CK Framework | swimlane | mit | 402 |
| [https://github.com/FirmWire/FirmWire](https://github.com/FirmWire/FirmWire) | FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares | FirmWire | bsd-3-clause | 552 |
| [https://github.com/terryyin/lizard](https://github.com/terryyin/lizard) | A simple code complexity analyser without caring about the C/C++ header files or Java imports, supports most of the popular languages. | terryyin | other | 1460 |
| [https://github.com/3vangel1st/100DaysOfYARA](https://github.com/3vangel1st/100DaysOfYARA) | | 3vangel1st | | 24 |
| [https://github.com/certsocietegenerale/abuse_finder](https://github.com/certsocietegenerale/abuse_finder) | Find abuse contacts for observables | certsocietegenerale | gpl-3.0 | 54 |
| [https://github.com/wbolster/jsonlines](https://github.com/wbolster/jsonlines) | python library to simplify working with jsonlines and ndjson data | wbolster | other | 203 |
| [https://github.com/obsidianforensics/unfurl](https://github.com/obsidianforensics/unfurl) | Extract and Visualize Data from URLs using Unfurl | obsidianforensics | apache-2.0 | 468 |
| [https://github.com/sthagen/miyuchina-mistletoe](https://github.com/sthagen/miyuchina-mistletoe) | A fast, extensible and spec-compliant Markdown parser in pure Python. | sthagen | mit | 2 |
| [https://github.com/ShutdownRepo/ShadowCoerce](https://github.com/ShutdownRepo/ShadowCoerce) | MS-FSRVP coercion abuse PoC | ShutdownRepo | gpl-3.0 | 211 |
| [https://github.com/drmpeg/dtv-utils](https://github.com/drmpeg/dtv-utils) | Utilities for SDR digital television | drmpeg | gpl-3.0 | 46 |
| [https://github.com/puckiestyle/JNDI-Exploit-Kit](https://github.com/puckiestyle/JNDI-Exploit-Kit) | | puckiestyle | mit | 19 |
| [https://github.com/Li4n0/revsuit](https://github.com/Li4n0/revsuit) | RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration. | Li4n0 | apache-2.0 | 322 |
| [https://github.com/getCUJO/ThreatIntel](https://github.com/getCUJO/ThreatIntel) | | getCUJO | bsd-3-clause-clear | 102 |
| [https://github.com/hijiki51/gotools](https://github.com/hijiki51/gotools) | Plugin for Ghidra to assist reversing Golang binaries | hijiki51 | mit | 6 |
| [https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering](https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering) | Some of my publicly available Malware analysis and Reverse engineering. | Dump-GUY | | 460 |
| [https://github.com/fidgetingbits/IDArling](https://github.com/fidgetingbits/IDArling) | Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays | fidgetingbits | gpl-3.0 | 94 |
| [https://github.com/cudeso/tools](https://github.com/cudeso/tools) | Different tools, koen.vanimpe@cudeso.be | cudeso | other | 87 |
| [https://github.com/corelight/zeek-cheatsheets](https://github.com/corelight/zeek-cheatsheets) | Bro Log Cheatsheets | corelight | other | 232 |
| [https://github.com/SecWiki/windows-kernel-exploits](https://github.com/SecWiki/windows-kernel-exploits) | windows-kernel-exploits Windows平台提权漏洞集合 | SecWiki | mit | 6754 |
| [https://github.com/optiv/Ivy](https://github.com/optiv/Ivy) | Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivys loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode. | optiv | mit | 639 |
| [https://github.com/AlexandreRouma/SDRPlusPlus](https://github.com/AlexandreRouma/SDRPlusPlus) | Cross-Platform SDR Software | AlexandreRouma | gpl-3.0 | 2070 |
| [https://github.com/yrp604/rappel](https://github.com/yrp604/rappel) | A linux-based assembly REPL for x86, amd64, armv7, and armv8 | yrp604 | other | 1002 |
| [https://github.com/s-macke/VoxelSpace](https://github.com/s-macke/VoxelSpace) | Terrain rendering algorithm in less than 20 lines of code | s-macke | mit | 5533 |
| [https://github.com/alphacep/vosk-api](https://github.com/alphacep/vosk-api) | Offline speech recognition API for Android, iOS, Raspberry Pi and servers with Python, Java, C# and Node | alphacep | apache-2.0 | 4760 |
| [https://github.com/intelowlproject/GreedyBear](https://github.com/intelowlproject/GreedyBear) | Threat Intel Platform for T-POTs | intelowlproject | mit | 62 |
| [https://github.com/rgerganov/aprs-sdr](https://github.com/rgerganov/aprs-sdr) | APRS tracker with an SDR | rgerganov | mit | 19 |
| [https://github.com/fabiangreffrath/crispy-doom](https://github.com/fabiangreffrath/crispy-doom) | Crispy Doom is a limit-removing enhanced-resolution Doom source port based on Chocolate Doom. | fabiangreffrath | gpl-2.0 | 609 |
| [https://github.com/iconoir-icons/iconoir](https://github.com/iconoir-icons/iconoir) | An open source icons library with 1K+ icons, supporting React, React Native, Flutter, CSS, Figma, and Framer. | iconoir-icons | mit | 2858 |
| [https://github.com/trapexit/mergerfs](https://github.com/trapexit/mergerfs) | a featureful union filesystem | trapexit | other | 2734 |
| [https://github.com/niczem/trawler](https://github.com/niczem/trawler) | scraper for facebook, gab, google and tiktok | niczem | | 20 |
| [https://github.com/google/grr](https://github.com/google/grr) | GRR Rapid Response: remote live forensics for incident response | google | apache-2.0 | 4223 |
| [https://github.com/ioncodes/ceload](https://github.com/ioncodes/ceload) | Loading dbk64.sys and grabbing a handle to it | ioncodes | | 120 |
| [https://github.com/curran/data](https://github.com/curran/data) | A collection of public data sets | curran | mit | 450 |
| [https://github.com/deepchecks/deepchecks](https://github.com/deepchecks/deepchecks) | Test Suites for Validating ML Models & Data. Deepchecks is a Python package for comprehensively validating your machine learning models and data with minimal effort. | deepchecks | other | 2175 |
| [https://github.com/profdc9/QRPAmplifier](https://github.com/profdc9/QRPAmplifier) | Layout of WA2EBY amplifier in Kicad, licensed CC-BY-SA 4.0 | profdc9 | | 15 |
| [https://github.com/FChannel0/FChannel-Server](https://github.com/FChannel0/FChannel-Server) | | FChannel0 | agpl-3.0 | 82 |
| [https://github.com/GeneralMills/pytrends](https://github.com/GeneralMills/pytrends) | Pseudo API for Google Trends | GeneralMills | other | 2556 |
| [https://github.com/benlk/misc-licenses](https://github.com/benlk/misc-licenses) | A collection of various licenses, with mild commentary upon them. | benlk | other | 75 |
| [https://github.com/aj-code/TimingIntrusionTool5000](https://github.com/aj-code/TimingIntrusionTool5000) | A tool for performing network timing attacks on plaintext and hashed password authentication. | aj-code | gpl-3.0 | 20 |
| [https://github.com/squidfunk/mkdocs-material](https://github.com/squidfunk/mkdocs-material) | Documentation that simply works | squidfunk | mit | 11548 |
| [https://github.com/NVISOsecurity/DLLoader](https://github.com/NVISOsecurity/DLLoader) | | NVISOsecurity | gpl-3.0 | 17 |
| [https://github.com/R4yGM/garlicshare](https://github.com/R4yGM/garlicshare) | Private and self-hosted file sharing over the Tor network written in golang | R4yGM | apache-2.0 | 105 |
| [https://github.com/travisbrown/stop-the-steal](https://github.com/travisbrown/stop-the-steal) | Stop the Steal / J6 Twitter user profiles | travisbrown | | 18 |
| [https://github.com/worldveil/dejavu](https://github.com/worldveil/dejavu) | Audio fingerprinting and recognition in Python | worldveil | mit | 5919 |
| [https://github.com/jonathandata1/pegasus_spyware](https://github.com/jonathandata1/pegasus_spyware) | decompiled pegasus_spyware | jonathandata1 | mit | 1574 |
| [https://github.com/tillmannw/yara-rules](https://github.com/tillmannw/yara-rules) | | tillmannw | | 8 |
| [https://github.com/trailofbits/manticore](https://github.com/trailofbits/manticore) | Symbolic execution tool | trailofbits | agpl-3.0 | 3183 |
| [https://github.com/forrest-orr/Exploits](https://github.com/forrest-orr/Exploits) | A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits. | forrest-orr | gpl-3.0 | 80 |
| [https://github.com/spaze/hashes](https://github.com/spaze/hashes) | Magic hashes PHP hash "collisions" | spaze | | 505 |
| [https://github.com/uubs/firmware-collection](https://github.com/uubs/firmware-collection) | | uubs | | 5 |
| [https://github.com/desertbit/glue](https://github.com/desertbit/glue) | Glue - Robust Go and Javascript Socket Library (Alternative to Socket.io) | desertbit | mit | 406 |
| [https://github.com/MattETurner/DFIRlogbook](https://github.com/MattETurner/DFIRlogbook) | Logbook for Digital Forensics and Incident Response | MattETurner | | 40 |
| [https://github.com/BatchDrake/SigDigger](https://github.com/BatchDrake/SigDigger) | Qt-based digital signal analyzer, using Suscan core and Sigutils DSP library | BatchDrake | gpl-3.0 | 607 |
| [https://github.com/directus/directus](https://github.com/directus/directus) | The Modern Data Stack 🐰 — Directus is an instant REST+GraphQL API and intuitive no-code data collaboration app for any SQL database. | directus | gpl-3.0 | 18144 |
| [https://github.com/mzfr/liffy](https://github.com/mzfr/liffy) | Local file inclusion exploitation tool | mzfr | gpl-3.0 | 523 |
| [https://github.com/PaddlePaddle/PaddleOCR](https://github.com/PaddlePaddle/PaddleOCR) | Awesome multilingual OCR toolkits based on PaddlePaddle (practical ultra lightweight OCR system, support 80+ languages recognition, provide data annotation and synthesis tools, support training and deployment among server, mobile, embedded and IoT devices) | PaddlePaddle | apache-2.0 | 26342 |
| [https://github.com/seemoo-lab/opendrop](https://github.com/seemoo-lab/opendrop) | An open Apple AirDrop implementation written in Python | seemoo-lab | gpl-3.0 | 7380 |
| [https://github.com/cert-ee/cuckoo3](https://github.com/cert-ee/cuckoo3) | Cuckoo 3 is a Python 3 open source automated malware analysis system. | cert-ee | eupl-1.2 | 409 |
| [https://github.com/pussycat0x/malicious-pdf](https://github.com/pussycat0x/malicious-pdf) | Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator | pussycat0x | bsd-2-clause | 163 |
| [https://github.com/NUKIB/misp](https://github.com/NUKIB/misp) | Docker image for MISP | NUKIB | gpl-3.0 | 43 |
| [https://github.com/tb0hdan/idun](https://github.com/tb0hdan/idun) | DomainsProject.org HTTP worker | tb0hdan | bsd-3-clause | 9 |
| [https://github.com/tb0hdan/domains](https://github.com/tb0hdan/domains) | Worlds single largest Internet domains dataset | tb0hdan | bsd-3-clause | 394 |
| [https://github.com/HuskyHacks/PMAT-labs](https://github.com/HuskyHacks/PMAT-labs) | Labs for Practical Malware Analysis & Triage | HuskyHacks | | 436 |
| [https://github.com/doomedraven/sflock](https://github.com/doomedraven/sflock) | Sample staging & detonation utility to be used in combination with Cuckoo Sandbox. | doomedraven | | 8 |
| [https://github.com/hrbrmstr/hashlookup](https://github.com/hrbrmstr/hashlookup) | #️⃣ 👀👆🏽Query and Orchestrate the CIRCL Hash Lookup Service | hrbrmstr | other | 4 |
| [https://github.com/benthosdev/benthos-plugin-example](https://github.com/benthosdev/benthos-plugin-example) | Benthos plugin examples | benthosdev | mit | 59 |
| [https://github.com/hatching/sflock](https://github.com/hatching/sflock) | Sample staging & detonation utility to be used in combination with Cuckoo Sandbox. | hatching | | 74 |
| [https://github.com/Zhuagenborn/Dll-Injector](https://github.com/Zhuagenborn/Dll-Injector) | 💉 A Windows dynamic-link library injection tool written in C++20. It can inject a dynamic-link library into a running process by its window title or create a new process with an injection. | Zhuagenborn | gpl-3.0 | 48 |
| [https://github.com/sdasgup3/binary-decompilation](https://github.com/sdasgup3/binary-decompilation) | Extracting high level semantic information from binary code | sdasgup3 | other | 57 |
| [https://github.com/adulau/dcfldd](https://github.com/adulau/dcfldd) | dcfldd - enhanced version of dd for forensics and security | adulau | gpl-2.0 | 58 |
| [https://github.com/infoskirmish/hive](https://github.com/infoskirmish/hive) | The CIA Hive source code as released by Wikileaks | infoskirmish | | 46 |
| [https://github.com/peazip/PeaZip](https://github.com/peazip/PeaZip) | Free Zip / Unzip software and Rar file extractor. Cross-platform file and archive manager. Features volume spanning, compression, authenticated encryption. Supports 7Z, 7-Zip sfx, ACE, ARJ, Brotli, BZ2, CAB, CHM, CPIO, DEB, GZ, ISO, JAR, LHA/LZH, NSIS, OOo, PAQ/LPAQ, PEA, QUAD, RAR, RPM, split, TAR, Z, ZIP, ZIPX, Zstandard. | peazip | lgpl-3.0 | 2232 |
| [https://github.com/magwyz/mediaLexicometer](https://github.com/magwyz/mediaLexicometer) | Tools to do lexicometry on media | magwyz | agpl-3.0 | 40 |
| [https://github.com/payloadbox/xss-payload-list](https://github.com/payloadbox/xss-payload-list) | 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List | payloadbox | mit | 3806 |
| [https://github.com/swisscom/ArtifactCollectionMatrix](https://github.com/swisscom/ArtifactCollectionMatrix) | Forensic Artifact Collection Tool Matrix | swisscom | other | 29 |
| [https://github.com/HoShiMin/Sig](https://github.com/HoShiMin/Sig) | The most powerful and customizable binary pattern scanner | HoShiMin | mit | 143 |
| [https://github.com/cariboulabs/cariboulite](https://github.com/cariboulabs/cariboulite) | CaribouLite turns any 40-pin Raspberry-Pi into a Tx/Rx 6GHz SDR | cariboulabs | | 846 |
| [https://github.com/threathunters-io/laurel](https://github.com/threathunters-io/laurel) | Transform Linux Audit logs for SIEM usage | threathunters-io | gpl-3.0 | 440 |
| [https://github.com/benthosdev/benthos](https://github.com/benthosdev/benthos) | Fancy stream processing made operationally mundane | benthosdev | mit | 4912 |
| [https://github.com/kevthehermit/volatility_symbols](https://github.com/kevthehermit/volatility_symbols) | Volatility Symbol Generator for Linux Kernels | kevthehermit | | 14 |
| [https://github.com/mytechnotalent/Reverse-Engineering](https://github.com/mytechnotalent/Reverse-Engineering) | A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures. | mytechnotalent | apache-2.0 | 7459 |
| [https://github.com/jthuraisamy/SysWhispers](https://github.com/jthuraisamy/SysWhispers) | AV/EDR evasion via direct system calls. | jthuraisamy | apache-2.0 | 1410 |
| [https://github.com/dfir-iris/iris-web](https://github.com/dfir-iris/iris-web) | Collaborative Incident Response platform | dfir-iris | lgpl-3.0 | 538 |
| [https://github.com/tanc7/EXOCET-AV-Evasion](https://github.com/tanc7/EXOCET-AV-Evasion) | EXOCET - AV-evading, undetectable, payload delivery tool | tanc7 | | 662 |
| [https://github.com/Ne0nd0g/merlin-agent](https://github.com/Ne0nd0g/merlin-agent) | | Ne0nd0g | gpl-3.0 | 95 |
| [https://github.com/deepset-ai/haystack](https://github.com/deepset-ai/haystack) | :mag: Haystack is an open source NLP framework that leverages pre-trained Transformer models. It enables developers to quickly implement production-ready semantic search, question answering, summarization and document ranking for a wide range of NLP applications. | deepset-ai | apache-2.0 | 5986 |
| [https://github.com/fuzzuf/fuzzuf](https://github.com/fuzzuf/fuzzuf) | Fuzzing Unification Framework | fuzzuf | agpl-3.0 | 298 |
| [https://github.com/LingDong-/shan-shui-inf](https://github.com/LingDong-/shan-shui-inf) | Procedurally generated Chinese landscape painting. | LingDong- | mit | 4922 |
| [https://github.com/cdnjs/cdnjs](https://github.com/cdnjs/cdnjs) | 🤖 CDN assets - The #1 free and open source CDN built to make life easier for developers. | cdnjs | mit | 9689 |
| [https://github.com/IndrajeetPatil/ggstatsplot](https://github.com/IndrajeetPatil/ggstatsplot) | Enhancing `{ggplot2}` plots with statistical analysis 📊🎨📣 | IndrajeetPatil | gpl-3.0 | 1586 |
| [https://github.com/juju4/ansible-hashlookupserver](https://github.com/juju4/ansible-hashlookupserver) | Install hashlookup-server, minimal and fast open source server (ReST/API) to lookup quickly hash value from large datase t. | juju4 | bsd-2-clause | 1 |
| [https://github.com/daniestevez/jupyter_notebooks](https://github.com/daniestevez/jupyter_notebooks) | Assorted Jupyter notebooks by Daniel Estévez | daniestevez | gpl-3.0 | 97 |
| [https://github.com/constellation-app/constellation](https://github.com/constellation-app/constellation) | A graph-focused data visualisation and interactive analysis application. | constellation-app | apache-2.0 | 349 |
| [https://github.com/archanchoudhury/SOC-OpenSource](https://github.com/archanchoudhury/SOC-OpenSource) | This is a Project Designed for Security Analysts and all SOC audiences who wants to play with implementation and explore the Modern SOC architecture. | archanchoudhury | cc0-1.0 | 247 |
| [https://github.com/hashlookup/hashlookup-forensic-analyser](https://github.com/hashlookup/hashlookup-forensic-analyser) | Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/ | hashlookup | other | 91 |
| [https://github.com/ubfx/BinDiffHelper](https://github.com/ubfx/BinDiffHelper) | Ghidra Extension to integrate BinDiff for function matching | ubfx | | 174 |
| [https://github.com/Cracked5pider/KaynLdr](https://github.com/Cracked5pider/KaynLdr) | KaynLdr is a Reflective Loader written in C/ASM | Cracked5pider | | 406 |
| [https://github.com/cursey/regenny](https://github.com/cursey/regenny) | A reverse engineering tool to interactively reconstruct structures and generate header files | cursey | mit | 79 |
| [https://github.com/gkiril/benchie](https://github.com/gkiril/benchie) | Comprehensive evaluation framework for Open Information Extraction. | gkiril | other | 26 |
| [https://github.com/Yamato-Security/WELA](https://github.com/Yamato-Security/WELA) | WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ) | Yamato-Security | gpl-3.0 | 462 |
| [https://github.com/rescuezilla/rescuezilla](https://github.com/rescuezilla/rescuezilla) | The Swiss Army Knife of System Recovery | rescuezilla | gpl-3.0 | 667 |
| [https://github.com/NUKIB/misp-modules](https://github.com/NUKIB/misp-modules) | Docker image for MISP modules | NUKIB | gpl-3.0 | 4 |
| [https://github.com/dragnet-org/dragnet](https://github.com/dragnet-org/dragnet) | Just the facts -- web page content extraction | dragnet-org | mit | 1075 |
| [https://github.com/jstrosch/learning-malware-analysis](https://github.com/jstrosch/learning-malware-analysis) | This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware. | jstrosch | | 124 |
| [https://github.com/Fare9/KUNAI-static-analyzer](https://github.com/Fare9/KUNAI-static-analyzer) | Tool aimed to provide a binary analysis of different file formats through the use of an Intermmediate Representation. | Fare9 | mit | 75 |
| [https://github.com/SamuelTulach/efi-memory](https://github.com/SamuelTulach/efi-memory) | PoC EFI runtime driver for memory r/w & kdmapper fork | SamuelTulach | | 330 |
| [https://github.com/LanikSJ/dfimage](https://github.com/LanikSJ/dfimage) | Reverse-engineer a Dockerfile from a Docker image. | LanikSJ | mit | 208 |
| [https://github.com/ssthouse/tree-chart](https://github.com/ssthouse/tree-chart) | Flexible tree chart using Canvas and Svg, powered by D3.js; ✅Support Vue, Vue3 and React; | ssthouse | mit | 328 |
| [https://github.com/StrangerealIntel/Orion](https://github.com/StrangerealIntel/Orion) | A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ... | StrangerealIntel | | 112 |
| [https://github.com/bats3c/shad0w](https://github.com/bats3c/shad0w) | A post exploitation framework designed to operate covertly on heavily monitored environments | bats3c | mit | 1796 |
| [https://github.com/Mr-Un1k0d3r/DKMC](https://github.com/Mr-Un1k0d3r/DKMC) | DKMC - Dont kill my cat - Malicious payload evasion tool | Mr-Un1k0d3r | other | 1220 |
| [https://github.com/Yamato-Security/hayabusa](https://github.com/Yamato-Security/hayabusa) | Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. | Yamato-Security | gpl-3.0 | 815 |
| [https://github.com/Srakai/Adun](https://github.com/Srakai/Adun) | A way to backdoor every process | Srakai | gpl-3.0 | 58 |
| [https://github.com/ChrisTheCoolHut/Zeratool](https://github.com/ChrisTheCoolHut/Zeratool) | Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems | ChrisTheCoolHut | gpl-3.0 | 950 |
| [https://github.com/janmojzis/tinyssh](https://github.com/janmojzis/tinyssh) | TinySSH is small server (less than 100000 words of code) | janmojzis | other | 881 |
| [https://github.com/gqrx-sdr/gqrx](https://github.com/gqrx-sdr/gqrx) | Software defined radio receiver powered by GNU Radio and Qt. | gqrx-sdr | gpl-3.0 | 2257 |
| [https://github.com/cve-search/git-vuln-finder](https://github.com/cve-search/git-vuln-finder) | Finding potential software vulnerabilities from git commit messages | cve-search | | 320 |
| [https://github.com/wader/fq](https://github.com/wader/fq) | jq for binary formats | wader | other | 4534 |
| [https://github.com/dgtlmoon/changedetection.io](https://github.com/dgtlmoon/changedetection.io) | changedetection.io - The best and simplest self-hosted free open source website change detection tracking, monitoring and notification service. An alternative to Visualping, Watchtower etc. Designed for simplicity - the main goal is to simply monitor which websites had a text change for free. Free Open source web page change detection | dgtlmoon | apache-2.0 | 6310 |
| [https://github.com/dafthack/DomainPasswordSpray](https://github.com/dafthack/DomainPasswordSpray) | DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS! | dafthack | mit | 1254 |
| [https://github.com/j3ssie/osmedeus](https://github.com/j3ssie/osmedeus) | A Workflow Engine for Offensive Security | j3ssie | mit | 4082 |
| [https://github.com/ziesemer/ad-privileged-audit](https://github.com/ziesemer/ad-privileged-audit) | Provides various Windows Server Active Directory (AD) security-focused reports. | ziesemer | | 44 |
| [https://github.com/mufeedvh/moonwalk](https://github.com/mufeedvh/moonwalk) | Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. | mufeedvh | mit | 1043 |
| [https://github.com/boun-tabi/RELX](https://github.com/boun-tabi/RELX) | The RELX Dataset and Matching the Multilingual Blanks for Cross-Lingual Relation Classification, EMNLP-Findings 2020. | boun-tabi | mit | 19 |
| [https://github.com/svenstaro/genact](https://github.com/svenstaro/genact) | 🌀 A nonsense activity generator | svenstaro | mit | 6632 |
| [https://github.com/TheCruZ/EFI_Driver_Access](https://github.com/TheCruZ/EFI_Driver_Access) | Efi Driver Access is a simply project to load a driver during system boot with the idea to give the user kernel access for read/write memory without restrictions | TheCruZ | | 212 |
| [https://github.com/phoboslab/qoi](https://github.com/phoboslab/qoi) | The “Quite OK Image Format” for fast, lossless image compression | phoboslab | | 5855 |
| [https://github.com/tylerhou/fiber](https://github.com/tylerhou/fiber) | | tylerhou | apache-2.0 | 225 |
| [https://github.com/bohops/RogueAssemblyHunter](https://github.com/bohops/RogueAssemblyHunter) | Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. | bohops | mit | 104 |
| [https://github.com/msrkp/exploits](https://github.com/msrkp/exploits) | '>"><img src=x onerror=alert(1) /><b>asd</b> | msrkp | | 46 |
| [https://github.com/go-gitea/gitea](https://github.com/go-gitea/gitea) | Git with a cup of tea, painless self-hosted git service | go-gitea | mit | 33084 |
| [https://github.com/SigmaHQ/pySigma](https://github.com/SigmaHQ/pySigma) | Python library to parse and convert Sigma rules into queries (and whatever else you could imagine) | SigmaHQ | lgpl-2.1 | 143 |
| [https://github.com/MISP/cexf](https://github.com/MISP/cexf) | Common Exercise Format - CEXF | MISP | | 9 |
| [https://github.com/johnkerl/miller](https://github.com/johnkerl/miller) | Miller is like awk, sed, cut, join, and sort for name-indexed data such as CSV, TSV, and tabular JSON | johnkerl | other | 5779 |
| [https://github.com/enisaeu/CNW](https://github.com/enisaeu/CNW) | The CSIRTs Network is a network composed of EU Member States appointed CSIRTs and CERT-EU. It provides a forum where members can cooperate, exchange information and build trust. | enisaeu | | 17 |
| [https://github.com/wagoodman/dive](https://github.com/wagoodman/dive) | A tool for exploring each layer in a docker image | wagoodman | mit | 34295 |
| [https://github.com/Its-Vichy/GoriaNet](https://github.com/Its-Vichy/GoriaNet) | 🐼 IoT worm written in pure golang. | Its-Vichy | gpl-3.0 | 68 |
| [https://github.com/MaxHalford/procedural-art](https://github.com/MaxHalford/procedural-art) | :milky_way: Procedural art with vanilla JavaScript | MaxHalford | mit | 85 |
| [https://github.com/lucidworks/banana](https://github.com/lucidworks/banana) | Banana for Solr - A Port of Kibana | lucidworks | other | 667 |
| [https://github.com/gamozolabs/elfloader](https://github.com/gamozolabs/elfloader) | An architecture-agnostic ELF file flattener for shellcode | gamozolabs | mit | 188 |
| [https://github.com/vfsfitvnm/intruducer](https://github.com/vfsfitvnm/intruducer) | A Rust crate to load a shared library into a Linux process without using ptrace. | vfsfitvnm | mit | 85 |
| [https://github.com/saferwall/pe](https://github.com/saferwall/pe) | A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations. | saferwall | mit | 152 |
| [https://github.com/bongtrop/hbctool](https://github.com/bongtrop/hbctool) | Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode) | bongtrop | mit | 185 |
| [https://github.com/scottrogowski/code2flow](https://github.com/scottrogowski/code2flow) | Pretty good call graphs for dynamic languages | scottrogowski | mit | 2812 |
| [https://github.com/ius/rsatool](https://github.com/ius/rsatool) | rsatool can be used to calculate RSA and RSA-CRT parameters | ius | bsd-2-clause | 856 |
| [https://github.com/fomantic/Fomantic-UI](https://github.com/fomantic/Fomantic-UI) | Fomantic-UI is the official community fork of Semantic-UI | fomantic | mit | 3074 |
| [https://github.com/Semantic-Org/Semantic-UI](https://github.com/Semantic-Org/Semantic-UI) | Semantic is a UI component framework based around useful principles from natural language. | Semantic-Org | mit | 50214 |
| [https://github.com/elihunter173/java-manifest-py](https://github.com/elihunter173/java-manifest-py) | Encode/decode Java's META-INF/MANIFEST.MF in Python. | elihunter173 | agpl-3.0 | 4 |
| [https://github.com/RedHatProductSecurity/vulnerability-detection-scripts](https://github.com/RedHatProductSecurity/vulnerability-detection-scripts) | Vulnerability detection scripts for Red Hat Enterprise Linux | RedHatProductSecurity | gpl-3.0 | 15 |
| [https://github.com/obriencj/python-javatools](https://github.com/obriencj/python-javatools) | Tools for examining Java bytecode in Python | obriencj | lgpl-3.0 | 80 |
| [https://github.com/haimgel/display-switch](https://github.com/haimgel/display-switch) | Turn a $30 USB switch into a full-featured multi-monitor KVM switch | haimgel | mit | 2250 |
| [https://github.com/curated-intel/Log4Shell-IOCs](https://github.com/curated-intel/Log4Shell-IOCs) | A collection of intelligence about Log4Shell and its exploitation activity. | curated-intel | | 170 |
| [https://github.com/zyantific/zasm](https://github.com/zyantific/zasm) | x86-64 Assembler based on Zydis | zyantific | mit | 158 |
| [https://github.com/frohoff/ysoserial](https://github.com/frohoff/ysoserial) | A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. | frohoff | mit | 5833 |
| [https://github.com/push0ebp/xMalHunter](https://github.com/push0ebp/xMalHunter) | x64dbg Malware Plugin. Detect malicious materials | push0ebp | mit | 13 |
| [https://github.com/0dayCTF/reverse-shell-generator](https://github.com/0dayCTF/reverse-shell-generator) | Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs) | 0dayCTF | mit | 1548 |
| [https://github.com/AFLplusplus/StdFuzzer](https://github.com/AFLplusplus/StdFuzzer) | StdFuzzer is the reference implementation of a generic bit-level fuzzer with LibAFL | AFLplusplus | | 41 |
| [https://github.com/unipacker/unipacker](https://github.com/unipacker/unipacker) | Automatic and platform-independent unpacker for Windows binaries based on emulation | unipacker | gpl-2.0 | 493 |
| [https://github.com/staaldraad/dnstrap](https://github.com/staaldraad/dnstrap) | Trap dns requests | staaldraad | | 4 |
| [https://github.com/androguard/androguard](https://github.com/androguard/androguard) | Reverse engineering and pentesting for Android applications | androguard | apache-2.0 | 4163 |
| [https://github.com/h2non/jsonpath-ng](https://github.com/h2non/jsonpath-ng) | Finally, a JSONPath implementation for Python that aims to be standard compliant. That's all. Enjoy it. | h2non | apache-2.0 | 358 |
| [https://github.com/proferosec/log4jScanner](https://github.com/proferosec/log4jScanner) | log4jScanner provides the ability to scan internal subnets for vulnerable log4j web services | proferosec | gpl-3.0 | 479 |
| [https://github.com/NotSoSecure/password_cracking_rules](https://github.com/NotSoSecure/password_cracking_rules) | One rule to crack all passwords. or atleast we hope so. | NotSoSecure | mit | 977 |
| [https://github.com/cbaziotis/ekphrasis](https://github.com/cbaziotis/ekphrasis) | Ekphrasis is a text processing tool, geared towards text from social networks, such as Twitter or Facebook. Ekphrasis performs tokenization, word normalization, word segmentation (for splitting hashtags) and spell correction, using word statistics from 2 big corpora (english Wikipedia, twitter - 330mil english tweets). | cbaziotis | mit | 587 |
| [https://github.com/jbesomi/texthero](https://github.com/jbesomi/texthero) | Text preprocessing, representation and visualization from zero to hero. | jbesomi | mit | 2616 |
| [https://github.com/chartbeat-labs/textacy](https://github.com/chartbeat-labs/textacy) | NLP, before and after spaCy | chartbeat-labs | other | 1991 |
| [https://github.com/facebookresearch/cc_net](https://github.com/facebookresearch/cc_net) | Tools to download and cleanup Common Crawl data | facebookresearch | mit | 469 |
| [https://github.com/naim94a/lumen](https://github.com/naim94a/lumen) | A private Lumina server for IDA Pro | naim94a | mit | 557 |
| [https://github.com/hydra-synth/hydra](https://github.com/hydra-synth/hydra) | Livecoding networked visuals in the browser | hydra-synth | agpl-3.0 | 1796 |
| [https://github.com/mrexodia/dumpulator](https://github.com/mrexodia/dumpulator) | An easy-to-use library for emulating code in minidump files. | mrexodia | bsl-1.0 | 339 |
| [https://github.com/trailofbits/it-depends](https://github.com/trailofbits/it-depends) | A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories. | trailofbits | lgpl-3.0 | 265 |
| [https://github.com/facebook/mariana-trench](https://github.com/facebook/mariana-trench) | Our security focused static analysis tool for Android and Java applications. | facebook | mit | 896 |
| [https://github.com/D4-project/pybgpranking](https://github.com/D4-project/pybgpranking) | Python API for BGP Ranking | D4-project | bsd-3-clause | 3 |
| [https://github.com/RolfRolles/Miscellaneous](https://github.com/RolfRolles/Miscellaneous) | Small programs and scripts that do not require their own repositories | RolfRolles | gpl-3.0 | 110 |
| [https://github.com/easystats/see](https://github.com/easystats/see) | :art: Visualisation toolbox for beautiful and publication-ready figures | easystats | gpl-3.0 | 677 |
| [https://github.com/milvus-io/milvus](https://github.com/milvus-io/milvus) | Vector database for scalable similarity search and AI applications. | milvus-io | apache-2.0 | 14128 |
| [https://github.com/adulau/ssldump](https://github.com/adulau/ssldump) | ssldump - (de-facto repository gathering patches around the cyberspace) | adulau | other | 168 |
| [https://github.com/hectorm/demergi](https://github.com/hectorm/demergi) | A proxy server that helps to bypass the DPI systems implemented by various ISPs. | hectorm | mit | 8 |
| [https://github.com/e-m-b-a/embark](https://github.com/e-m-b-a/embark) | EMBArk - The firmware security scanning environment | e-m-b-a | mit | 169 |
| [https://github.com/monoxgas/sRDI](https://github.com/monoxgas/sRDI) | Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode | monoxgas | other | 1523 |
| [https://github.com/knownsec/404StarLink-Project](https://github.com/knownsec/404StarLink-Project) | Focus on promoting the evolution of tools in different aspects of security research.专注于推动安全研究各个领域工具化.(项目收录逐步迁移至 https://github.com/knownsec/404StarLink) | knownsec | | 738 |
| [https://github.com/yogeshojha/rengine](https://github.com/yogeshojha/rengine) | reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless. | yogeshojha | gpl-3.0 | 4818 |
| [https://github.com/unixpickle/gobfuscate](https://github.com/unixpickle/gobfuscate) | Obfuscate Go binaries and packages | unixpickle | bsd-2-clause | 1216 |
| [https://github.com/0xsp-SRD/mortar](https://github.com/0xsp-SRD/mortar) | evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR) | 0xsp-SRD | mit | 980 |
| [https://github.com/redcode-labs/REVENANT](https://github.com/redcode-labs/REVENANT) | Volatile ELF payloads generator with Metasploit integrations for testing GNU/Linux ecosystems | redcode-labs | | 53 |
| [https://github.com/anchore/grype](https://github.com/anchore/grype) | A vulnerability scanner for container images and filesystems | anchore | apache-2.0 | 4730 |
| [https://github.com/ly4k/Pachine](https://github.com/ly4k/Pachine) | Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation) | ly4k | mit | 247 |
| [https://github.com/microsoft/recommenders](https://github.com/microsoft/recommenders) | Best Practices on Recommendation Systems | microsoft | mit | 14336 |
| [https://github.com/cisagov/log4j-affected-db](https://github.com/cisagov/log4j-affected-db) | A community sourced list of log4j-affected software | cisagov | cc0-1.0 | 1111 |
| [https://github.com/weslambert/velociraptor-misp](https://github.com/weslambert/velociraptor-misp) | Artifacts for integrating MISP with Velociraptor | weslambert | | 3 |
| [https://github.com/GenericException/SkidSuite](https://github.com/GenericException/SkidSuite) | A collection of java reverse engineering tools and informational links | GenericException | | 192 |
| [https://github.com/WazeHell/sam-the-admin](https://github.com/WazeHell/sam-the-admin) | Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user | WazeHell | | 860 |
| [https://github.com/nccgroup/log4j-jndi-be-gone](https://github.com/nccgroup/log4j-jndi-be-gone) | A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x "JNDI LDAP" vulnerability. | nccgroup | apache-2.0 | 72 |
| [https://github.com/paradoxwastaken/Poseidon](https://github.com/paradoxwastaken/Poseidon) | stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device objects. | paradoxwastaken | | 188 |
| [https://github.com/woodpecker-appstore/log4j-payload-generator](https://github.com/woodpecker-appstore/log4j-payload-generator) | Log4j jndi injects the Payload generator | woodpecker-appstore | | 462 |
| [https://github.com/LeakIX/l9fuzz](https://github.com/LeakIX/l9fuzz) | Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload | LeakIX | | 11 |
| [https://github.com/CycloneDX/specification](https://github.com/CycloneDX/specification) | Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis | CycloneDX | apache-2.0 | 185 |
| [https://github.com/Ridter/noPac](https://github.com/Ridter/noPac) | Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user | Ridter | | 465 |
| [https://github.com/NCSC-NL/log4shell](https://github.com/NCSC-NL/log4shell) | Operational information regarding the log4shell vulnerabilities in the Log4j logging library. | NCSC-NL | | 1887 |
| [https://github.com/CycloneDX/cyclonedx-cli](https://github.com/CycloneDX/cyclonedx-cli) | CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions. | CycloneDX | apache-2.0 | 117 |
| [https://github.com/CycloneDX/cyclonedx-python](https://github.com/CycloneDX/cyclonedx-python) | Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments. | CycloneDX | apache-2.0 | 104 |
| [https://github.com/righel/log4shell_nse](https://github.com/righel/log4shell_nse) | nse script to inject jndi payloads | righel | | 42 |
| [https://github.com/danieljs777/fastoverflowtk](https://github.com/danieljs777/fastoverflowtk) | This Buffer Overflow Toolkit works through FTP, SMTP, POP, HTTP protocols as well file outputs for playlists exploiting customized variables/commands. Payloads can be generated through MSFVENOM or you can use your own ASM files. | danieljs777 | | 17 |
| [https://github.com/Mr-Un1k0d3r/MiniDump](https://github.com/Mr-Un1k0d3r/MiniDump) | alternative to procdump | Mr-Un1k0d3r | | 177 |
| [https://github.com/jivoi/awesome-osint](https://github.com/jivoi/awesome-osint) | :scream: A curated list of amazingly awesome OSINT | jivoi | other | 10738 |
| [https://github.com/inconvergent/weird](https://github.com/inconvergent/weird) | Generative art in Common Lisp | inconvergent | other | 1472 |
| [https://github.com/kjellmf/dot2tex](https://github.com/kjellmf/dot2tex) | Convert graphs generated by Graphviz to LaTeX friendly formats | kjellmf | other | 133 |
| [https://github.com/malpedia/signator-rules](https://github.com/malpedia/signator-rules) | Collection of rules created using YARA-Signator over Malpedia | malpedia | | 62 |
| [https://github.com/MelbourneFuzzingHub/aflteam](https://github.com/MelbourneFuzzingHub/aflteam) | AFLTeam Collaborative Parallel Fuzzing | MelbourneFuzzingHub | apache-2.0 | 63 |
| [https://github.com/Cybereason/Logout4Shell](https://github.com/Cybereason/Logout4Shell) | Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell | Cybereason | mit | 1726 |
| [https://github.com/cube0x0/noPac](https://github.com/cube0x0/noPac) | CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. | cube0x0 | | 1152 |
| [https://github.com/nneonneo/ghidra-wasm-plugin](https://github.com/nneonneo/ghidra-wasm-plugin) | Ghidra Wasm plugin with disassembly and decompilation support | nneonneo | gpl-3.0 | 88 |
| [https://github.com/mozilla/mig](https://github.com/mozilla/mig) | Distributed & real time digital forensics at the speed of the cloud | mozilla | mpl-2.0 | 1194 |
| [https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words](https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words) | 🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks | Puliczek | | 858 |
| [https://github.com/paulbrodersen/netgraph](https://github.com/paulbrodersen/netgraph) | Drawing utilities for publication quality plots of networks | paulbrodersen | gpl-3.0 | 428 |
| [https://github.com/cert-lv/graphoscope](https://github.com/cert-lv/graphoscope) | Graphoscope is a solution to access multiple independent data sources from a common UI and show data relations as a graph | cert-lv | | 29 |
| [https://github.com/YfryTchsGD/Log4jAttackSurface](https://github.com/YfryTchsGD/Log4jAttackSurface) | | YfryTchsGD | | 2091 |
| [https://github.com/ptswarm/reFlutter](https://github.com/ptswarm/reFlutter) | Flutter Reverse Engineering Framework | ptswarm | gpl-3.0 | 874 |
| [https://github.com/MISP/misp-warninglists](https://github.com/MISP/misp-warninglists) | Warning lists to inform users of MISP about potential false-positives or other information in indicators | MISP | | 311 |
| [https://github.com/charmbracelet/soft-serve](https://github.com/charmbracelet/soft-serve) | A tasty, self-hostable Git server for the command line🍦 | charmbracelet | mit | 2712 |
| [https://github.com/horizon3ai/CVE-2021-44077](https://github.com/horizon3ai/CVE-2021-44077) | Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077 | horizon3ai | | 26 |
| [https://github.com/hughsie/python-uswid](https://github.com/hughsie/python-uswid) | A tiny tool for embedding CoSWID tags in EFI binaries | hughsie | lgpl-2.1 | 10 |
| [https://github.com/xonotic/darkplaces](https://github.com/xonotic/darkplaces) | Mirror of https://gitlab.com/xonotic/darkplaces - The Quake engine that powers Xonotic https://xonotic.org | xonotic | gpl-2.0 | 158 |
| [https://github.com/LDO-CERT/orochi](https://github.com/LDO-CERT/orochi) | The Volatility Collaborative GUI | LDO-CERT | mit | 136 |
| [https://github.com/minos-org/minos-static](https://github.com/minos-org/minos-static) | static binaries for linux | minos-org | | 307 |
| [https://github.com/CRED-CLUB/ARTIF](https://github.com/CRED-CLUB/ARTIF) | An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data. | CRED-CLUB | mit | 224 |
| [https://github.com/Michaelangel007/crc32](https://github.com/Michaelangel007/crc32) | CRC32 Demystified | Michaelangel007 | | 123 |
| [https://github.com/joshlemon/DFIR-Reference-Frameworks](https://github.com/joshlemon/DFIR-Reference-Frameworks) | Repository of public reference frameworks for the DFIR community. | joshlemon | gpl-3.0 | 87 |
| [https://github.com/nickjj/notes](https://github.com/nickjj/notes) | A zero dependency shell script that makes it really simple to manage your text notes. | nickjj | mit | 105 |
| [https://github.com/zinclabs/zinc](https://github.com/zinclabs/zinc) | ZincSearch. A lightweight alternative to elasticsearch that requires minimal resources, written in Go. | zinclabs | other | 12603 |
| [https://github.com/blugelabs/bluge](https://github.com/blugelabs/bluge) | indexing library for Go | blugelabs | apache-2.0 | 1474 |
| [https://github.com/mahaloz/objgraph](https://github.com/mahaloz/objgraph) | Convert an objdump output into a CFG via Binary Ninja | mahaloz | bsd-2-clause | 6 |
| [https://github.com/idealeer/xmap](https://github.com/idealeer/xmap) | XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. | idealeer | apache-2.0 | 184 |
| [https://github.com/ycm-core/YouCompleteMe](https://github.com/ycm-core/YouCompleteMe) | A code-completion engine for Vim | ycm-core | gpl-3.0 | 24377 |
| [https://github.com/powerline/fonts](https://github.com/powerline/fonts) | Patched fonts for Powerline users. | powerline | | 24032 |
| [https://github.com/miguelgrinberg/promisio](https://github.com/miguelgrinberg/promisio) | JavaScript-style async programming for Python. | miguelgrinberg | mit | 190 |
| [https://github.com/SpiderLabs/BlackByteDecryptor](https://github.com/SpiderLabs/BlackByteDecryptor) | | SpiderLabs | apache-2.0 | 53 |
| [https://github.com/enisaeu/training-materials](https://github.com/enisaeu/training-materials) | | enisaeu | eupl-1.2 | 5 |
| [https://github.com/zandi/eBPF_processor](https://github.com/zandi/eBPF_processor) | An IDA processor for eBPF bytecode | zandi | | 52 |
| [https://github.com/CIRCL/orbit-agents](https://github.com/CIRCL/orbit-agents) | orbit-agents | CIRCL | | 2 |
| [https://github.com/nikeee/edotor.net](https://github.com/nikeee/edotor.net) | Your favourite Graphviz editor | nikeee | mit | 145 |
| [https://github.com/post-cyberlabs/CVE-Advisory](https://github.com/post-cyberlabs/CVE-Advisory) | Publishing advisories for CVEs found by POST Cyberforce | post-cyberlabs | | 8 |
| [https://github.com/brimdata/zed](https://github.com/brimdata/zed) | A novel data lake based on super-structured data | brimdata | bsd-3-clause | 883 |
| [https://github.com/byt3bl33d3r/OffensiveNim](https://github.com/byt3bl33d3r/OffensiveNim) | My experiments in weaponizing Nim (https://nim-lang.org/) | byt3bl33d3r | bsd-2-clause | 1867 |
| [https://github.com/hashdd/sdhash](https://github.com/hashdd/sdhash) | similarity digest hashing tool | hashdd | apache-2.0 | 2 |
| [https://github.com/gigablast/open-source-search-engine](https://github.com/gigablast/open-source-search-engine) | Nov 20 2017 -- A distributed open source search engine and spider/crawler written in C/C++ for Linux on Intel/AMD. From gigablast dot com, which has binaries for download. See the README.md file at the very bottom of this page for instructions. | gigablast | apache-2.0 | 1391 |
| [https://github.com/p0dalirius/webapp-wordlists](https://github.com/p0dalirius/webapp-wordlists) | This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version. | p0dalirius | | 387 |
| [https://github.com/ipv6hitlist/ipv6hitlist.github.io](https://github.com/ipv6hitlist/ipv6hitlist.github.io) | Website for IPv6 Hitlist Service with data, software, paper of "Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists" IMC'18 publication. | ipv6hitlist | | 25 |
| [https://github.com/DanBloomberg/leptonica](https://github.com/DanBloomberg/leptonica) | Leptonica is an open source library containing software that is broadly useful for image processing and image analysis applications. The official github repository for Leptonica is: danbloomberg/leptonica. See leptonica.org for more documentation and recent releases. | DanBloomberg | other | 1313 |
| [https://github.com/crowdsecurity/crowdsec](https://github.com/crowdsecurity/crowdsec) | CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network. | crowdsecurity | mit | 5727 |
| [https://github.com/visjs/vis-timeline](https://github.com/visjs/vis-timeline) | 📅 Create a fully customizable, interactive timelines and 2d-graphs with items and ranges. | visjs | other | 1138 |
| [https://github.com/visjs/vis-network](https://github.com/visjs/vis-network) | :dizzy: Display dynamic, automatically organised, customizable network views. | visjs | apache-2.0 | 2241 |
| [https://github.com/knownsec/Kunyu](https://github.com/knownsec/Kunyu) | Kunyu, more efficient corporate asset collection | knownsec | gpl-2.0 | 744 |
| [https://github.com/luispedro/jug](https://github.com/luispedro/jug) | Parallel programming with Python | luispedro | mit | 385 |
| [https://github.com/restic/chunker](https://github.com/restic/chunker) | Implementation of Content Defined Chunking (CDC) in Go | restic | bsd-2-clause | 263 |
| [https://github.com/damoeb/rss-proxy](https://github.com/damoeb/rss-proxy) | RSS-proxy allows you to do create an RSS or ATOM feed of almost any website, just by analyzing just the static HTML structure. | damoeb | | 1362 |
| [https://github.com/apache/solr](https://github.com/apache/solr) | Apache Solr open-source search software | apache | apache-2.0 | 565 |
| [https://github.com/Bioruebe/UniExtract2](https://github.com/Bioruebe/UniExtract2) | Universal Extractor 2 is a tool to extract files from any type of archive or installer. | Bioruebe | gpl-2.0 | 2450 |
| [https://github.com/dodancs/douglas-quaid-docker](https://github.com/dodancs/douglas-quaid-docker) | | dodancs | gpl-3.0 | 2 |
| [https://github.com/hasherezade/mal_unpack](https://github.com/hasherezade/mal_unpack) | Dynamic unpacker based on PE-sieve | hasherezade | bsd-2-clause | 458 |
| [https://github.com/holoviz/colorcet](https://github.com/holoviz/colorcet) | A set of useful perceptually uniform colormaps for plotting scientific data | holoviz | other | 584 |
| [https://github.com/jsecurity101/MSRPC-to-ATTACK](https://github.com/jsecurity101/MSRPC-to-ATTACK) | A repository that maps commonly used attacks using MSRPC protocols to ATT&CK | jsecurity101 | bsd-3-clause | 213 |
| [https://github.com/flashcode/gitchart](https://github.com/flashcode/gitchart) | Build SVG charts from a Git repository. | flashcode | gpl-3.0 | 51 |
| [https://github.com/CIRCL/factual-rules-generator](https://github.com/CIRCL/factual-rules-generator) | Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine. | CIRCL | agpl-3.0 | 66 |
| [https://github.com/fleetdm/fleet](https://github.com/fleetdm/fleet) | Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems — without the downtime risk. | fleetdm | other | 961 |
| [https://github.com/mazen160/server-status_PWN](https://github.com/mazen160/server-status_PWN) | A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances. | mazen160 | mit | 363 |
| [https://github.com/NCSC-NL/flubot](https://github.com/NCSC-NL/flubot) | Flubot DGA domains | NCSC-NL | isc | 18 |
| [https://github.com/TingPing/flatpak-cve-checker](https://github.com/TingPing/flatpak-cve-checker) | | TingPing | gpl-3.0 | 2 |
| [https://github.com/DoctorWebLtd/malware-iocs](https://github.com/DoctorWebLtd/malware-iocs) | | DoctorWebLtd | | 127 |
| [https://github.com/icyguider/DumpNParse](https://github.com/icyguider/DumpNParse) | A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0. | icyguider | gpl-3.0 | 116 |
| [https://github.com/phage-nz/misp-feeds](https://github.com/phage-nz/misp-feeds) | Python Service for MISP Feed Management | phage-nz | | 7 |
| [https://github.com/crate/crate](https://github.com/crate/crate) | CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of machine data in real-time. Built on top of Lucene. | crate | apache-2.0 | 3527 |
| [https://github.com/glitzflitz/pyxorfilter](https://github.com/glitzflitz/pyxorfilter) | Python bindings for xorfilter(faster and smaller than bloom and cuckoo filters) | glitzflitz | apache-2.0 | 56 |
| [https://github.com/FastFilter/xorfilter](https://github.com/FastFilter/xorfilter) | Go library implementing binary fuse and xor filters | FastFilter | apache-2.0 | 595 |
| [https://github.com/pdillinger/wormhashing](https://github.com/pdillinger/wormhashing) | Source code and validation tests for "wide odd regenerative multiplication," or "worm hashing" | pdillinger | mit | 6 |
| [https://github.com/dirtyfilthy/siem-from-scratch](https://github.com/dirtyfilthy/siem-from-scratch) | SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab | dirtyfilthy | gpl-3.0 | 34 |
| [https://github.com/DavidXanatos/wumgr](https://github.com/DavidXanatos/wumgr) | Windows update managemetn tool for windows 10 | DavidXanatos | gpl-3.0 | 1067 |
| [https://github.com/stnolting/neoTRNG](https://github.com/stnolting/neoTRNG) | 🎲 A Tiny and Platform-Independent True Random Number Generator for any FPGA. | stnolting | bsd-3-clause | 65 |
| [https://github.com/klinix5/InstallerFileTakeOver](https://github.com/klinix5/InstallerFileTakeOver) | | klinix5 | mit | 1673 |
| [https://github.com/online-ml/river](https://github.com/online-ml/river) | 🌊 Online machine learning in Python | online-ml | bsd-3-clause | 3784 |
| [https://github.com/KvrocksLabs/kvrocks_exporter](https://github.com/KvrocksLabs/kvrocks_exporter) | Prometheus Exporter for Kvrocks Metrics | KvrocksLabs | mit | 13 |
| [https://github.com/dveselov/python-libmagic](https://github.com/dveselov/python-libmagic) | Python bindings to libmagic | dveselov | mit | 20 |
| [https://github.com/pdoc3/pdoc](https://github.com/pdoc3/pdoc) | :snake: :arrow_right: :scroll: Auto-generate API documentation for Python projects | pdoc3 | agpl-3.0 | 894 |
| [https://github.com/laixintao/iredis](https://github.com/laixintao/iredis) | Interactive Redis: A Terminal Client for Redis with AutoCompletion and Syntax Highlighting. | laixintao | bsd-3-clause | 2175 |
| [https://github.com/vipshop/redis-migrate-tool](https://github.com/vipshop/redis-migrate-tool) | A convenient and useful tool for migrating data between redis group. | vipshop | apache-2.0 | 902 |
| [https://github.com/righel/ms-exchange-version-nse](https://github.com/righel/ms-exchange-version-nse) | Nmap script to detect a Microsoft Exchange instance version with OWA enabled. | righel | apache-2.0 | 26 |
| [https://github.com/ghuntley/thenftbay.org](https://github.com/ghuntley/thenftbay.org) | The NFT Bay is the galaxy's most resilient NFT BitTorrent site! You wouldn't steal a JPEG (or would you) | ghuntley | mit | 319 |
| [https://github.com/ssh-mitm/ssh-mitm](https://github.com/ssh-mitm/ssh-mitm) | ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation | ssh-mitm | gpl-3.0 | 970 |
| [https://github.com/JPCERTCC/EmoCheck](https://github.com/JPCERTCC/EmoCheck) | Emotet detection tool for Windows OS | JPCERTCC | other | 616 |
| [https://github.com/ets-labs/python-vimrc](https://github.com/ets-labs/python-vimrc) | VIM Configuration for Python / Cython / C Development | ets-labs | bsd-3-clause | 603 |
| [https://github.com/jtesta/ssh-audit](https://github.com/jtesta/ssh-audit) | SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) | jtesta | mit | 1380 |
| [https://github.com/blackberry/threat-research-and-intelligence](https://github.com/blackberry/threat-research-and-intelligence) | BlackBerry Threat Research & Intelligence | blackberry | apache-2.0 | 38 |
| [https://github.com/magicmonty/bash-git-prompt](https://github.com/magicmonty/bash-git-prompt) | An informative and fancy bash prompt for Git users | magicmonty | bsd-2-clause | 6326 |
| [https://github.com/matusf/openapi-fuzzer](https://github.com/matusf/openapi-fuzzer) | Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free! | matusf | agpl-3.0 | 385 |
| [https://github.com/OWASP/Python-Honeypot](https://github.com/OWASP/Python-Honeypot) | OWASP Honeypot, Automated Deception Framework. | OWASP | apache-2.0 | 328 |
| [https://github.com/trufflesecurity/driftwood](https://github.com/trufflesecurity/driftwood) | Private key usage verification | trufflesecurity | apache-2.0 | 309 |
| [https://github.com/jmdx/TLS-poison](https://github.com/jmdx/TLS-poison) | | jmdx | mit | 639 |
| [https://github.com/c3rb3ru5d3d53c/binlex](https://github.com/c3rb3ru5d3d53c/binlex) | A Binary Genetic Traits Lexer Framework | c3rb3ru5d3d53c | unlicense | 303 |
| [https://github.com/manishkatyan/bbb-optimize](https://github.com/manishkatyan/bbb-optimize) | Better audio quality, increase recording processing speed, dynamic video profile, pagination, fix 1007/1020 errors and use apply-config.sh to manage your customizations are some key techniques for you to optimize and smoothly run your BigBlueButton servers. | manishkatyan | mit | 75 |
| [https://github.com/greatscottgadgets/ViewSB](https://github.com/greatscottgadgets/ViewSB) | open-source USB analyzer toolkit with support for a variety of capture hardware | greatscottgadgets | bsd-3-clause | 287 |
| [https://github.com/nanoc/nanoc](https://github.com/nanoc/nanoc) | A powerful web publishing system | nanoc | mit | 2013 |
| [https://github.com/niedzielski/git-diff-img](https://github.com/niedzielski/git-diff-img) | 📷 Diff Git versioned images graphically. | niedzielski | | 69 |
| [https://github.com/OpenAtomFoundation/pika](https://github.com/OpenAtomFoundation/pika) | Pika is a nosql compatible with redis, it is developed by Qihoo's DBA and infrastructure team | OpenAtomFoundation | bsd-3-clause | 4844 |
| [https://github.com/drmpeg/gr-atsc3](https://github.com/drmpeg/gr-atsc3) | An ATSC 3.0 Transmitter for GNU Radio | drmpeg | gpl-3.0 | 14 |
| [https://github.com/sagpant/reindexer](https://github.com/sagpant/reindexer) | | sagpant | apache-2.0 | 3 |
| [https://github.com/searxng/searxng](https://github.com/searxng/searxng) | SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled. | searxng | agpl-3.0 | 3435 |
| [https://github.com/tejado/telegram-nearby-map](https://github.com/tejado/telegram-nearby-map) | Discover the location of nearby Telegram users 📡🌍 | tejado | gpl-3.0 | 433 |
| [https://github.com/dlukes/rbo](https://github.com/dlukes/rbo) | Python implementation of the rank-biased overlap list similarity measure. | dlukes | | 58 |
| [https://github.com/helpsystems/nanodump](https://github.com/helpsystems/nanodump) | A crappy LSASS dumper with no ASCII art | helpsystems | apache-2.0 | 1022 |
| [https://github.com/quarkslab/titanm](https://github.com/quarkslab/titanm) | This repository contains the tools we used in our research on the Google Titan M chip | quarkslab | apache-2.0 | 147 |
| [https://github.com/SEKOIA-IO/Community](https://github.com/SEKOIA-IO/Community) | Welcome to the SEKOIA.IO Community repository! | SEKOIA-IO | | 37 |
| [https://github.com/stratosphereips/StratosphereLinuxIPS](https://github.com/stratosphereips/StratosphereLinuxIPS) | Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague. | stratosphereips | other | 336 |
| [https://github.com/opencybersecurityalliance/kestrel-lang](https://github.com/opencybersecurityalliance/kestrel-lang) | Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel. | opencybersecurityalliance | apache-2.0 | 183 |
| [https://github.com/PlumLulz/hashes.com-cli](https://github.com/PlumLulz/hashes.com-cli) | Command line interface to interact with hashes.com escrow service. | PlumLulz | | 22 |
| [https://github.com/Lookyloo/webext](https://github.com/Lookyloo/webext) | Web extension to submit a URL with its context to a Lookyloo instance | Lookyloo | bsd-3-clause | 2 |
| [https://github.com/mav8557/Father](https://github.com/mav8557/Father) | LD_PRELOAD rootkit | mav8557 | unlicense | 73 |
| [https://github.com/mmxgn/spacy-clausie](https://github.com/mmxgn/spacy-clausie) | Implementation of the ClausIE information extraction system for python+spacy | mmxgn | gpl-3.0 | 181 |
| [https://github.com/magjac/d3-graphviz](https://github.com/magjac/d3-graphviz) | Graphviz DOT rendering and animated transitions using D3 | magjac | bsd-3-clause | 1354 |
| [https://github.com/b4den/rsacrack](https://github.com/b4den/rsacrack) | A toolbox for extracting RSA private keys from public keys. | b4den | | 150 |
| [https://github.com/righel/gitlab-version-nse](https://github.com/righel/gitlab-version-nse) | Nmap script to guess* a GitLab version. | righel | apache-2.0 | 118 |
| [https://github.com/mcore1976/antispy-jammer](https://github.com/mcore1976/antispy-jammer) | Simplest ultrasonic ANTISPY voice recording jammer based on ATTINY13 / ATTINY85 / ARDUINO with PAM8403 module driving piezo ultrasonic transducers (and optionally AD8933 signal generator) | mcore1976 | | 54 |
| [https://github.com/docker-forensics-toolkit/toolkit](https://github.com/docker-forensics-toolkit/toolkit) | A toolkit for the post-mortem examination of Docker containers from forensic HDD copies | docker-forensics-toolkit | apache-2.0 | 54 |
| [https://github.com/ail-project/ail-feeder-gharchive](https://github.com/ail-project/ail-feeder-gharchive) | AIL feeder for GitHub archive - gharchive.org | ail-project | | 2 |
| [https://github.com/NicholasMamo/multiplex-plot](https://github.com/NicholasMamo/multiplex-plot) | Multiplex: visualizations that tell stories—A Python library to create and annotate beautiful network graph visualizations, text visualizations and more. | NicholasMamo | gpl-3.0 | 90 |
| [https://github.com/airbus-seclab/GEA1_break](https://github.com/airbus-seclab/GEA1_break) | Implementation of the key recovery attack against GEA-1 keys (Eurocrypt 2021) | airbus-seclab | gpl-2.0 | 47 |
| [https://github.com/Squiblydoo/MalAPIReader](https://github.com/Squiblydoo/MalAPIReader) | Reads and prints information from the website MalAPI.io | Squiblydoo | gpl-3.0 | 15 |
| [https://github.com/binref/refinery](https://github.com/binref/refinery) | High Octane Triage Analysis | binref | other | 300 |
| [https://github.com/FerretDB/FerretDB](https://github.com/FerretDB/FerretDB) | A truly Open Source MongoDB alternative | FerretDB | apache-2.0 | 4901 |
| [https://github.com/xorhex/mlget](https://github.com/xorhex/mlget) | A golang CLI tool to download malware from a variety of sources. | xorhex | | 107 |
| [https://github.com/netsampler/goflow2](https://github.com/netsampler/goflow2) | High performance sFlow/IPFIX/NetFlow Collector | netsampler | bsd-3-clause | 210 |
| [https://github.com/kholia/john](https://github.com/kholia/john) | John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs | kholia | | 13 |
| [https://github.com/nbriz/sneakrypt](https://github.com/nbriz/sneakrypt) | A simple CLI for synchronously encrypting and decrypting text files modeled on the classic hacker film Sneakers, because there's no technical reason hacking can't look the way it does in the movies. | nbriz | gpl-3.0 | 11 |
| [https://github.com/center-for-threat-informed-defense/attack_to_cve](https://github.com/center-for-threat-informed-defense/attack_to_cve) | A methodology for mapping MITRE ATT&CK techniques to vulnerability records to describe the impact of a vulnerability. | center-for-threat-informed-defense | apache-2.0 | 127 |
| [https://github.com/jiesutd/NCRFpp](https://github.com/jiesutd/NCRFpp) | NCRF++, a Neural Sequence Labeling Toolkit. Easy use to any sequence labeling tasks (e.g. NER, POS, Segmentation). It includes character LSTM/CNN, word LSTM/CNN and softmax/CRF components. | jiesutd | apache-2.0 | 1833 |
| [https://github.com/helloflask/bootstrap-flask](https://github.com/helloflask/bootstrap-flask) | Bootstrap 4 & 5 helper for your Flask projects. | helloflask | other | 767 |
| [https://github.com/EricZimmerman/KapeFiles](https://github.com/EricZimmerman/KapeFiles) | This repository serves as a place for community created Targets and Modules for use with KAPE. | EricZimmerman | mit | 391 |
| [https://github.com/MiroKaku/Nt-Modules](https://github.com/MiroKaku/Nt-Modules) | Collect different versions of Crucial modules. | MiroKaku | | 93 |
| [https://github.com/scottashipp/noted](https://github.com/scottashipp/noted) | Lightweight CLI for taking markdown notes in a journal-like (time-seried) fashion | scottashipp | gpl-3.0 | 67 |
| [https://github.com/KB5201314/yark](https://github.com/KB5201314/yark) | Yet another Linux Rootkit | KB5201314 | | 17 |
| [https://github.com/bestpractical/rtir-extension-misp](https://github.com/bestpractical/rtir-extension-misp) | | bestpractical | | 4 |
| [https://github.com/ajkhoury/ReClassEx](https://github.com/ajkhoury/ReClassEx) | ReClassEx | ajkhoury | mit | 736 |
| [https://github.com/V1D1AN/S1EM](https://github.com/V1D1AN/S1EM) | This project is a SIEM with SIRP and Threat Intel, all in one. | V1D1AN | | 262 |
| [https://github.com/hashlookup/hashlookup-importer](https://github.com/hashlookup/hashlookup-importer) | Directory importer for hashlookup server | hashlookup | | 2 |
| [https://github.com/zmap/constants](https://github.com/zmap/constants) | Repository of constants used in TLS and X509 parsing | zmap | | 10 |
| [https://github.com/CERTCC/kaiju](https://github.com/CERTCC/kaiju) | CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is the primary, canonical repository for this project -- file bug reports and wishes here! | CERTCC | other | 168 |
| [https://github.com/Mahlet-Inc/hobbits](https://github.com/Mahlet-Inc/hobbits) | A multi-platform GUI for bit-based analysis, processing, and visualization | Mahlet-Inc | mit | 524 |
| [https://github.com/cerebrate-project/module-collection](https://github.com/cerebrate-project/module-collection) | | cerebrate-project | agpl-3.0 | 2 |
| [https://github.com/nccgroup/umap2](https://github.com/nccgroup/umap2) | Umap2 is the second revision of NCC Group's python based USB host security assessment tool. | nccgroup | agpl-3.0 | 223 |
| [https://github.com/broccolini/swiss](https://github.com/broccolini/swiss) | Jekyll theme inspired by Swiss design | broccolini | mit | 444 |
| [https://github.com/pantsbuild/pex](https://github.com/pantsbuild/pex) | A library and tool for generating .pex (Python EXecutable) files | pantsbuild | apache-2.0 | 2168 |
| [https://github.com/Dvd848/pytai](https://github.com/Dvd848/pytai) | Kaitai Struct: Visualizer and Hex Viewer GUI in Python | Dvd848 | other | 95 |
| [https://github.com/B2R2-org/B2R2](https://github.com/B2R2-org/B2R2) | B2R2 is a collection of useful algorithms, functions, and tools for binary analysis. | B2R2-org | mit | 359 |
| [https://github.com/curated-intel/Initial-Access-Broker-Landscape](https://github.com/curated-intel/Initial-Access-Broker-Landscape) | A visualized overview of the Initial Access Broker (IAB) cybercrime landscape | curated-intel | | 91 |
| [https://github.com/canonical/section_ops](https://github.com/canonical/section_ops) | Section operation hacks | canonical | mit | 3 |
| [https://github.com/ANSSI-FR/MLA](https://github.com/ANSSI-FR/MLA) | Multi Layer Archive - A pure rust encrypted and compressed archive file format | ANSSI-FR | lgpl-3.0 | 272 |
| [https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api](https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api) | An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains the REST API service for storing, querying, and editing ATT&CK objects. | center-for-threat-informed-defense | apache-2.0 | 19 |
| [https://github.com/Shell-Company/Public-Shell-Company](https://github.com/Shell-Company/Public-Shell-Company) | Provision on-demand anonymous shells via SMS | Shell-Company | | 8 |
| [https://github.com/BentonEdmondson/knock](https://github.com/BentonEdmondson/knock) | Convert ACSM files to PDFs/EPUBs with one command on Linux | BentonEdmondson | gpl-3.0 | 564 |
| [https://github.com/SentineLabs/AlphaGolang](https://github.com/SentineLabs/AlphaGolang) | IDApython Scripts for Analyzing Golang Binaries | SentineLabs | gpl-3.0 | 350 |
| [https://github.com/RH-ISAC/PyOTI](https://github.com/RH-ISAC/PyOTI) | Python library for threat intelligence | RH-ISAC | gpl-3.0 | 54 |
| [https://github.com/optiv/ScareCrow](https://github.com/optiv/ScareCrow) | ScareCrow - Payload creation framework designed around EDR bypass. | optiv | mit | 2069 |
| [https://github.com/BushidoUK/CTI-Quiz](https://github.com/BushidoUK/CTI-Quiz) | Practice CTI Quiz | BushidoUK | | 7 |
| [https://github.com/D4-project/pyipasnhistory](https://github.com/D4-project/pyipasnhistory) | API client for IPASN History | D4-project | | 3 |
| [https://github.com/kindtime/nosferatu](https://github.com/kindtime/nosferatu) | Windows NTLM Authentication Backdoor | kindtime | | 189 |
| [https://github.com/scrapinghub/article-extraction-benchmark](https://github.com/scrapinghub/article-extraction-benchmark) | Article extraction benchmark: dataset and evaluation scripts | scrapinghub | mit | 146 |
| [https://github.com/adbar/trafilatura](https://github.com/adbar/trafilatura) | Python & command-line tool to gather text on the Web: web crawling/scraping, extraction of text, metadata, comments | adbar | gpl-3.0 | 634 |
| [https://github.com/matterpoll/matterpoll](https://github.com/matterpoll/matterpoll) | Create polls and surveys directly within Mattermost | matterpoll | mit | 223 |
| [https://github.com/tsale/Rita-zeek_analysis](https://github.com/tsale/Rita-zeek_analysis) | Script to install rita and zeek and then analyze related logs | tsale | | 6 |
| [https://github.com/CQCL/lambeq](https://github.com/CQCL/lambeq) | A high-level Python library for Quantum Natural Language Processing | CQCL | apache-2.0 | 304 |
| [https://github.com/jfilter/clean-text](https://github.com/jfilter/clean-text) | 🧹 Python package for text cleaning | jfilter | other | 716 |
| [https://github.com/amir-zeldes/gum](https://github.com/amir-zeldes/gum) | Repository for the Georgetown University Multilayer Corpus (GUM) | amir-zeldes | other | 71 |
| [https://github.com/GitJournal/GitJournal](https://github.com/GitJournal/GitJournal) | Mobile first Note Taking integrated with Git | GitJournal | agpl-3.0 | 2715 |
| [https://github.com/kanidm/kanidm](https://github.com/kanidm/kanidm) | Kanidm: A simple, secure and fast identity management platform | kanidm | mpl-2.0 | 1179 |
| [https://github.com/ranaroussi/yfinance](https://github.com/ranaroussi/yfinance) | Download market data from Yahoo! Finance's API | ranaroussi | apache-2.0 | 7852 |
| [https://github.com/RaRe-Technologies/gensim](https://github.com/RaRe-Technologies/gensim) | Topic Modelling for Humans | RaRe-Technologies | lgpl-2.1 | 13667 |
| [https://github.com/aliyunav/Finger](https://github.com/aliyunav/Finger) | A tool for recognizing function symbol | aliyunav | gpl-3.0 | 319 |
| [https://github.com/aquasecurity/tracee](https://github.com/aquasecurity/tracee) | Linux Runtime Security and Forensics using eBPF | aquasecurity | apache-2.0 | 2258 |
| [https://github.com/jubairsaidi/urlinsane](https://github.com/jubairsaidi/urlinsane) | Multilingual domain typo permutation engine used to perform or detect typosquatting, brandjacking, URL hijacking, fraud, phishing attacks, corporate espionage and threat intelligence. | jubairsaidi | mit | 4 |
| [https://github.com/meixler/Page-Integrity](https://github.com/meixler/Page-Integrity) | Page Integrity is a web browser extension for Firefox, for verifying the integrity of web pages. | meixler | | 5 |
| [https://github.com/SK-CERT/Taranis-NG](https://github.com/SK-CERT/Taranis-NG) | Taranis NG is an OSINT gathering and analysis tool for CSIRT teams and organisations. It allows team-to-team collaboration, and contains a user portal for simple self asset management. Taranis NG was developed by SK-CERT with a help from wide CSIRT community. | SK-CERT | eupl-1.2 | 45 |
| [https://github.com/ail-project/ail-splash-manager](https://github.com/ail-project/ail-splash-manager) | | ail-project | gpl-3.0 | 4 |
| [https://github.com/quarkslab/mattermost-plugin-e2ee](https://github.com/quarkslab/mattermost-plugin-e2ee) | End-to-end encryption plugin for Mattermost | quarkslab | apache-2.0 | 48 |
| [https://github.com/OALabs/hashdb-ida](https://github.com/OALabs/hashdb-ida) | HashDB API hash lookup plugin for IDA Pro | OALabs | bsd-3-clause | 223 |
| [https://github.com/OALabs/hashdb](https://github.com/OALabs/hashdb) | Assortment of hashing algorithms used in malware | OALabs | apache-2.0 | 197 |
| [https://github.com/mandiant/flare-ida](https://github.com/mandiant/flare-ida) | IDA Pro utilities from FLARE team | mandiant | apache-2.0 | 1801 |
| [https://github.com/zqtay/Telegram-Message-Analyzer](https://github.com/zqtay/Telegram-Message-Analyzer) | Process the exported Telegram chat history .html and generate a report message count by date, and most used words. | zqtay | | 22 |
| [https://github.com/mncoppola/suterusu](https://github.com/mncoppola/suterusu) | An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM | mncoppola | mit | 580 |
| [https://github.com/rly0nheart/occli](https://github.com/rly0nheart/occli) | A command line tool that queries the Open Corporates Database and returns data on corporations under the copyleft Open Database License. | rly0nheart | gpl-3.0 | 30 |
| [https://github.com/bats3c/DarkLoadLibrary](https://github.com/bats3c/DarkLoadLibrary) | LoadLibrary for offensive operations | bats3c | | 728 |
| [https://github.com/okbob/pspg](https://github.com/okbob/pspg) | Unix pager (with very rich functionality) designed for work with tables. Designed for PostgreSQL, but MySQL is supported too. Works well with pgcli too. Can be used as CSV or TSV viewer too. It supports searching, selecting rows, columns, or block and export selected area to clipboard. | okbob | bsd-2-clause | 1910 |
| [https://github.com/herosi/CTO](https://github.com/herosi/CTO) | Call Tree Overviewer | herosi | mit | 255 |
| [https://github.com/Invoke-IR/PowerForensics](https://github.com/Invoke-IR/PowerForensics) | PowerForensics provides an all in one platform for live disk forensic analysis | Invoke-IR | mit | 1242 |
| [https://github.com/xwmx/nb](https://github.com/xwmx/nb) | CLI and local web plain text notetaking, bookmarking, and archiving with linking, tagging, filtering, search, Git versioning & syncing, Pandoc conversion, + more, in a single portable script. | xwmx | agpl-3.0 | 4872 |
| [https://github.com/Jeija/librenard](https://github.com/Jeija/librenard) | Reverse Engineered Sigfox Stack - Library | Jeija | | 20 |
| [https://github.com/dariusk/corpora](https://github.com/dariusk/corpora) | A collection of small corpuses of interesting data for the creation of bots and similar stuff. | dariusk | | 4536 |
| [https://github.com/aparrish/pycorpora](https://github.com/aparrish/pycorpora) | A simple Python interface for Darius Kazemi's Corpora Project. | aparrish | mit | 113 |
| [https://github.com/zinggAI/zingg](https://github.com/zinggAI/zingg) | Scalable identity resolution, entity resolution, data mastering and deduplication using ML | zinggAI | agpl-3.0 | 632 |
| [https://github.com/projectdiscovery/interactsh](https://github.com/projectdiscovery/interactsh) | An OOB interaction gathering server and client library | projectdiscovery | mit | 1978 |
| [https://github.com/nil0x42/phpsploit](https://github.com/nil0x42/phpsploit) | Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor | nil0x42 | gpl-3.0 | 1808 |
| [https://github.com/wagga40/Zircolite](https://github.com/wagga40/Zircolite) | A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs | wagga40 | | 420 |
| [https://github.com/jmpsec/osctrl](https://github.com/jmpsec/osctrl) | Fast and efficient osquery management | jmpsec | mit | 251 |
| [https://github.com/zentralopensource/zentral](https://github.com/zentralopensource/zentral) | Zentral provides a unified view for endpoint monitoring. Comprehensive features include Santa binary authorization and patch management orchestration on macOS, as well as detailed Qsquery fleet management - all paired with event based stream processing and direct support for a range of data store backends (Elastic, OpenSearch, SumoLogic, Splunk, e.g.). | zentralopensource | other | 650 |
| [https://github.com/ICIJ/datashare](https://github.com/ICIJ/datashare) | Better analyze information, in all its forms | ICIJ | agpl-3.0 | 438 |
| [https://github.com/clockfort/GitHub-Backup](https://github.com/clockfort/GitHub-Backup) | Backup all the repositories of a github user or organization automatically. | clockfort | cc0-1.0 | 267 |
| [https://github.com/HugoLB0/browser-creds](https://github.com/HugoLB0/browser-creds) | recover Firefox and more browsers logins | HugoLB0 | | 42 |
| [https://github.com/my5G/my5G-non3GPP-access](https://github.com/my5G/my5G-non3GPP-access) | Implements a security connection using untrusted non3GPP | my5G | apache-2.0 | 30 |
| [https://github.com/qeeqbox/honeypots](https://github.com/qeeqbox/honeypots) | 25 different honeypots in a single pypi package! (dns, ftp, httpproxy, http, https, imap, mysql, pop3, postgres, redis, smb, smtp, socks5, ssh, telnet, vnc, mssql, elastic, ldap, ntp, memcache, snmp, oracle, sip and irc) | qeeqbox | agpl-3.0 | 234 |
| [https://github.com/SocialConnect/auth](https://github.com/SocialConnect/auth) | :atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit: | SocialConnect | mit | 511 |
| [https://github.com/mcrumm/mystex_pizza_on_broadway](https://github.com/mcrumm/mystex_pizza_on_broadway) | An example of batching for operations with Elixir and Broadway | mcrumm | apache-2.0 | 20 |
| [https://github.com/nltk/nltk](https://github.com/nltk/nltk) | NLTK Source | nltk | apache-2.0 | 11185 |
| [https://github.com/aaronland/go-flickr-api](https://github.com/aaronland/go-flickr-api) | Go package for working with the Flickr API | aaronland | bsd-3-clause | 1 |
| [https://github.com/jbapple/libfilter](https://github.com/jbapple/libfilter) | High-speed Bloom filters and taffy filters for C, C++, and Java | jbapple | apache-2.0 | 24 |
| [https://github.com/ossf/oss-vulnerability-guide](https://github.com/ossf/oss-vulnerability-guide) | A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications. | ossf | cc-by-4.0 | 72 |
| [https://github.com/gallypette/ia-torrent](https://github.com/gallypette/ia-torrent) | Retrive torrent files from an Internet Archive search | gallypette | other | 2 |
| [https://github.com/stuhli/awesome-event-ids](https://github.com/stuhli/awesome-event-ids) | Collection of Event ID ressources useful for Digital Forensics and Incident Response | stuhli | mit | 384 |
| [https://github.com/shelld3v/PwnVPN](https://github.com/shelld3v/PwnVPN) | The best exploitation tool for SSL VPN 0day vulnerabilities. | shelld3v | | 71 |
| [https://github.com/cisagov/crossfeed](https://github.com/cisagov/crossfeed) | External monitoring for organization assets | cisagov | cc0-1.0 | 234 |
| [https://github.com/advanced-threat-research/DarkSide-Config-Extract](https://github.com/advanced-threat-research/DarkSide-Config-Extract) | | advanced-threat-research | | 30 |
| [https://github.com/wummel/patool](https://github.com/wummel/patool) | patool is a portable command line archive file manager | wummel | gpl-3.0 | 312 |
| [https://github.com/redpanda-data/redpanda](https://github.com/redpanda-data/redpanda) | Redpanda is a streaming data platform for developers. Kafka API compatible. 10x faster. No ZooKeeper. No JVM! | redpanda-data | | 5150 |
| [https://github.com/apjanke/ronn-ng](https://github.com/apjanke/ronn-ng) | Ronn-NG: An updated fork of ronn. Build man pages from Markdown. | apjanke | mit | 48 |
| [https://github.com/rtomayko/ronn](https://github.com/rtomayko/ronn) | the opposite of roff | rtomayko | other | 1306 |
| [https://github.com/aubio/aubio](https://github.com/aubio/aubio) | a library for audio and music analysis | aubio | gpl-3.0 | 2819 |
| [https://github.com/slsa-framework/slsa](https://github.com/slsa-framework/slsa) | Supply-chain Levels for Software Artifacts | slsa-framework | other | 918 |
| [https://github.com/alex-shpak/hugo-book](https://github.com/alex-shpak/hugo-book) | Hugo documentation theme as simple as plain book | alex-shpak | mit | 2062 |
| [https://github.com/CESNET/ipfixprobe](https://github.com/CESNET/ipfixprobe) | | CESNET | bsd-3-clause | 15 |
| [https://github.com/CESNET/Nemea](https://github.com/CESNET/Nemea) | System for network traffic analysis and anomaly detection. | CESNET | other | 70 |
| [https://github.com/fofapro/fapro](https://github.com/fofapro/fapro) | Fake Protocol Server | fofapro | | 1324 |
| [https://github.com/blacklanternsecurity/MANSPIDER](https://github.com/blacklanternsecurity/MANSPIDER) | Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported! | blacklanternsecurity | | 591 |
| [https://github.com/graphlab-fr/cosma](https://github.com/graphlab-fr/cosma) | Cosma is a document graph visualization tool. It modelizes interlinked Markdown files and renders them as an interactive network in a web interface. | graphlab-fr | gpl-3.0 | 40 |
| [https://github.com/vesoft-inc/nebula](https://github.com/vesoft-inc/nebula) | A distributed, fast open-source graph database featuring horizontal scalability and high availability | vesoft-inc | apache-2.0 | 8170 |
| [https://github.com/VIDA-NYU/ache](https://github.com/VIDA-NYU/ache) | ACHE is a web crawler for domain-specific search. | VIDA-NYU | apache-2.0 | 374 |
| [https://github.com/ascoderu/xtarfile](https://github.com/ascoderu/xtarfile) | Wrapper around tarfile to add support for more compression formats | ascoderu | apache-2.0 | 6 |
| [https://github.com/tylertreat/BoomFilters](https://github.com/tylertreat/BoomFilters) | Probabilistic data structures for processing continuous, unbounded streams. | tylertreat | apache-2.0 | 1487 |
| [https://github.com/DCSO/bloom](https://github.com/DCSO/bloom) | A highly efficient Bloom filter library and command line tool written in Go. | DCSO | other | 56 |
| [https://github.com/DCSO/tiffy](https://github.com/DCSO/tiffy) | TIE Feed Generator for MISP (replaces tie2misp) | DCSO | bsd-3-clause | 5 |
| [https://github.com/ashemery/exploitation-course](https://github.com/ashemery/exploitation-course) | Offensive Software Exploitation Course | ashemery | | 762 |
| [https://github.com/aaugustin/websockets](https://github.com/aaugustin/websockets) | Library for building WebSocket servers and clients in Python | aaugustin | bsd-3-clause | 4234 |
| [https://github.com/lockedbyte/CVE-2021-40444](https://github.com/lockedbyte/CVE-2021-40444) | CVE-2021-40444 PoC | lockedbyte | | 1444 |
| [https://github.com/splunk/attack_data](https://github.com/splunk/attack_data) | A repository of curated datasets from various attacks | splunk | apache-2.0 | 336 |
| [https://github.com/caiobran/mstables](https://github.com/caiobran/mstables) | MorningStar.com scraper that consolidates tens of thousands of financial records into a SQLite relational database. Class 'dataframes' easily converts the SQLite data into pandas DataFrames (see Jupyter notebook for examples) | caiobran | mit | 137 |
| [https://github.com/raw-packet/raw-packet](https://github.com/raw-packet/raw-packet) | Raw-packet Project | raw-packet | mit | 197 |
| [https://github.com/arthurdejong/python-stdnum](https://github.com/arthurdejong/python-stdnum) | A Python library to provide functions to handle, parse and validate standard numbers. | arthurdejong | lgpl-2.1 | 385 |
| [https://github.com/PassiveDNS/PassiveDNS](https://github.com/PassiveDNS/PassiveDNS) | Web Application for domain name monitoring / alerting | PassiveDNS | agpl-3.0 | 54 |
| [https://github.com/quotient-im/Quaternion](https://github.com/quotient-im/Quaternion) | A Qt5-based IM client for Matrix | quotient-im | gpl-3.0 | 550 |
| [https://github.com/otiai10/ocrserver](https://github.com/otiai10/ocrserver) | A simple OCR API server, seriously easy to be deployed by Docker, on Heroku as well | otiai10 | mit | 531 |
| [https://github.com/bitfieldaudio/OTTO](https://github.com/bitfieldaudio/OTTO) | Sampler, Sequencer, Multi-engine synth and effects - in a box! [WIP] | bitfieldaudio | other | 2510 |
| [https://github.com/austinsonger/Incident-Playbook](https://github.com/austinsonger/Incident-Playbook) | GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly] | austinsonger | mit | 963 |
| [https://github.com/post-cyberlabs/PyMISP_Telecom](https://github.com/post-cyberlabs/PyMISP_Telecom) | Script examples to interact with Telecom Data / Objects via PyMISP | post-cyberlabs | agpl-3.0 | 6 |
| [https://github.com/lorien/awesome-pastebin](https://github.com/lorien/awesome-pastebin) | List of pastebin sites. | lorien | | 47 |
| [https://github.com/eljefe7000/RestApiToText](https://github.com/eljefe7000/RestApiToText) | RestApiToText Notepad++ plugin that uses input from an editor tab to make a REST call and display the results in a new tab. | eljefe7000 | gpl-3.0 | 13 |
| [https://github.com/cristianzsh/freki](https://github.com/cristianzsh/freki) | :wolf: Malware analysis platform | cristianzsh | agpl-3.0 | 357 |
| [https://github.com/coolacid/docker-misp](https://github.com/coolacid/docker-misp) | A (nearly) production ready Dockered MISP | coolacid | gpl-3.0 | 181 |
| [https://github.com/geemion/Khepri](https://github.com/geemion/Khepri) | Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++. | geemion | apache-2.0 | 1375 |
| [https://github.com/microsoft/APSI](https://github.com/microsoft/APSI) | APSI is a C++ library for Asymmetric (unlabeled or labeled) Private Set Intersection. | microsoft | mit | 107 |
| [https://github.com/causaltext/causal-text-papers](https://github.com/causaltext/causal-text-papers) | Curated research at the intersection of causal inference and natural language processing. | causaltext | | 573 |
| [https://github.com/jonasmalacofilho/git-cache-http-server](https://github.com/jonasmalacofilho/git-cache-http-server) | A caching Git HTTP server | jonasmalacofilho | other | 68 |
| [https://github.com/dwmetz/CSIRT-Collect](https://github.com/dwmetz/CSIRT-Collect) | PowerShell script to collect memory and (triage) disk forensics | dwmetz | mit | 188 |
| [https://github.com/stephenbradshaw/hlextend](https://github.com/stephenbradshaw/hlextend) | Pure Python hash length extension module | stephenbradshaw | other | 75 |
| [https://github.com/ail-project/ail-feeder-leak](https://github.com/ail-project/ail-feeder-leak) | AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically | ail-project | agpl-3.0 | 8 |
| [https://github.com/tabler/tabler-icons](https://github.com/tabler/tabler-icons) | A set of over 2800 free MIT-licensed high-quality SVG icons for you to use in your web projects. | tabler | mit | 13024 |
| [https://github.com/doegox/awesome-rfid-talks](https://github.com/doegox/awesome-rfid-talks) | | doegox | | 58 |
| [https://github.com/WithSecureLabs/chainsaw](https://github.com/WithSecureLabs/chainsaw) | Rapidly Search and Hunt through Windows Forensic Artefacts | WithSecureLabs | gpl-3.0 | 1717 |
| [https://github.com/vertexproject/synapse](https://github.com/vertexproject/synapse) | Synapse Central Intelligence System | vertexproject | apache-2.0 | 247 |
| [https://github.com/centrifugal/centrifugo](https://github.com/centrifugal/centrifugo) | Scalable real-time messaging server in a language-agnostic way. Set up once and forever. | centrifugal | apache-2.0 | 6505 |
| [https://github.com/searx/searx](https://github.com/searx/searx) | Privacy-respecting metasearch engine | searx | agpl-3.0 | 12141 |
| [https://github.com/google/docsy](https://github.com/google/docsy) | A set of Hugo doc templates for launching open source content. | google | apache-2.0 | 1942 |
| [https://github.com/airbus-seclab/c-compiler-security](https://github.com/airbus-seclab/c-compiler-security) | Security-related flags and options for C compilers | airbus-seclab | cc-by-sa-4.0 | 128 |
| [https://github.com/EdwardRaff/pyLZJD](https://github.com/EdwardRaff/pyLZJD) | Python implementation of the LZJD algorithm | EdwardRaff | apache-2.0 | 18 |
| [https://github.com/a4lg/ffuzzypp](https://github.com/a4lg/ffuzzypp) | C++ implementation of ssdeep-compatible fast fuzzy hashing | a4lg | other | 35 |
| [https://github.com/a4lg/libffuzzy](https://github.com/a4lg/libffuzzy) | Fast ssdeep comparison library | a4lg | other | 11 |
| [https://github.com/libyal/libesedb](https://github.com/libyal/libesedb) | Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format. | libyal | lgpl-3.0 | 305 |
| [https://github.com/mpetri/FM-Index](https://github.com/mpetri/FM-Index) | FM-Index full-text index implementation using RRR Wavelet trees (libcds) and fast suffix sorting (libdivsufsort) including experimental results. | mpetri | gpl-3.0 | 87 |
| [https://github.com/a4lg/fast-ssdeep-clus](https://github.com/a4lg/fast-ssdeep-clus) | Parallel ssdeep clustering kit | a4lg | | 16 |
| [https://github.com/mdecrevoisier/Microsoft-eventlog-mindmap](https://github.com/mdecrevoisier/Microsoft-eventlog-mindmap) | Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,... | mdecrevoisier | bsd-2-clause | 778 |
| [https://github.com/pykeen/pykeen](https://github.com/pykeen/pykeen) | 🤖 A Python library for learning and evaluating knowledge graph embeddings | pykeen | mit | 1015 |
| [https://github.com/AndrewRathbun/DFIRMindMaps](https://github.com/AndrewRathbun/DFIRMindMaps) | A repository of DFIR-related Mind Maps geared towards the visual learners! | AndrewRathbun | mit | 390 |
| [https://github.com/opsdisk/scantron](https://github.com/opsdisk/scantron) | A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows. | opsdisk | apache-2.0 | 121 |
| [https://github.com/evilsocket/medusa](https://github.com/evilsocket/medusa) | A fast and secure multi protocol honeypot. | evilsocket | other | 268 |
| [https://github.com/EquiFox/KsDumper](https://github.com/EquiFox/KsDumper) | Dumping processes using the power of kernel space ! | EquiFox | mit | 771 |
| [https://github.com/center-for-threat-informed-defense/attack_to_veris](https://github.com/center-for-threat-informed-defense/attack_to_veris) | The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation. | center-for-threat-informed-defense | apache-2.0 | 54 |
| [https://github.com/falconry/falcon](https://github.com/falconry/falcon) | The no-magic web data plane API and microservices framework for Python developers, with a focus on reliability, correctness, and performance at scale. | falconry | apache-2.0 | 8930 |
| [https://github.com/daniestevez/gr-satellites](https://github.com/daniestevez/gr-satellites) | GNU Radio decoder for Amateur satellites | daniestevez | gpl-3.0 | 602 |
| [https://github.com/django-oscar/django-oscar](https://github.com/django-oscar/django-oscar) | Domain-driven e-commerce for Django | django-oscar | bsd-3-clause | 5506 |
| [https://github.com/wdas/reposado](https://github.com/wdas/reposado) | Host Apple Software Updates on the hardware and OS of your choice. | wdas | other | 840 |
| [https://github.com/rizinorg/rz-ghidra](https://github.com/rizinorg/rz-ghidra) | Deep ghidra decompiler and sleigh disassembler integration for rizin | rizinorg | lgpl-3.0 | 667 |
| [https://github.com/rizinorg/rizin](https://github.com/rizinorg/rizin) | UNIX-like reverse engineering framework and command-line toolset. | rizinorg | lgpl-3.0 | 1635 |
| [https://github.com/radareorg/iaito](https://github.com/radareorg/iaito) | Official QT frontend of radare2 | radareorg | gpl-3.0 | 448 |
| [https://github.com/lzfse/lzfse](https://github.com/lzfse/lzfse) | LZFSE compression library and command line tool | lzfse | bsd-3-clause | 1690 |
| [https://github.com/marceloprates/prettymaps](https://github.com/marceloprates/prettymaps) | A small set of Python functions to draw pretty maps from OpenStreetMap data. Based on osmnx, matplotlib and shapely libraries. | marceloprates | agpl-3.0 | 8841 |
| [https://github.com/encryptogroup/MobilePSI](https://github.com/encryptogroup/MobilePSI) | Implementation of precomputed PSI for smartphone | encryptogroup | | 10 |
| [https://github.com/eric-vader/PyPSI](https://github.com/eric-vader/PyPSI) | A Python library for private set intersection | eric-vader | apache-2.0 | 9 |
| [https://github.com/alyssaxuu/screenity](https://github.com/alyssaxuu/screenity) | The most powerful screen recorder & annotation tool for Chrome 🎥 | alyssaxuu | mit | 7714 |
| [https://github.com/fastfire/deepdarkCTI](https://github.com/fastfire/deepdarkCTI) | Collection of Cyber Threat Intelligence sources from the deep and dark web | fastfire | gpl-3.0 | 1152 |
| [https://github.com/IlanKalendarov/PyHook](https://github.com/IlanKalendarov/PyHook) | PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call. | IlanKalendarov | bsd-3-clause | 156 |
| [https://github.com/srossross/rpmfile](https://github.com/srossross/rpmfile) | Read rmp archive files | srossross | mit | 20 |
| [https://github.com/maana-io/ServiceReadinessLevels](https://github.com/maana-io/ServiceReadinessLevels) | Service Readiness Levels (SRL) are a type of measurement system used to assess the maturity of software services deployed in an orchestration and management platform. SRL are loosely based on the NASA Technology Readiness Levels. | maana-io | mit | 2 |
| [https://github.com/organicmaps/organicmaps](https://github.com/organicmaps/organicmaps) | 🍃 Organic Maps is a free Android & iOS offline maps app for travelers, tourists, hikers, and cyclists. It uses crowd-sourced OpenStreetMap data and is developed with love by MapsWithMe (MapsMe) founders and our community. No ads, no tracking, no data collection, no crapware. Your donations and positive reviews motivate and inspire our small team! | organicmaps | apache-2.0 | 4032 |
| [https://github.com/jonashaag/bjoern](https://github.com/jonashaag/bjoern) | A screamingly fast Python 2/3 WSGI server written in C. | jonashaag | other | 2851 |
| [https://github.com/StrangerealIntel/SkyNeXus](https://github.com/StrangerealIntel/SkyNeXus) | List SID of rules used by publics sandbox for hunting | StrangerealIntel | | 2 |
| [https://github.com/s0md3v/Hash-Buster](https://github.com/s0md3v/Hash-Buster) | Crack hashes in seconds. | s0md3v | mit | 1393 |
| [https://github.com/byronknoll/cmix](https://github.com/byronknoll/cmix) | cmix is a lossless data compression program aimed at optimizing compression ratio at the cost of high CPU/memory usage. | byronknoll | gpl-3.0 | 472 |
| [https://github.com/sptonkin/fuzzyhashlib](https://github.com/sptonkin/fuzzyhashlib) | Python hashlib-like wrapper for several fuzzy hash algorithms. | sptonkin | gpl-3.0 | 12 |
| [https://github.com/TheClimateCorporation/python-dpkg](https://github.com/TheClimateCorporation/python-dpkg) | Python library for reading Debian package files and comparing version strings | TheClimateCorporation | other | 26 |
| [https://github.com/barneygale/pathlab](https://github.com/barneygale/pathlab) | Extends Pathlib to archives, images, remote filesystems, etc | barneygale | gpl-3.0 | 25 |
| [https://github.com/cogsec-collaborative/AMITT](https://github.com/cogsec-collaborative/AMITT) | AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. Includes TTPs and countermeasures. | cogsec-collaborative | cc-by-sa-4.0 | 145 |
| [https://github.com/linvon/cuckoo-filter](https://github.com/linvon/cuckoo-filter) | Cuckoo Filter go implement, better than Bloom Filter, configurable and space optimized 布谷鸟过滤器的Go实现优于布隆过滤器可以定制化过滤器参数并进行了空间优化 | linvon | mit | 232 |
| [https://github.com/hpthreatresearch/subcrawl](https://github.com/hpthreatresearch/subcrawl) | SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as MISP. | hpthreatresearch | mit | 117 |
| [https://github.com/Archive-42/My-Notes-Compilation](https://github.com/Archive-42/My-Notes-Compilation) | This is just a running list of notes without any unifying theme or structure, however it will generally be somewhere in the realm of web development. | Archive-42 | | 6 |
| [https://github.com/kkamagui/bitleaker](https://github.com/kkamagui/bitleaker) | This tool can decrypt a BitLocker-locked partition with the TPM vulnerability | kkamagui | other | 135 |
| [https://github.com/sigstore/cosign](https://github.com/sigstore/cosign) | Container Signing | sigstore | apache-2.0 | 2681 |
| [https://github.com/in-toto/docs](https://github.com/in-toto/docs) | Specification and other related documents. | in-toto | mit | 25 |
| [https://github.com/sigstore/rekor](https://github.com/sigstore/rekor) | Software Supply Chain Transparency Log | sigstore | apache-2.0 | 610 |
| [https://github.com/IceFireDB/IceFireDB](https://github.com/IceFireDB/IceFireDB) | IceFireDB is a database built for web3 and web2. It strives to fill the gap between web2 and web3 with a friendly database experience, making web3 application data storage more convenient, and making it easier for web2 applications to achieve decentralization and data immutability. | IceFireDB | mit | 939 |
| [https://github.com/OpenMined/PySyft](https://github.com/OpenMined/PySyft) | Data science on data without acquiring a copy | OpenMined | apache-2.0 | 8399 |
| [https://github.com/jazzband/django-payments](https://github.com/jazzband/django-payments) | Universal payment handling for Django. | jazzband | other | 798 |
| [https://github.com/OpenMined/PSI](https://github.com/OpenMined/PSI) | Private Set Intersection Cardinality protocol based on ECDH and Bloom Filters | OpenMined | apache-2.0 | 80 |
| [https://github.com/farsightsec/fsmtrie](https://github.com/farsightsec/fsmtrie) | fast string matching trie library | farsightsec | apache-2.0 | 8 |
| [https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX](https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX) | Convert Apple NeuralHash model for CSAM Detection to ONNX. | AsuharietYgvar | apache-2.0 | 1480 |
| [https://github.com/minio/minfs](https://github.com/minio/minfs) | A network filesystem client to connect to MinIO and Amazon S3 compatible cloud storage servers | minio | agpl-3.0 | 418 |
| [https://github.com/jonaslejon/malicious-pdf](https://github.com/jonaslejon/malicious-pdf) | 💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh | jonaslejon | bsd-2-clause | 1867 |
| [https://github.com/guelfoweb/peframe](https://github.com/guelfoweb/peframe) | PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents. | guelfoweb | | 542 |
| [https://github.com/cloudflare/goflow](https://github.com/cloudflare/goflow) | The high-scalability sFlow/NetFlow/IPFIX collector used internally at Cloudflare. | cloudflare | bsd-3-clause | 651 |
| [https://github.com/satta/fever-threatbus](https://github.com/satta/fever-threatbus) | FEVER<->Threat Bus connector | satta | | 5 |
| [https://github.com/hack4impact/flask-base](https://github.com/hack4impact/flask-base) | A simple Flask boilerplate app with SQLAlchemy, Redis, User Authentication, and more. | hack4impact | mit | 2816 |
| [https://github.com/Yara-Rules/rules](https://github.com/Yara-Rules/rules) | Repository of yara rules | Yara-Rules | gpl-2.0 | 3315 |
| [https://github.com/SourceCode-AI/aura](https://github.com/SourceCode-AI/aura) | Python source code auditing and static analysis on a large scale | SourceCode-AI | gpl-3.0 | 103 |
| [https://github.com/openwall/yescrypt](https://github.com/openwall/yescrypt) | Password-based key derivation function and password hashing scheme building upon scrypt | openwall | | 60 |
| [https://github.com/jaraco/keyring](https://github.com/jaraco/keyring) | | jaraco | mit | 928 |
| [https://github.com/riatelab/linemap](https://github.com/riatelab/linemap) | :aquarius: Create maps made of lines | riatelab | | 108 |
| [https://github.com/xairy/vmware-exploitation](https://github.com/xairy/vmware-exploitation) | A collection of links related to VMware escape exploits | xairy | cc-by-4.0 | 1178 |
| [https://github.com/cudeso/CSIRT-Jump-Bag](https://github.com/cudeso/CSIRT-Jump-Bag) | CSIRT Jump Bag | cudeso | | 25 |
| [https://github.com/markmap/markmap](https://github.com/markmap/markmap) | Visualize your Markdown as mindmaps with Markmap. | markmap | mit | 4145 |
| [https://github.com/med0x2e/SigFlip](https://github.com/med0x2e/SigFlip) | SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature. | med0x2e | mit | 728 |
| [https://github.com/ml874/Data-Science-Cheatsheet](https://github.com/ml874/Data-Science-Cheatsheet) | | ml874 | | 2217 |
| [https://github.com/G-Research/siembol](https://github.com/G-Research/siembol) | An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework. | G-Research | apache-2.0 | 159 |
| [https://github.com/c6fc/warcannon](https://github.com/c6fc/warcannon) | High speed/Low cost CommonCrawl RegExp in Node.js | c6fc | other | 205 |
| [https://github.com/GuidoBartoli/sherloq](https://github.com/GuidoBartoli/sherloq) | An open-source digital image forensic toolset | GuidoBartoli | gpl-3.0 | 2072 |
| [https://github.com/rprinz08/hBPF](https://github.com/rprinz08/hBPF) | hBPF = eBPF in hardware | rprinz08 | bsd-3-clause | 326 |
| [https://github.com/pucarasec/zuthaka](https://github.com/pucarasec/zuthaka) | Zuthaka is an open source application designed to assist red-teaming efforts, by simplifying the task of managing different APTs and other post-exploitation tools. | pucarasec | other | 159 |
| [https://github.com/ail-project/ail-feeder-activity-pub](https://github.com/ail-project/ail-feeder-activity-pub) | External ActivityPub feeder for AIL-framework. | ail-project | | 4 |
| [https://github.com/baidu/BaikalDB](https://github.com/baidu/BaikalDB) | BaikalDB, A Distributed HTAP Database. | baidu | apache-2.0 | 982 |
| [https://github.com/quarkslab/qsynthesis](https://github.com/quarkslab/qsynthesis) | Greybox Synthesizer geared for deobfuscation of assembly instructions. | quarkslab | agpl-3.0 | 89 |
| [https://github.com/build-trust/ockam](https://github.com/build-trust/ockam) | Orchestrate end-to-end encryption, mutual authentication, key management, credential management & authorization policy enforcement — at scale. | build-trust | apache-2.0 | 2622 |
| [https://github.com/ukncsc/lme](https://github.com/ukncsc/lme) | Logging Made Easy | ukncsc | apache-2.0 | 660 |
| [https://github.com/mozilla/extension-workshop](https://github.com/mozilla/extension-workshop) | Firefox Extension Workshop | mozilla | | 70 |
| [https://github.com/cfalta/MicrosoftWontFixList](https://github.com/cfalta/MicrosoftWontFixList) | A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-)) | cfalta | bsd-3-clause | 897 |
| [https://github.com/amirgamil/apollo](https://github.com/amirgamil/apollo) | A Unix-style personal search engine and web crawler for your digital footprint. | amirgamil | mit | 1296 |
| [https://github.com/humhub/humhub](https://github.com/humhub/humhub) | HumHub is an Open Source Enterprise Social Network. Easy to install, intuitive to use and extendable with countless freely available modules. | humhub | other | 5922 |
| [https://github.com/lektor/lektor](https://github.com/lektor/lektor) | The lektor static file content management system | lektor | bsd-3-clause | 3623 |
| [https://github.com/securisec/chepy](https://github.com/securisec/chepy) | Chepy is a python lib/cli equivalent of the awesome CyberChef tool. | securisec | gpl-3.0 | 466 |
| [https://github.com/AresValley/Artemis](https://github.com/AresValley/Artemis) | Radio Signals Recognition Manual | AresValley | gpl-3.0 | 165 |
| [https://github.com/sigstore/sigstore-git-verifier](https://github.com/sigstore/sigstore-git-verifier) | A Github Action to verify that new commits are present in the sigstore transparency log. | sigstore | apache-2.0 | 7 |
| [https://github.com/poettering/fsprg](https://github.com/poettering/fsprg) | Forward Secure Pseudo Random Generator | poettering | | 7 |
| [https://github.com/seperman/deepdiff](https://github.com/seperman/deepdiff) | DeepDiff: Deep Difference and search of any Python object/data. DeepHash: Hash of any object based on its contents. Delta: Use deltas to reconstruct objects by adding deltas together. | seperman | other | 1508 |
| [https://github.com/eclecticiq/stix-icons](https://github.com/eclecticiq/stix-icons) | stix-icons is a collection of colourful and clean icons for use in software, training and marketing material to visualize cyber threats according to the STIX language for intelligence exchange, defined by OASIS Cyber Threat Intelligence (CTI) TC | eclecticiq | other | 17 |
| [https://github.com/strozfriedberg/lightgrep](https://github.com/strozfriedberg/lightgrep) | Command-line utility for multipattern search using liblightgrep | strozfriedberg | gpl-3.0 | 36 |
| [https://github.com/aaranxu/adidoks](https://github.com/aaranxu/adidoks) | AdiDoks is a mordern documentation theme, which is a port of the Hugo theme Doks for Zola. | aaranxu | mit | 123 |
| [https://github.com/mvt-project/mvt](https://github.com/mvt-project/mvt) | MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. | mvt-project | other | 8168 |
| [https://github.com/camelot-dev/camelot](https://github.com/camelot-dev/camelot) | A Python library to extract tabular data from PDFs | camelot-dev | mit | 1716 |
| [https://github.com/AmnestyTech/investigations](https://github.com/AmnestyTech/investigations) | Indicators from Amnesty International's investigations | AmnestyTech | | 1400 |
| [https://github.com/RosettaCommons/RoseTTAFold](https://github.com/RosettaCommons/RoseTTAFold) | This package contains deep learning models and related scripts for RoseTTAFold | RosettaCommons | mit | 1606 |
| [https://github.com/g-deoliveira/TextSummarization](https://github.com/g-deoliveira/TextSummarization) | Extractive Text Summarization Using LDA For Topic Modeling | g-deoliveira | | 33 |
| [https://github.com/tenacityteam/tenacity-legacy](https://github.com/tenacityteam/tenacity-legacy) | **Old repository**. Tenacity is an easy-to-use, privacy-friendly, FLOSS, cross-platform multi-track audio editor/recorder for Windows, macOS, Linux and other operating systems. | tenacityteam | other | 7217 |
| [https://github.com/mozilla/bleach](https://github.com/mozilla/bleach) | Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes | mozilla | other | 2407 |
| [https://github.com/betrusted-io/gateware](https://github.com/betrusted-io/gateware) | IP submodules, formatted for easier CI integration | betrusted-io | other | 21 |
| [https://github.com/iot-onboarding/mud-visualizer](https://github.com/iot-onboarding/mud-visualizer) | mud-visualizer is a tool to visualize MUD files | iot-onboarding | bsd-3-clause | 11 |
| [https://github.com/t4d/PhishingKit-Yara-Rules](https://github.com/t4d/PhishingKit-Yara-Rules) | Repository of Yara rules dedicated to Phishing Kits Zip files | t4d | gpl-3.0 | 91 |
| [https://github.com/D4-project/d4-rustclient](https://github.com/D4-project/d4-rustclient) | Very basic rust client: listen for a message on stdin, write the message on stdout. | D4-project | bsd-2-clause | 2 |
| [https://github.com/rpetrich/deciduous](https://github.com/rpetrich/deciduous) | App that makes building attack decision trees from the Security Chaos Engineering report easy | rpetrich | gpl-2.0 | 100 |
| [https://github.com/litl/backoff](https://github.com/litl/backoff) | Python library providing function decorators for configurable backoff and retry | litl | mit | 1966 |
| [https://github.com/bndw/wifi-card](https://github.com/bndw/wifi-card) | 📶 Print a QR code for connecting to your WiFi (wificard.io) | bndw | mit | 6095 |
| [https://github.com/tiimgreen/github-cheat-sheet](https://github.com/tiimgreen/github-cheat-sheet) | A list of cool features of Git and GitHub. | tiimgreen | mit | 37616 |
| [https://github.com/sophoslabs/IoCs](https://github.com/sophoslabs/IoCs) | Sophos-originated indicators-of-compromise from published reports | sophoslabs | | 359 |
| [https://github.com/martinus/robin-hood-hashing](https://github.com/martinus/robin-hood-hashing) | Fast & memory efficient hashtable based on robin hood hashing for C++11/14/17/20 | martinus | mit | 1240 |
| [https://github.com/splunk/security_content](https://github.com/splunk/security_content) | Splunk Security Content | splunk | apache-2.0 | 738 |
| [https://github.com/kellyjonbrazil/jello](https://github.com/kellyjonbrazil/jello) | CLI tool to filter JSON and JSON Lines data with Python syntax. (Similar to jq) | kellyjonbrazil | mit | 327 |
| [https://github.com/virtualabs/piotr](https://github.com/virtualabs/piotr) | Piotr - IoT firmware emulation instrumentation for training and research | virtualabs | mit | 52 |
| [https://github.com/telekom-security/malware_analysis](https://github.com/telekom-security/malware_analysis) | This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts. | telekom-security | | 72 |
| [https://github.com/SpiderLabs/REvil_config](https://github.com/SpiderLabs/REvil_config) | Configuration file for REvil / Kaseya July campaign | SpiderLabs | | 4 |
| [https://github.com/cisco/mindmeld](https://github.com/cisco/mindmeld) | An Open Source Conversational AI Platform for Deep-Domain Voice Interfaces and Chatbots. | cisco | apache-2.0 | 599 |
| [https://github.com/CachetHQ/Cachet](https://github.com/CachetHQ/Cachet) | 📛 An open source status page system for everyone. | CachetHQ | bsd-3-clause | 12934 |
| [https://github.com/google/trax](https://github.com/google/trax) | Trax — Deep Learning with Clear Code and Speed | google | apache-2.0 | 7156 |
| [https://github.com/MISP/misp-expansion](https://github.com/MISP/misp-expansion) | MISP expansion - a browser extension (Firefox and Chrome) to lookup on MISP | MISP | bsd-2-clause | 5 |
| [https://github.com/ail-project/ail-feeder-discord](https://github.com/ail-project/ail-feeder-discord) | Discord feeder for AIL | ail-project | agpl-3.0 | 6 |
| [https://github.com/imuledx/OSINT_sources](https://github.com/imuledx/OSINT_sources) | | imuledx | | 112 |
| [https://github.com/m8sec/subscraper](https://github.com/m8sec/subscraper) | Perform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing. | m8sec | gpl-3.0 | 583 |
| [https://github.com/piccolomo/plotext](https://github.com/piccolomo/plotext) | plotting on terminal | piccolomo | mit | 1161 |
| [https://github.com/benedekrozemberczki/karateclub](https://github.com/benedekrozemberczki/karateclub) | Karate Club: An API Oriented Open-source Python Framework for Unsupervised Learning on Graphs (CIKM 2020) | benedekrozemberczki | gpl-3.0 | 1760 |
| [https://github.com/z1pti3/jimi](https://github.com/z1pti3/jimi) | Jimi is an automation first no-code platform designed and developed originally for Security Orchestration and Response. Since its launch jimi has developed into a fully fledged IT automation platform which effortlessly integrates with your existing tools unlocking the potential for autonomous IT and Security operations. | z1pti3 | apache-2.0 | 124 |
| [https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds](https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds) | Zeek-Formatted Threat Intelligence Feeds | CriticalPathSecurity | mit | 176 |
| [https://github.com/center-for-threat-informed-defense/security-stack-mappings](https://github.com/center-for-threat-informed-defense/security-stack-mappings) | This project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about. | center-for-threat-informed-defense | apache-2.0 | 239 |
| [https://github.com/ossf/scorecard](https://github.com/ossf/scorecard) | Security Scorecards - Security health metrics for Open Source | ossf | apache-2.0 | 3011 |
| [https://github.com/hm-seclab/YAFRA](https://github.com/hm-seclab/YAFRA) | YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents. | hm-seclab | apache-2.0 | 24 |
| [https://github.com/hamano/apache-mod-markdown](https://github.com/hamano/apache-mod-markdown) | Markdown filter module for Apache HTTPD Server | hamano | apache-2.0 | 81 |
| [https://github.com/D4-project/ct-scrutinize](https://github.com/D4-project/ct-scrutinize) | ct-scrutinize is a set of tools extract information from Certificate Transparency logs | D4-project | agpl-3.0 | 3 |
| [https://github.com/aniqfakhrul/Sharperner](https://github.com/aniqfakhrul/Sharperner) | Simple executable generator with encrypted shellcode. | aniqfakhrul | | 269 |
| [https://github.com/ticarpi/jwt_tool](https://github.com/ticarpi/jwt_tool) | :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens | ticarpi | gpl-3.0 | 3512 |
| [https://github.com/rhash/RHash](https://github.com/rhash/RHash) | Great utility for computing hash sums | rhash | 0bsd | 445 |
| [https://github.com/RCayre/mirage](https://github.com/RCayre/mirage) | Mirage is a powerful and modular framework dedicated to the security analysis of wireless communications. | RCayre | mit | 160 |
| [https://github.com/a-luna/fastapi-redis-cache](https://github.com/a-luna/fastapi-redis-cache) | A simple and robust caching solution for FastAPI that interprets request header values and creates proper response header values (powered by Redis) | a-luna | mit | 85 |
| [https://github.com/facebookresearch/faiss](https://github.com/facebookresearch/faiss) | A library for efficient similarity search and clustering of dense vectors. | facebookresearch | mit | 18317 |
| [https://github.com/facebookresearch/fastText](https://github.com/facebookresearch/fastText) | Library for fast text representation and classification. | facebookresearch | mit | 24007 |
| [https://github.com/muesli/markscribe](https://github.com/muesli/markscribe) | Your personal markdown scribe with template-engine and Git(Hub) & RSS powers 📜 | muesli | mit | 249 |
| [https://github.com/rayohauno/hierpart](https://github.com/rayohauno/hierpart) | A Python package that implements the HierarchicalPartition data structure. | rayohauno | gpl-2.0 | 5 |
| [https://github.com/google/osv.dev](https://github.com/google/osv.dev) | Open source vulnerability DB and triage service. | google | apache-2.0 | 653 |
| [https://github.com/ehn-dcc-development/eu-dcc-hcert-spec](https://github.com/ehn-dcc-development/eu-dcc-hcert-spec) | Electronic Health Certificates Specification | ehn-dcc-development | | 363 |
| [https://github.com/eaglx/VMPROTECT](https://github.com/eaglx/VMPROTECT) | Obfuscation method using virtual machine. | eaglx | gpl-3.0 | 551 |
| [https://github.com/matrix-org/pinecone](https://github.com/matrix-org/pinecone) | Peer-to-peer overlay routing for the Matrix ecosystem | matrix-org | apache-2.0 | 303 |
| [https://github.com/matteodellamico/flexible-clustering](https://github.com/matteodellamico/flexible-clustering) | Clustering for arbitrary data and dissimilarity function | matteodellamico | bsd-3-clause | 57 |
| [https://github.com/ruslashev/elfcat](https://github.com/ruslashev/elfcat) | ELF visualizer. Generates HTML files from ELF binaries. | ruslashev | zlib | 870 |
| [https://github.com/facebookresearch/AugLy](https://github.com/facebookresearch/AugLy) | A data augmentations library for audio, image, text, and video. | facebookresearch | other | 4595 |
| [https://github.com/EmergingThreats/threatresearch](https://github.com/EmergingThreats/threatresearch) | I wanted to call this repo "Nuclear Football Codes". I was outvoted.. | EmergingThreats | | 64 |
| [https://github.com/mapbox/storytelling](https://github.com/mapbox/storytelling) | Storytelling with maps template | mapbox | bsd-3-clause | 424 |
| [https://github.com/barrust/pyprobables](https://github.com/barrust/pyprobables) | Probabilistic data structures in python http://pyprobables.readthedocs.io/en/latest/index.html | barrust | mit | 84 |
| [https://github.com/hashlookup/PyHashlookup](https://github.com/hashlookup/PyHashlookup) | Python CLI and module for CIRCL hash lookup | hashlookup | gpl-3.0 | 8 |
| [https://github.com/infeeeee/kimai2-cmd](https://github.com/infeeeee/kimai2-cmd) | Command line client for Kimai2, the open source, self-hosted time tracker | infeeeee | mit | 19 |
| [https://github.com/kevinpapst/kimai2](https://github.com/kevinpapst/kimai2) | Kimai v2 is a web-based multiuser time-tracking application. Free for everyone: freelancers, agencies, companies, organizations - all can track their times, generate invoices and more. SaaS version available at https://www.kimai.cloud | kevinpapst | mit | 1901 |
| [https://github.com/sh-dv/hat.sh](https://github.com/sh-dv/hat.sh) | Encrypt and Decrypt files securely in your browser. | sh-dv | mit | 1560 |
| [https://github.com/CpanelInc/tech-CSI](https://github.com/CpanelInc/tech-CSI) | cPanel Security Scan | CpanelInc | other | 29 |
| [https://github.com/3c7/bazaar](https://github.com/3c7/bazaar) | Python based CLI for MalwareBazaar | 3c7 | mit | 17 |
| [https://github.com/e-m-b-a/emba](https://github.com/e-m-b-a/emba) | EMBA - The firmware security analyzer | e-m-b-a | gpl-3.0 | 1463 |
| [https://github.com/otgrkiss/apache-mellon-saml-misp-proxy](https://github.com/otgrkiss/apache-mellon-saml-misp-proxy) | | otgrkiss | | 2 |
| [https://github.com/vimoutliner/vimoutliner](https://github.com/vimoutliner/vimoutliner) | Work fast, think well. | vimoutliner | other | 554 |
| [https://github.com/sylhare/Type-on-Strap](https://github.com/sylhare/Type-on-Strap) | 🎨 Simplistic, responsive jekyll based open source theme | sylhare | mit | 671 |
| [https://github.com/Velocidex/velociraptor](https://github.com/Velocidex/velociraptor) | Digging Deeper.... | Velocidex | other | 1481 |
| [https://github.com/facebookincubator/nvdtools](https://github.com/facebookincubator/nvdtools) | A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD) | facebookincubator | apache-2.0 | 358 |
| [https://github.com/krt/redis-asm](https://github.com/krt/redis-asm) | Fast fuzzy string search on Redis using Lua. UTF-8 ready. | krt | mit | 40 |
| [https://github.com/iCopy-X-Community/icopyx-teardown](https://github.com/iCopy-X-Community/icopyx-teardown) | | iCopy-X-Community | | 36 |
| [https://github.com/javierbyte/pintr](https://github.com/javierbyte/pintr) | Create single line SVG illustrations from your pictures | javierbyte | bsd-3-clause | 678 |
| [https://github.com/zautomata/virusshare](https://github.com/zautomata/virusshare) | | zautomata | bsd-3-clause | 10 |
| [https://github.com/rajkumar-rangaraj/PDB-Downloader](https://github.com/rajkumar-rangaraj/PDB-Downloader) | PDB Downloader - An easier way to download Microsoft's public symbols for Libraries and Executables. | rajkumar-rangaraj | | 252 |
| [https://github.com/SAP/credential-digger](https://github.com/SAP/credential-digger) | A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock: | SAP | apache-2.0 | 218 |
| [https://github.com/jiabailie/Althttpd](https://github.com/jiabailie/Althttpd) | Althttpd is a simple webserver that has run the https://sqlite.org/ website since 2004. Althttpd strives for simplicity, security, and low resource usage. | jiabailie | mit | 12 |
| [https://github.com/bits-and-blooms/bloom](https://github.com/bits-and-blooms/bloom) | Go package implementing Bloom filters | bits-and-blooms | bsd-2-clause | 1710 |
| [https://github.com/mosajjal/dnsmonster](https://github.com/mosajjal/dnsmonster) | Passive DNS Capture and Monitoring Toolkit | mosajjal | gpl-2.0 | 212 |
| [https://github.com/eTextile/Matrix](https://github.com/eTextile/Matrix) | | eTextile | other | 9 |
| [https://github.com/drawrowfly/tiktok-scraper](https://github.com/drawrowfly/tiktok-scraper) | TikTok Scraper. Download video posts, collect user/trend/hashtag/music feed metadata, sign URL and etc. | drawrowfly | | 3115 |
| [https://github.com/apurvsinghgautam/dark-web-osint-tools](https://github.com/apurvsinghgautam/dark-web-osint-tools) | OSINT Tools for the Dark Web | apurvsinghgautam | | 276 |
| [https://github.com/marco-lancini/cartography-queries](https://github.com/marco-lancini/cartography-queries) | Utilities for programmatic analysis of Cartography data. | marco-lancini | apache-2.0 | 27 |
| [https://github.com/kirei/python-base45](https://github.com/kirei/python-base45) | Base45 | kirei | bsd-2-clause | 19 |
| [https://github.com/cudeso/misp-training-environment](https://github.com/cudeso/misp-training-environment) | Setting up a training environment for MISP | cudeso | | 10 |
| [https://github.com/berkgoksel/sysref](https://github.com/berkgoksel/sysref) | Terminal Linux Syscall Reference Table for x86, x64, arm32 and arm64 | berkgoksel | mit | 18 |
| [https://github.com/airbus-seclab/bincat](https://github.com/airbus-seclab/bincat) | Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection | airbus-seclab | | 1416 |
| [https://github.com/jampp/pybloomfiltermmap](https://github.com/jampp/pybloomfiltermmap) | Fast Python Bloom Filter using Mmap | jampp | mit | 3 |
| [https://github.com/prashnts/pybloomfiltermmap3](https://github.com/prashnts/pybloomfiltermmap3) | Fast Python Bloom Filter using Mmap | prashnts | mit | 89 |
| [https://github.com/mzucker/noteshrink](https://github.com/mzucker/noteshrink) | Convert scans of handwritten notes to beautiful, compact PDFs | mzucker | mit | 4750 |
| [https://github.com/MiroKaku/DetoursX](https://github.com/MiroKaku/DetoursX) | Kernel-Mode extended version of https://github.com/microsoft/Detours | MiroKaku | mit | 69 |
| [https://github.com/HanseSecure/credgrap_ie_edge](https://github.com/HanseSecure/credgrap_ie_edge) | Extract stored credentials from Internet Explorer and Edge | HanseSecure | gpl-3.0 | 303 |
| [https://github.com/wowthemesnet/mundana-theme-jekyll](https://github.com/wowthemesnet/mundana-theme-jekyll) | Mundana is a free Jekyll theme, Medium styled. | wowthemesnet | | 572 |
| [https://github.com/lclevy/PyTac_verif](https://github.com/lclevy/PyTac_verif) | a python tool to check French covid-19 vaccination certificate ECDSA signature | lclevy | gpl-2.0 | 7 |
| [https://github.com/beryldb/beryldb](https://github.com/beryldb/beryldb) | BerylDB is a fully modular data structure data manager that can be used to store data as key-value entries. The server allows channel subscription and is optimized to be used as a cache repository. Supported structures include lists, sets, multimaps, and keys. | beryldb | bsd-3-clause | 201 |
| [https://github.com/Ignitetechnologies/Credential-Dumping](https://github.com/Ignitetechnologies/Credential-Dumping) | This cheatsheet is aimed at the Red Teamers to help them understand the fundamentals of Credential Dumping (Sub Technique of Credential Access) with examples. There are multiple ways to perform the same tasks | Ignitetechnologies | | 309 |
| [https://github.com/W3ndige/aurora](https://github.com/W3ndige/aurora) | Malware similarity platform with modularity in mind. | W3ndige | other | 71 |
| [https://github.com/Viralmaniar/MurMurHash](https://github.com/Viralmaniar/MurMurHash) | This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. | Viralmaniar | mit | 76 |
| [https://github.com/mdecrevoisier/EVTX-to-MITRE-Attack](https://github.com/mdecrevoisier/EVTX-to-MITRE-Attack) | Set of EVTX samples (>170) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases. | mdecrevoisier | | 327 |
| [https://github.com/apache/superset](https://github.com/apache/superset) | Apache Superset is a Data Visualization and Data Exploration Platform | apache | apache-2.0 | 48897 |
| [https://github.com/sthagen/thampiman-reverse-geocoder](https://github.com/sthagen/thampiman-reverse-geocoder) | A fast, offline reverse geocoder in Python | sthagen | lgpl-2.1 | 2 |
| [https://github.com/nhairs/nserver](https://github.com/nhairs/nserver) | Python DNS Name Server Framework | nhairs | mit | 6 |
| [https://github.com/davidteather/TikTok-Api](https://github.com/davidteather/TikTok-Api) | The Unofficial TikTok API Wrapper In Python | davidteather | mit | 2744 |
| [https://github.com/bradleytaunt/ET-Jekyll](https://github.com/bradleytaunt/ET-Jekyll) | A minimal Jekyll theme inspired by Tufte CSS | bradleytaunt | mit | 135 |
| [https://github.com/riverloopsec/hashashin](https://github.com/riverloopsec/hashashin) | Hashashin: A Fuzzy Matching Tool for Binary Ninja | riverloopsec | mit | 69 |
| [https://github.com/riverloopsec/ninjadiff](https://github.com/riverloopsec/ninjadiff) | NinjaDiff is a binary diffing plugin for Binary Ninja. Read more on our blog, and contribute code & improvements! | riverloopsec | mit | 46 |
| [https://github.com/XiphosResearch/netelf](https://github.com/XiphosResearch/netelf) | Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc. | XiphosResearch | | 265 |
| [https://github.com/observablehq/plot](https://github.com/observablehq/plot) | A concise API for exploratory data visualization | observablehq | isc | 2134 |
| [https://github.com/knadh/listmonk](https://github.com/knadh/listmonk) | High performance, self-hosted, newsletter and mailing list manager with a modern dashboard. Single binary app. | knadh | agpl-3.0 | 8804 |
| [https://github.com/sdhash/sdhash](https://github.com/sdhash/sdhash) | similarity digest hashing tool | sdhash | apache-2.0 | 144 |
| [https://github.com/google/oss-vulnerability-guide](https://github.com/google/oss-vulnerability-guide) | A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications. | google | cc-by-4.0 | 102 |
| [https://github.com/medsec/kiasubc](https://github.com/medsec/kiasubc) | Cryptanalysis of KIASU-BC | medsec | other | 2 |
| [https://github.com/detectify/page-fetch](https://github.com/detectify/page-fetch) | Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pages and see the returned values | detectify | mit | 460 |
| [https://github.com/brimdata/brimcap](https://github.com/brimdata/brimcap) | Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more) | brimdata | bsd-3-clause | 36 |
| [https://github.com/nsacyber/Event-Forwarding-Guidance](https://github.com/nsacyber/Event-Forwarding-Guidance) | Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber | nsacyber | other | 730 |
| [https://github.com/Spacial/awesome-csirt](https://github.com/Spacial/awesome-csirt) | Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities. | Spacial | gpl-3.0 | 260 |
| [https://github.com/secworks/trng](https://github.com/secworks/trng) | True Random Number Generator core implemented in Verilog. | secworks | bsd-2-clause | 51 |
| [https://github.com/strontic/xcyclopedia](https://github.com/strontic/xcyclopedia) | Encyclopedia for Executables | strontic | mit | 289 |
| [https://github.com/center-for-threat-informed-defense/adversary_emulation_library](https://github.com/center-for-threat-informed-defense/adversary_emulation_library) | An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs. | center-for-threat-informed-defense | apache-2.0 | 814 |
| [https://github.com/pydio/cells](https://github.com/pydio/cells) | Future-proof content collaboration platform | pydio | agpl-3.0 | 1360 |
| [https://github.com/CiscoSecurity/tr-05-serverless-misp](https://github.com/CiscoSecurity/tr-05-serverless-misp) | Threat Response integration for MISP Project | CiscoSecurity | mit | 6 |
| [https://github.com/ninoseki/whois-parser](https://github.com/ninoseki/whois-parser) | Yet another whois parser for Python | ninoseki | mit | 3 |
| [https://github.com/valayDave/arxiv-miner](https://github.com/valayDave/arxiv-miner) | arxiv_miner is a toolkit for mining research papers on CS ArXiv. | valayDave | mit | 96 |
| [https://github.com/d3sre/IntelligentProcessLifecycle](https://github.com/d3sre/IntelligentProcessLifecycle) | The Intelligent Process Lifecycle of Active Cyber Defenders | d3sre | | 29 |
| [https://github.com/CyCat-project/cycat-service](https://github.com/CyCat-project/cycat-service) | CyCAT.org API back-end server including crawlers | CyCat-project | agpl-3.0 | 23 |
| [https://github.com/davidlatwe/montydb](https://github.com/davidlatwe/montydb) | Monty, Mongo tinified. MongoDB implemented in Python ! | davidlatwe | bsd-3-clause | 516 |
| [https://github.com/APIs-guru/openapi-directory](https://github.com/APIs-guru/openapi-directory) | 🌐 Wikipedia for Web APIs. Directory of REST API definitions in OpenAPI 2.0/3.x format | APIs-guru | cc0-1.0 | 2956 |
| [https://github.com/ninoseki/whois-rest](https://github.com/ninoseki/whois-rest) | A RESTful whois | ninoseki | mit | 4 |
| [https://github.com/droher/etymology-db](https://github.com/droher/etymology-db) | An open etymology dataset created using Wiktionary data. Contains 3.8M entries, 1.8M terms, 2900 languages, and 31 unique relationship types. | droher | apache-2.0 | 21 |
| [https://github.com/wwwtyro/candygraph](https://github.com/wwwtyro/candygraph) | Fast by default, flexible 2D plotting library. | wwwtyro | unlicense | 399 |
| [https://github.com/bee-san/pyWhat](https://github.com/bee-san/pyWhat) | 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️ | bee-san | mit | 5537 |
| [https://github.com/CodingGay/BlackDex](https://github.com/CodingGay/BlackDex) | BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in several seconds. | CodingGay | apache-2.0 | 4142 |
| [https://github.com/panther-labs/panther-analysis](https://github.com/panther-labs/panther-analysis) | Built-in Panther detection rules and policies | panther-labs | agpl-3.0 | 202 |
| [https://github.com/nimrodpar/Labeled-Elfs](https://github.com/nimrodpar/Labeled-Elfs) | A collection of well labeled ELF binaries compiled from benign and malicious code in various ways. Great for exploring similarity in executables and training various ML models. | nimrodpar | mit | 74 |
| [https://github.com/EdgeSecurityTeam/Vulnerability](https://github.com/EdgeSecurityTeam/Vulnerability) | 此项目将不定期从棱角社区对外进行公布一些最新漏洞。 | EdgeSecurityTeam | | 2738 |
| [https://github.com/jfmaes/SharpRDPDump](https://github.com/jfmaes/SharpRDPDump) | Create a minidump of TermService for clear text pw extraction | jfmaes | | 88 |
| [https://github.com/georgenicolaou/icarus](https://github.com/georgenicolaou/icarus) | The Exploitation Toolkit Icarus is a cross platform software exploitation library that assists in the development of proof of concept exploit code. | georgenicolaou | | 17 |
| [https://github.com/python-restx/flask-restx](https://github.com/python-restx/flask-restx) | Fork of Flask-RESTPlus: Fully featured framework for fast, easy and documented API development with Flask | python-restx | other | 1650 |
| [https://github.com/onnx/onnx](https://github.com/onnx/onnx) | Open standard for machine learning interoperability | onnx | apache-2.0 | 13496 |
| [https://github.com/jordanpotti/AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump) | Security Tool to Look For Interesting Files in S3 Buckets | jordanpotti | mit | 1184 |
| [https://github.com/gvalkov/rsstail.py](https://github.com/gvalkov/rsstail.py) | A command-line syndication feed monitor | gvalkov | other | 42 |
| [https://github.com/yahoojapan/NGT](https://github.com/yahoojapan/NGT) | Nearest Neighbor Search with Neighborhood Graph and Tree for High-dimensional Data | yahoojapan | apache-2.0 | 941 |
| [https://github.com/EC-DIGIT-CSIRC/credentialLeakDB](https://github.com/EC-DIGIT-CSIRC/credentialLeakDB) | A database for storing, querying and doing stats on credential leaks | EC-DIGIT-CSIRC | | 25 |
| [https://github.com/zedeus/nitter](https://github.com/zedeus/nitter) | Alternative Twitter front-end | zedeus | agpl-3.0 | 6032 |
| [https://github.com/jart/redisbayes](https://github.com/jart/redisbayes) | Naïve Bayesian Text Classifier on Redis | jart | | 108 |
| [https://github.com/lcashdol/UPX](https://github.com/lcashdol/UPX) | A utility to fix intentionally corrupted UPX packed files. | lcashdol | apache-2.0 | 52 |
| [https://github.com/adulau/rss-tools](https://github.com/adulau/rss-tools) | A set of old and crappy RSS scripts to handle RSS in an Unix way. | adulau | | 3 |
| [https://github.com/pixelfed/pixelfed](https://github.com/pixelfed/pixelfed) | Photo Sharing. For Everyone. | pixelfed | agpl-3.0 | 3914 |
| [https://github.com/Python-Markdown/markdown](https://github.com/Python-Markdown/markdown) | A Python implementation of John Grubers Markdown with Extension support. | Python-Markdown | other | 3041 |
| [https://github.com/Captain-P-Goldfish/scim-for-keycloak](https://github.com/Captain-P-Goldfish/scim-for-keycloak) | a third party module that extends keycloak by SCIM functionality | Captain-P-Goldfish | bsd-3-clause | 110 |
| [https://github.com/cloudtrust/keycloak-wsfed](https://github.com/cloudtrust/keycloak-wsfed) | WS-Federation implementation for keycloak | cloudtrust | agpl-3.0 | 32 |
| [https://github.com/matplotlib/cheatsheets](https://github.com/matplotlib/cheatsheets) | Official Matplotlib cheat sheets | matplotlib | bsd-2-clause | 6603 |
| [https://github.com/smdu57/ail-feeder-vk](https://github.com/smdu57/ail-feeder-vk) | | smdu57 | | 2 |
| [https://github.com/BushidoUK/CTI-Lexicon](https://github.com/BushidoUK/CTI-Lexicon) | Dictionary of CTI-related acronyms, terms, and jargon | BushidoUK | | 117 |
| [https://github.com/hasherezade/hollows_hunter](https://github.com/hasherezade/hollows_hunter) | Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). | hasherezade | bsd-2-clause | 1456 |
| [https://github.com/xwiki-labs/cryptpad](https://github.com/xwiki-labs/cryptpad) | Collaboration suite, end-to-end encrypted and open-source. | xwiki-labs | agpl-3.0 | 3948 |
| [https://github.com/hedgedoc/container](https://github.com/hedgedoc/container) | HedgeDoc container image resources | hedgedoc | | 178 |
| [https://github.com/vxcute/WindowsInternals](https://github.com/vxcute/WindowsInternals) | Yet another windows internals repo | vxcute | | 189 |
| [https://github.com/slidevjs/slidev](https://github.com/slidevjs/slidev) | Presentation Slides for Developers | slidevjs | mit | 23154 |
| [https://github.com/farsightsec/dnsdbflex](https://github.com/farsightsec/dnsdbflex) | command line tool to use the DNSDB Flexible Search API extensions. | farsightsec | | 12 |
| [https://github.com/UnaPibaGeek/ctfr](https://github.com/UnaPibaGeek/ctfr) | Abusing Certificate Transparency logs for getting HTTPS websites subdomains. | UnaPibaGeek | gpl-3.0 | 1651 |
| [https://github.com/adobe/OSAS](https://github.com/adobe/OSAS) | One Stop Anomaly Shop: Anomaly detection using two-phase approach: (a) pre-labeling using statistics, Natural Language Processing and static rules; (b) anomaly scoring using supervised and unsupervised machine learning. | adobe | apache-2.0 | 145 |
| [https://github.com/c3rb3ru5d3d53c/mwdb-feeds](https://github.com/c3rb3ru5d3d53c/mwdb-feeds) | A Modular MWDB Utility to Collect Fresh Malware Samples | c3rb3ru5d3d53c | bsd-3-clause | 32 |
| [https://github.com/Cr4sh/MicroBackdoor](https://github.com/Cr4sh/MicroBackdoor) | Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ] | Cr4sh | gpl-3.0 | 449 |
| [https://github.com/camptocamp/inkmap](https://github.com/camptocamp/inkmap) | A library for generating high-quality, printable maps on the browser. | camptocamp | other | 77 |
| [https://github.com/endrazine/wcc](https://github.com/endrazine/wcc) | The Witchcraft Compiler Collection | endrazine | other | 1707 |
| [https://github.com/D4-project/TinyCheck](https://github.com/D4-project/TinyCheck) | TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere. | D4-project | apache-2.0 | 3 |
| [https://github.com/bstoilov/py3-pinterest](https://github.com/bstoilov/py3-pinterest) | Fully fledged Python Pinterest client | bstoilov | mit | 218 |
| [https://github.com/sa7mon/S3Scanner](https://github.com/sa7mon/S3Scanner) | Scan for open S3 buckets and dump the contents | sa7mon | mit | 1903 |
| [https://github.com/pralab/secml_malware](https://github.com/pralab/secml_malware) | Create adversarial attacks against machine learning Windows malware detectors | pralab | gpl-3.0 | 137 |
| [https://github.com/ion-storm/sysmon-edr](https://github.com/ion-storm/sysmon-edr) | Sysmon EDR POC Build within Powershell to prove ability. | ion-storm | | 186 |
| [https://github.com/P4T12ICK/Sigma-Rule-Repository](https://github.com/P4T12ICK/Sigma-Rule-Repository) | Sigma Detection Rule Repository | P4T12ICK | gpl-3.0 | 69 |
| [https://github.com/nccgroup/autochrome](https://github.com/nccgroup/autochrome) | This tool downloads, installs, and configures a shiny new copy of Chromium. | nccgroup | apache-2.0 | 391 |
| [https://github.com/ppwwyyxx/wechat-dump](https://github.com/ppwwyyxx/wechat-dump) | Cracking encrypted wechat message history from android | ppwwyyxx | gpl-3.0 | 1479 |
| [https://github.com/TheWover/CertStealer](https://github.com/TheWover/CertStealer) | A .NET tool for exporting and importing certificates without touching disk. | TheWover | mit | 383 |
| [https://github.com/Genivia/ugrep](https://github.com/Genivia/ugrep) | 🔍NEW ugrep v3.9: ultra fast grep with interactive TUI, fuzzy search, boolean queries, hexdumps and more: search file systems, source code, text, binary files, archives (cpio/tar/pax/zip), compressed files (gz/Z/bz2/lzma/xz/lz4/zstd), documents etc. A faster, user-friendly and compatible grep replacement. | Genivia | bsd-3-clause | 1363 |
| [https://github.com/JSCU-NL/logging-essentials](https://github.com/JSCU-NL/logging-essentials) | A Windows event logging and collection baseline focused on finding balance between forensic value and optimising retention. | JSCU-NL | apache-2.0 | 215 |
| [https://github.com/certtools/ieps](https://github.com/certtools/ieps) | IntelMQ Enhancement Proposals | certtools | | 4 |
| [https://github.com/mandiant/pulsesecure_exploitation_countermeasures](https://github.com/mandiant/pulsesecure_exploitation_countermeasures) | | mandiant | other | 23 |
| [https://github.com/D4-project/d4-pretensor](https://github.com/D4-project/d4-pretensor) | Easing tor proxies botnet analysis | D4-project | | 4 |
| [https://github.com/0xrawsec/gene-rules](https://github.com/0xrawsec/gene-rules) | | 0xrawsec | gpl-3.0 | 32 |
| [https://github.com/ail-project/PyAIL](https://github.com/ail-project/PyAIL) | Python library using the AIL Rest API | ail-project | other | 6 |
| [https://github.com/BSI-Bund/RdpCacheStitcher](https://github.com/BSI-Bund/RdpCacheStitcher) | RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. | BSI-Bund | | 172 |
| [https://github.com/brannondorsey/PassGAN](https://github.com/brannondorsey/PassGAN) | A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440) | brannondorsey | mit | 813 |
| [https://github.com/DSecurity/efiSeek](https://github.com/DSecurity/efiSeek) | Ghidra analyzer for UEFI firmware. | DSecurity | apache-2.0 | 233 |
| [https://github.com/domainaware/parsedmarc](https://github.com/domainaware/parsedmarc) | A Python package and CLI for parsing aggregate and forensic DMARC reports | domainaware | apache-2.0 | 610 |
| [https://github.com/shadowsocks/shadowsocks-crypto](https://github.com/shadowsocks/shadowsocks-crypto) | Shadowsocks Crypto | shadowsocks | mit | 32 |
| [https://github.com/angr/fidget](https://github.com/angr/fidget) | A tool to add simple inline patches to a binary to rearrange its stack frames, and other things! | angr | bsd-2-clause | 43 |
| [https://github.com/GaretJax/misp-tr-cli](https://github.com/GaretJax/misp-tr-cli) | | GaretJax | | 1 |
| [https://github.com/opensearch-project/OpenSearch](https://github.com/opensearch-project/OpenSearch) | 🔎 Open source distributed and RESTful search engine. | opensearch-project | apache-2.0 | 5939 |
| [https://github.com/chrislee35/yaratool](https://github.com/chrislee35/yaratool) | Python libary to normalize Yara signatures | chrislee35 | | 19 |
| [https://github.com/Ch0pin/medusa](https://github.com/Ch0pin/medusa) | Binary instrumentation framework based on FRIDA | Ch0pin | | 790 |
| [https://github.com/bloomberg/comdb2](https://github.com/bloomberg/comdb2) | Bloomberg's distributed RDBMS | bloomberg | other | 1169 |
| [https://github.com/OAI/OpenAPI-Specification](https://github.com/OAI/OpenAPI-Specification) | The OpenAPI Specification Repository | OAI | apache-2.0 | 25230 |
| [https://github.com/microsoft/CyberBattleSim](https://github.com/microsoft/CyberBattleSim) | An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments. | microsoft | mit | 1460 |
| [https://github.com/cyb3rfox/Aurora-Incident-Response](https://github.com/cyb3rfox/Aurora-Incident-Response) | Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders | cyb3rfox | apache-2.0 | 553 |
| [https://github.com/ValdikSS/GoodbyeDPI](https://github.com/ValdikSS/GoodbyeDPI) | GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows) | ValdikSS | apache-2.0 | 7772 |
| [https://github.com/chronicle/detection-rules](https://github.com/chronicle/detection-rules) | Collection of YARA-L 2.0 sample rules for the Chronicle Detection API | chronicle | apache-2.0 | 107 |
| [https://github.com/glitchedgitz/cook](https://github.com/glitchedgitz/cook) | An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need. Frustation Killer!!! | glitchedgitz | mit | 466 |
| [https://github.com/akoksal/BERT-Sentiment-Analysis-Turkish](https://github.com/akoksal/BERT-Sentiment-Analysis-Turkish) | Sentiment Analysis with BERT in Turkish Tweets | akoksal | gpl-3.0 | 101 |
| [https://github.com/bilde2910/Hauk](https://github.com/bilde2910/Hauk) | Open-source realtime location sharing | bilde2910 | apache-2.0 | 428 |
| [https://github.com/fboldewin/misc_malware](https://github.com/fboldewin/misc_malware) | | fboldewin | | 37 |
| [https://github.com/jorisschellekens/borb](https://github.com/jorisschellekens/borb) | borb is a library for reading, creating and manipulating PDF files in python. | jorisschellekens | other | 2835 |
| [https://github.com/tbarabosch/apihash_to_yara](https://github.com/tbarabosch/apihash_to_yara) | Generates YARA rules to detect malware using API hashing | tbarabosch | apache-2.0 | 14 |
| [https://github.com/sjewo/cartogram](https://github.com/sjewo/cartogram) | r package for cartogram creation | sjewo | | 131 |
| [https://github.com/jtleek/datasharing](https://github.com/jtleek/datasharing) | The Leek group guide to data sharing | jtleek | | 6199 |
| [https://github.com/ekamioka/datasharing](https://github.com/ekamioka/datasharing) | The Leek group guide to data sharing | ekamioka | | 1 |
| [https://github.com/Coldzer0/Cmulator](https://github.com/Coldzer0/Cmulator) | Cmulator is ( x86 - x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries . Based on Unicorn & Zydis Engine & javascript | Coldzer0 | agpl-3.0 | 262 |
| [https://github.com/revng/pagebuster](https://github.com/revng/pagebuster) | PageBuster - dump all executable pages of packed processes. | revng | gpl-2.0 | 188 |
| [https://github.com/trehn/termdown](https://github.com/trehn/termdown) | Countdown timer and stopwatch in your terminal | trehn | gpl-3.0 | 1090 |
| [https://github.com/urbanadventurer/WhatWeb](https://github.com/urbanadventurer/WhatWeb) | Next generation web scanner | urbanadventurer | gpl-2.0 | 4178 |
| [https://github.com/ninoseki/mitaka](https://github.com/ninoseki/mitaka) | A browser extension for OSINT search | ninoseki | mit | 918 |
| [https://github.com/dibsy/SLAEx86](https://github.com/dibsy/SLAEx86) | SLAE x86 Assembly Language and Shellcoding on Linux | dibsy | | 7 |
| [https://github.com/williballenthin/siglib](https://github.com/williballenthin/siglib) | function identification signatures | williballenthin | apache-2.0 | 8 |
| [https://github.com/axt/angr-utils](https://github.com/axt/angr-utils) | Handy utilities for the angr binary analysis framework, most notably CFG visualization | axt | bsd-2-clause | 225 |
| [https://github.com/trimstray/the-book-of-secret-knowledge](https://github.com/trimstray/the-book-of-secret-knowledge) | A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. | trimstray | mit | 81702 |
| [https://github.com/US-CBP/GTAS](https://github.com/US-CBP/GTAS) | Global Travel Assessment System | A passenger data screening and analysis system for enhancing global security | US-CBP | other | 93 |
| [https://github.com/actions/runner-images](https://github.com/actions/runner-images) | GitHub Actions runner images | actions | mit | 6819 |
| [https://github.com/3c7/yaramanager](https://github.com/3c7/yaramanager) | Simple yara rule manager | 3c7 | mit | 65 |
| [https://github.com/ayman/flickrsavr](https://github.com/ayman/flickrsavr) | A preservation experiment to save photos from Flickr to your disk with the metadata embedded. | ayman | mit | 16 |
| [https://github.com/ninoseki/eml_analyzer](https://github.com/ninoseki/eml_analyzer) | EML analyzer is an application to analyze the EML file | ninoseki | mit | 146 |
| [https://github.com/quickwit-oss/tantivy](https://github.com/quickwit-oss/tantivy) | Tantivy is a full-text search engine library inspired by Apache Lucene and written in Rust | quickwit-oss | mit | 7224 |
| [https://github.com/codeyourweb/irma](https://github.com/codeyourweb/irma) | enpoint detection / live analysis & sandbox host / signatures quality test | codeyourweb | mit | 31 |
| [https://github.com/GiulioRossetti/ndlib](https://github.com/GiulioRossetti/ndlib) | Network Diffusion Library - (for NetworkX and iGraph) | GiulioRossetti | bsd-2-clause | 225 |
| [https://github.com/lunasorcery/Blossom](https://github.com/lunasorcery/Blossom) | 4K Executable Graphics framework | lunasorcery | other | 174 |
| [https://github.com/Tylous/Limelighter](https://github.com/Tylous/Limelighter) | A tool for generating fake code signing certificates or signing real ones | Tylous | mit | 683 |
| [https://github.com/jakejarvis/awesome-shodan-queries](https://github.com/jakejarvis/awesome-shodan-queries) | 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻 | jakejarvis | cc0-1.0 | 3548 |
| [https://github.com/dwisiswant0/apkleaks](https://github.com/dwisiswant0/apkleaks) | Scanning APK file for URIs, endpoints & secrets. | dwisiswant0 | apache-2.0 | 3337 |
| [https://github.com/liyansong2018/firmware-analysis-plus](https://github.com/liyansong2018/firmware-analysis-plus) | Simulate firmware with one click of firmadyne (使用 firmadyne 一键模拟固件) | liyansong2018 | mit | 174 |
| [https://github.com/falzm/burl](https://github.com/falzm/burl) | Pure Bash HTTP client | falzm | mit | 38 |
| [https://github.com/newsviz/newsviz](https://github.com/newsviz/newsviz) | Project on text topics evolution over time analysis | newsviz | gpl-3.0 | 74 |
| [https://github.com/palantir/phishcatch](https://github.com/palantir/phishcatch) | A browser extension and API server for detecting corporate password use on external websites | palantir | apache-2.0 | 73 |
| [https://github.com/synacktiv/shannon-dbg](https://github.com/synacktiv/shannon-dbg) | Debugger for the Shannon Baseband | synacktiv | | 52 |
| [https://github.com/mxrch/GHunt](https://github.com/mxrch/GHunt) | 🕵️‍♂️ Offensive Google framework. | mxrch | mpl-2.0 | 12131 |
| [https://github.com/MISP/misp-stix](https://github.com/MISP/misp-stix) | MISP-STIX-Converter - Python library to handle the conversion between MISP and STIX formats | MISP | bsd-2-clause | 20 |
| [https://github.com/CERT-Polska/drakvuf-sandbox](https://github.com/CERT-Polska/drakvuf-sandbox) | DRAKVUF Sandbox - automated hypervisor-level malware analysis system | CERT-Polska | other | 729 |
| [https://github.com/arvidn/torrent-tools](https://github.com/arvidn/torrent-tools) | tools for creating, inspecting and modifying torrent files | arvidn | bsd-3-clause | 8 |
| [https://github.com/gracenolan/Notes](https://github.com/gracenolan/Notes) | | gracenolan | | 929 |
| [https://github.com/GONZOsint/gitrecon](https://github.com/GONZOsint/gitrecon) | OSINT tool to get information from a Github and Gitlab profile and find user's email addresses leaked on commits. | GONZOsint | gpl-3.0 | 208 |
| [https://github.com/DIVD-NL/scanning](https://github.com/DIVD-NL/scanning) | | DIVD-NL | | 2 |
| [https://github.com/KaanSK/Go-MISPFeedGenerator](https://github.com/KaanSK/Go-MISPFeedGenerator) | Golang implementation of PyMISP-feedgenerator | KaanSK | gpl-3.0 | 15 |
| [https://github.com/Malfrats/xeuledoc](https://github.com/Malfrats/xeuledoc) | Fetch information about a public Google document. | Malfrats | gpl-3.0 | 634 |
| [https://github.com/can1357/NoVmp](https://github.com/can1357/NoVmp) | A static devirtualizer for VMProtect x64 3.x. powered by VTIL. | can1357 | gpl-3.0 | 1501 |
| [https://github.com/PwC-IR/MIA-MailItemsAccessed-](https://github.com/PwC-IR/MIA-MailItemsAccessed-) | Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features from the Office 365 Audit Log. | PwC-IR | | 14 |
| [https://github.com/PwC-IR/Office-365-Extractor](https://github.com/PwC-IR/Office-365-Extractor) | The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL) | PwC-IR | | 157 |
| [https://github.com/didix21/mdutils](https://github.com/didix21/mdutils) | Python package contains a set of basic tools that can help to create a markdown file. | didix21 | mit | 135 |
| [https://github.com/vp777/procrustes](https://github.com/vp777/procrustes) | A bash script that automates the exfiltration of data over dns in case we have blind command execution on a server with egress filtering | vp777 | | 207 |
| [https://github.com/cisagov/CHIRP](https://github.com/cisagov/CHIRP) | A DFIR tool written in Python. | cisagov | cc0-1.0 | 1041 |
| [https://github.com/mattermost/focalboard](https://github.com/mattermost/focalboard) | Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana. | mattermost | other | 13402 |
| [https://github.com/justfoxing/ghidra_bridge](https://github.com/justfoxing/ghidra_bridge) | Python 3 bridge to Ghidra's Python scripting | justfoxing | mit | 232 |
| [https://github.com/domenukk/strudra](https://github.com/domenukk/strudra) | Use Ghidra Structs in Python | domenukk | mit | 26 |
| [https://github.com/gloxec/CrossC2](https://github.com/gloxec/CrossC2) | generate CobaltStrike's cross-platform payload | gloxec | | 1516 |
| [https://github.com/alexandreborges/malwoverview](https://github.com/alexandreborges/malwoverview) | Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT. | alexandreborges | gpl-3.0 | 1959 |
| [https://github.com/speedata/publisher](https://github.com/speedata/publisher) | speedata Publisher - a professional database Publishing system | speedata | agpl-3.0 | 245 |
| [https://github.com/GraxCode/threadtear](https://github.com/GraxCode/threadtear) | Multifunctional java deobfuscation tool suite | GraxCode | gpl-3.0 | 684 |
| [https://github.com/intelowlproject/IntelOwl](https://github.com/intelowlproject/IntelOwl) | Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale | intelowlproject | agpl-3.0 | 2441 |
| [https://github.com/chasemccoy/museo](https://github.com/chasemccoy/museo) | 🏛 Museo is a tool for finding images in the public domain from some of the best museums in the world. | chasemccoy | | 50 |
| [https://github.com/mentebinaria/retoolkit](https://github.com/mentebinaria/retoolkit) | Reverse Engineer's Toolkit | mentebinaria | apache-2.0 | 3436 |
| [https://github.com/marjatech/threatfox2misp](https://github.com/marjatech/threatfox2misp) | Creating a Feed of MISP Events from ThreatFox (by abuse.ch) | marjatech | gpl-3.0 | 18 |
| [https://github.com/doyensec/regexploit](https://github.com/doyensec/regexploit) | Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service) | doyensec | apache-2.0 | 641 |
| [https://github.com/bbalet/jorani](https://github.com/bbalet/jorani) | Leave and Overtime Management System | bbalet | agpl-3.0 | 329 |
| [https://github.com/ancailliau/YadaYara](https://github.com/ancailliau/YadaYara) | | ancailliau | agpl-3.0 | 6 |
| [https://github.com/hedgedoc/hedgedoc](https://github.com/hedgedoc/hedgedoc) | HedgeDoc - The best platform to write and share markdown. | hedgedoc | agpl-3.0 | 3327 |
| [https://github.com/hedgedoc/cli](https://github.com/hedgedoc/cli) | A tiny CLI for HedgeDoc | hedgedoc | agpl-3.0 | 126 |
| [https://github.com/brython-dev/brython](https://github.com/brython-dev/brython) | Brython (Browser Python) is an implementation of Python 3 running in the browser | brython-dev | bsd-3-clause | 5851 |
| [https://github.com/ckan/ckan](https://github.com/ckan/ckan) | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. CKAN makes it easy to publish, share and use data. It powers catalog.data.gov, open.canada.ca/data, data.humdata.org among many other sites. | ckan | other | 3579 |
| [https://github.com/QKaiser/voodoo](https://github.com/QKaiser/voodoo) | This repository holds proof-of-concepts for the VOOdoo vulnerabilities found in NETGEAR CG3100 and CG3700B cable modems provided by VOO to its subscribers. | QKaiser | | 14 |
| [https://github.com/amuehlem/MISP-RPM](https://github.com/amuehlem/MISP-RPM) | RPM packages for MISP | amuehlem | | 24 |
| [https://github.com/rsharo/bgrep](https://github.com/rsharo/bgrep) | Binary Grep | rsharo | | 42 |
| [https://github.com/beerfactory/hbmqtt](https://github.com/beerfactory/hbmqtt) | MQTT client/broker using Python asynchronous I/O | beerfactory | mit | 768 |
| [https://github.com/markdown-it/markdown-it](https://github.com/markdown-it/markdown-it) | Markdown parser, done right. 100% CommonMark support, extensions, syntax plugins & high speed | markdown-it | mit | 14391 |
| [https://github.com/qeeqbox/social-analyzer](https://github.com/qeeqbox/social-analyzer) | API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites | qeeqbox | agpl-3.0 | 9414 |
| [https://github.com/qeeqbox/chameleon](https://github.com/qeeqbox/chameleon) | 19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap) | qeeqbox | agpl-3.0 | 516 |
| [https://github.com/evildmp/C-is-for-Camera](https://github.com/evildmp/C-is-for-Camera) | A 35mm camera, based on the Canonet G-III QL17 rangefinder, modelled in Python. | evildmp | | 146 |
| [https://github.com/Ariana1729/RSA-is-alive](https://github.com/Ariana1729/RSA-is-alive) | Implementation of https://eprint.iacr.org/2021/232 | Ariana1729 | | 92 |
| [https://github.com/microsoft/CSS-Exchange](https://github.com/microsoft/CSS-Exchange) | Exchange Server support tools and scripts | microsoft | mit | 1071 |
| [https://github.com/hzbd/kazam](https://github.com/hzbd/kazam) | A screencasting program created with design in mind.(https://launchpad.net/kazam) | hzbd | gpl-3.0 | 294 |
| [https://github.com/c0ny1/vulstudy](https://github.com/c0ny1/vulstudy) | 使用docker快速搭建各大漏洞靶场目前可以一键搭建17个靶场。 | c0ny1 | | 1717 |
| [https://github.com/csirt-tooling-org/tooling-directory](https://github.com/csirt-tooling-org/tooling-directory) | Tools used by CSIRT and especially in the scope of CNW | csirt-tooling-org | | 10 |
| [https://github.com/MISP/misp-book](https://github.com/MISP/misp-book) | User guide of MISP | MISP | | 193 |
| [https://github.com/mbrengel/yarix](https://github.com/mbrengel/yarix) | | mbrengel | | 54 |
| [https://github.com/metebalci/pdftitle](https://github.com/metebalci/pdftitle) | a utility to extract the title from a PDF file | metebalci | gpl-3.0 | 86 |
| [https://github.com/jart/cosmopolitan](https://github.com/jart/cosmopolitan) | build-once run-anywhere c library | jart | isc | 9485 |
| [https://github.com/irevenko/tsukae](https://github.com/irevenko/tsukae) | 🐚📊 Show off your most used shell commands | irevenko | mit | 431 |
| [https://github.com/trailofbits/graphtage](https://github.com/trailofbits/graphtage) | A semantic diff utility and library for tree-like files such as JSON, JSON5, XML, HTML, YAML, and CSV. | trailofbits | lgpl-3.0 | 2171 |
| [https://github.com/nymtech/nym](https://github.com/nymtech/nym) | Nym provides strong network-level privacy against sophisticated end-to-end attackers, and anonymous transactions using blinded, re-randomizable, decentralized credentials. | nymtech | | 621 |
| [https://github.com/iluxonchik/rfc-bibtex](https://github.com/iluxonchik/rfc-bibtex) | A command line tool that creates bibtex entries for IETF RFCs and Internet Drafts. | iluxonchik | mit | 43 |
| [https://github.com/pydata/xarray](https://github.com/pydata/xarray) | N-D labeled arrays and datasets in Python | pydata | apache-2.0 | 2733 |
| [https://github.com/karlicoss/myinfra](https://github.com/karlicoss/myinfra) | A diagram of my personal infrastructure | karlicoss | mit | 37 |
| [https://github.com/loseys/BlackMamba](https://github.com/loseys/BlackMamba) | C2/post-exploitation framework | loseys | mit | 866 |
| [https://github.com/FrenchCisco/RATel](https://github.com/FrenchCisco/RATel) | RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software. | FrenchCisco | mit | 217 |
| [https://github.com/cert-orangecyberdefense/datalake_misp_integration](https://github.com/cert-orangecyberdefense/datalake_misp_integration) | | cert-orangecyberdefense | | 3 |
| [https://github.com/effgarces/BookedScheduler](https://github.com/effgarces/BookedScheduler) | Repository for the last open source version of Booked Scheduler. The "develop" branch contains the most current working code of the project and should be considered beta. The "master" branch is the most current stable release of BookedScheduler. Please read doc/README.md for further details. | effgarces | gpl-3.0 | 239 |
| [https://github.com/honkit/honkit](https://github.com/honkit/honkit) | :book: HonKit is building beautiful books using Markdown - Fork of GitBook | honkit | apache-2.0 | 2344 |
| [https://github.com/misterch0c/CrimeBoards](https://github.com/misterch0c/CrimeBoards) | A list of private and public (more or less) blackhat boards | misterch0c | | 214 |
| [https://github.com/threatgrid/ctia](https://github.com/threatgrid/ctia) | Cisco Threat Intelligence API | threatgrid | epl-1.0 | 51 |
| [https://github.com/projectdiscovery/mapcidr](https://github.com/projectdiscovery/mapcidr) | Small utility program to perform multiple operations for a given subnet/CIDR ranges. | projectdiscovery | mit | 566 |
| [https://github.com/f0wl/MalwareLab_VM-Setup](https://github.com/f0wl/MalwareLab_VM-Setup) | Setup scripts for my Malware Analysis VMs | f0wl | gpl-3.0 | 210 |
| [https://github.com/projectdiscovery/nuclei](https://github.com/projectdiscovery/nuclei) | Fast and customizable vulnerability scanner based on simple YAML based DSL. | projectdiscovery | mit | 10399 |
| [https://github.com/easylist/easylist](https://github.com/easylist/easylist) | EasyList filter subscription (EasyList, EasyPrivacy, EasyList Cookie, Fanboy's Social/Annoyances/Notifications Blocking List) | easylist | | 1408 |
| [https://github.com/nitefood/asn](https://github.com/nitefood/asn) | ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server | nitefood | mit | 680 |
| [https://github.com/itm4n/Perfusion](https://github.com/itm4n/Perfusion) | Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012) | itm4n | | 397 |
| [https://github.com/jeffjbowie/intelligence_gathering](https://github.com/jeffjbowie/intelligence_gathering) | | jeffjbowie | | 23 |
| [https://github.com/deepmind/tree](https://github.com/deepmind/tree) | tree is a library for working with nested data structures | deepmind | apache-2.0 | 783 |
| [https://github.com/zoobab/mobib-extractor](https://github.com/zoobab/mobib-extractor) | MOBIB-extractor allows you to read the data stored on your STIB Mobib card | zoobab | | 17 |
| [https://github.com/jackullrich/syscall-detect](https://github.com/jackullrich/syscall-detect) | PoC capable of detecting manual syscalls from usermode. | jackullrich | | 120 |
| [https://github.com/pablomarle/networkmaps](https://github.com/pablomarle/networkmaps) | Online network diagram editor | pablomarle | mit | 86 |
| [https://github.com/MBCProject/mbc-markdown](https://github.com/MBCProject/mbc-markdown) | MBC content in markdown | MBCProject | | 195 |
| [https://github.com/ambrop72/badvpn](https://github.com/ambrop72/badvpn) | NCD scripting language, tun2socks proxifier, P2P VPN | ambrop72 | other | 1702 |
| [https://github.com/allegro/ralph](https://github.com/allegro/ralph) | Ralph is the CMDB / Asset Management system for data center and back office hardware. | allegro | apache-2.0 | 1898 |
| [https://github.com/cyberark/BlobHunter](https://github.com/cyberark/BlobHunter) | Find exposed data in Azure with this public blob scanner | cyberark | mit | 240 |
| [https://github.com/tidwall/ptree](https://github.com/tidwall/ptree) | A data structure for storing points. | tidwall | mit | 17 |
| [https://github.com/sthagen/asenci-uipcalc](https://github.com/sthagen/asenci-uipcalc) | Universal (IPv4/IPv6) CIDR calculator | sthagen | isc | 4 |
| [https://github.com/superbaud/HEAI](https://github.com/superbaud/HEAI) | fun with GSM | superbaud | | 1 |
| [https://github.com/jonasstrehle/supercookie](https://github.com/jonasstrehle/supercookie) | ⚠️ Browser fingerprinting via favicon! | jonasstrehle | mit | 3987 |
| [https://github.com/open-sdr/openwifi](https://github.com/open-sdr/openwifi) | open-source IEEE 802.11 WiFi baseband FPGA (chip) design: driver, software | open-sdr | agpl-3.0 | 2736 |
| [https://github.com/srsran/srsRAN](https://github.com/srsran/srsRAN) | Open source SDR 4G/5G software suite from Software Radio Systems (SRS) | srsran | agpl-3.0 | 2805 |
| [https://github.com/vixie/cron](https://github.com/vixie/cron) | Vixie Cron, an open source implementation of POSIX Cron, later imported into BSD and Linux | vixie | other | 27 |
| [https://github.com/dataspectra/base-station-mapping](https://github.com/dataspectra/base-station-mapping) | | dataspectra | gpl-3.0 | 4 |
| [https://github.com/frictionlessdata/schema-collaboration](https://github.com/frictionlessdata/schema-collaboration) | Carles Pina Estany's 2020 Tool Fund: data managers and researchers collaborate to write the Frictionless Data packages, tabular schemas, etc. | frictionlessdata | mit | 15 |
| [https://github.com/medialab/minet](https://github.com/medialab/minet) | A webmining CLI tool & library for python. | medialab | gpl-3.0 | 156 |
| [https://github.com/Guillaume-Levrier/PANDORAE](https://github.com/Guillaume-Levrier/PANDORAE) | A data retrieval & exploration protocol designed to investigate science and policy processes | Guillaume-Levrier | mit | 5 |
| [https://github.com/medialab/gazouilloire](https://github.com/medialab/gazouilloire) | Twitter stream + search API grabber | medialab | gpl-3.0 | 94 |
| [https://github.com/medialab/hyphe-browser](https://github.com/medialab/hyphe-browser) | Browser version of Hyphe (WIP) | medialab | agpl-3.0 | 25 |
| [https://github.com/ossf/wg-securing-critical-projects](https://github.com/ossf/wg-securing-critical-projects) | Helping allocate resources to secure the critical open source projects we all depend on. | ossf | apache-2.0 | 244 |
| [https://github.com/ossf/criticality_score](https://github.com/ossf/criticality_score) | Gives criticality score for an open source project | ossf | apache-2.0 | 1095 |
| [https://github.com/spyder-ide/spyder](https://github.com/spyder-ide/spyder) | Official repository for Spyder - The Scientific Python Development Environment | spyder-ide | mit | 7235 |
| [https://github.com/phage-nz/infosec-bazaar](https://github.com/phage-nz/infosec-bazaar) | A collection of infosec related scripts and information. | phage-nz | | 55 |
| [https://github.com/ail-project/ail-feeder-telegram](https://github.com/ail-project/ail-feeder-telegram) | External telegram feeder for AIL framework | ail-project | agpl-3.0 | 6 |
| [https://github.com/microsoft/graspologic](https://github.com/microsoft/graspologic) | Python package for graph statistics | microsoft | mit | 268 |
| [https://github.com/counteractive/incident-response-plan-template](https://github.com/counteractive/incident-response-plan-template) | A concise, directive, specific, flexible, and free incident response plan template | counteractive | other | 355 |
| [https://github.com/ifduyue/python-xxhash](https://github.com/ifduyue/python-xxhash) | Python Binding for xxHash | ifduyue | bsd-2-clause | 294 |
| [https://github.com/m8sec/pymeta](https://github.com/m8sec/pymeta) | Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions. | m8sec | gpl-3.0 | 300 |
| [https://github.com/CyCat-project/cycat-taxonomy](https://github.com/CyCat-project/cycat-taxonomy) | CyCAT.org taxonomies | CyCat-project | | 13 |
| [https://github.com/CyCat-project/cycat-project-website](https://github.com/CyCat-project/cycat-project-website) | | CyCat-project | mit | 3 |
| [https://github.com/berneout/berneout-pledge](https://github.com/berneout/berneout-pledge) | a simple tool for hassle-free open-source contribution licensing | berneout | | 31 |
| [https://github.com/RedLectroid/OverThruster](https://github.com/RedLectroid/OverThruster) | HID attack payload generator for Arduinos | RedLectroid | gpl-3.0 | 145 |
| [https://github.com/googleworkspace/md2googleslides](https://github.com/googleworkspace/md2googleslides) | Generate Google Slides from markdown | googleworkspace | apache-2.0 | 4270 |
| [https://github.com/MITRECND/malchive](https://github.com/MITRECND/malchive) | Various capabilities for static malware analysis. | MITRECND | other | 65 |
| [https://github.com/clong/DetectionLab](https://github.com/clong/DetectionLab) | Automate the creation of a lab environment complete with security tooling and logging best practices | clong | mit | 3946 |
| [https://github.com/0xn0ne/weblogicScanner](https://github.com/0xn0ne/weblogicScanner) | weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883 | 0xn0ne | | 1536 |
| [https://github.com/theevilbit/injection](https://github.com/theevilbit/injection) | | theevilbit | | 699 |
| [https://github.com/angr/phuzzer](https://github.com/angr/phuzzer) | The new phuzzing framework! | angr | bsd-2-clause | 132 |
| [https://github.com/Lookyloo/scraping-tutorial](https://github.com/Lookyloo/scraping-tutorial) | This tutorial explains the benefits, pitfalls, and limitations of scraping, and why Lookyloo is an important tool. | Lookyloo | mit | 8 |
| [https://github.com/poljar/matrix-nio](https://github.com/poljar/matrix-nio) | A Python Matrix client library, designed according to sans I/O (http://sans-io.readthedocs.io/) principles | poljar | other | 386 |
| [https://github.com/anthonynsimon/timeflake](https://github.com/anthonynsimon/timeflake) | Timeflake is a 128-bit, roughly-ordered, URL-safe UUID. | anthonynsimon | mit | 795 |
| [https://github.com/CyCat-project/cycat-logo](https://github.com/CyCat-project/cycat-logo) | Logo of the CyCat.org project | CyCat-project | | 1 |
| [https://github.com/MISP/matrix-misp-bot](https://github.com/MISP/matrix-misp-bot) | Very basic MISP bot for matrix. | MISP | apache-2.0 | 5 |
| [https://github.com/ayushoriginal/Sentiment-Analysis-Twitter](https://github.com/ayushoriginal/Sentiment-Analysis-Twitter) | :mortar_board:RESEARCH [NLP :thought_balloon:] We use different feature sets and machine learning classifiers to determine the best combination for sentiment analysis of twitter. | ayushoriginal | | 726 |
| [https://github.com/zyw-200/FirmAFL](https://github.com/zyw-200/FirmAFL) | FIRM-AFL is the first high-throughput greybox fuzzer for IoT firmware. | zyw-200 | | 354 |
| [https://github.com/danielplohmann/smda](https://github.com/danielplohmann/smda) | SMDA is a minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps. | danielplohmann | bsd-2-clause | 179 |
| [https://github.com/vkbo/novelWriter](https://github.com/vkbo/novelWriter) | novelWriter is an open source plain text editor designed for writing novels. It supports a minimal markdown-like syntax for formatting text. It is written with Python 3 (3.7+) and Qt 5 (5.10+) for cross-platform support. | vkbo | gpl-3.0 | 1402 |
| [https://github.com/InfiniTimeOrg/InfiniTime](https://github.com/InfiniTimeOrg/InfiniTime) | Firmware for Pinetime smartwatch written in C/C++ and based on FreeRTOS | InfiniTimeOrg | gpl-3.0 | 1858 |
| [https://github.com/py7hagoras/CovenantTasks](https://github.com/py7hagoras/CovenantTasks) | Source for tasks I have used with Covenant | py7hagoras | | 123 |
| [https://github.com/mailvelope/keyserver](https://github.com/mailvelope/keyserver) | A simple OpenPGP public key server that validates email address ownership of uploaded keys. | mailvelope | agpl-3.0 | 311 |
| [https://github.com/ForensicITGuy/handy-cti](https://github.com/ForensicITGuy/handy-cti) | Resources I've found useful for my CTI work | ForensicITGuy | mit | 5 |
| [https://github.com/OTRF/Security-Datasets](https://github.com/OTRF/Security-Datasets) | Re-play Security Events | OTRF | mit | 1311 |
| [https://github.com/kryptoslogic/binja_degobfuscate](https://github.com/kryptoslogic/binja_degobfuscate) | Fix Go obfuscated binaries that were obfuscated using gobfuscator | kryptoslogic | mit | 42 |
| [https://github.com/igrigorik/gharchive.org](https://github.com/igrigorik/gharchive.org) | GH Archive is a project to record the public GitHub timeline, archive it, and make it easily accessible for further analysis. | igrigorik | mit | 2334 |
| [https://github.com/dbarzin/mercator](https://github.com/dbarzin/mercator) | Cartographie du système d'information / Mapping the information system | dbarzin | gpl-3.0 | 77 |
| [https://github.com/mohlcyber/MISP-STIX-ESM](https://github.com/mohlcyber/MISP-STIX-ESM) | Exports MISP events to STIX and ingest into McAfee ESM | mohlcyber | | 14 |
| [https://github.com/nccgroup/pybeacon](https://github.com/nccgroup/pybeacon) | A collection of scripts for dealing with Cobalt Strike beacons in Python | nccgroup | | 161 |
| [https://github.com/hatari/hatari](https://github.com/hatari/hatari) | The Atari ST, STE, TT and Falcon emulator. This is a mirror repository, the official one can be found on https://hatari.tuxfamily.org/ | hatari | | 51 |
| [https://github.com/google/trillian](https://github.com/google/trillian) | A transparent, highly scalable and cryptographically verifiable data store. | google | apache-2.0 | 3151 |
| [https://github.com/vertrex/DFF](https://github.com/vertrex/DFF) | DFF (Digital Forensics Framework) | vertrex | gpl-2.0 | 9 |
| [https://github.com/rsd-devel/rsd](https://github.com/rsd-devel/rsd) | RSD: RISC-V Out-of-Order Superscalar Processor | rsd-devel | apache-2.0 | 719 |
| [https://github.com/cedowens/C2-JARM](https://github.com/cedowens/C2-JARM) | A list of JARM hashes for different ssl implementations used by some C2/red team tools. | cedowens | | 101 |
| [https://github.com/tailwindlabs/heroicons](https://github.com/tailwindlabs/heroicons) | A set of free MIT-licensed high-quality SVG icons for UI development. | tailwindlabs | mit | 17016 |
| [https://github.com/disclose/diodata](https://github.com/disclose/diodata) | Tools, data, and contact lists relevant to The disclose.io Project. | disclose | gpl-3.0 | 304 |
| [https://github.com/d0c-s4vage/gramfuzz](https://github.com/d0c-s4vage/gramfuzz) | gramfuzz is a grammar-based fuzzer that lets one define complex grammars to generate text and binary data formats. | d0c-s4vage | mit | 229 |
| [https://github.com/goretk/redress](https://github.com/goretk/redress) | Redress - A tool for analyzing stripped Go binaries | goretk | agpl-3.0 | 651 |
| [https://github.com/daniel-thompson/wasp-os](https://github.com/daniel-thompson/wasp-os) | A MicroPython based development environment for smart watches (including Pine64 PineTime) | daniel-thompson | gpl-3.0 | 598 |
| [https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence](https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence) | Defences against Cobalt Strike | MichaelKoczwara | mit | 1151 |
| [https://github.com/mori-b/aioconnectors](https://github.com/mori-b/aioconnectors) | Simple secure asynchronous message queue | mori-b | apache-2.0 | 18 |
| [https://github.com/codenotary/immudb](https://github.com/codenotary/immudb) | immudb - immutable database based on zero trust, SQL and Key-Value, tamperproof, data change history | codenotary | apache-2.0 | 7940 |
| [https://github.com/VeryBueno/bash-websocket-server](https://github.com/VeryBueno/bash-websocket-server) | Websocket server written in bash | VeryBueno | | 11 |
| [https://github.com/sinwindie/OSINT](https://github.com/sinwindie/OSINT) | Collections of tools and methods created to aid in OSINT collection | sinwindie | | 1795 |
| [https://github.com/ethereal-vx/Antivirus-Artifacts](https://github.com/ethereal-vx/Antivirus-Artifacts) | Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot. | ethereal-vx | | 641 |
| [https://github.com/TDAmeritrade/stumpy](https://github.com/TDAmeritrade/stumpy) | STUMPY is a powerful and scalable Python library for modern time series analysis | TDAmeritrade | other | 2402 |
| [https://github.com/jgamblin/CVEHeatMap](https://github.com/jgamblin/CVEHeatMap) | A CVE Heatmap Using CalPlot | jgamblin | mit | 98 |
| [https://github.com/antvis/G6](https://github.com/antvis/G6) | ♾ A Graph Visualization Framework in JavaScript | antvis | mit | 9299 |
| [https://github.com/salesforce/jarm](https://github.com/salesforce/jarm) | | salesforce | bsd-3-clause | 808 |
| [https://github.com/CERT-Polska/karton](https://github.com/CERT-Polska/karton) | Distributed malware processing framework based on Python, Redis and S3. | CERT-Polska | bsd-3-clause | 294 |
| [https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings](https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings) | Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process. | center-for-threat-informed-defense | apache-2.0 | 333 |
| [https://github.com/dask/fastparquet](https://github.com/dask/fastparquet) | python implementation of the parquet columnar file format. | dask | apache-2.0 | 614 |
| [https://github.com/apache/parquet-format](https://github.com/apache/parquet-format) | Apache Parquet | apache | apache-2.0 | 1200 |
| [https://github.com/madaidans-insecurities/madaidans-insecurities.github.io](https://github.com/madaidans-insecurities/madaidans-insecurities.github.io) | | madaidans-insecurities | | 92 |
| [https://github.com/mattsse/voyager](https://github.com/mattsse/voyager) | crawl and scrape web pages in rust | mattsse | apache-2.0 | 532 |
| [https://github.com/NoDataFound/RiskIQ.SunBurst.Hunter](https://github.com/NoDataFound/RiskIQ.SunBurst.Hunter) | The Purpose of this research tool is to provide a Python client into RiskIQ API services. | NoDataFound | | 21 |
| [https://github.com/WillOram/cyber-incident-management](https://github.com/WillOram/cyber-incident-management) | Notes on managing and coordinating the response to major cyber incidents | WillOram | other | 24 |
| [https://github.com/darcosion/limier](https://github.com/darcosion/limier) | Limier est un petit outil en CLI permettant de trouver un flux RSS quand il est planqué sur un site. | darcosion | mpl-2.0 | 17 |
| [https://github.com/ninoseki/mmhdan](https://github.com/ninoseki/mmhdan) | Calculate fingerprints of a website for OSINT search | ninoseki | mit | 38 |
| [https://github.com/paulgb/Treeverse](https://github.com/paulgb/Treeverse) | A browser extension for navigating burgeoning Twitter conversations | paulgb | mit | 469 |
| [https://github.com/hacklcx/HFish](https://github.com/hacklcx/HFish) | 安全、可靠、简单、免费的企业级蜜罐 | hacklcx | | 3388 |
| [https://github.com/projectdiscovery/naabu](https://github.com/projectdiscovery/naabu) | A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests | projectdiscovery | mit | 2733 |
| [https://github.com/Cretezy/dSock](https://github.com/Cretezy/dSock) | Distributed WebSocket broker | Cretezy | mit | 215 |
| [https://github.com/KasperskyLab/TinyCheck](https://github.com/KasperskyLab/TinyCheck) | TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere. | KasperskyLab | apache-2.0 | 2608 |
| [https://github.com/cisagov/Sparrow](https://github.com/cisagov/Sparrow) | Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment. | cisagov | cc0-1.0 | 1348 |
| [https://github.com/mlkui/chrome-cookie-password-decryption](https://github.com/mlkui/chrome-cookie-password-decryption) | The decryption implementation of Chrome cookie(encrypted_value) and password(password_value) on Windows with Java | mlkui | | 15 |
| [https://github.com/Cgboal/SonarSearch](https://github.com/Cgboal/SonarSearch) | A rapid API for the Project Sonar dataset | Cgboal | mit | 592 |
| [https://github.com/pielco11/fav-up](https://github.com/pielco11/fav-up) | IP lookup by favicon using Shodan | pielco11 | mit | 781 |
| [https://github.com/devanshbatham/FavFreak](https://github.com/devanshbatham/FavFreak) | Making Favicon.ico based Recon Great again ! | devanshbatham | mit | 846 |
| [https://github.com/Te-k/harpoon](https://github.com/Te-k/harpoon) | CLI tool for open source and threat intelligence | Te-k | gpl-3.0 | 995 |
| [https://github.com/bytedance/terarkdb](https://github.com/bytedance/terarkdb) | A RocksDB compatible KV storage engine with better performance | bytedance | apache-2.0 | 1776 |
| [https://github.com/jech/galene](https://github.com/jech/galene) | The Galène videoconference server | jech | mit | 702 |
| [https://github.com/joewalnes/websocketd](https://github.com/joewalnes/websocketd) | Turn any program that uses STDIN/STDOUT into a WebSocket server. Like inetd, but for WebSockets. | joewalnes | bsd-2-clause | 16397 |
| [https://github.com/ITAYC0HEN/SUNBURST-Cracked](https://github.com/ITAYC0HEN/SUNBURST-Cracked) | The following repository contains a modified version of SUNBURST with cracekd hashes, comments and annotations. | ITAYC0HEN | | 57 |
| [https://github.com/icedland/iced](https://github.com/icedland/iced) | Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for .NET, Rust, Python, JavaScript | icedland | mit | 1976 |
| [https://github.com/BorjaMerino/Pazuzu](https://github.com/BorjaMerino/Pazuzu) | Pazuzu: Reflective DLL to run binaries from memory | BorjaMerino | | 215 |
| [https://github.com/sdcampbell/Internal-Pentest-Playbook](https://github.com/sdcampbell/Internal-Pentest-Playbook) | Internal Network Penetration Test Playbook | sdcampbell | | 706 |
| [https://github.com/closeio/socketshark](https://github.com/closeio/socketshark) | A WebSocket message router based on Python/Redis/asyncio | closeio | mit | 83 |
| [https://github.com/0xdefendA/policies](https://github.com/0xdefendA/policies) | Open source information security policies | 0xdefendA | mpl-2.0 | 13 |
| [https://github.com/google/security-research-pocs](https://github.com/google/security-research-pocs) | Proof-of-concept codes created as part of security research done by Google Security Team. | google | apache-2.0 | 1798 |
| [https://github.com/owncast/owncast](https://github.com/owncast/owncast) | Take control over your live stream video by running it yourself. Streaming + chat out of the box. | owncast | mit | 6625 |
| [https://github.com/cve-search/CveXplore](https://github.com/cve-search/CveXplore) | CveXplore | cve-search | gpl-3.0 | 21 |
| [https://github.com/CaliDog/certstream-server](https://github.com/CaliDog/certstream-server) | Certificate Transparency Log aggregation, parsing, and streaming service written in Elixir | CaliDog | mit | 165 |
| [https://github.com/volatilityfoundation/volatility](https://github.com/volatilityfoundation/volatility) | An advanced memory forensics framework | volatilityfoundation | gpl-2.0 | 5710 |
| [https://github.com/Cn33liz/p0wnedShell](https://github.com/Cn33liz/p0wnedShell) | PowerShell Runspace Post Exploitation Toolkit | Cn33liz | bsd-3-clause | 1449 |
| [https://github.com/bellingcat/instagram-location-search](https://github.com/bellingcat/instagram-location-search) | Finds Instagram location IDs near a specified latitude and longitude. | bellingcat | mit | 302 |
| [https://github.com/bambenek/research](https://github.com/bambenek/research) | | bambenek | cc0-1.0 | 98 |
| [https://github.com/davidsonmizael/dwarf](https://github.com/davidsonmizael/dwarf) | Tiny botnet client that is controlled by a remote blog | davidsonmizael | | 5 |
| [https://github.com/damnever/pigar](https://github.com/damnever/pigar) | :coffee: A tool to generate requirements.txt for Python project, and more than that. (IT IS NOT A PACKAGE MANAGEMENT TOOL) | damnever | bsd-3-clause | 1336 |
| [https://github.com/DongyunLee/vulnerability_db](https://github.com/DongyunLee/vulnerability_db) | The Personal Database about CNVD | DongyunLee | other | 2 |
| [https://github.com/RedDrip7/SunBurst_DGA_Decode](https://github.com/RedDrip7/SunBurst_DGA_Decode) | SunBurst DGA Decode Script | RedDrip7 | | 206 |
| [https://github.com/mandiant/sunburst_countermeasures](https://github.com/mandiant/sunburst_countermeasures) | | mandiant | other | 548 |
| [https://github.com/rackerlabs/scantron](https://github.com/rackerlabs/scantron) | A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows. | rackerlabs | apache-2.0 | 684 |
| [https://github.com/TheEconomist/covid-19-excess-deaths-tracker](https://github.com/TheEconomist/covid-19-excess-deaths-tracker) | Source code and data for The Economist's covid-19 excess deaths tracker | TheEconomist | | 632 |
| [https://github.com/BinaryAnalysisPlatform/bap](https://github.com/BinaryAnalysisPlatform/bap) | Binary Analysis Platform | BinaryAnalysisPlatform | mit | 1716 |
| [https://github.com/facontidavide/PlotJuggler](https://github.com/facontidavide/PlotJuggler) | The Time Series Visualization Tool that you deserve. | facontidavide | mpl-2.0 | 3124 |
| [https://github.com/tromp/cuckoo](https://github.com/tromp/cuckoo) | a memory-bound graph-theoretic proof-of-work system | tromp | other | 780 |
| [https://github.com/mandiant/red_team_tool_countermeasures](https://github.com/mandiant/red_team_tool_countermeasures) | | mandiant | other | 2544 |
| [https://github.com/DNSCrypt/dnscrypt-resolvers](https://github.com/DNSCrypt/dnscrypt-resolvers) | Lists of public DNSCrypt / DoH DNS servers and DNS relays | DNSCrypt | | 865 |
| [https://github.com/RichieB2B/nioc](https://github.com/RichieB2B/nioc) | No Indicators of Compromise | RichieB2B | agpl-3.0 | 3 |
| [https://github.com/coredns/coredns](https://github.com/coredns/coredns) | CoreDNS is a DNS server that chains plugins | coredns | apache-2.0 | 9918 |
| [https://github.com/oskarsve/ms-teams-rce](https://github.com/oskarsve/ms-teams-rce) | | oskarsve | | 1085 |
| [https://github.com/filesender/filesender](https://github.com/filesender/filesender) | FileSender server software | filesender | bsd-3-clause | 157 |
| [https://github.com/ufrisk/MemProcFS](https://github.com/ufrisk/MemProcFS) | The Memory Process File System | ufrisk | agpl-3.0 | 1580 |
| [https://github.com/LLVM-but-worse/maple-ir](https://github.com/LLVM-but-worse/maple-ir) | Industrial IR-based static analysis framework for Java bytecode | LLVM-but-worse | gpl-3.0 | 47 |
| [https://github.com/gallypette/Fortigate](https://github.com/gallypette/Fortigate) | Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384) | gallypette | gpl-3.0 | 1 |
| [https://github.com/beurtschipper/Depix](https://github.com/beurtschipper/Depix) | Recovers passwords from pixelized screenshots | beurtschipper | other | 22897 |
| [https://github.com/deepseagirl/degoogle](https://github.com/deepseagirl/degoogle) | search Google and extract results directly. skip all the click-through links and other sketchiness | deepseagirl | mit | 469 |
| [https://github.com/3c7/infrastructure-tracking-schema](https://github.com/3c7/infrastructure-tracking-schema) | | 3c7 | mit | 22 |
| [https://github.com/rabbitstack/fibratus](https://github.com/rabbitstack/fibratus) | A modern tool for Windows kernel exploration and tracing with a focus on security | rabbitstack | other | 1657 |
| [https://github.com/0xchase/modality](https://github.com/0xchase/modality) | Symbolic execution in radare2 with angr | 0xchase | | 40 |
| [https://github.com/mhx/dwarfs](https://github.com/mhx/dwarfs) | A fast high compression read-only file system | mhx | gpl-3.0 | 1001 |
| [https://github.com/Mebus/cupp](https://github.com/Mebus/cupp) | Common User Passwords Profiler (CUPP) | Mebus | gpl-3.0 | 3066 |
| [https://github.com/ioerror/csidh-reference-implementation](https://github.com/ioerror/csidh-reference-implementation) | | ioerror | other | 3 |
| [https://github.com/ggerganov/dot-to-ascii](https://github.com/ggerganov/dot-to-ascii) | Graphviz to ASCII converter using Graph::Easy | ggerganov | mit | 324 |
| [https://github.com/redshiftzero/awesome-threat-modeling](https://github.com/redshiftzero/awesome-threat-modeling) | a curated list of useful threat modeling resources | redshiftzero | apache-2.0 | 91 |
| [https://github.com/x0rz/tweetentropy](https://github.com/x0rz/tweetentropy) | Twitter as an extra entropy source | x0rz | gpl-3.0 | 93 |
| [https://github.com/matrix-org/dendrite](https://github.com/matrix-org/dendrite) | Dendrite is a second-generation Matrix homeserver written in Go! | matrix-org | apache-2.0 | 4013 |
| [https://github.com/0xcpu/bonomen](https://github.com/0xcpu/bonomen) | BONOMEN - Hunt for Malware Critical Process Impersonation | 0xcpu | gpl-3.0 | 42 |
| [https://github.com/Apr4h/CobaltStrikeScan](https://github.com/Apr4h/CobaltStrikeScan) | Scan files or process memory for CobaltStrike beacons and parse their configuration | Apr4h | mit | 756 |
| [https://github.com/WerWolv/ImHex](https://github.com/WerWolv/ImHex) | 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. | WerWolv | gpl-2.0 | 22314 |
| [https://github.com/vector-im/element-ios](https://github.com/vector-im/element-ios) | A glossy Matrix collaboration client for iOS | vector-im | apache-2.0 | 1468 |
| [https://github.com/tchapgouv/tchap-ios](https://github.com/tchapgouv/tchap-ios) | A Matrix client for iOS | tchapgouv | apache-2.0 | 51 |
| [https://github.com/matrix-org/synapse](https://github.com/matrix-org/synapse) | Synapse: Matrix homeserver written in Python/Twisted. | matrix-org | apache-2.0 | 10110 |
| [https://github.com/KonradIT/parler-py-api](https://github.com/KonradIT/parler-py-api) | UNOFFICIAL Python API to interface with Parler.com | KonradIT | | 54 |
| [https://github.com/ma1uta/ma1sd](https://github.com/ma1uta/ma1sd) | Federated Matrix Identity Server (formerly fork of kamax/mxisd) | ma1uta | agpl-3.0 | 154 |
| [https://github.com/DissectMalware/XLMMacroDeobfuscator](https://github.com/DissectMalware/XLMMacroDeobfuscator) | Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros) | DissectMalware | apache-2.0 | 500 |
| [https://github.com/willglynn/pdb](https://github.com/willglynn/pdb) | A parser for Microsoft PDB (Program Database) debugging information | willglynn | apache-2.0 | 267 |
| [https://github.com/opensanctions/opensanctions](https://github.com/opensanctions/opensanctions) | An open database of international sanctions data, persons of interest and politically exposed persons | opensanctions | mit | 318 |
| [https://github.com/jakobwesthoff/prettytable.sh](https://github.com/jakobwesthoff/prettytable.sh) | A shell script to pretty print tabular data into the terminal | jakobwesthoff | bsd-2-clause | 28 |
| [https://github.com/MontFerret/ferret](https://github.com/MontFerret/ferret) | Declarative web scraping | MontFerret | apache-2.0 | 5108 |
| [https://github.com/nrdmn/elbrus-docs](https://github.com/nrdmn/elbrus-docs) | | nrdmn | | 58 |
| [https://github.com/MythicAgents/Nimplant](https://github.com/MythicAgents/Nimplant) | DEPRECATED - A cross-platform implant written in Nim | MythicAgents | bsd-3-clause | 152 |
| [https://github.com/cudeso/rsit-attck](https://github.com/cudeso/rsit-attck) | Link RSIT with ATT&CK | cudeso | | 3 |
| [https://github.com/vxunderground/MalwareSourceCode](https://github.com/vxunderground/MalwareSourceCode) | Collection of malware source code for a variety of platforms in an array of different programming languages. | vxunderground | | 11493 |
| [https://github.com/benreardon-sfdc/fatt](https://github.com/benreardon-sfdc/fatt) | FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic | benreardon-sfdc | bsd-3-clause | 3 |
| [https://github.com/hugsy/ctfpad](https://github.com/hugsy/ctfpad) | An OK way to manage CTFs for teams playing CTFs | hugsy | | 52 |
| [https://github.com/iceychris/LibreASR](https://github.com/iceychris/LibreASR) | :speech_balloon: An On-Premises, Streaming Speech Recognition System | iceychris | mit | 683 |
| [https://github.com/ComodoSecurity/openedr](https://github.com/ComodoSecurity/openedr) | Open EDR public repository | ComodoSecurity | other | 1593 |
| [https://github.com/telekom-security/explo](https://github.com/telekom-security/explo) | Human and machine readable web vulnerability testing format | telekom-security | gpl-3.0 | 152 |
| [https://github.com/solemnwarning/rehex](https://github.com/solemnwarning/rehex) | Reverse Engineers' Hex Editor | solemnwarning | gpl-2.0 | 2032 |
| [https://github.com/nneonneo/universal-doom](https://github.com/nneonneo/universal-doom) | A single .exe binary which runs DOOM on DOS 6, Windows 95 and Windows 10 (and probably everything in between). | nneonneo | | 252 |
| [https://github.com/D4-project/passive-ssh](https://github.com/D4-project/passive-ssh) | A Passive SSH back-end and scanner. | D4-project | agpl-3.0 | 92 |
| [https://github.com/ulixee/secret-agent](https://github.com/ulixee/secret-agent) | The web scraper that's nearly impossible to block - now called @ulixee/hero | ulixee | mit | 537 |
| [https://github.com/subat0mik/whoamsi](https://github.com/subat0mik/whoamsi) | An effort to track security vendors' use of Microsoft's Antimalware Scan Interface | subat0mik | gpl-3.0 | 149 |
| [https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries](https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries) | Sample queries for Advanced hunting in Microsoft 365 Defender | microsoft | mit | 1556 |
| [https://github.com/davidpany/WMI_Forensics](https://github.com/davidpany/WMI_Forensics) | | davidpany | | 241 |
| [https://github.com/quentinhardy/pytmipe](https://github.com/quentinhardy/pytmipe) | Python library and client for token manipulations and impersonations for privilege escalation on Windows | quentinhardy | | 115 |
| [https://github.com/ralphje/signify](https://github.com/ralphje/signify) | Module to generate and verify PE signatures | ralphje | other | 28 |
| [https://github.com/gmsoft-tuxicoman/packet-o-matic](https://github.com/gmsoft-tuxicoman/packet-o-matic) | Network forensic tool. Please use pom-ng instead. | gmsoft-tuxicoman | | 1 |
| [https://github.com/ovh/the-bastion](https://github.com/ovh/the-bastion) | Authentication, authorization, traceability and auditability for SSH accesses. | ovh | other | 1140 |
| [https://github.com/Freakboy/CobaltStrike](https://github.com/Freakboy/CobaltStrike) | CobaltStrike's source code | Freakboy | | 1361 |
| [https://github.com/DevoInc/feeds](https://github.com/DevoInc/feeds) | | DevoInc | mit | 1 |
| [https://github.com/Te-k/pecli](https://github.com/Te-k/pecli) | CLI tool to analyze PE files | Te-k | mit | 67 |
| [https://github.com/NLnetLabs/routinator](https://github.com/NLnetLabs/routinator) | An RPKI Validator and RTR server written in Rust | NLnetLabs | bsd-3-clause | 328 |
| [https://github.com/cerebrate-project/cerebrate-docker](https://github.com/cerebrate-project/cerebrate-docker) | | cerebrate-project | agpl-3.0 | 4 |
| [https://github.com/fastavro/fastavro](https://github.com/fastavro/fastavro) | Fast Avro for Python | fastavro | mit | 531 |
| [https://github.com/sq5bpf/etherify](https://github.com/sq5bpf/etherify) | Etherify - bringing the ether back to ethernet | sq5bpf | gpl-3.0 | 335 |
| [https://github.com/jlevy/the-art-of-command-line](https://github.com/jlevy/the-art-of-command-line) | Master the command line, in one page | jlevy | | 114958 |
| [https://github.com/firmadyne/scraper](https://github.com/firmadyne/scraper) | Firmware scraper | firmadyne | mit | 97 |
| [https://github.com/alwashmi/MasterParser](https://github.com/alwashmi/MasterParser) | MasterParser is a simple, all-in-one, digital forensics artifact parser | alwashmi | gpl-3.0 | 18 |
| [https://github.com/muteb/Hoarder](https://github.com/muteb/Hoarder) | This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive. | muteb | gpl-3.0 | 131 |
| [https://github.com/QuoSecGmbH/grap](https://github.com/QuoSecGmbH/grap) | grap: define and match graph patterns within binaries | QuoSecGmbH | mit | 149 |
| [https://github.com/bitdefender/bddisasm](https://github.com/bitdefender/bddisasm) | bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior. | bitdefender | apache-2.0 | 706 |
| [https://github.com/crossroadsfpga/pigasus](https://github.com/crossroadsfpga/pigasus) | 100Gbps Intrusion Detection and Prevention System | crossroadsfpga | | 599 |
| [https://github.com/yogsototh/ymetapost](https://github.com/yogsototh/ymetapost) | A better interface to metapost for generating graphs for the web | yogsototh | | 5 |
| [https://github.com/threatgrid/ctim](https://github.com/threatgrid/ctim) | Cisco Threat Intellligence Model | threatgrid | epl-1.0 | 55 |
| [https://github.com/rnpgp/rnp](https://github.com/rnpgp/rnp) | RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird | rnpgp | other | 147 |
| [https://github.com/fonsp/Pluto.jl](https://github.com/fonsp/Pluto.jl) | 🎈 Simple reactive notebooks for Julia | fonsp | mit | 4188 |
| [https://github.com/somenonymous/OshiUpload](https://github.com/somenonymous/OshiUpload) | Ephemeral file sharing engine | somenonymous | wtfpl | 98 |
| [https://github.com/kam800/MachObfuscator](https://github.com/kam800/MachObfuscator) | MachObfuscator is a programming-language-agnostic Mach-O apps obfuscator for Apple platforms. | kam800 | mit | 476 |
| [https://github.com/samyk/slipstream](https://github.com/samyk/slipstream) | NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victims NAT/firewall, just by anyone on the victim's network visiting a website | samyk | | 1748 |
| [https://github.com/mozilla/DeepSpeech](https://github.com/mozilla/DeepSpeech) | DeepSpeech is an open source embedded (offline, on-device) speech-to-text engine which can run in real time on devices ranging from a Raspberry Pi 4 to high power GPU servers. | mozilla | mpl-2.0 | 20503 |
| [https://github.com/target/halogen](https://github.com/target/halogen) | Automatically create YARA rules from malicious documents. | target | mit | 191 |
| [https://github.com/Cyan4973/xxHash](https://github.com/Cyan4973/xxHash) | Extremely fast non-cryptographic hash algorithm | Cyan4973 | other | 6722 |
| [https://github.com/jxy-s/herpaderping](https://github.com/jxy-s/herpaderping) | Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process. | jxy-s | mit | 898 |
| [https://github.com/libyal/libevt](https://github.com/libyal/libevt) | Library and tools to access the Windows Event Log (EVT) format | libyal | lgpl-3.0 | 52 |
| [https://github.com/linuxthor/slimpack](https://github.com/linuxthor/slimpack) | Toolkit for building encrypted file loaders for single source file NASM projects (uses AES-NI instructions) | linuxthor | | 3 |
| [https://github.com/Jana-Marie/EF-S-Adapter](https://github.com/Jana-Marie/EF-S-Adapter) | https://twitter.com/_Jana_Marie/status/1317520812761546753 | Jana-Marie | mit | 93 |
| [https://github.com/omerbenamram/pyevtx-rs](https://github.com/omerbenamram/pyevtx-rs) | Python bindings for https://github.com/omerbenamram/evtx/ | omerbenamram | | 35 |
| [https://github.com/Binary-Hackers/42_Subjects](https://github.com/Binary-Hackers/42_Subjects) | All Subjects of 42 School | Binary-Hackers | | 930 |
| [https://github.com/RedisGraph/redisgraph-py](https://github.com/RedisGraph/redisgraph-py) | RedisGraph python client | RedisGraph | bsd-3-clause | 185 |
| [https://github.com/RedisGraph/RedisGraph](https://github.com/RedisGraph/RedisGraph) | A graph database as a Redis module | RedisGraph | other | 1749 |
| [https://github.com/Lichtsinnig/EVTX-ATTACK-SAMPLES](https://github.com/Lichtsinnig/EVTX-ATTACK-SAMPLES) | | Lichtsinnig | | 9 |
| [https://github.com/mitre/advmlthreatmatrix](https://github.com/mitre/advmlthreatmatrix) | Adversarial Threat Landscape for AI Systems | mitre | | 917 |
| [https://github.com/mitre-attack/attack-datasources](https://github.com/mitre-attack/attack-datasources) | This content is analysis and research of the data sources currently listed in ATT&CK. | mitre-attack | apache-2.0 | 325 |
| [https://github.com/antham/yogo](https://github.com/antham/yogo) | Check yopmail mails and inboxes from command line. | antham | mit | 26 |
| [https://github.com/OSMNames/OSMNames](https://github.com/OSMNames/OSMNames) | Data for place names from OpenStreetMap prepared for fulltext search. Downloadable. Ranked. With bbox and hierarchy. Ready for geocoding. | OSMNames | gpl-2.0 | 287 |
| [https://github.com/bcmc/oss](https://github.com/bcmc/oss) | \B\C\M\C\ Open Source Software | bcmc | | 17 |
| [https://github.com/peering-manager/peering-manager](https://github.com/peering-manager/peering-manager) | BGP sessions management tool | peering-manager | apache-2.0 | 345 |
| [https://github.com/geovista/GeoCorpora](https://github.com/geovista/GeoCorpora) | The GeoCorpora project aims at creating corpora of fully geo-annotated texts (in particular microblog texts) and developing tools to support the corpus building process using crowd-sourcing and visual analytics approaches. Created corpora will be made publicly available in this repository. A first corpus of ~6000 geo-annotated tweets will be published here in the near future. | geovista | | 15 |
| [https://github.com/geovista/GeoTxt](https://github.com/geovista/GeoTxt) | | geovista | lgpl-3.0 | 20 |
| [https://github.com/thampiman/reverse-geocoder](https://github.com/thampiman/reverse-geocoder) | A fast, offline reverse geocoder in Python | thampiman | lgpl-2.1 | 1787 |
| [https://github.com/gaspardpetit/base64](https://github.com/gaspardpetit/base64) | | gaspardpetit | | 77 |
| [https://github.com/Hironsan/anago](https://github.com/Hironsan/anago) | Bidirectional LSTM-CRF and ELMo for Named-Entity Recognition, Part-of-Speech Tagging and so on. | Hironsan | mit | 1463 |
| [https://github.com/fastai/fastai](https://github.com/fastai/fastai) | The fastai deep learning library | fastai | apache-2.0 | 22940 |
| [https://github.com/sebastianruder/NLP-progress](https://github.com/sebastianruder/NLP-progress) | Repository to track the progress in Natural Language Processing (NLP), including the datasets and the current state-of-the-art for the most common NLP tasks. | sebastianruder | mit | 21029 |
| [https://github.com/RoiArthurB/Side-Auto_Sci-Hub](https://github.com/RoiArthurB/Side-Auto_Sci-Hub) | Cross-Browser Plugin to open Sci-Hub 🗝 page with the article from your current tab | RoiArthurB | gpl-3.0 | 226 |
| [https://github.com/adobe/stringlifier](https://github.com/adobe/stringlifier) | Stringlifier is on Opensource ML Library for detecting random strings in raw text. It can be used in sanitising logs, detecting accidentally exposed credentials and as a pre-processing step in unsupervised ML-based analysis of application text data. | adobe | apache-2.0 | 143 |
| [https://github.com/trendmicro/telfhash](https://github.com/trendmicro/telfhash) | Symbol hash for ELF files | trendmicro | apache-2.0 | 70 |
| [https://github.com/ail-project/ail-feeder-jsonlogs](https://github.com/ail-project/ail-feeder-jsonlogs) | Aggregate json log lines and push to AIL framework. | ail-project | agpl-3.0 | 1 |
| [https://github.com/americanexpress/earlybird](https://github.com/americanexpress/earlybird) | EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more. | americanexpress | apache-2.0 | 514 |
| [https://github.com/microsoftgraph/security-api-solutions](https://github.com/microsoftgraph/security-api-solutions) | Microsoft Graph Security API applications and services. | microsoftgraph | mit | 189 |
| [https://github.com/matthewwithanm/python-markdownify](https://github.com/matthewwithanm/python-markdownify) | Convert HTML to Markdown | matthewwithanm | mit | 354 |
| [https://github.com/megadose/OnionSearch](https://github.com/megadose/OnionSearch) | OnionSearch is a script that scrapes urls on different .onion search engines. | megadose | gpl-3.0 | 647 |
| [https://github.com/matiskay/html-similarity](https://github.com/matiskay/html-similarity) | Compare html similarity using structural and style metrics | matiskay | bsd-3-clause | 186 |
| [https://github.com/Neo23x0/Raccine](https://github.com/Neo23x0/Raccine) | A Simple Ransomware Vaccine | Neo23x0 | unlicense | 846 |
| [https://github.com/nanomsg/nng](https://github.com/nanomsg/nng) | nanomsg-next-generation -- light-weight brokerless messaging | nanomsg | mit | 2947 |
| [https://github.com/ancailliau/sans-indexes](https://github.com/ancailliau/sans-indexes) | Indexes for SANS Courses and GIAC Certifications | ancailliau | | 124 |
| [https://github.com/Debdut/names.io](https://github.com/Debdut/names.io) | A Global Exhaustive First and Last Name Database | Debdut | apache-2.0 | 712 |
| [https://github.com/WorldBrain/Memex](https://github.com/WorldBrain/Memex) | Browser extension to curate, annotate, and discuss the most valuable content and ideas on the web. As individuals, teams and communities. | WorldBrain | | 3552 |
| [https://github.com/thalesgroup-cert/Watcher](https://github.com/thalesgroup-cert/Watcher) | Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. | thalesgroup-cert | agpl-3.0 | 646 |
| [https://github.com/google/cld3](https://github.com/google/cld3) | | google | apache-2.0 | 585 |
| [https://github.com/libnet/libnet](https://github.com/libnet/libnet) | A portable framework for low-level network packet construction | libnet | bsd-2-clause | 762 |
| [https://github.com/BloodHoundAD/BloodHound](https://github.com/BloodHoundAD/BloodHound) | Six Degrees of Domain Admin | BloodHoundAD | gpl-3.0 | 7537 |
| [https://github.com/unprovable/PentestHardware](https://github.com/unprovable/PentestHardware) | Kinda useful notes collated together publicly | unprovable | | 475 |
| [https://github.com/ALFA-group/BRON](https://github.com/ALFA-group/BRON) | "Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting" by Erik Hemberg, Jonathan Kelly, Michal Shlapentokh-Rothman, Bryn Reinstadler, Katherine Xu, Nick Rutar, Una-May O'Reilly | ALFA-group | mit | 39 |
| [https://github.com/dstotijn/hetty](https://github.com/dstotijn/hetty) | An HTTP toolkit for security research. | dstotijn | mit | 4987 |
| [https://github.com/D4-project/analyzer-d4-pewpew](https://github.com/D4-project/analyzer-d4-pewpew) | This analyzer creates a pewpew map out of d4 data | D4-project | agpl-3.0 | 5 |
| [https://github.com/sherlock-project/sherlock](https://github.com/sherlock-project/sherlock) | 🔎 Hunt down social media accounts by username across social networks | sherlock-project | mit | 36753 |
| [https://github.com/iojw/socialscan](https://github.com/iojw/socialscan) | Python library and CLI for accurately querying username and email usage on online platforms | iojw | mpl-2.0 | 953 |
| [https://github.com/ahmadawais/hacktoberfest](https://github.com/ahmadawais/hacktoberfest) | #Hacktoberfest + Git Resources | Contributions beginners just like you. Jump in! 🎯 | ahmadawais | mit | 91 |
| [https://github.com/EFForg/yaya](https://github.com/EFForg/yaya) | Yet Another Yara Automaton - Automatically curate open source yara rules and run scans | EFForg | gpl-3.0 | 201 |
| [https://github.com/google/licenseclassifier](https://github.com/google/licenseclassifier) | A License Classifier | google | apache-2.0 | 263 |
| [https://github.com/corkami/mitra](https://github.com/corkami/mitra) | A generator of weird files (binary polyglots, near polyglots...) | corkami | mit | 958 |
| [https://github.com/mne-tools/mne-python](https://github.com/mne-tools/mne-python) | MNE: Magnetoencephalography (MEG) and Electroencephalography (EEG) in Python | mne-tools | bsd-3-clause | 2054 |
| [https://github.com/sobolevn/git-secret](https://github.com/sobolevn/git-secret) | :busts_in_silhouette: A bash-tool to store your private data inside a git repository. | sobolevn | mit | 3059 |
| [https://github.com/JustAnotherArchivist/snscrape](https://github.com/JustAnotherArchivist/snscrape) | A social networking service scraper in Python | JustAnotherArchivist | gpl-3.0 | 1999 |
| [https://github.com/gnebbia/kb](https://github.com/gnebbia/kb) | A minimalist command line knowledge base manager | gnebbia | gpl-3.0 | 2901 |
| [https://github.com/skeeto/endlessh](https://github.com/skeeto/endlessh) | SSH tarpit that slowly sends an endless banner | skeeto | unlicense | 5633 |
| [https://github.com/designsecurity/progpilot](https://github.com/designsecurity/progpilot) | A static analysis tool for security | designsecurity | mit | 269 |
| [https://github.com/mxrch/darkshot](https://github.com/mxrch/darkshot) | Lightshot scraper on steroids with OCR. | mxrch | mpl-2.0 | 232 |
| [https://github.com/oryon-osint/querytool](https://github.com/oryon-osint/querytool) | Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more. | oryon-osint | | 130 |
| [https://github.com/yeti-platform/yetigo](https://github.com/yeti-platform/yetigo) | Maltego Transforms for Yeti | yeti-platform | apache-2.0 | 7 |
| [https://github.com/internetarchive/fatcat](https://github.com/internetarchive/fatcat) | Perpetual Access To The Scholarly Record | internetarchive | other | 95 |
| [https://github.com/CERT-Polska/malduck](https://github.com/CERT-Polska/malduck) | :duck: Malduck is your ducky companion in malware analysis journeys | CERT-Polska | gpl-3.0 | 203 |
| [https://github.com/dfirtrack/dfirtrack](https://github.com/dfirtrack/dfirtrack) | DFIRTrack - The Incident Response Tracking Application | dfirtrack | other | 405 |
| [https://github.com/Sentinel-One/CobaltStrikeParser](https://github.com/Sentinel-One/CobaltStrikeParser) | | Sentinel-One | other | 795 |
| [https://github.com/mandiant/capa](https://github.com/mandiant/capa) | The FLARE team's open-source tool to identify capabilities in executable files. | mandiant | apache-2.0 | 2442 |
| [https://github.com/sowdust/tafferugli](https://github.com/sowdust/tafferugli) | Tafferugli is a Twitter Analysis Framework | sowdust | agpl-3.0 | 357 |
| [https://github.com/SiliconAnalysis/bitract](https://github.com/SiliconAnalysis/bitract) | Extract bits from photos | SiliconAnalysis | bsd-2-clause | 60 |
| [https://github.com/lorenzoromani1983/facebookTranscripts](https://github.com/lorenzoromani1983/facebookTranscripts) | A simple (work in progress) script to extract transcripts from Google-indexed Facebook videos containing high quality transcripts | lorenzoromani1983 | | 11 |
| [https://github.com/fossology/fossology](https://github.com/fossology/fossology) | FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow. | fossology | gpl-2.0 | 597 |
| [https://github.com/Fizzadar/pyinfra](https://github.com/Fizzadar/pyinfra) | pyinfra automates infrastructure super fast at massive scale. It can be used for ad-hoc command execution, service deployment, configuration management and more. | Fizzadar | mit | 2066 |
| [https://github.com/melicertes/docs](https://github.com/melicertes/docs) | The knowledge base reference to the MeliCERTes project | melicertes | cc0-1.0 | 4 |
| [https://github.com/lightbody/browsermob-proxy](https://github.com/lightbody/browsermob-proxy) | A free utility to help web developers watch and manipulate network traffic from their AJAX applications. | lightbody | apache-2.0 | 1878 |
| [https://github.com/keepassxreboot/keepassxc](https://github.com/keepassxreboot/keepassxc) | KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”. | keepassxreboot | other | 14161 |
| [https://github.com/viper-framework/viper-modules](https://github.com/viper-framework/viper-modules) | | viper-framework | bsd-3-clause | 5 |
| [https://github.com/Flangvik/BetterSafetyKatz](https://github.com/Flangvik/BetterSafetyKatz) | Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory. | Flangvik | other | 649 |
| [https://github.com/FRRouting/frr](https://github.com/FRRouting/frr) | The FRRouting Protocol Suite | FRRouting | gpl-2.0 | 2340 |
| [https://github.com/iovisor/ubpf](https://github.com/iovisor/ubpf) | Userspace eBPF VM | iovisor | apache-2.0 | 552 |
| [https://github.com/raphaelm/android-barcode-keyboard](https://github.com/raphaelm/android-barcode-keyboard) | Barcode keyboard for Android (not actively maintained) | raphaelm | | 31 |
| [https://github.com/ping/instagram_private_api](https://github.com/ping/instagram_private_api) | A Python library to access Instagram's private API. | ping | mit | 2563 |
| [https://github.com/vysecurity/morphHTA](https://github.com/vysecurity/morphHTA) | morphHTA - Morphing Cobalt Strike's evil.HTA | vysecurity | | 490 |
| [https://github.com/rnd-ash/MBUX-Port](https://github.com/rnd-ash/MBUX-Port) | Custom Infotainment UI for older Mercedes vehicles (2000-2007), inspired loosely by the 2021 S Class MBUX UI | rnd-ash | | 95 |
| [https://github.com/trimstray/multitor](https://github.com/trimstray/multitor) | Create multiple TOR instances with a load-balancing. | trimstray | gpl-3.0 | 832 |
| [https://github.com/sarciszewski/onionimbus-old](https://github.com/sarciszewski/onionimbus-old) | Dedicated Reverse Proxy for Tor Hidden Services | sarciszewski | wtfpl | 4 |
| [https://github.com/m0nad/Diamorphine](https://github.com/m0nad/Diamorphine) | LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64) | m0nad | other | 1130 |
| [https://github.com/manubot/manubot](https://github.com/manubot/manubot) | Python utilities for Manubot: Manuscripts, open and automated | manubot | other | 354 |
| [https://github.com/AlgoSecure/Pollenisator](https://github.com/AlgoSecure/Pollenisator) | Collaborative pentest tool with highly customizable tools | AlgoSecure | gpl-3.0 | 66 |
| [https://github.com/roomylee/awesome-relation-extraction](https://github.com/roomylee/awesome-relation-extraction) | 📖 A curated list of awesome resources dedicated to Relation Extraction, one of the most important tasks in Natural Language Processing (NLP). | roomylee | | 1013 |
| [https://github.com/DC11331/website](https://github.com/DC11331/website) | DC11331 DCG website repository, talks, news and archives | DC11331 | | 2 |
| [https://github.com/returntocorp/semgrep](https://github.com/returntocorp/semgrep) | Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. | returntocorp | other | 7348 |
| [https://github.com/resemble-ai/Resemblyzer](https://github.com/resemble-ai/Resemblyzer) | A python package to analyze and compare voices with deep learning | resemble-ai | apache-2.0 | 2050 |
| [https://github.com/Datalux/Osintgram](https://github.com/Datalux/Osintgram) | Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname | Datalux | gpl-3.0 | 5379 |
| [https://github.com/johnjhacking/Buffer-Overflow-Guide](https://github.com/johnjhacking/Buffer-Overflow-Guide) | This Bufferflow Guide includes instructions and the scripts necessary for Buffer Overflow Exploitation. This guide is a supplement for TheCyberMentor's walkthrough. Please watch his walkthrough if you're confused. Feel free to implement Pull Requests or raise Issues. | johnjhacking | | 456 |
| [https://github.com/adulau/napkin-text-analysis](https://github.com/adulau/napkin-text-analysis) | Napkin is a simple tool to produce statistical analysis of a text | adulau | agpl-3.0 | 11 |
| [https://github.com/ail-project/ail-yara-rules](https://github.com/ail-project/ail-yara-rules) | A set of YARA rules for the AIL framework to detect leak or information disclosure | ail-project | agpl-3.0 | 31 |
| [https://github.com/eCrimeLabs/phish2MISP](https://github.com/eCrimeLabs/phish2MISP) | Easy way to create a MISP event related to a Phishing page | eCrimeLabs | mit | 15 |
| [https://github.com/cablelabs/transparent-security](https://github.com/cablelabs/transparent-security) | Transparent Security is a solution for identify the source devices of a DDoS attack and mitigates the attack in the customer premises or the access network. This solution leverages a P4 based programmable data plane for add in-band network telemetry (INT) for device identification and in-band mitigation. | cablelabs | apache-2.0 | 25 |
| [https://github.com/cablelabs/ddos-info-sharing](https://github.com/cablelabs/ddos-info-sharing) | The repository for the CRITS based DDoS Information Sharing platform | cablelabs | | 5 |
| [https://github.com/scythe-io/community-threats](https://github.com/scythe-io/community-threats) | A place to share attack chains for testing people, process, and technology with the entire community. The largest, public library of adversary emulation and adversary simulation plans! #ThreatThursday | scythe-io | mit | 547 |
| [https://github.com/CodisLabs/codis](https://github.com/CodisLabs/codis) | Proxy based Redis cluster solution supporting pipeline and scaling dynamically | CodisLabs | mit | 12690 |
| [https://github.com/ignis-sec/Pwdb-Public](https://github.com/ignis-sec/Pwdb-Public) | A collection of all the data i could extract from 1 billion leaked credentials from internet. | ignis-sec | mit | 2679 |
| [https://github.com/SixGenInc/Noctilucent](https://github.com/SixGenInc/Noctilucent) | Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise | SixGenInc | | 636 |
| [https://github.com/Ciphey/Ciphey](https://github.com/Ciphey/Ciphey) | ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡ | Ciphey | mit | 10904 |
| [https://github.com/jdkato/prose](https://github.com/jdkato/prose) | :book: A Golang library for text processing, including tokenization, part-of-speech tagging, and named-entity extraction. | jdkato | mit | 2952 |
| [https://github.com/juhakivekas/multidiff](https://github.com/juhakivekas/multidiff) | Binary data diffing for multiple objects or streams of data | juhakivekas | mit | 297 |
| [https://github.com/TheWover/donut](https://github.com/TheWover/donut) | Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters | TheWover | bsd-3-clause | 2281 |
| [https://github.com/explosion/spacy-lookups-data](https://github.com/explosion/spacy-lookups-data) | 📂 Additional lookup tables and data resources for spaCy | explosion | mit | 74 |
| [https://github.com/darrenmartyn/vBulldozer](https://github.com/darrenmartyn/vBulldozer) | Very loud vBulletin exploit | darrenmartyn | | 15 |
| [https://github.com/raylene/eng-handbook](https://github.com/raylene/eng-handbook) | A developer's guide to management: an open-sourced handbook for leading software engineering teams. | raylene | gpl-3.0 | 1210 |
| [https://github.com/reald/urh](https://github.com/reald/urh) | Universal Radio Hacker: Experimental PlutoSDR support (via gnuradio). | reald | gpl-3.0 | 7 |
| [https://github.com/reversinglabs/reversinglabs-yara-rules](https://github.com/reversinglabs/reversinglabs-yara-rules) | ReversingLabs YARA Rules | reversinglabs | mit | 502 |
| [https://github.com/blackberry/pe_tree](https://github.com/blackberry/pe_tree) | Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports. | blackberry | apache-2.0 | 1241 |
| [https://github.com/cytopia/pwncat](https://github.com/cytopia/pwncat) | pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) | cytopia | mit | 1493 |
| [https://github.com/gto76/python-cheatsheet](https://github.com/gto76/python-cheatsheet) | Comprehensive Python Cheatsheet | gto76 | | 30554 |
| [https://github.com/souffle-lang/souffle](https://github.com/souffle-lang/souffle) | Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification. | souffle-lang | upl-1.0 | 625 |
| [https://github.com/GrammaTech/ddisasm](https://github.com/GrammaTech/ddisasm) | A fast and accurate disassembler | GrammaTech | agpl-3.0 | 469 |
| [https://github.com/skelsec/pypykatz](https://github.com/skelsec/pypykatz) | Mimikatz implementation in pure Python | skelsec | mit | 2048 |
| [https://github.com/cypress-io/cypress](https://github.com/cypress-io/cypress) | Fast, easy and reliable testing for anything that runs in a browser. | cypress-io | mit | 41383 |
| [https://github.com/Dewera/Lunar](https://github.com/Dewera/Lunar) | A lightweight native DLL mapping library that supports mapping directly from memory | Dewera | mit | 529 |
| [https://github.com/redsolver/noteless](https://github.com/redsolver/noteless) | A Markdown-based note-taking app for mobile devices. | redsolver | mit | 447 |
| [https://github.com/redcode-labs/SNOWCRASH](https://github.com/redcode-labs/SNOWCRASH) | A polyglot payload generator | redcode-labs | mit | 221 |
| [https://github.com/kpcyrd/sn0int](https://github.com/kpcyrd/sn0int) | Semi-automatic OSINT framework and package manager | kpcyrd | gpl-3.0 | 1349 |
| [https://github.com/xHak9x/fbi](https://github.com/xHak9x/fbi) | Facebook Information | xHak9x | gpl-2.0 | 1058 |
| [https://github.com/saffsd/langid.py](https://github.com/saffsd/langid.py) | Stand-alone language identification system | saffsd | other | 2003 |
| [https://github.com/Gamithra/terms-of-endearment](https://github.com/Gamithra/terms-of-endearment) | struggled with finding cute words to call boys so I automated this | Gamithra | | 4 |
| [https://github.com/neolea/neolea-training-materials](https://github.com/neolea/neolea-training-materials) | Open source training materials for law-enforcement and organisations interested in DFIR. | neolea | | 47 |
| [https://github.com/bsolomon1124/demoji](https://github.com/bsolomon1124/demoji) | Accurately find/replace/remove emojis in text strings | bsolomon1124 | apache-2.0 | 130 |
| [https://github.com/ail-project/equaeris](https://github.com/ail-project/equaeris) | A modular scanner for finding open data store (MongoDB, Redis or alike) and feed result into AIL | ail-project | agpl-3.0 | 6 |
| [https://github.com/glscopeclient/scopehal](https://github.com/glscopeclient/scopehal) | Test and measurement hardware abstraction library and protocol decodes. This is the library only. Most users should use scopehal-apps. | glscopeclient | bsd-3-clause | 120 |
| [https://github.com/cerebrate-project/cerebrate-training](https://github.com/cerebrate-project/cerebrate-training) | Cerebrate training materials | cerebrate-project | | 7 |
| [https://github.com/excalidraw/excalidraw](https://github.com/excalidraw/excalidraw) | Virtual whiteboard for sketching hand-drawn like diagrams | excalidraw | mit | 34603 |
| [https://github.com/foambubble/foam](https://github.com/foambubble/foam) | A personal knowledge management and sharing system for VSCode | foambubble | other | 13015 |
| [https://github.com/ndionysus/multitask-cyberthreat-detection](https://github.com/ndionysus/multitask-cyberthreat-detection) | This repository holds the data, source code and resulting model weights for the paper "Towards end-to-end Cyberthreat Detection from Twitter using Multi-Task Learning" to be presented at IJCNN 2020. | ndionysus | mit | 14 |
| [https://github.com/caresteouvert/caresteouvert](https://github.com/caresteouvert/caresteouvert) | Ça reste ouvert - the collaborative map of open places during the lockdown | caresteouvert | agpl-3.0 | 56 |
| [https://github.com/scriptingislife/s3eker](https://github.com/scriptingislife/s3eker) | s3eker is an extensible way to find open S3 buckets. | scriptingislife | | 17 |
| [https://github.com/lucky-luk3/Grafiki](https://github.com/lucky-luk3/Grafiki) | Threat Hunting tool about Sysmon and graphs | lucky-luk3 | lgpl-3.0 | 245 |
| [https://github.com/target/huntlib](https://github.com/target/huntlib) | A Python library to help with some common threat hunting data analysis operations | target | mit | 123 |
| [https://github.com/huggingface/tokenizers](https://github.com/huggingface/tokenizers) | 💥 Fast State-of-the-Art Tokenizers optimized for Research and Production | huggingface | apache-2.0 | 5995 |
| [https://github.com/huggingface/datasets](https://github.com/huggingface/datasets) | 🤗 The largest hub of ready-to-use datasets for ML models with fast, easy-to-use and efficient data manipulation tools | huggingface | apache-2.0 | 14676 |
| [https://github.com/bitquark/dnspop](https://github.com/bitquark/dnspop) | Analysis of DNS records to find popular trends | bitquark | mit | 412 |
| [https://github.com/alphaSeclab/persistence](https://github.com/alphaSeclab/persistence) | Resources About Persistence, Multiple Platforms. Including ~80 Tools and 300+ Posts. | alphaSeclab | | 84 |
| [https://github.com/bigb0sss/LinkedinMama](https://github.com/bigb0sss/LinkedinMama) | Linkedin Employee Profile Scrapper | bigb0sss | mit | 45 |
| [https://github.com/IFGHou/Unicornscan](https://github.com/IFGHou/Unicornscan) | An asynchronous TCP and UDP port scanner developed by the late Jack C. Louis. | IFGHou | other | 9 |
| [https://github.com/HyperDbg/HyperDbg](https://github.com/HyperDbg/HyperDbg) | State-of-the-art native debugging tool | HyperDbg | gpl-3.0 | 1877 |
| [https://github.com/yunuscadirci/CallStranger](https://github.com/yunuscadirci/CallStranger) | Vulnerability checker for Callstranger (CVE-2020-12695) | yunuscadirci | mit | 386 |
| [https://github.com/ntop/PF_RING](https://github.com/ntop/PF_RING) | High-speed packet processing framework | ntop | lgpl-2.1 | 2319 |
| [https://github.com/ZecOps/CVE-2020-0796-RCE-POC](https://github.com/ZecOps/CVE-2020-0796-RCE-POC) | CVE-2020-0796 Remote Code Execution POC | ZecOps | | 479 |
| [https://github.com/flameshot-org/flameshot](https://github.com/flameshot-org/flameshot) | Powerful yet simple to use screenshot software :desktop_computer: :camera_flash: | flameshot-org | gpl-3.0 | 19243 |
| [https://github.com/ZecOps/CVE-2020-1206-POC](https://github.com/ZecOps/CVE-2020-1206-POC) | CVE-2020-1206 Uninitialized Kernel Memory Read POC | ZecOps | other | 144 |
| [https://github.com/0xThiebaut/sigmai](https://github.com/0xThiebaut/sigmai) | Import specific data sources into the Sigma generic and open signature format. | 0xThiebaut | eupl-1.2 | 69 |
| [https://github.com/github/gitignore](https://github.com/github/gitignore) | A collection of useful .gitignore templates | github | cc0-1.0 | 140235 |
| [https://github.com/CERTCC/PoC-Exploits](https://github.com/CERTCC/PoC-Exploits) | Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems. | CERTCC | bsd-3-clause | 167 |
| [https://github.com/m4ll0k/SecretFinder](https://github.com/m4ll0k/SecretFinder) | SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files | m4ll0k | gpl-3.0 | 1180 |
| [https://github.com/paperbay/publishing-hack.lu-2020](https://github.com/paperbay/publishing-hack.lu-2020) | publishing - hack.lu 2020 book | paperbay | | 3 |
| [https://github.com/quarkslab/binbloom](https://github.com/quarkslab/binbloom) | Raw binary firmware analysis software | quarkslab | apache-2.0 | 360 |
| [https://github.com/enisaeu/IRtools](https://github.com/enisaeu/IRtools) | The aim of this repository is to provide a list of examples of tools, sources and measures available to incident response teams | enisaeu | | 47 |
| [https://github.com/fmarotta/kaobook](https://github.com/fmarotta/kaobook) | A LaTeX class for books, reports or theses based on https://github.com/kenohori/thesis and https://github.com/Tufte-LaTeX/tufte-latex. | fmarotta | lppl-1.3c | 594 |
| [https://github.com/InQuest/ThreatIngestor](https://github.com/InQuest/ThreatIngestor) | Extract and aggregate threat intelligence. | InQuest | gpl-2.0 | 604 |
| [https://github.com/nazywam/AutoIt-Ripper](https://github.com/nazywam/AutoIt-Ripper) | Extract AutoIt scripts embedded in PE binaries | nazywam | mit | 116 |
| [https://github.com/3c7/common-osint-model](https://github.com/3c7/common-osint-model) | Converting data from services like Censys and Shodan to a common data model | 3c7 | mit | 34 |
| [https://github.com/secdev/scapy](https://github.com/secdev/scapy) | Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3. | secdev | gpl-2.0 | 8124 |
| [https://github.com/C00kie-/squirrel.lu](https://github.com/C00kie-/squirrel.lu) | | C00kie- | cc-by-sa-4.0 | 5 |
| [https://github.com/free5gc/free5gc](https://github.com/free5gc/free5gc) | Open source 5G core network base on 3GPP R15 | free5gc | apache-2.0 | 1468 |
| [https://github.com/chompie1337/SMBGhost_RCE_PoC](https://github.com/chompie1337/SMBGhost_RCE_PoC) | | chompie1337 | | 1189 |
| [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) | A lightweight dynamic instrumentation library | googleprojectzero | apache-2.0 | 837 |
| [https://github.com/KingNull-dumps/Hosting](https://github.com/KingNull-dumps/Hosting) | Daniel's Hosting - 8350 DBs | KingNull-dumps | | 4 |
| [https://github.com/cerebrate-project/cerebrate](https://github.com/cerebrate-project/cerebrate) | Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools. | cerebrate-project | agpl-3.0 | 64 |
| [https://github.com/certat/rtir-scripts](https://github.com/certat/rtir-scripts) | Various small scripts that make life easier with RT(IR) | certat | agpl-3.0 | 3 |
| [https://github.com/Binject/backdoorfactory](https://github.com/Binject/backdoorfactory) | A from-scratch rewrite of The Backdoor Factory - a MitM tool for inserting shellcode into all types of binaries on the wire. | Binject | gpl-3.0 | 339 |
| [https://github.com/zadam/trilium](https://github.com/zadam/trilium) | Build your personal knowledge base with Trilium Notes | zadam | agpl-3.0 | 18514 |
| [https://github.com/nshalabi/Coding-Ghidra](https://github.com/nshalabi/Coding-Ghidra) | Java Library wrapper for Ghidra Headless Analysis + Java Samples | nshalabi | | 13 |
| [https://github.com/JoelGMSec/AutoRDPwn](https://github.com/JoelGMSec/AutoRDPwn) | The Shadow Attack Framework | JoelGMSec | gpl-3.0 | 911 |
| [https://github.com/xnih/satori](https://github.com/xnih/satori) | Python rewrite of passive OS fingerprinting tool | xnih | gpl-2.0 | 74 |
| [https://github.com/BardinPetr/FINCERT-Sirius](https://github.com/BardinPetr/FINCERT-Sirius) | Automated IOC-scanner for FinCERT | BardinPetr | gpl-3.0 | 6 |
| [https://github.com/Textualize/rich](https://github.com/Textualize/rich) | Rich is a Python library for rich text and beautiful formatting in the terminal. | Textualize | mit | 40549 |
| [https://github.com/utkusen/shotlooter](https://github.com/utkusen/shotlooter) | a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc | utkusen | bsd-3-clause | 553 |
| [https://github.com/0xballistics/inject2pe](https://github.com/0xballistics/inject2pe) | inject or convert shellcode to PE | 0xballistics | gpl-3.0 | 22 |
| [https://github.com/nsacyber/WALKOFF](https://github.com/nsacyber/WALKOFF) | A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber | nsacyber | other | 1106 |
| [https://github.com/WithSecureLabs/captcha22](https://github.com/WithSecureLabs/captcha22) | CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks. | WithSecureLabs | mit | 238 |
| [https://github.com/paulpierre/informer](https://github.com/paulpierre/informer) | A Telegram Mass Surveillance Bot in Python | paulpierre | mit | 1088 |
| [https://github.com/citcheese/telegramMonitor](https://github.com/citcheese/telegramMonitor) | Dump messages and media info from list of Telegram channels to CSV and monitor for changes | citcheese | | 17 |
| [https://github.com/j-core/gnss-baseband](https://github.com/j-core/gnss-baseband) | Baseband Receiver IP for GPS like DSSS signals | j-core | other | 21 |
| [https://github.com/F5OEO/dvbsdr](https://github.com/F5OEO/dvbsdr) | DVB transmit and receive | F5OEO | gpl-3.0 | 31 |
| [https://github.com/sheharbano/scan_liveness](https://github.com/sheharbano/scan_liveness) | Code for the paper "Scanning the Internet for Liveness" | sheharbano | | 10 |
| [https://github.com/WithSecureLabs/C3](https://github.com/WithSecureLabs/C3) | Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. | WithSecureLabs | other | 1222 |
| [https://github.com/citcheese/SqlParserPlus](https://github.com/citcheese/SqlParserPlus) | convert SQL dumps and other leaked db dump formats to CSV | citcheese | | 28 |
| [https://github.com/java-deobfuscator/deobfuscator](https://github.com/java-deobfuscator/deobfuscator) | The real deal | java-deobfuscator | apache-2.0 | 1245 |
| [https://github.com/antijingoist/opendyslexic](https://github.com/antijingoist/opendyslexic) | OpenDyslexic, a typeface that uses typeface shapes & features to help offset some visual symptoms of Dyslexia. Now in SIL-OFL. | antijingoist | other | 347 |
| [https://github.com/spacerace/romfont](https://github.com/spacerace/romfont) | VGA and BIOS rom font extraction | spacerace | | 495 |
| [https://github.com/Alir3z4/html2text](https://github.com/Alir3z4/html2text) | Convert HTML to Markdown-formatted text. | Alir3z4 | gpl-3.0 | 1318 |
| [https://github.com/google/AFL](https://github.com/google/AFL) | american fuzzy lop - a security-oriented fuzzer | google | apache-2.0 | 2931 |
| [https://github.com/outflanknl/EvilClippy](https://github.com/outflanknl/EvilClippy) | A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows. | outflanknl | gpl-3.0 | 1777 |
| [https://github.com/MISP/misp-opendata](https://github.com/MISP/misp-opendata) | Tool to submit / delete data from MISP to opendata portal | MISP | agpl-3.0 | 5 |
| [https://github.com/nemec/elasticslurp](https://github.com/nemec/elasticslurp) | identify and investigate open ElasticSearch servers | nemec | mit | 6 |
| [https://github.com/git-artes/gr-tempest](https://github.com/git-artes/gr-tempest) | An implementation of TEMPEST en GNU Radio | git-artes | other | 414 |
| [https://github.com/Shuffle/Shuffle](https://github.com/Shuffle/Shuffle) | Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing. | Shuffle | agpl-3.0 | 812 |
| [https://github.com/S1sirocks/TwitterMon](https://github.com/S1sirocks/TwitterMon) | TwitterMon is a module developed for AIL framework which allows to monitor the content published in Twitter either within a certain period of time or in real time, in addition to performing a sentiment analysis and a statistical analysis of the publications collected. | S1sirocks | agpl-3.0 | 8 |
| [https://github.com/byt3bl33d3r/WitnessMe](https://github.com/byt3bl33d3r/WitnessMe) | Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier. | byt3bl33d3r | gpl-3.0 | 641 |
| [https://github.com/cyrozap/mediatek-lte-baseband-re](https://github.com/cyrozap/mediatek-lte-baseband-re) | Notes and utilities for reverse engineering the MediaTek LTE baseband and its Coresonic DSP. | cyrozap | gpl-3.0 | 142 |
| [https://github.com/DissectMalware/xlrd2](https://github.com/DissectMalware/xlrd2) | xlrd2 is a variant of xlrd that is actively maintained | DissectMalware | apache-2.0 | 21 |
| [https://github.com/intel/cve-bin-tool](https://github.com/intel/cve-bin-tool) | The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with a list of components and versions. | intel | gpl-3.0 | 588 |
| [https://github.com/JarryShaw/PyPCAPKit](https://github.com/JarryShaw/PyPCAPKit) | Python multi-engine PCAP analysis kit. | JarryShaw | bsd-3-clause | 155 |
| [https://github.com/SecureAuthCorp/impacket](https://github.com/SecureAuthCorp/impacket) | Impacket is a collection of Python classes for working with network protocols. | SecureAuthCorp | other | 10061 |
| [https://github.com/stricaud/research](https://github.com/stricaud/research) | Placeholder for my research content | stricaud | | 1 |
| [https://github.com/JPCERTCC/SysmonSearch](https://github.com/JPCERTCC/SysmonSearch) | Investigate suspicious activity by visualizing Sysmon's event log | JPCERTCC | other | 371 |
| [https://github.com/python-telegram-bot/python-telegram-bot](https://github.com/python-telegram-bot/python-telegram-bot) | We have made you a wrapper you can't refuse | python-telegram-bot | gpl-3.0 | 20051 |
| [https://github.com/oseiskar/corona-sniffer](https://github.com/oseiskar/corona-sniffer) | Contact Tracing BLE sniffer PoC | oseiskar | agpl-3.0 | 75 |
| [https://github.com/nasa-jpl/COVID-19-respirators](https://github.com/nasa-jpl/COVID-19-respirators) | JPL designed 3D and tested printed respirators to help with the COVID-19 pandemic response. | nasa-jpl | apache-2.0 | 118 |
| [https://github.com/ail-project/ail-training](https://github.com/ail-project/ail-training) | AIL project training materials | ail-project | | 12 |
| [https://github.com/jgm/pandoc](https://github.com/jgm/pandoc) | Universal markup converter | jgm | other | 26845 |
| [https://github.com/cgarciae/pypeln](https://github.com/cgarciae/pypeln) | Concurrent data pipelines in Python >>> | cgarciae | mit | 1382 |
| [https://github.com/GliaX/Stethoscope](https://github.com/GliaX/Stethoscope) | A research-validated stethoscope whose plans are available Freely and openly. The cost of the entire stethoscope is between $2.5 to $5 to produce | GliaX | other | 688 |
| [https://github.com/StrangerealIntel/CyberThreatIntel](https://github.com/StrangerealIntel/CyberThreatIntel) | Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups | StrangerealIntel | | 588 |
| [https://github.com/osrg/rustybgp](https://github.com/osrg/rustybgp) | BGP implemented in the Rust Programming Language | osrg | apache-2.0 | 340 |
| [https://github.com/mimno/Mallet](https://github.com/mimno/Mallet) | MALLET is a Java-based package for statistical natural language processing, document classification, clustering, topic modeling, information extraction, and other machine learning applications to text. | mimno | other | 889 |
| [https://github.com/evllabs/JGAAP](https://github.com/evllabs/JGAAP) | The Java Graphical Authorship Attribution Program | evllabs | | 233 |
| [https://github.com/Postuf/telegram-osint-lib](https://github.com/Postuf/telegram-osint-lib) | Telegram scenario-based API aimed at OSINT | Postuf | mit | 129 |
| [https://github.com/apache/incubator-kvrocks](https://github.com/apache/incubator-kvrocks) | Kvrocks is a distributed key value NoSQL database that uses RocksDB as storage engine and is compatible with Redis protocol. | apache | apache-2.0 | 1805 |
| [https://github.com/pts/tinygpgs](https://github.com/pts/tinygpgs) | symmetric key encryption compatible with GPG in Python | pts | mit | 2 |
| [https://github.com/nsacyber/Mitigating-Web-Shells](https://github.com/nsacyber/Mitigating-Web-Shells) | Guidance for mitigation web shells. #nsacyber | nsacyber | other | 871 |
| [https://github.com/Alexiskln/Taxonomy_Of_Infantry_Small_Arms](https://github.com/Alexiskln/Taxonomy_Of_Infantry_Small_Arms) | This is a taxonomy of infantry small arms based on https://www.militaryfactory.com/smallarms/guns-by-type.asp | Alexiskln | | 2 |
| [https://github.com/M0un/SE_API_module](https://github.com/M0un/SE_API_module) | MISP module which displays informations about an URL based on a google search engine API. In order to use this hover type module you need to download the following API : https://github.com/abenassi/Google-Search-API. No API key is needed. | M0un | | 1 |
| [https://github.com/N1col4s5742/StolenCarsUS](https://github.com/N1col4s5742/StolenCarsUS) | Projet Threat Intelligence - PyMisp - Stolen Cars US | N1col4s5742 | | 1 |
| [https://github.com/Nedfire2347/Taxonomy-cia-Intelligence-Analysis-Variables](https://github.com/Nedfire2347/Taxonomy-cia-Intelligence-Analysis-Variables) | Foundations for Meta-Analysis by Rob Johnston for MISP-Instance | Nedfire2347 | | 1 |
| [https://github.com/ail-project/ail-framework](https://github.com/ail-project/ail-framework) | AIL framework - Analysis Information Leak framework | ail-project | agpl-3.0 | 333 |
| [https://github.com/goose3/goose3](https://github.com/goose3/goose3) | A Python 3 compatible version of goose http://goose3.readthedocs.io/en/latest/index.html | goose3 | apache-2.0 | 590 |
| [https://github.com/deep-insights-ai/covid-19-classifier](https://github.com/deep-insights-ai/covid-19-classifier) | A fastai2 based Covid-19 classifier | deep-insights-ai | gpl-3.0 | 16 |
| [https://github.com/citcheese/ODBParser](https://github.com/citcheese/ODBParser) | OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories that have the data you care about exposing | citcheese | mit | 41 |
| [https://github.com/martinvigo/email2phonenumber](https://github.com/martinvigo/email2phonenumber) | A OSINT tool to obtain a target's phone number just by having his email address | martinvigo | mit | 1090 |
| [https://github.com/Rob--W/cookie-manager](https://github.com/Rob--W/cookie-manager) | Cookie Manager for Firefox (Desktop/Android), Chrome. Supports viewing and editing of cookies and private cookies. | Rob--W | mpl-2.0 | 76 |
| [https://github.com/D4-project/analyzer-d4-pcap-filter](https://github.com/D4-project/analyzer-d4-pcap-filter) | d4 analyzer - PCAP filter | D4-project | agpl-3.0 | 3 |
| [https://github.com/ly4k/SMBGhost](https://github.com/ly4k/SMBGhost) | Scanner for CVE-2020-0796 - SMBv3 RCE | ly4k | | 627 |
| [https://github.com/coetaur0/staticfg](https://github.com/coetaur0/staticfg) | Python3 control flow graph generator | coetaur0 | apache-2.0 | 131 |
| [https://github.com/MyGodIsHe/pipeplot](https://github.com/MyGodIsHe/pipeplot) | Displays an interactive graph based on data from pipe. | MyGodIsHe | mit | 11 |
| [https://github.com/kc0bfv/pcode-emulator](https://github.com/kc0bfv/pcode-emulator) | A PCode Emulator for Ghidra. | kc0bfv | other | 90 |
| [https://github.com/AllsafeCyberSecurity/awesome-ghidra](https://github.com/AllsafeCyberSecurity/awesome-ghidra) | A curated list of awesome Ghidra materials | AllsafeCyberSecurity | | 815 |
| [https://github.com/mhaskar/Octopus](https://github.com/mhaskar/Octopus) | Open source pre-operation C2 server based on python and powershell | mhaskar | gpl-3.0 | 643 |
| [https://github.com/sajjadium/DeepCrawling](https://github.com/sajjadium/DeepCrawling) | Crawlium (DeepCrawling): A crawling platform based on Chrome (Chromium) browser to get a deeper look into the ecosystem of content inclusion on the Web. | sajjadium | mit | 49 |
| [https://github.com/bigbluebutton/bigbluebutton](https://github.com/bigbluebutton/bigbluebutton) | Complete open source web conferencing system. | bigbluebutton | lgpl-3.0 | 7716 |
| [https://github.com/laerne/desaturate_all](https://github.com/laerne/desaturate_all) | Desature the entire gnome workspace | laerne | gpl-3.0 | 69 |
| [https://github.com/craiu/mobiletrackers](https://github.com/craiu/mobiletrackers) | A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries. | craiu | gpl-3.0 | 110 |
| [https://github.com/obert01/otx_misp](https://github.com/obert01/otx_misp) | Imports Alienvault OTX pulses to a MISP instance | obert01 | other | 6 |
| [https://github.com/MISP/misp_dockerized_testing](https://github.com/MISP/misp_dockerized_testing) | Test MISP instances using a dockerized infrastructure | MISP | mit | 2 |
| [https://github.com/mrfearless/APISearch-Plugin-x86](https://github.com/mrfearless/APISearch-Plugin-x86) | APISearch Plugin (x86) - A Plugin For x64dbg | mrfearless | | 46 |
| [https://github.com/cocaman/malware-bazaar](https://github.com/cocaman/malware-bazaar) | Python scripts for Malware Bazaar | cocaman | cc-by-sa-4.0 | 96 |
| [https://github.com/ckane/CS7038-Malware-Analysis](https://github.com/ckane/CS7038-Malware-Analysis) | Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038) | ckane | | 590 |
| [https://github.com/vz-risk/VCDB](https://github.com/vz-risk/VCDB) | VERIS Community Database | vz-risk | other | 505 |
| [https://github.com/D4-project/d4-pyclient](https://github.com/D4-project/d4-pyclient) | D4 core software client in Python https://www.d4-project.org/ | D4-project | bsd-2-clause | 4 |
| [https://github.com/gnuradio/gr-etcetera](https://github.com/gnuradio/gr-etcetera) | Additional PyBOMBS recipes that aren't in gr-recipes | gnuradio | | 77 |
| [https://github.com/opendxl/opendxl-misp-service-python](https://github.com/opendxl/opendxl-misp-service-python) | MISP service for use with the OpenDXL Python Client | opendxl | apache-2.0 | 3 |
| [https://github.com/hugsy/CFB](https://github.com/hugsy/CFB) | Canadian Furious Beaver is a tool for monitoring IRP handler in Windows drivers, and facilitating the process of analyzing, replaying and fuzzing Windows drivers for vulnerabilities | hugsy | | 242 |
| [https://github.com/twintproject/twint](https://github.com/twintproject/twint) | An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations. | twintproject | mit | 13958 |
| [https://github.com/jkovacic/FreeRTOS-GCC-ARM926ejs](https://github.com/jkovacic/FreeRTOS-GCC-ARM926ejs) | A port of FreeRTOS to the ARM 929EJ-S Versatile Platform Baseboard | jkovacic | other | 84 |
| [https://github.com/StrangerealIntel/DailyIOC](https://github.com/StrangerealIntel/DailyIOC) | IOC from articles, tweets for archives | StrangerealIntel | | 297 |
| [https://github.com/whid-injector/Focaccia-Board](https://github.com/whid-injector/Focaccia-Board) | Multipurpose Breakout for the FT232H | whid-injector | lgpl-3.0 | 63 |
| [https://github.com/D4-project/analyzer-d4-isn](https://github.com/D4-project/analyzer-d4-isn) | D4 Analyser to get stats and graphs on TCP SYN packets where IP_DST==ISN | D4-project | | 3 |
| [https://github.com/monoxgas/Koppeling](https://github.com/monoxgas/Koppeling) | Adaptive DLL hijacking / dynamic export forwarding | monoxgas | gpl-3.0 | 531 |
| [https://github.com/skylot/jadx](https://github.com/skylot/jadx) | Dex to Java decompiler | skylot | apache-2.0 | 32118 |
| [https://github.com/u-boot/u-boot](https://github.com/u-boot/u-boot) | "Das U-Boot" Source Tree | u-boot | | 2450 |
| [https://github.com/GlasgowEmbedded/glasgow](https://github.com/GlasgowEmbedded/glasgow) | Scots Army Knife for electronics | GlasgowEmbedded | 0bsd | 1588 |
| [https://github.com/firmadyne/firmadyne](https://github.com/firmadyne/firmadyne) | Platform for emulation and dynamic analysis of Linux-based firmware | firmadyne | mit | 1519 |
| [https://github.com/nongiach/arm_now](https://github.com/nongiach/arm_now) | arm_now is a qemu powered tool that allows instant setup of virtual machines on arm cpu, mips, powerpc, nios2, x86 and more, for reverse, exploit, fuzzing and programming purpose. | nongiach | mit | 808 |
| [https://github.com/therealsaumil/emux](https://github.com/therealsaumil/emux) | EMUX Firmware Emulation Framework (formerly ARMX) | therealsaumil | mpl-2.0 | 503 |
| [https://github.com/Wenzel/pyvmidbg](https://github.com/Wenzel/pyvmidbg) | LibVMI-based debug server, implemented in Python. Building a guest aware, stealth and agentless full-system debugger | Wenzel | gpl-3.0 | 213 |
| [https://github.com/C00kie-/workshop-materials](https://github.com/C00kie-/workshop-materials) | Presented hardware reverse engineering workshops since 2019 | C00kie- | other | 60 |
| [https://github.com/joxeankoret/diaphora](https://github.com/joxeankoret/diaphora) | Diaphora, the most advanced Free and Open Source program diffing tool. | joxeankoret | agpl-3.0 | 2429 |
| [https://github.com/sophos/yaraml_rules](https://github.com/sophos/yaraml_rules) | Security ML models encoded as Yara rules | sophos | apache-2.0 | 162 |
| [https://github.com/redcanaryco/chain-reactor](https://github.com/redcanaryco/chain-reactor) | Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints. | redcanaryco | mit | 259 |
| [https://github.com/0x90/ss7-arsenal](https://github.com/0x90/ss7-arsenal) | SS7 tools and scripts | 0x90 | | 145 |
| [https://github.com/elfmaster/dt_infect](https://github.com/elfmaster/dt_infect) | ELF Shared library injector using DT_NEEDED precedence infection. Acts as a permanent LD_PRELOAD | elfmaster | | 91 |
| [https://github.com/google/OpenSK](https://github.com/google/OpenSK) | OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards. | google | apache-2.0 | 2323 |
| [https://github.com/D4-project/analyzer-d4-log](https://github.com/D4-project/analyzer-d4-log) | Analyze logs collected though d4 to produce diverse statistics. | D4-project | agpl-3.0 | 4 |
| [https://github.com/andreafioraldi/frida-fuzzer](https://github.com/andreafioraldi/frida-fuzzer) | This experimetal fuzzer is meant to be used for API in-memory fuzzing. | andreafioraldi | apache-2.0 | 518 |
| [https://github.com/py4n6/pytsk](https://github.com/py4n6/pytsk) | Python bindings for The Sleuth Kit (libtsk) | py4n6 | apache-2.0 | 71 |
| [https://github.com/j91321/rext](https://github.com/j91321/rext) | Router EXploitation Toolkit - small toolkit for easy creation and usage of various python scripts that work with embedded devices. | j91321 | gpl-3.0 | 346 |
| [https://github.com/opencybersecurityalliance/ontology](https://github.com/opencybersecurityalliance/ontology) | The OpenDXL Ontology project is focused on the development of an open and interoperable cybersecurity messaging format for use with the OpenDXL messaging bus | opencybersecurityalliance | other | 78 |
| [https://github.com/gaul/awesome-ld-preload](https://github.com/gaul/awesome-ld-preload) | List of resources related to LD_PRELOAD, a mechanism for changing application behavior at run-time | gaul | | 789 |
| [https://github.com/charles2gan/GDA-android-reversing-Tool](https://github.com/charles2gan/GDA-android-reversing-Tool) | the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc. | charles2gan | apache-2.0 | 2999 |
| [https://github.com/tenzir/threatbus](https://github.com/tenzir/threatbus) | 🚌 Threat Bus A threat intelligence dissemination layer for open-source security tools. | tenzir | bsd-3-clause | 229 |
| [https://github.com/EBWi11/AgentSmith-HIDS](https://github.com/EBWi11/AgentSmith-HIDS) | By Kprobe technology Open Source Host-based Intrusion Detection System(HIDS), from E_Bwill. | EBWi11 | gpl-2.0 | 565 |
| [https://github.com/luigifcruz/CyberRadio](https://github.com/luigifcruz/CyberRadio) | 📻 An SDR Based FM/AM Radio For Desktop. Accelerated with #cuSignal and Numba. | luigifcruz | gpl-3.0 | 180 |
| [https://github.com/juand-r/entity-recognition-datasets](https://github.com/juand-r/entity-recognition-datasets) | A collection of corpora for named entity recognition (NER) and entity recognition tasks. These annotated datasets cover a variety of languages, domains and entity types. | juand-r | mit | 1242 |
| [https://github.com/mixxxdj/mixxx](https://github.com/mixxxdj/mixxx) | Mixxx is Free DJ software that gives you everything you need to perform live mixes. | mixxxdj | other | 3026 |
| [https://github.com/magenta/ddsp](https://github.com/magenta/ddsp) | DDSP: Differentiable Digital Signal Processing | magenta | apache-2.0 | 2327 |
| [https://github.com/CybercentreCanada/CCCS-Yara](https://github.com/CybercentreCanada/CCCS-Yara) | YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA | CybercentreCanada | mit | 66 |
| [https://github.com/x1sec/citrixmash_scanner](https://github.com/x1sec/citrixmash_scanner) | A fast multi threaded scanner for Citrix ADC (NetScaler) CVE-2019-19781 - Citrixmash / Shitrix | x1sec | mit | 36 |
| [https://github.com/microsoft/msticpy](https://github.com/microsoft/msticpy) | Microsoft Threat Intelligence Security Tools | microsoft | other | 1101 |
| [https://github.com/aliasrobotics/flawfinder](https://github.com/aliasrobotics/flawfinder) | Python 3-enabled flawfinder, a tool to lexically find potential security flaws ("hits") in source code | aliasrobotics | gpl-2.0 | 2 |
| [https://github.com/zhuhuibeishadiao/PatchGuardResearch](https://github.com/zhuhuibeishadiao/PatchGuardResearch) | win10 pgContext dynamic dump (btc version) | zhuhuibeishadiao | | 87 |
| [https://github.com/ijl/orjson](https://github.com/ijl/orjson) | Fast, correct Python JSON library supporting dataclasses, datetimes, and numpy | ijl | apache-2.0 | 3899 |
| [https://github.com/Fuzzers-Archive/Superion](https://github.com/Fuzzers-Archive/Superion) | Superion is a fuzzer which extends the famous AFL to support structured inputs such as JavaScript and XML. | Fuzzers-Archive | | 8 |
| [https://github.com/corundum/corundum](https://github.com/corundum/corundum) | Open source FPGA-based NIC and platform for in-network compute | corundum | other | 972 |
| [https://github.com/panagioto/Mimir](https://github.com/panagioto/Mimir) | A C++ POC for process injection using NtCreateSectrion, NtMapViewOfSection and RtlCreateUserThread. Credit to @spotheplanet for his notes. | panagioto | | 39 |
| [https://github.com/brannondorsey/naive-hashcat](https://github.com/brannondorsey/naive-hashcat) | Crack password hashes without the fuss :cat2: | brannondorsey | mit | 972 |
| [https://github.com/dask/dask](https://github.com/dask/dask) | Parallel computing with task scheduling | dask | bsd-3-clause | 10453 |
| [https://github.com/firstlookmedia/gpgsync](https://github.com/firstlookmedia/gpgsync) | :lock: GPG Sync is designed to let users always have up-to-date public keys for other members of their organization | firstlookmedia | gpl-3.0 | 332 |
| [https://github.com/MISP/threat-actor-intelligence-server](https://github.com/MISP/threat-actor-intelligence-server) | A simple ReST server to lookup threat actors (by name, synonym or UUID) and returning the corresponding MISP galaxy information about the known threat actors. | MISP | agpl-3.0 | 32 |
| [https://github.com/laucyun/APT34](https://github.com/laucyun/APT34) | APT34/OILRIG leak | laucyun | other | 62 |
| [https://github.com/jfoote/exploitable](https://github.com/jfoote/exploitable) | The 'exploitable' GDB plugin | jfoote | other | 601 |
| [https://github.com/codecat/ClawSearch](https://github.com/codecat/ClawSearch) | A memory scanner plugin for x64dbg, inspired by Cheat Engine. | codecat | gpl-3.0 | 213 |
| [https://github.com/vikramarsid/msg_parser](https://github.com/vikramarsid/msg_parser) | Python module to read, parse and converting Microsoft Outlook MSG E-Mail files. | vikramarsid | bsd-2-clause | 41 |
| [https://github.com/Hackndo/lsassy](https://github.com/Hackndo/lsassy) | Extract credentials from lsass remotely | Hackndo | mit | 1504 |
| [https://github.com/hephaest0s/usbkill](https://github.com/hephaest0s/usbkill) | « usbkill » is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer. | hephaest0s | | 4084 |
| [https://github.com/opengdpr/OpenDSR](https://github.com/opengdpr/OpenDSR) | A common framework enabling companies to work together to protect consumers' privacy and data rights. | opengdpr | other | 333 |
| [https://github.com/x25today/voipwardialer](https://github.com/x25today/voipwardialer) | A Voip Wardialer for the phreaking of 2020 | x25today | | 42 |
| [https://github.com/HexHive/retrowrite](https://github.com/HexHive/retrowrite) | RetroWrite -- Retrofitting compiler passes through binary rewriting | HexHive | other | 496 |
| [https://github.com/stewartsmith/libeatmydata](https://github.com/stewartsmith/libeatmydata) | libeatmydata - because fsync() should be a no-op | stewartsmith | gpl-3.0 | 282 |
| [https://github.com/DavidBuchanan314/dlinject](https://github.com/DavidBuchanan314/dlinject) | Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace | DavidBuchanan314 | mit | 666 |
| [https://github.com/allenai/allennlp](https://github.com/allenai/allennlp) | An open-source NLP research library, built on PyTorch. | allenai | apache-2.0 | 11271 |
| [https://github.com/argilo/gr-flarm](https://github.com/argilo/gr-flarm) | FLARM receiver for GNU Radio | argilo | gpl-3.0 | 25 |
| [https://github.com/WalkingCat/ExpDiff](https://github.com/WalkingCat/ExpDiff) | Diff tool for comparing export tables in PE images | WalkingCat | | 24 |
| [https://github.com/muccc/iridium-toolkit](https://github.com/muccc/iridium-toolkit) | A set of tools to parse Iridium frames | muccc | | 390 |
| [https://github.com/muccc/gr-iridium](https://github.com/muccc/gr-iridium) | Iridium burst detector and demodulator. | muccc | | 253 |
| [https://github.com/alphaSeclab/awesome-forensics](https://github.com/alphaSeclab/awesome-forensics) | Awesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics. | alphaSeclab | | 538 |
| [https://github.com/lightswitch05/php-version-audit](https://github.com/lightswitch05/php-version-audit) | Audit your PHP version for known CVEs and patches | lightswitch05 | apache-2.0 | 100 |
| [https://github.com/rxwx/CVE-2018-0802](https://github.com/rxwx/CVE-2018-0802) | PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882) | rxwx | | 268 |
| [https://github.com/0xR0/shellver](https://github.com/0xR0/shellver) | Reverse Shell Cheat Sheet TooL | 0xR0 | | 282 |
| [https://github.com/cseagle/blc](https://github.com/cseagle/blc) | Integrate Ghidra's decompiler as an Ida plugin | cseagle | gpl-2.0 | 364 |
| [https://github.com/str4d/rage](https://github.com/str4d/rage) | A simple, secure and modern encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability. | str4d | apache-2.0 | 1631 |
| [https://github.com/devio/FinSpy-Tools](https://github.com/devio/FinSpy-Tools) | Tools for the analysis of FinSpy/FinFisher components #spyware #trojan #govware | devio | | 84 |
| [https://github.com/Linuzifer/FinSpy-Dokumentation](https://github.com/Linuzifer/FinSpy-Dokumentation) | CCC: Analyse des Staatstrojaners "FinSpy" für Android | Linuzifer | | 118 |
| [https://github.com/jedisct1/ping](https://github.com/jedisct1/ping) | Pong revolution. | jedisct1 | gpl-2.0 | 13 |
| [https://github.com/gchq/stroom](https://github.com/gchq/stroom) | Stroom is a highly scalable data storage, processing and analysis platform. | gchq | apache-2.0 | 395 |
| [https://github.com/HynekPetrak/malware-jail](https://github.com/HynekPetrak/malware-jail) | Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js | HynekPetrak | mit | 411 |
| [https://github.com/ONLYOFFICE/CommunityServer](https://github.com/ONLYOFFICE/CommunityServer) | Free open source office suite with business productivity tools: document and project management, CRM, mail aggregator. | ONLYOFFICE | apache-2.0 | 1843 |
| [https://github.com/ionescu007/winipt](https://github.com/ionescu007/winipt) | The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by Windows 10 Redstone 5 (1809), through a set of libraries and a command-line tool. | ionescu007 | bsd-2-clause | 302 |
| [https://github.com/can1357/ByePg](https://github.com/can1357/ByePg) | Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI | can1357 | | 633 |
| [https://github.com/tarantula-team/CVE-2019-12949](https://github.com/tarantula-team/CVE-2019-12949) | CVE-2019-12949 | tarantula-team | | 27 |
| [https://github.com/sipa/bech32](https://github.com/sipa/bech32) | Code snippets and analysis of the Bech32 format | sipa | | 165 |
| [https://github.com/lionsoul2014/ip2region](https://github.com/lionsoul2014/ip2region) | Ip2region (2.0 - xdb) is a offline IP address manager framework and locator, support billions of data segments, ten microsecond searching performance. xdb engine implementation for many programming languages | lionsoul2014 | apache-2.0 | 12348 |
| [https://github.com/hack-different/smcutil](https://github.com/hack-different/smcutil) | SMC utility for modifying and examining Apple's SMC payloads. | hack-different | mit | 31 |
| [https://github.com/KasperskyLab/hb_dec](https://github.com/KasperskyLab/hb_dec) | | KasperskyLab | | 10 |
| [https://github.com/brakmic/Sinkholes](https://github.com/brakmic/Sinkholes) | :bug: Malware Sinkhole List in various formats | brakmic | mit | 95 |
| [https://github.com/Xyrodileas/misp-k8s](https://github.com/Xyrodileas/misp-k8s) | Automated deployment of MISP and MISP-Dashboard via K8S and AWS | Xyrodileas | lgpl-3.0 | 18 |
| [https://github.com/adulau/MalwareClassifier](https://github.com/adulau/MalwareClassifier) | Malware Classifier From Network Captures | adulau | | 79 |
| [https://github.com/h3x2b/yara-rules](https://github.com/h3x2b/yara-rules) | Yara rules for detecting malware | h3x2b | | 17 |
| [https://github.com/deadbits/yara-rules](https://github.com/deadbits/yara-rules) | Collection of YARA signatures from individual research | deadbits | unlicense | 34 |
| [https://github.com/doyensec/inql](https://github.com/doyensec/inql) | InQL - A Burp Extension for GraphQL Security Testing | doyensec | apache-2.0 | 1057 |
| [https://github.com/sharkdp/hexyl](https://github.com/sharkdp/hexyl) | A command-line hex viewer | sharkdp | apache-2.0 | 7161 |
| [https://github.com/mitre-attack/tram](https://github.com/mitre-attack/tram) | Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK. | mitre-attack | apache-2.0 | 332 |
| [https://github.com/belangeo/soundgrain](https://github.com/belangeo/soundgrain) | Graphical interface to control granular sound synthesis. | belangeo | | 122 |
| [https://github.com/wesinator/GroundTruths](https://github.com/wesinator/GroundTruths) | Knowledgebase of universal truths and technical analysis caveats for CTI and DFIR, in one place. | wesinator | | 6 |
| [https://github.com/codexgigassys/codex-backend](https://github.com/codexgigassys/codex-backend) | Codex Gigas malware DNA profiling search engine discovers malware patterns and characteristics assisting individuals who are attracted in malware hunting. | codexgigassys | mit | 155 |
| [https://github.com/ANSSI-FR/chipsec-check](https://github.com/ANSSI-FR/chipsec-check) | Tools to generate a Debian Linux distribution with chipsec to test hardware requirements | ANSSI-FR | bsd-2-clause | 41 |
| [https://github.com/telsy-cyberops/research](https://github.com/telsy-cyberops/research) | Telsy CTI Research Team | telsy-cyberops | | 55 |
| [https://github.com/mandiant/SharPersist](https://github.com/mandiant/SharPersist) | | mandiant | other | 917 |
| [https://github.com/software-engineering-and-security/inspector-gadget](https://github.com/software-engineering-and-security/inspector-gadget) | Inspector-gadget (a.k.a. PSHAPE - Practical Support for Half-Automated Program Exploitation) is an open source tool which assists analysts in exploit development. It discovers gadgets, chains gadgets together, and ensures that side effects such as register dereferences do not crash the program. | software-engineering-and-security | lgpl-2.1 | 15 |
| [https://github.com/0xdidu/Reverse-Engineering-Intel-x64-101](https://github.com/0xdidu/Reverse-Engineering-Intel-x64-101) | Material for a RE 101 class on Intel x64 binaries | 0xdidu | | 162 |
| [https://github.com/ageitgey/face_recognition](https://github.com/ageitgey/face_recognition) | The world's simplest facial recognition api for Python and the command line | ageitgey | mit | 46325 |
| [https://github.com/Areizen/Android-Malware-Sandbox](https://github.com/Areizen/Android-Malware-Sandbox) | Android Malware Sandbox | Areizen | apache-2.0 | 231 |
| [https://github.com/qilingframework/qiling](https://github.com/qilingframework/qiling) | Qiling Advanced Binary Emulation Framework | qilingframework | gpl-2.0 | 3740 |
| [https://github.com/eXascaleInfolab/GraphEmbEval](https://github.com/eXascaleInfolab/GraphEmbEval) | Graph (network) embeddings evaluation framework via classification, gram martix construction for links prediction | eXascaleInfolab | gpl-3.0 | 6 |
| [https://github.com/microsoft/presidio](https://github.com/microsoft/presidio) | Context aware, pluggable and customizable data protection and anonymization SDK for text and images | microsoft | mit | 1872 |
| [https://github.com/p3nt4/PowerShdll](https://github.com/p3nt4/PowerShdll) | Run PowerShell with rundll32. Bypass software restrictions. | p3nt4 | mit | 1387 |
| [https://github.com/uccidibuti/bitrush-index](https://github.com/uccidibuti/bitrush-index) | A serializable bitmap index library able to index millions values/sec on a single thread. | uccidibuti | gpl-3.0 | 17 |
| [https://github.com/Azure/Azure-Sentinel](https://github.com/Azure/Azure-Sentinel) | Cloud-native SIEM for intelligent security analytics for your entire enterprise. | Azure | mit | 2767 |
| [https://github.com/bpftools/linux-observability-with-bpf](https://github.com/bpftools/linux-observability-with-bpf) | Code snippets from the O'Reilly book | bpftools | apache-2.0 | 737 |
| [https://github.com/silence-is-best/c2db](https://github.com/silence-is-best/c2db) | c2 traffic | silence-is-best | | 170 |
| [https://github.com/GrammaTech/gtirb](https://github.com/GrammaTech/gtirb) | Intermediate Representation for Binary analysis and transformation | GrammaTech | mit | 235 |
| [https://github.com/aliasrobotics/RVD](https://github.com/aliasrobotics/RVD) | Robot Vulnerability Database. An archive of robot vulnerabilities and bugs. | aliasrobotics | gpl-3.0 | 130 |
| [https://github.com/D4-project/demotic-js](https://github.com/D4-project/demotic-js) | Common JS utilities used by ordinary people | D4-project | bsd-2-clause | 3 |
| [https://github.com/heiswayi/pgp](https://github.com/heiswayi/pgp) | PGP Suite - A simple and easy-to-use client-side PGP tool. | heiswayi | mit | 42 |
| [https://github.com/anthonykasza/nxes](https://github.com/anthonykasza/nxes) | | anthonykasza | | 7 |
| [https://github.com/ppiizzaa/runtime](https://github.com/ppiizzaa/runtime) | VEH Redirect & VEH Debugger | ppiizzaa | gpl-3.0 | 20 |
| [https://github.com/MohitDabas/malwinx](https://github.com/MohitDabas/malwinx) | Just a normal flask web app to understand win32api with code snippets and references. | MohitDabas | | 75 |
| [https://github.com/BC-SECURITY/Empire](https://github.com/BC-SECURITY/Empire) | Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. | BC-SECURITY | bsd-3-clause | 2881 |
| [https://github.com/SentineLabs/TrickBot-Anchor](https://github.com/SentineLabs/TrickBot-Anchor) | This is a repository for the public blog with Labs indicators of compromise. | SentineLabs | | 11 |
| [https://github.com/kevoreilly/CAPEv2](https://github.com/kevoreilly/CAPEv2) | Malware Configuration And Payload Extraction | kevoreilly | other | 933 |
| [https://github.com/CaliDog/certstream-python](https://github.com/CaliDog/certstream-python) | Python library for connecting to CertStream | CaliDog | mit | 344 |
| [https://github.com/rodneyviana/netext](https://github.com/rodneyviana/netext) | WinDbg extension for data mining managed heap. It also includes commands to list http request, wcf services, WIF tokens among others | rodneyviana | other | 159 |
| [https://github.com/Huawei-LTE-routers-mods/imei_generator](https://github.com/Huawei-LTE-routers-mods/imei_generator) | IMEI generator used in Huawei modified firmware | Huawei-LTE-routers-mods | | 9 |
| [https://github.com/kent37/guess-language](https://github.com/kent37/guess-language) | Automatically exported from code.google.com/p/guess-language | kent37 | lgpl-2.1 | 47 |
| [https://github.com/dncc/qpick](https://github.com/dncc/qpick) | Search for similar short strings | dncc | gpl-2.0 | 52 |
| [https://github.com/google/sentencepiece](https://github.com/google/sentencepiece) | Unsupervised text tokenizer for Neural Network-based text generation. | google | apache-2.0 | 6256 |
| [https://github.com/KeyviDev/keyvi-server](https://github.com/KeyviDev/keyvi-server) | A key value store powered by keyvi | KeyviDev | apache-2.0 | 6 |
| [https://github.com/KeyviDev/keyvi](https://github.com/KeyviDev/keyvi) | Keyvi - the key value index. It is an in-memory FST-based data structure highly optimized for size and lookup performance. | KeyviDev | apache-2.0 | 205 |
| [https://github.com/mwouts/jupytext](https://github.com/mwouts/jupytext) | Jupyter Notebooks as Markdown Documents, Julia, Python or R scripts | mwouts | mit | 5642 |
| [https://github.com/skelsec/jackdaw](https://github.com/skelsec/jackdaw) | gather gather gather | skelsec | | 509 |
| [https://github.com/ret2jazzy/disasm.pro](https://github.com/ret2jazzy/disasm.pro) | A realtime assembler/disassembler (formerly known as disasm.ninja) | ret2jazzy | | 239 |
| [https://github.com/ZoneMinder/zoneminder](https://github.com/ZoneMinder/zoneminder) | ZoneMinder is a free, open source Closed-circuit television software application developed for Linux which supports IP, USB and Analog cameras. | ZoneMinder | gpl-2.0 | 3873 |
| [https://github.com/mandiant/FIDL](https://github.com/mandiant/FIDL) | A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research | mandiant | mit | 409 |
| [https://github.com/threat9/routersploit](https://github.com/threat9/routersploit) | Exploitation Framework for Embedded Devices | threat9 | other | 10581 |
| [https://github.com/volatilityfoundation/volatility3](https://github.com/volatilityfoundation/volatility3) | Volatility 3.0 development | volatilityfoundation | other | 1106 |
| [https://github.com/OCSAF/freevulnsearch](https://github.com/OCSAF/freevulnsearch) | Free and open NMAP NSE script to query vulnerabilities via the cve-search.org API. | OCSAF | gpl-3.0 | 235 |
| [https://github.com/cudeso/misp-usergroups](https://github.com/cudeso/misp-usergroups) | MISP User Groups | cudeso | | 10 |
| [https://github.com/laconicwolf/cors-scanner](https://github.com/laconicwolf/cors-scanner) | A multi-threaded scanner that helps identify CORS flaws/misconfigurations | laconicwolf | | 16 |
| [https://github.com/CoatiSoftware/Sourcetrail](https://github.com/CoatiSoftware/Sourcetrail) | Sourcetrail - free and open-source interactive source explorer | CoatiSoftware | gpl-3.0 | 12990 |
| [https://github.com/0x09AL/RdpThief](https://github.com/0x09AL/RdpThief) | Extracting Clear Text Passwords from mstsc.exe using API Hooking. | 0x09AL | | 922 |
| [https://github.com/CERT-Polska/proactive-detection-survey](https://github.com/CERT-Polska/proactive-detection-survey) | Reference material for the proactive detection of incidents survey | CERT-Polska | | 7 |
| [https://github.com/Akaion/Bleak](https://github.com/Akaion/Bleak) | A Windows native DLL injection library that supports several methods of injection. | Akaion | mit | 601 |
| [https://github.com/berthubert/galmon](https://github.com/berthubert/galmon) | galileo open source monitoring | berthubert | gpl-3.0 | 147 |
| [https://github.com/stricaud/sightingdb](https://github.com/stricaud/sightingdb) | SightingDB is a database for Sightings | stricaud | mit | 18 |
| [https://github.com/cisagov/Malcolm](https://github.com/cisagov/Malcolm) | Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. | cisagov | other | 1228 |
| [https://github.com/veracode-research/solr-injection](https://github.com/veracode-research/solr-injection) | Apache Solr Injection Research | veracode-research | | 537 |
| [https://github.com/JohnLaTwC/Shared](https://github.com/JohnLaTwC/Shared) | Shared Blogs and Notebooks | JohnLaTwC | | 329 |
| [https://github.com/3xpl01tc0d3r/ProcessInjection](https://github.com/3xpl01tc0d3r/ProcessInjection) | This program is designed to demonstrate various process injection techniques | 3xpl01tc0d3r | gpl-3.0 | 785 |
| [https://github.com/DFIRKuiper/Kuiper](https://github.com/DFIRKuiper/Kuiper) | Digital Forensics Investigation Platform | DFIRKuiper | | 539 |
| [https://github.com/benjojo/bgp-battleships](https://github.com/benjojo/bgp-battleships) | Play battleships using BGP | benjojo | | 398 |
| [https://github.com/nhorman/dropwatch](https://github.com/nhorman/dropwatch) | | nhorman | gpl-2.0 | 459 |
| [https://github.com/secureworks/aristotle](https://github.com/secureworks/aristotle) | | secureworks | apache-2.0 | 16 |
| [https://github.com/OALabs/BlobRunner](https://github.com/OALabs/BlobRunner) | Quickly debug shellcode extracted during malware analysis | OALabs | mit | 405 |
| [https://github.com/satwikbh/custom-yara-rules](https://github.com/satwikbh/custom-yara-rules) | Custom Yara rules which are collected from various sources | satwikbh | | 2 |
| [https://github.com/Ph055a/OSINT_Collection](https://github.com/Ph055a/OSINT_Collection) | Maintained collection of OSINT related resources. (All Free & Actionable) | Ph055a | | 1321 |
| [https://github.com/arxsys/dff](https://github.com/arxsys/dff) | DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities. | arxsys | gpl-2.0 | 207 |
| [https://github.com/joesecurity/sigma-rules](https://github.com/joesecurity/sigma-rules) | Sigma rules from Joe Security | joesecurity | gpl-3.0 | 134 |
| [https://github.com/daddycocoaman/BeaconGraph](https://github.com/daddycocoaman/BeaconGraph) | Graph visualization of wireless client and access point relationships | daddycocoaman | gpl-3.0 | 103 |
| [https://github.com/svperbeast/struct](https://github.com/svperbeast/struct) | pack and unpack binary data. | svperbeast | mit | 49 |
| [https://github.com/astrelsky/Ghidra-Cpp-Class-Analyzer](https://github.com/astrelsky/Ghidra-Cpp-Class-Analyzer) | Ghidra C++ Class and Run Time Type Information Analyzer | astrelsky | mit | 520 |
| [https://github.com/DevoInc/pCraft](https://github.com/DevoInc/pCraft) | | DevoInc | mit | 86 |
| [https://github.com/SecurityRiskAdvisors/VECTR](https://github.com/SecurityRiskAdvisors/VECTR) | VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios | SecurityRiskAdvisors | | 1001 |
| [https://github.com/randomuserid/Adama](https://github.com/randomuserid/Adama) | Searches For Threat Hunting and Security Analytics | randomuserid | other | 237 |
| [https://github.com/ITAYC0HEN/APT-Ecosystem](https://github.com/ITAYC0HEN/APT-Ecosystem) | This repository contains the website and the tools which are part of the joint research between Check Point Research and Intezer to map the connections inside the APT Ecosystem of Russia. | ITAYC0HEN | | 103 |
| [https://github.com/i-tu/Hasklig](https://github.com/i-tu/Hasklig) | Hasklig - a code font with monospaced ligatures | i-tu | ofl-1.1 | 5324 |
| [https://github.com/misinfosecproject/amitt_framework](https://github.com/misinfosecproject/amitt_framework) | Repo replaced by cogsec-collaborative/AMITT | misinfosecproject | cc-by-sa-4.0 | 158 |
| [https://github.com/microsoft/SandDance](https://github.com/microsoft/SandDance) | Visually explore, understand, and present your data. | microsoft | mit | 5891 |
| [https://github.com/FiloSottile/age](https://github.com/FiloSottile/age) | A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. | FiloSottile | bsd-3-clause | 11957 |
| [https://github.com/hroi/treebitmap](https://github.com/hroi/treebitmap) | Fast IP lookup table for IPv4/IPv6 prefixes | hroi | mit | 82 |
| [https://github.com/plougher/squashfs-tools](https://github.com/plougher/squashfs-tools) | tools to create and extract Squashfs filesystems | plougher | gpl-2.0 | 419 |
| [https://github.com/zzrcxb/fusor](https://github.com/zzrcxb/fusor) | Obfuscator based on logic-bombs | zzrcxb | gpl-3.0 | 41 |
| [https://github.com/GoSecure/malboxes](https://github.com/GoSecure/malboxes) | Builds malware analysis Windows VMs so that you don't have to. | GoSecure | gpl-3.0 | 986 |
| [https://github.com/leeoniya/uPlot](https://github.com/leeoniya/uPlot) | 📈 A small, fast chart for time series, lines, areas, ohlc & bars | leeoniya | mit | 7414 |
| [https://github.com/elfmaster/libelfmaster](https://github.com/elfmaster/libelfmaster) | Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools | elfmaster | | 338 |
| [https://github.com/mjosaarinen/pqps](https://github.com/mjosaarinen/pqps) | Tools for power measurements of post-quantum cryptographic algorithms | mjosaarinen | | 22 |
| [https://github.com/tadeck/onetimepass](https://github.com/tadeck/onetimepass) | One-time password library for HMAC-based (HOTP) and time-based (TOTP) passwords | tadeck | mit | 663 |
| [https://github.com/RichieB2B/php-resque-ex](https://github.com/RichieB2B/php-resque-ex) | PHP port of resque (Workers and Queueing), with phpredis support, and more logging options | RichieB2B | mit | 1 |
| [https://github.com/idealo/imagededup](https://github.com/idealo/imagededup) | 😎 Finding duplicate images made easy! | idealo | apache-2.0 | 4226 |
| [https://github.com/robertdavidgraham/dnsparse](https://github.com/robertdavidgraham/dnsparse) | Parses DNS responses in a secure, rigorous manner | robertdavidgraham | | 16 |
| [https://github.com/JonathanSalwan/binary-samples](https://github.com/JonathanSalwan/binary-samples) | Samples of binary with different formats and architectures. A test suite for your binary analysis tools. | JonathanSalwan | mit | 201 |
| [https://github.com/dgkim0803/CTIMiner](https://github.com/dgkim0803/CTIMiner) | CTI database generator and public dataset | dgkim0803 | | 19 |
| [https://github.com/naftaliharris/tauthon](https://github.com/naftaliharris/tauthon) | Fork of Python 2.7 with new syntax, builtins, and libraries backported from Python 3. | naftaliharris | other | 650 |
| [https://github.com/Ekultek/WhatBreach](https://github.com/Ekultek/WhatBreach) | OSINT tool to find breached emails, databases, pastes, and relevant information | Ekultek | | 763 |
| [https://github.com/luke8086/boot2c](https://github.com/luke8086/boot2c) | A simple way to write standalone C programs for i386 | luke8086 | | 243 |
| [https://github.com/D4-project/d4-sensor-generator](https://github.com/D4-project/d4-sensor-generator) | | D4-project | agpl-3.0 | 4 |
| [https://github.com/security-architecture/detect-secrets](https://github.com/security-architecture/detect-secrets) | An enterprise friendly way of detecting and preventing secrets in code. | security-architecture | apache-2.0 | 1 |
| [https://github.com/ThreatHuntingProject/hunter](https://github.com/ThreatHuntingProject/hunter) | A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook. | ThreatHuntingProject | mit | 206 |
| [https://github.com/CIRCL/forensic-tools](https://github.com/CIRCL/forensic-tools) | CIRCL system forensic tools or a jumble of tools to support forensic | CIRCL | | 33 |
| [https://github.com/apache/nifi-minifi](https://github.com/apache/nifi-minifi) | Apache MiNiFi (a subproject of Apache NiFi) | apache | apache-2.0 | 116 |
| [https://github.com/obspy/obspy](https://github.com/obspy/obspy) | ObsPy: A Python Toolbox for seismology/seismological observatories. | obspy | other | 957 |
| [https://github.com/DFIR-ORC/dfir-orc](https://github.com/DFIR-ORC/dfir-orc) | Forensics artefact collection tool for systems running Microsoft Windows | DFIR-ORC | lgpl-2.1 | 297 |
| [https://github.com/alephdata/fingerprints](https://github.com/alephdata/fingerprints) | Make it easier to compare and cross-reference the names of companies and people by applying strong normalisation. | alephdata | mit | 113 |
| [https://github.com/davidonzo/Threat-Intel](https://github.com/davidonzo/Threat-Intel) | Threat-Intel repository. API: https://github.com/davidonzo/apiosintDS | davidonzo | mit | 104 |
| [https://github.com/Barakat/CVE-2019-16098](https://github.com/Barakat/CVE-2019-16098) | Local privilege escalation PoC exploit for CVE-2019-16098 | Barakat | | 163 |
| [https://github.com/dfirlabs/ntfs-specimens](https://github.com/dfirlabs/ntfs-specimens) | NTFS file system specimens | dfirlabs | cc-by-4.0 | 10 |
| [https://github.com/LandGrey/pydictor](https://github.com/LandGrey/pydictor) | A powerful and useful hacker dictionary builder for a brute-force attack | LandGrey | gpl-3.0 | 2522 |
| [https://github.com/hectorm/hmirror](https://github.com/hectorm/hmirror) | Mirror of multiple third-party blocklists (updated daily). | hectorm | mit | 129 |
| [https://github.com/D4-project/analyzer-d4-ipa](https://github.com/D4-project/analyzer-d4-ipa) | analyzer-d4-ipa (ICMP Passive Analysis) | D4-project | agpl-3.0 | 4 |
| [https://github.com/MISP/misp-decaying-models](https://github.com/MISP/misp-decaying-models) | MISP decaying models | MISP | other | 8 |
| [https://github.com/CIRCL/pypretalx](https://github.com/CIRCL/pypretalx) | Query Pretalx via the API. | CIRCL | apache-2.0 | 4 |
| [https://github.com/Riebart/litt](https://github.com/Riebart/litt) | Low-intrusion time tracking with minimal workflow footprint, a CLI interface, basic REST API, and a single JSON file DB for painless interop. | Riebart | mpl-2.0 | 8 |
| [https://github.com/bcoles/jira_scan](https://github.com/bcoles/jira_scan) | A simple remote scanner for Atlassian Jira | bcoles | mit | 90 |
| [https://github.com/Cisco-Talos/GhIDA](https://github.com/Cisco-Talos/GhIDA) | | Cisco-Talos | apache-2.0 | 674 |
| [https://github.com/mandiant/stringsifter](https://github.com/mandiant/stringsifter) | A machine learning tool that ranks strings based on their relevance for malware analysis. | mandiant | apache-2.0 | 588 |
| [https://github.com/pgarba/Saturn_Results](https://github.com/pgarba/Saturn_Results) | This repo contains the tests and results that were done during the research of SATURN | pgarba | | 28 |
| [https://github.com/timothycrosley/pdocs](https://github.com/timothycrosley/pdocs) | A simple program and library to auto generate API documentation for Python modules. | timothycrosley | other | 65 |
| [https://github.com/cbassa/satellite_analysis](https://github.com/cbassa/satellite_analysis) | Analysis scripts of things related to satellites | cbassa | gpl-3.0 | 230 |
| [https://github.com/Yubico/yubikey-piv-manager](https://github.com/Yubico/yubikey-piv-manager) | Tool for configuring your PIV-enabled YubiKey | Yubico | gpl-3.0 | 38 |
| [https://github.com/gkiril/oie-resources](https://github.com/gkiril/oie-resources) | A curated list of Open Information Extraction (OIE) resources: papers, code, data, etc. | gkiril | | 439 |
| [https://github.com/vmware-archive/HexRaysDeob](https://github.com/vmware-archive/HexRaysDeob) | Hex-Rays microcode API plugin for breaking an obfuscating compiler | vmware-archive | gpl-3.0 | 58 |
| [https://github.com/jollheef/lpe](https://github.com/jollheef/lpe) | collection of verified Linux kernel exploits | jollheef | | 178 |
| [https://github.com/guanqun/git-punchcard-plot](https://github.com/guanqun/git-punchcard-plot) | a tool to visualize the time distribution of commits | guanqun | | 163 |
| [https://github.com/benjeems/packetStrider](https://github.com/benjeems/packetStrider) | A network packet forensics tool for SSH | benjeems | gpl-3.0 | 233 |
| [https://github.com/bkerler/ghidra_installer](https://github.com/bkerler/ghidra_installer) | Helper scripts to set up OpenJDK 11 and scale Ghidra for 4K on Ubuntu 18.04 / 18.10 | bkerler | mit | 92 |
| [https://github.com/DevoInc/sightingdb](https://github.com/DevoInc/sightingdb) | | DevoInc | mit | 15 |
| [https://github.com/bartblaze/PHP-backdoors](https://github.com/bartblaze/PHP-backdoors) | A collection of PHP backdoors. For educational or testing purposes only. | bartblaze | cc0-1.0 | 2090 |
| [https://github.com/KimiNewt/pyshark](https://github.com/KimiNewt/pyshark) | Python wrapper for tshark, allowing python packet parsing using wireshark dissectors | KimiNewt | mit | 1710 |
| [https://github.com/datasciencescoop/Data-Science--Cheat-Sheet](https://github.com/datasciencescoop/Data-Science--Cheat-Sheet) | Cheat Sheets | datasciencescoop | | 18411 |
| [https://github.com/rs/curlie](https://github.com/rs/curlie) | The power of curl, the ease of use of httpie. | rs | mit | 2037 |
| [https://github.com/csl-ugent/diablo](https://github.com/csl-ugent/diablo) | Diablo is a retargetable link-time binary rewriting framework | csl-ugent | gpl-2.0 | 69 |
| [https://github.com/kkreitmair/cve-indicator](https://github.com/kkreitmair/cve-indicator) | A Tool, for indicating if there is a CVE related to an openwrt package. | kkreitmair | other | 5 |
| [https://github.com/gdabah/distorm](https://github.com/gdabah/distorm) | Powerful Disassembler Library For x86/AMD64 | gdabah | other | 1062 |
| [https://github.com/automayt/FlowPlotter](https://github.com/automayt/FlowPlotter) | Generates visualizations from the output of flow tools such as SiLK. | automayt | mit | 33 |
| [https://github.com/NationalSecurityAgency/enigma-simulator](https://github.com/NationalSecurityAgency/enigma-simulator) | An educational demonstration of breaking the Enigma machine | NationalSecurityAgency | other | 384 |
| [https://github.com/dalance/nom-packrat](https://github.com/dalance/nom-packrat) | Extension of nom to apply "Packrat Parsing" | dalance | apache-2.0 | 21 |
| [https://github.com/google-research/arxiv-latex-cleaner](https://github.com/google-research/arxiv-latex-cleaner) | arXiv LaTeX Cleaner: Easily clean the LaTeX code of your paper to submit to arXiv | google-research | apache-2.0 | 3278 |
| [https://github.com/lukeolson/parxiv](https://github.com/lukeolson/parxiv) | a simple script to assist in making a clean directory to upload to arxiv | lukeolson | mit | 25 |
| [https://github.com/zerotier/lf](https://github.com/zerotier/lf) | Fully Decentralized Fully Replicated Key/Value Store | zerotier | mpl-2.0 | 876 |
| [https://github.com/corelight/pycommunityid](https://github.com/corelight/pycommunityid) | A Python implementation of the Community ID flow hashing standard | corelight | bsd-3-clause | 19 |
| [https://github.com/1995parham/github-do-not-ban-us](https://github.com/1995parham/github-do-not-ban-us) | GitHub do not ban us from open source world :iran: | 1995parham | | 11877 |
| [https://github.com/fkie-cad/FACT_core](https://github.com/fkie-cad/FACT_core) | Firmware Analysis and Comparison Tool | fkie-cad | gpl-3.0 | 944 |
| [https://github.com/MISP/misp-bump](https://github.com/MISP/misp-bump) | Simple and secure synchronisation of MISP instances with mobile phones | MISP | | 7 |
| [https://github.com/aguinet/crappy](https://github.com/aguinet/crappy) | Gandcrab v5.2 decryption scripts | aguinet | gpl-3.0 | 14 |
| [https://github.com/fsphil/hacktv](https://github.com/fsphil/hacktv) | Analogue TV transmitter for the HackRF | fsphil | gpl-3.0 | 455 |
| [https://github.com/epartington/rsa_nw_misp](https://github.com/epartington/rsa_nw_misp) | MISP Integration script | epartington | | 3 |
| [https://github.com/spyre-project/spyre](https://github.com/spyre-project/spyre) | simple YARA-based IOC scanner | spyre-project | lgpl-3.0 | 135 |
| [https://github.com/hyc/fcrackzip](https://github.com/hyc/fcrackzip) | A braindead program for cracking encrypted ZIP archives. Forked from http://oldhome.schmorp.de/marc/fcrackzip.html | hyc | gpl-2.0 | 378 |
| [https://github.com/christianvoigt/argdown](https://github.com/christianvoigt/argdown) | a simple syntax for complex argumentation | christianvoigt | | 599 |
| [https://github.com/hoangprod/AndrewSpecial](https://github.com/hoangprod/AndrewSpecial) | AndrewSpecial, dumping lsass' memory stealthily and bypassing "Cilence" since 2019. | hoangprod | | 350 |
| [https://github.com/kohler/click](https://github.com/kohler/click) | The Click modular router: fast modular packet processing and analysis | kohler | other | 685 |
| [https://github.com/D4-project/analyzer-d4-pibs](https://github.com/D4-project/analyzer-d4-pibs) | Passive Identification of BackScatter (analyzer for D4 project) | D4-project | | 4 |
| [https://github.com/secdevops-cuse/CyberRange](https://github.com/secdevops-cuse/CyberRange) | The Open-Source AWS Cyber Range | secdevops-cuse | | 395 |
| [https://github.com/anouarbensaad/vulnx](https://github.com/anouarbensaad/vulnx) | vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning. | anouarbensaad | gpl-3.0 | 1523 |
| [https://github.com/hedgeberg/RL78_sleigh](https://github.com/hedgeberg/RL78_sleigh) | An implementation of the RL78 ISA for Ghidra SRE | hedgeberg | mit | 24 |
| [https://github.com/aardappel/treesheets](https://github.com/aardappel/treesheets) | TreeSheets : Free Form Data Organizer (see strlen.com/treesheets) | aardappel | zlib | 1910 |
| [https://github.com/corelight/community-id-spec](https://github.com/corelight/community-id-spec) | An open standard for hashing network flows into identifiers, a.k.a "Community IDs". | corelight | bsd-3-clause | 137 |
| [https://github.com/haam3r/mmquery](https://github.com/haam3r/mmquery) | A command line utility for querying the MatterMost API for various auditing or reporting purposes | haam3r | mit | 2 |
| [https://github.com/hockeypuck/hockeypuck](https://github.com/hockeypuck/hockeypuck) | OpenPGP Key Server | hockeypuck | other | 199 |
| [https://github.com/Zer0Mem0ry/KernelBhop](https://github.com/Zer0Mem0ry/KernelBhop) | Cheat that uses a driver instead WinAPI for Reading / Writing memory. | Zer0Mem0ry | | 586 |
| [https://github.com/cybertier/mispbump](https://github.com/cybertier/mispbump) | Simple and secure synchronisation of MISP instances | cybertier | | 5 |
| [https://github.com/D4-project/snake-oil-crypto](https://github.com/D4-project/snake-oil-crypto) | Spotting and sharing weak cryptographic key materials | D4-project | agpl-3.0 | 8 |
| [https://github.com/RsaCtfTool/RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool) | RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data | RsaCtfTool | other | 3965 |
| [https://github.com/YuanGongND/ReMASC](https://github.com/YuanGongND/ReMASC) | ReMASC: Realistic Replay Attack Corpus for Voice Controlled Systems | YuanGongND | | 29 |
| [https://github.com/square/sudo_pair](https://github.com/square/sudo_pair) | Plugin for sudo that requires another human to approve and monitor privileged sudo sessions | square | apache-2.0 | 1169 |
| [https://github.com/Normation/rudder](https://github.com/Normation/rudder) | Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way. | Normation | gpl-3.0 | 394 |
| [https://github.com/SecurityInnovation/PGPy](https://github.com/SecurityInnovation/PGPy) | Pretty Good Privacy for Python | SecurityInnovation | bsd-3-clause | 264 |
| [https://github.com/MichaelMure/git-bug](https://github.com/MichaelMure/git-bug) | Distributed, offline-first bug tracker embedded in git, with bridges | MichaelMure | gpl-3.0 | 5803 |
| [https://github.com/toofishes/python-pgpdump](https://github.com/toofishes/python-pgpdump) | PGP packet parser library | toofishes | other | 53 |
| [https://github.com/tianon/pgp-happy-eyeballs](https://github.com/tianon/pgp-happy-eyeballs) | DEPRECATED; like "happy eyeballs" (ipv4/ipv6), but for flaky PGP gossip servers | tianon | mit | 33 |
| [https://github.com/graphsense/graphsense-tagpacks](https://github.com/graphsense/graphsense-tagpacks) | A collection of public TagPacks | graphsense | mit | 19 |
| [https://github.com/stipub/stixfonts](https://github.com/stipub/stixfonts) | OpenType Unicode fonts for Scientific, Technical, and Mathematical texts | stipub | ofl-1.1 | 500 |
| [https://github.com/mmistakes/made-mistakes-jekyll](https://github.com/mmistakes/made-mistakes-jekyll) | Deprecated source for mademistakes.com. Previously built with Jekyll, Gulp, and Netlify. | mmistakes | mit | 440 |
| [https://github.com/fengjixuchui/FuzzingPaper](https://github.com/fengjixuchui/FuzzingPaper) | Recent Fuzzing Paper | fengjixuchui | | 338 |
| [https://github.com/MandConsultingGroup/ring3-kit](https://github.com/MandConsultingGroup/ring3-kit) | Hides Process From Task Manager Using NT API Hooking (NtQuerySystemInformation) | MandConsultingGroup | mit | 60 |
| [https://github.com/OpenLI-NZ/openli](https://github.com/OpenLI-NZ/openli) | Open Source ETSI compliant Lawful Intercept software | OpenLI-NZ | gpl-3.0 | 63 |
| [https://github.com/lunixbochs/patchkit](https://github.com/lunixbochs/patchkit) | binary patching from Python | lunixbochs | other | 602 |
| [https://github.com/danburzo/percollate](https://github.com/danburzo/percollate) | A command-line tool to turn web pages into beautiful, readable PDF, EPUB, or HTML docs. | danburzo | mit | 3696 |
| [https://github.com/BishopFox/sliver](https://github.com/BishopFox/sliver) | Adversary Emulation Framework | BishopFox | gpl-3.0 | 4552 |
| [https://github.com/patois/mrspicky](https://github.com/patois/mrspicky) | MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions. | patois | other | 98 |
| [https://github.com/apilayer/geolocationapi](https://github.com/apilayer/geolocationapi) | IP Geolocation API is a free service for locating your visitors in real-time with detailed country information. | apilayer | mit | 494 |
| [https://github.com/sundowndev/phoneinfoga](https://github.com/sundowndev/phoneinfoga) | Information gathering framework for phone numbers | sundowndev | gpl-3.0 | 7770 |
| [https://github.com/ufrisk/LeechCore](https://github.com/ufrisk/LeechCore) | LeechCore - Physical Memory Acquisition Library & The LeechAgent Remote Memory Acquisition Agent | ufrisk | gpl-3.0 | 262 |
| [https://github.com/sagi/fastgcd](https://github.com/sagi/fastgcd) | Fastgcd is a C implementation of an efficient algorithm to compute the pairwise GCDs of a collection of integers. The algorithm is due to Bernstein and is a simplified version of (http://cr.yp.to/papers.html#smoothparts). | sagi | gpl-3.0 | 15 |
| [https://github.com/eyxue/fastgcd](https://github.com/eyxue/fastgcd) | | eyxue | | 6 |
| [https://github.com/SpiderLabs/DoHC2](https://github.com/SpiderLabs/DoHC2) | DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). | SpiderLabs | | 404 |
| [https://github.com/ryhanson/ExternalC2](https://github.com/ryhanson/ExternalC2) | A library for integrating communication channels with the Cobalt Strike External C2 server | ryhanson | mit | 263 |
| [https://github.com/StamusNetworks/surimisp](https://github.com/StamusNetworks/surimisp) | Check IOC provided by a MISP instance on Suricata events | StamusNetworks | gpl-3.0 | 16 |
| [https://github.com/melicertes/csp](https://github.com/melicertes/csp) | The Cyber Security Platform MeliCERTes is part of the European Strategy for Cyber Security. MeliCERTes is a network for establishing confidence and trust among the national Computer Security Incident Response Teams (CSIRTs) of the Member States and for promoting swift and effective operational cooperation. | melicertes | other | 29 |
| [https://github.com/FeatureBaseDB/featurebase](https://github.com/FeatureBaseDB/featurebase) | A real-time analytical database built on bitmaps. Learn more at: http://docs.featurebase.com?utm_campaign=Open%20Source&utm_source=GitHub | FeatureBaseDB | other | 2348 |
| [https://github.com/cdisselkoen/pitchfork](https://github.com/cdisselkoen/pitchfork) | Detecting Spectre vulnerabilities using symbolic execution, built on angr (github.com/angr/angr) | cdisselkoen | bsd-3-clause | 73 |
| [https://github.com/WebBreacher/WhatsMyName](https://github.com/WebBreacher/WhatsMyName) | This repository has the unified data required to perform user enumeration on various websites. Content is in a JSON file and can easily be used in other projects. | WebBreacher | other | 1009 |
| [https://github.com/Shashank-In/TravisLeaks](https://github.com/Shashank-In/TravisLeaks) | A tool to find sensitive keys and passwords in Travis logs | Shashank-In | | 131 |
| [https://github.com/grafeas/grafeas](https://github.com/grafeas/grafeas) | Artifact Metadata API | grafeas | apache-2.0 | 1393 |
| [https://github.com/emvivre/iq_toolbox](https://github.com/emvivre/iq_toolbox) | Toolbox for IQ signal processing | emvivre | | 19 |
| [https://github.com/Comsecuris/gdbghidra](https://github.com/Comsecuris/gdbghidra) | gdbghidra - a visual bridge between a GDB session and GHIDRA | Comsecuris | mit | 277 |
| [https://github.com/paypal/yurita](https://github.com/paypal/yurita) | Anomaly detection framework @ PayPal | paypal | apache-2.0 | 104 |
| [https://github.com/koskenni/beta](https://github.com/koskenni/beta) | An open source reimplementation of Benny Brodda's BETA in Python | koskenni | | 63 |
| [https://github.com/CIRCL/douglas-quaid](https://github.com/CIRCL/douglas-quaid) | Open source software for image correlation, distance and analysis | CIRCL | gpl-3.0 | 58 |
| [https://github.com/EC-DIGIT-CSIRC/RFC2350](https://github.com/EC-DIGIT-CSIRC/RFC2350) | RFC2350 for EC DIGIT CSIRC | EC-DIGIT-CSIRC | | 1 |
| [https://github.com/teoseller/osquery-attck](https://github.com/teoseller/osquery-attck) | Mapping the MITRE ATT&CK Matrix with Osquery | teoseller | apache-2.0 | 670 |
| [https://github.com/madsen/vbindiff](https://github.com/madsen/vbindiff) | Visual Binary Diff (VBinDiff) displays files in hex & ASCII and can highlight the differences between 2 files | madsen | | 404 |
| [https://github.com/certat/do-portal](https://github.com/certat/do-portal) | This project is in maintenance mode and will only receive bug fixes, but no new features. A new version of this software is being developed. | certat | | 5 |
| [https://github.com/cert-se/megatron-java](https://github.com/cert-se/megatron-java) | Megatron - A System for Abuse- and Incident Handling | cert-se | apache-2.0 | 40 |
| [https://github.com/grapl-security/grapl](https://github.com/grapl-security/grapl) | Graph platform for Detection and Response | grapl-security | apache-2.0 | 663 |
| [https://github.com/githubuserx/scraper](https://github.com/githubuserx/scraper) | Firmware scraper | githubuserx | mit | 2 |
| [https://github.com/k8gege/CVE-2019-0708](https://github.com/k8gege/CVE-2019-0708) | 3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check) | k8gege | | 376 |
| [https://github.com/ProtonMail/gopenpgp](https://github.com/ProtonMail/gopenpgp) | A high-level OpenPGP library | ProtonMail | mit | 775 |
| [https://github.com/geekscrapy/misp-batchobjects](https://github.com/geekscrapy/misp-batchobjects) | Import MISP objects via CSV | geekscrapy | | 4 |
| [https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES) | Windows Events Attack Samples | sbousseaden | gpl-3.0 | 1770 |
| [https://github.com/SteveClement/ioc_parser](https://github.com/SteveClement/ioc_parser) | Tool to extract indicators of compromise from security reports in PDF format | SteveClement | other | 2 |
| [https://github.com/Vincent-CIRCL/visjs_classificator](https://github.com/Vincent-CIRCL/visjs_classificator) | Classificator for pictures matching and clustering. Fast and visual. | Vincent-CIRCL | gpl-3.0 | 5 |
| [https://github.com/IntelligenceX/SDK](https://github.com/IntelligenceX/SDK) | Public SDK for Intelligence X | IntelligenceX | | 248 |
| [https://github.com/rabobank-cdc/DeTTECT](https://github.com/rabobank-cdc/DeTTECT) | Detect Tactics, Techniques & Combat Threats | rabobank-cdc | gpl-3.0 | 1516 |
| [https://github.com/vaticle/typedb](https://github.com/vaticle/typedb) | TypeDB: a strongly-typed database | vaticle | agpl-3.0 | 3231 |
| [https://github.com/FrenchYeti/dexcalibur](https://github.com/FrenchYeti/dexcalibur) | [Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform. | FrenchYeti | apache-2.0 | 862 |
| [https://github.com/rsmmr/hilti](https://github.com/rsmmr/hilti) | **NOTE**: This is outdated and no longer maintained. There's a new version at https://github.com/zeek/spicy. | rsmmr | other | 40 |
| [https://github.com/nfc-tools/miLazyCracker](https://github.com/nfc-tools/miLazyCracker) | Mifare Classic Plus - Hardnested Attack Implementation for SCL3711 LibNFC USB reader | nfc-tools | | 237 |
| [https://github.com/mandiant/flare-kscldr](https://github.com/mandiant/flare-kscldr) | FLARE Kernel Shellcode Loader | mandiant | apache-2.0 | 167 |
| [https://github.com/P4T12ICK/Sigma2SplunkAlert](https://github.com/P4T12ICK/Sigma2SplunkAlert) | Converts Sigma detection rules to a Splunk alert configuration. | P4T12ICK | mit | 88 |
| [https://github.com/ivanceras/svgbob](https://github.com/ivanceras/svgbob) | Convert your ascii diagram scribbles into happy little SVG | ivanceras | apache-2.0 | 3318 |
| [https://github.com/timescale/timescaledb](https://github.com/timescale/timescaledb) | An open-source time-series SQL database optimized for fast ingest and complex queries. Packaged as a PostgreSQL extension. | timescale | other | 13975 |
| [https://github.com/QBDI/QBDI](https://github.com/QBDI/QBDI) | A Dynamic Binary Instrumentation framework based on LLVM. | QBDI | other | 1025 |
| [https://github.com/m4b/faerie](https://github.com/m4b/faerie) | Magical ELF and Mach-o object file writer backend | m4b | mit | 222 |
| [https://github.com/ghidraninja/ghidra_scripts](https://github.com/ghidraninja/ghidra_scripts) | Scripts for the Ghidra software reverse engineering suite. | ghidraninja | gpl-3.0 | 877 |
| [https://github.com/kaonashi-passwords/Kaonashi](https://github.com/kaonashi-passwords/Kaonashi) | Wordlist, rules and masks from Kaonashi project (RootedCON 2019) | kaonashi-passwords | gpl-3.0 | 658 |
| [https://github.com/botherder/snoopdroid](https://github.com/botherder/snoopdroid) | (Abandoned) Extract packages from an Android device | botherder | gpl-3.0 | 47 |
| [https://github.com/botherder/pcqf](https://github.com/botherder/pcqf) | pcqf (PC Quick Forensics) helps quickly gathering forensic evidence from Windows, Mac, and Linux systems, in order to identify potential traces of compromise. | botherder | other | 114 |
| [https://github.com/streaak/keyhacks](https://github.com/streaak/keyhacks) | Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. | streaak | | 3242 |
| [https://github.com/hugsy/gef](https://github.com/hugsy/gef) | GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux | hugsy | mit | 5122 |
| [https://github.com/infertux/zeyple](https://github.com/infertux/zeyple) | Postfix filter/hook to automatically encrypt outgoing emails with PGP/GPG | infertux | other | 136 |
| [https://github.com/optimyze/simple_simhash](https://github.com/optimyze/simple_simhash) | A pure ANSI-C implementation of calculating a SimHash over 4-byte tuples (including multiplicities) for a given byte stream. Simple and reasonably fast, no dynamic memory allocations (outside of some stack usage). Uses a counting bloom filter to count multiplicities while keeping memory consumption constant. | optimyze | apache-2.0 | 38 |
| [https://github.com/area9innovation/flow9](https://github.com/area9innovation/flow9) | Platform for safe, easy and productive programming of complex, multi-platform apps with a modern user interface | area9innovation | other | 545 |
| [https://github.com/GiacomoLaw/Keylogger](https://github.com/GiacomoLaw/Keylogger) | A simple keylogger for Windows, Linux and Mac | GiacomoLaw | mit | 1504 |
| [https://github.com/denisugarte/PowerDrive](https://github.com/denisugarte/PowerDrive) | A tool for de-obfuscating PowerShell scripts | denisugarte | gpl-3.0 | 59 |
| [https://github.com/mchehab/zbar](https://github.com/mchehab/zbar) | ZBar is an open source software suite for reading bar codes from various sources, including webcams. As its development stopped in 2012, I took the task of keeping it updated with the V4L2 API. This is the main repository for it. There's a clone at at LinuxTV.org, and another one at gitlab. | mchehab | lgpl-2.1 | 586 |
| [https://github.com/mandiant/vocab_scraper](https://github.com/mandiant/vocab_scraper) | Vocabulary Scraper script used in FLARE's analysis of Russian-language Carbanak source code | mandiant | apache-2.0 | 35 |
| [https://github.com/cool-RR/PySnooper](https://github.com/cool-RR/PySnooper) | Never use print for debugging again | cool-RR | mit | 15308 |
| [https://github.com/sa7mon/miniprint](https://github.com/sa7mon/miniprint) | A medium interaction printer honeypot 🍯 | sa7mon | gpl-3.0 | 187 |
| [https://github.com/inaturalist/inaturalist](https://github.com/inaturalist/inaturalist) | The Rails app behind iNaturalist.org | inaturalist | mit | 517 |
| [https://github.com/airbus-cert/regrippy](https://github.com/airbus-cert/regrippy) | A modern Python-3-based alternative to RegRipper | airbus-cert | apache-2.0 | 157 |
| [https://github.com/VSCodium/vscodium](https://github.com/VSCodium/vscodium) | binary releases of VS Code without MS branding/telemetry/licensing | VSCodium | mit | 18198 |
| [https://github.com/SURFnet/honas](https://github.com/SURFnet/honas) | Experimental implementation of DNS query collection based on Bloom filters | SURFnet | bsd-3-clause | 5 |
| [https://github.com/tboox/tbox](https://github.com/tboox/tbox) | 🎁 A glib-like multi-platform c library | tboox | apache-2.0 | 4180 |
| [https://github.com/zeek/zeek](https://github.com/zeek/zeek) | Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. | zeek | other | 4807 |
| [https://github.com/t2mune/mrtparse](https://github.com/t2mune/mrtparse) | MRT format data parser | t2mune | apache-2.0 | 116 |
| [https://github.com/D4-project/analyzer-d4-passivessl](https://github.com/D4-project/analyzer-d4-passivessl) | | D4-project | agpl-3.0 | 4 |
| [https://github.com/olafhartong/ATTACKdatamap](https://github.com/olafhartong/ATTACKdatamap) | A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework | olafhartong | mit | 320 |
| [https://github.com/NLnetLabs/ldns](https://github.com/NLnetLabs/ldns) | LDNS is a DNS library that facilitates DNS tool programming | NLnetLabs | bsd-3-clause | 221 |
| [https://github.com/runZeroInc/runzero-tools](https://github.com/runZeroInc/runzero-tools) | Open source tools, libraries, and datasets related to the runZero product and associated research | runZeroInc | mit | 95 |
| [https://github.com/google/vulncode-db](https://github.com/google/vulncode-db) | Vulncode-DB project | google | apache-2.0 | 565 |
| [https://github.com/kitian616/jekyll-TeXt-theme](https://github.com/kitian616/jekyll-TeXt-theme) | 💎 🐳 A super customizable Jekyll theme for personal site, team site, blog, project, documentation, etc. | kitian616 | mit | 2584 |
| [https://github.com/yampelo/samparser](https://github.com/yampelo/samparser) | A python script used to parse the SAM registry hive. | yampelo | | 70 |
| [https://github.com/yampelo/beagle](https://github.com/yampelo/beagle) | Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. | yampelo | mit | 1163 |
| [https://github.com/bjoern-r/corenet](https://github.com/bjoern-r/corenet) | Minimal LTE / EPC core network | bjoern-r | gpl-2.0 | 4 |
| [https://github.com/tudo-cni/corenet](https://github.com/tudo-cni/corenet) | Minimal LTE / EPC core network | tudo-cni | gpl-2.0 | 5 |
| [https://github.com/rednaga/APKiD](https://github.com/rednaga/APKiD) | Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android | rednaga | other | 1417 |
| [https://github.com/tenable/router_badusb](https://github.com/tenable/router_badusb) | BadUSB in Routers | tenable | | 175 |
| [https://github.com/PaulSec/crt.sh](https://github.com/PaulSec/crt.sh) | (Unofficial) Python API for https://crt.sh | PaulSec | mit | 101 |
| [https://github.com/hrbrmstr/ipasnhistory](https://github.com/hrbrmstr/ipasnhistory) | Retrieve Announcement History for IP Addresses | hrbrmstr | | 9 |
| [https://github.com/valeriansaliou/sonic](https://github.com/valeriansaliou/sonic) | 🦔 Fast, lightweight & schema-less search backend. An alternative to Elasticsearch that runs on a few MBs of RAM. | valeriansaliou | mpl-2.0 | 16681 |
| [https://github.com/mkorman90/regipy](https://github.com/mkorman90/regipy) | Regipy is an os independent python library for parsing offline registry hives | mkorman90 | mit | 205 |
| [https://github.com/ejrv/VPNs](https://github.com/ejrv/VPNs) | List of datacenter & VPN IP addresses | | | 325 |
| [https://github.com/D4-project/bgpdumpy](https://github.com/D4-project/bgpdumpy) | (do no use, the trunk supports python 3 now) A Python CFFI wrapper for analyzing MRTv1 and MRTv2 BGP table dump files | D4-project | bsd-3-clause | 1 |
| [https://github.com/certtools/stats-portal](https://github.com/certtools/stats-portal) | statistics portal for the eventDB | certtools | agpl-3.0 | 3 |
| [https://github.com/CaitlinHuey/cti-sep-repository](https://github.com/CaitlinHuey/cti-sep-repository) | OASIS TC Open Repository: STIX Enhancement Proposals (SEPs) https://github.com/oasis-open/cti-sep-repository | CaitlinHuey | other | 2 |
| [https://github.com/outflanknl/RedELK](https://github.com/outflanknl/RedELK) | Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations. | outflanknl | bsd-3-clause | 1968 |
| [https://github.com/seaglass-project/seaglass-app](https://github.com/seaglass-project/seaglass-app) | The Android app for scanning GSM networks with OsmocomBB-compatible phones | seaglass-project | apache-2.0 | 11 |
| [https://github.com/daenerys-sre/source](https://github.com/daenerys-sre/source) | Daenerys: A framework for interoperability between IDA and Ghidra | daenerys-sre | mit | 284 |
| [https://github.com/sfakiana/FIRST-CTI-2019](https://github.com/sfakiana/FIRST-CTI-2019) | References for FIRST CTI 2019 Symposium presentation | sfakiana | | 22 |
| [https://github.com/burritoblue/attck4fraud](https://github.com/burritoblue/attck4fraud) | Principles of MITRE ATT&CK in the fraud domain | burritoblue | | 26 |
| [https://github.com/krotik/eliasdb](https://github.com/krotik/eliasdb) | EliasDB a graph-based database. | krotik | mpl-2.0 | 950 |
| [https://github.com/robcowart/elastiflow](https://github.com/robcowart/elastiflow) | Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack | robcowart | other | 2384 |
| [https://github.com/corkami/sbud](https://github.com/corkami/sbud) | An experimental file formats playground | corkami | | 73 |
| [https://github.com/erdewit/distex](https://github.com/erdewit/distex) | Distributed process pool for Python | erdewit | bsd-2-clause | 102 |
| [https://github.com/ninoseki/osakana](https://github.com/ninoseki/osakana) | A Swiss army knife tool for my phishing research | ninoseki | mit | 11 |
| [https://github.com/nl5887/notebooks](https://github.com/nl5887/notebooks) | Notebook collection | nl5887 | mit | 10 |
| [https://github.com/textstat/textstat](https://github.com/textstat/textstat) | :memo: python package to calculate readability statistics of a text object - paragraphs, sentences, articles. | textstat | mit | 881 |
| [https://github.com/certsocietegenerale/NotifySecurity](https://github.com/certsocietegenerale/NotifySecurity) | Outlook add-in companion to report suspicious mail easily | certsocietegenerale | gpl-3.0 | 115 |
| [https://github.com/LDO-CERT/BIND_Sinkhole](https://github.com/LDO-CERT/BIND_Sinkhole) | Bind Sinkhole from MISP - Docker Image (dnstap enabled) | LDO-CERT | | 5 |
| [https://github.com/CrowdStrike/automactc](https://github.com/CrowdStrike/automactc) | AutoMacTC: Automated Mac Forensic Triage Collector | CrowdStrike | other | 439 |
| [https://github.com/Snapchat/KeyDB](https://github.com/Snapchat/KeyDB) | A Multithreaded Fork of Redis | Snapchat | bsd-3-clause | 5888 |
| [https://github.com/rust-lang/mdBook](https://github.com/rust-lang/mdBook) | Create book from markdown files. Like Gitbook but implemented in Rust | rust-lang | mpl-2.0 | 11038 |
| [https://github.com/alphasoc/flightsim](https://github.com/alphasoc/flightsim) | A utility to safely generate malicious network traffic patterns and evaluate controls. | alphasoc | other | 778 |
| [https://github.com/tom-seddon/ghidra_6502](https://github.com/tom-seddon/ghidra_6502) | New 6502 language module for Ghidra | tom-seddon | | 5 |
| [https://github.com/CIRCL/carl-hauser](https://github.com/CIRCL/carl-hauser) | Open Source testing framework for image correlation, distance and analysis | CIRCL | gpl-3.0 | 37 |
| [https://github.com/NationalSecurityAgency/ghidra](https://github.com/NationalSecurityAgency/ghidra) | Ghidra is a software reverse engineering (SRE) framework | NationalSecurityAgency | apache-2.0 | 35456 |
| [https://github.com/inters/vita](https://github.com/inters/vita) | Vita: simple and fast VPN gateway | inters | apache-2.0 | 691 |
| [https://github.com/tidwall/tile38](https://github.com/tidwall/tile38) | Real-time Geospatial and Geofencing | tidwall | mit | 8332 |
| [https://github.com/REDasmOrg/REDasm-Database](https://github.com/REDasmOrg/REDasm-Database) | REDasm Signature Database | REDasmOrg | | 6 |
| [https://github.com/tklengyel/drakvuf](https://github.com/tklengyel/drakvuf) | DRAKVUF Black-box Binary Analysis | tklengyel | other | 830 |
| [https://github.com/MISP/misp-training](https://github.com/MISP/misp-training) | MISP trainings, threat intel and information sharing training materials with source code | MISP | | 287 |
| [https://github.com/burtonator/polar-bookshelf](https://github.com/burtonator/polar-bookshelf) | Polar is a personal knowledge repository for PDF and web content supporting incremental reading and document annotation. | burtonator | gpl-3.0 | 4476 |
| [https://github.com/uxmal/reko](https://github.com/uxmal/reko) | Reko is a binary decompiler. | uxmal | gpl-2.0 | 1431 |
| [https://github.com/nwmap/elf_analysis](https://github.com/nwmap/elf_analysis) | Perform Static and dynamic analysis on 32 bit ELF binary, and automate the process of stack based overflow exploitation. | nwmap | | 46 |
| [https://github.com/intel/hyperscan](https://github.com/intel/hyperscan) | High-performance regular expression matching library | intel | other | 3935 |
| [https://github.com/Northern-Lights/yara-parser](https://github.com/Northern-Lights/yara-parser) | Tools for parsing rulesets using the exact grammar as YARA. Written in Go. | Northern-Lights | mit | 69 |
| [https://github.com/plyara/plyara](https://github.com/plyara/plyara) | Parse YARA rules and operate over them more easily. | plyara | apache-2.0 | 135 |
| [https://github.com/cockroachdb/pebble](https://github.com/cockroachdb/pebble) | RocksDB/LevelDB inspired key-value database in Go | cockroachdb | bsd-3-clause | 3202 |
| [https://github.com/wbenny/DetoursNT](https://github.com/wbenny/DetoursNT) | Detours with just single dependency - NTDLL | wbenny | mit | 453 |
| [https://github.com/nbulischeck/tyton](https://github.com/nbulischeck/tyton) | Kernel-Mode Rootkit Hunter | nbulischeck | gpl-3.0 | 344 |
| [https://github.com/gaubert/gmvault](https://github.com/gaubert/gmvault) | gmail backup software | gaubert | agpl-3.0 | 3465 |
| [https://github.com/simdjson/simdjson](https://github.com/simdjson/simdjson) | Parsing gigabytes of JSON per second | simdjson | apache-2.0 | 16197 |
| [https://github.com/coleifer/ucache](https://github.com/coleifer/ucache) | gametight lightweight caching library for python | coleifer | mit | 61 |
| [https://github.com/coleifer/walrus](https://github.com/coleifer/walrus) | Lightweight Python utilities for working with Redis | coleifer | mit | 1032 |
| [https://github.com/coleifer/micawber](https://github.com/coleifer/micawber) | a small library for extracting rich content from urls | coleifer | mit | 588 |
| [https://github.com/coleifer/huey](https://github.com/coleifer/huey) | a little task queue for python | coleifer | mit | 4249 |
| [https://github.com/JohannesBuchner/imagehash](https://github.com/JohannesBuchner/imagehash) | A Python Perceptual Image Hashing Module | JohannesBuchner | bsd-2-clause | 2564 |
| [https://github.com/benhoyt/dhash](https://github.com/benhoyt/dhash) | Python library to calculate the difference hash (perceptual hash) for a given image, useful for detecting duplicates | benhoyt | mit | 268 |
| [https://github.com/ANSSI-FR/SecuML](https://github.com/ANSSI-FR/SecuML) | Machine Learning for Computer Security | ANSSI-FR | gpl-2.0 | 251 |
| [https://github.com/dfirlabs/mbr-specimens](https://github.com/dfirlabs/mbr-specimens) | MBR volume system specimens | dfirlabs | cc-by-4.0 | 3 |
| [https://github.com/Lookyloo/har2tree](https://github.com/Lookyloo/har2tree) | Make a tree from a HAR file | Lookyloo | other | 4 |
| [https://github.com/botherder/kraken](https://github.com/botherder/kraken) | Cross-platform Yara scanner written in Go | botherder | gpl-3.0 | 303 |
| [https://github.com/jamesturk/jellyfish](https://github.com/jamesturk/jellyfish) | 🎐 a python library for doing approximate and phonetic matching of strings. | jamesturk | bsd-2-clause | 1738 |
| [https://github.com/secrary/idenLib](https://github.com/secrary/idenLib) | idenLib - Library Function Identification [This project is not maintained anymore] | secrary | mit | 360 |
| [https://github.com/fr0gger/Yara-Unprotect](https://github.com/fr0gger/Yara-Unprotect) | This repository regroups the Yara Rules for the Unprotect Project | fr0gger | | 20 |
| [https://github.com/williamgilpin/cfgen](https://github.com/williamgilpin/cfgen) | Parse a text corpus and generate sentences in the same style using context-free grammar combined with a Markov chain. | williamgilpin | | 36 |
| [https://github.com/google/corpuscrawler](https://github.com/google/corpuscrawler) | Crawler for linguistic corpora | google | other | 158 |
| [https://github.com/dperezrada/keywords2vec](https://github.com/dperezrada/keywords2vec) | | dperezrada | apache-2.0 | 120 |
| [https://github.com/attzonko/mmpy_bot](https://github.com/attzonko/mmpy_bot) | A python-based chatbot for Mattermost (http://www.mattermost.org). | attzonko | mit | 191 |
| [https://github.com/erbbysam/DNSGrep](https://github.com/erbbysam/DNSGrep) | Quickly Search Large DNS Datasets | erbbysam | mit | 539 |
| [https://github.com/TheBerkin/rant3](https://github.com/TheBerkin/rant3) | (Obsolete) Archive of Rant 3.x. | TheBerkin | mit | 3008 |
| [https://github.com/wireapp/wire](https://github.com/wireapp/wire) | :wavy_dash: Overview of the open source code for Wire | wireapp | gpl-3.0 | 2236 |
| [https://github.com/hslatman/awesome-threat-intelligence](https://github.com/hslatman/awesome-threat-intelligence) | A curated list of Awesome Threat Intelligence resources | hslatman | apache-2.0 | 5512 |
| [https://github.com/izar/pytm](https://github.com/izar/pytm) | A Pythonic framework for threat modeling | izar | other | 622 |
| [https://github.com/F5OEO/rpitx](https://github.com/F5OEO/rpitx) | RF transmitter for Raspberry Pi | F5OEO | gpl-3.0 | 3239 |
| [https://github.com/D4-project/sensor-d4-tls-fingerprinting](https://github.com/D4-project/sensor-d4-tls-fingerprinting) | Extract TLS certificates from pcap files or network interfaces, fingerprint TLS client/server interactions with ja3/ja3s | D4-project | mit | 34 |
| [https://github.com/FORTH-ICS-INSPIRE/artemis](https://github.com/FORTH-ICS-INSPIRE/artemis) | ARTEMIS: Real-Time Detection and Automatic Mitigation for BGP Prefix Hijacking. This is the main ARTEMIS repository that composes artemis-frontend, artemis-backend, artemis-monitor and other needed containers. | FORTH-ICS-INSPIRE | bsd-3-clause | 260 |
| [https://github.com/codelucas/newspaper](https://github.com/codelucas/newspaper) | News, full-text, and article metadata extraction in Python 3. Advanced docs: | codelucas | mit | 12236 |
| [https://github.com/vi/websocat](https://github.com/vi/websocat) | Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions | vi | mit | 4730 |
| [https://github.com/dvorka/mindforger](https://github.com/dvorka/mindforger) | Thinking notebook and Markdown editor. | dvorka | gpl-2.0 | 1885 |
| [https://github.com/StevenBlack/hosts](https://github.com/StevenBlack/hosts) | 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories. | StevenBlack | mit | 21751 |
| [https://github.com/nforest/awesome-decompilation](https://github.com/nforest/awesome-decompilation) | A curated list of awesome decompilation resources and projects. | nforest | | 462 |
| [https://github.com/k-vitali/TrickBot-share](https://github.com/k-vitali/TrickBot-share) | This repository consists of various malware related RE code. | k-vitali | | 8 |
| [https://github.com/wbenny/pdbex](https://github.com/wbenny/pdbex) | pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers | wbenny | mit | 678 |
| [https://github.com/k-vitali/apt_lazarus_toolkits](https://github.com/k-vitali/apt_lazarus_toolkits) | This repository contains various extractable for Lazarus. | k-vitali | | 2 |
| [https://github.com/MISP/best-practices-in-threat-intelligence](https://github.com/MISP/best-practices-in-threat-intelligence) | Best practices in threat intelligence | MISP | | 40 |
| [https://github.com/MISP/intelligence-icons](https://github.com/MISP/intelligence-icons) | intelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; including but not limited to CTI, MISP Threat Sharing, STIX 2. | MISP | cc-by-sa-4.0 | 31 |
| [https://github.com/rommelfs/misp_btc](https://github.com/rommelfs/misp_btc) | get BTC addresses from MISP and fetch BTC transactions | rommelfs | | 6 |
| [https://github.com/jopohl/urh](https://github.com/jopohl/urh) | Universal Radio Hacker: Investigate Wireless Protocols Like A Boss | jopohl | gpl-3.0 | 8788 |
| [https://github.com/EmersonElectricCo/fsf](https://github.com/EmersonElectricCo/fsf) | File Scanning Framework | EmersonElectricCo | apache-2.0 | 260 |
| [https://github.com/Cisco-Talos/DynDataResolver](https://github.com/Cisco-Talos/DynDataResolver) | | Cisco-Talos | | 196 |
| [https://github.com/DimitarPetrov/stegify](https://github.com/DimitarPetrov/stegify) | 🔍 Go tool for LSB steganography, capable of hiding any file within an image. | DimitarPetrov | mit | 1053 |
| [https://github.com/kristoff-it/redis-cuckoofilter](https://github.com/kristoff-it/redis-cuckoofilter) | Hashing-function agnostic Cuckoo filters for Redis | kristoff-it | mit | 205 |
| [https://github.com/Kronuz/Xapiand](https://github.com/Kronuz/Xapiand) | Xapiand: A RESTful Search Engine | Kronuz | mit | 364 |
| [https://github.com/drakkar-lig/scamper-pywarts](https://github.com/drakkar-lig/scamper-pywarts) | Pure-python library allowing to read the Warts file format produced by Scamper (an Internet measurement tool from CAIDA) | drakkar-lig | mit | 14 |
| [https://github.com/D4-project/d4-goclient](https://github.com/D4-project/d4-goclient) | D4 core software client in Go | D4-project | mit | 11 |
| [https://github.com/gimli-rs/gimli](https://github.com/gimli-rs/gimli) | A blazing fast library for consuming the DWARF debugging format | gimli-rs | apache-2.0 | 631 |
| [https://github.com/Zero-Tang/NoirVisor](https://github.com/Zero-Tang/NoirVisor) | The Grimoire Hypervisor solution for x86 Processors. | Zero-Tang | mit | 298 |
| [https://github.com/droberson/ELFcrypt](https://github.com/droberson/ELFcrypt) | Simple ELF crypter. Uses RC4 encryption. | droberson | mit | 64 |
| [https://github.com/matonis/yara_tools](https://github.com/matonis/yara_tools) | Create an entire YARA rule via Python? Whhhhhhaatttt? | matonis | mit | 63 |
| [https://github.com/dns-violations/dnsflagday](https://github.com/dns-violations/dnsflagday) | DNS flag day | dns-violations | | 138 |
| [https://github.com/eduardsui/tlse](https://github.com/eduardsui/tlse) | Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library | eduardsui | bsd-2-clause | 470 |
| [https://github.com/olive-editor/olive](https://github.com/olive-editor/olive) | Free open-source non-linear video editor | olive-editor | other | 6539 |
| [https://github.com/rsms/inter](https://github.com/rsms/inter) | The Inter font family | rsms | other | 14565 |
| [https://github.com/mattnotmax/cyberchef-recipes](https://github.com/mattnotmax/cyberchef-recipes) | A list of cyber-chef recipes and curated links | mattnotmax | | 1386 |
| [https://github.com/NationalSecurityAgency/DCP](https://github.com/NationalSecurityAgency/DCP) | Digest, stat, and copy files from one location to another in the same read pass | NationalSecurityAgency | other | 322 |
| [https://github.com/MyKings/python-masscan](https://github.com/MyKings/python-masscan) | python-masscan is a python library which helps in using masscan port scanner. | MyKings | gpl-3.0 | 253 |
| [https://github.com/flairNLP/flair](https://github.com/flairNLP/flair) | A very simple framework for state-of-the-art Natural Language Processing (NLP) | flairNLP | other | 12168 |
| [https://github.com/intelpt/WindowsIntelPT](https://github.com/intelpt/WindowsIntelPT) | This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows | intelpt | gpl-3.0 | 340 |
| [https://github.com/Neo23x0/vti-dorks](https://github.com/Neo23x0/vti-dorks) | Awesome VirusTotal Intelligence Search Queries | Neo23x0 | unlicense | 259 |
| [https://github.com/nopn0p/rkorova](https://github.com/nopn0p/rkorova) | ld_preload userland rootkit | nopn0p | mit | 35 |
| [https://github.com/rthalley/dnspython](https://github.com/rthalley/dnspython) | a powerful DNS toolkit for python | rthalley | other | 2027 |
| [https://github.com/fmadio/pcap_genflow](https://github.com/fmadio/pcap_genflow) | Generate randomized PCAP data based on netflows | fmadio | gpl-2.0 | 2 |
| [https://github.com/jaegeral/osint_to_timesketch](https://github.com/jaegeral/osint_to_timesketch) | Virustotal Data to Timesketch | jaegeral | mit | 15 |
| [https://github.com/eCrimeLabs/ja3toMISP](https://github.com/eCrimeLabs/ja3toMISP) | Extracts JA3 fingerprints from a PCAP and adds them to an event in MISP as objects | eCrimeLabs | mit | 9 |
| [https://github.com/notable/notable](https://github.com/notable/notable) | The Markdown-based note-taking app that doesn't suck. | notable | | 20488 |
| [https://github.com/ulid/spec](https://github.com/ulid/spec) | The canonical spec for ulid | ulid | gpl-3.0 | 4910 |
| [https://github.com/9b/netinfo](https://github.com/9b/netinfo) | Simple IP enrichment service and API wrapping PyASN and MaxMind GeoIP. | 9b | mit | 69 |
| [https://github.com/Bashfuscator/Bashfuscator](https://github.com/Bashfuscator/Bashfuscator) | A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team. | Bashfuscator | mit | 1011 |
| [https://github.com/hackerb9/lsix](https://github.com/hackerb9/lsix) | Like "ls", but for images. Shows thumbnails in terminal using sixel graphics. | hackerb9 | gpl-3.0 | 2784 |
| [https://github.com/aliasrobotics/ros_volatility](https://github.com/aliasrobotics/ros_volatility) | | aliasrobotics | | 1 |
| [https://github.com/gwillem/magento-malware-scanner](https://github.com/gwillem/magento-malware-scanner) | Scanner, signatures and the largest collection of Magento malware | gwillem | gpl-3.0 | 650 |
| [https://github.com/minio/minio](https://github.com/minio/minio) | Multi-Cloud :cloud: Object Storage | minio | agpl-3.0 | 36112 |
| [https://github.com/felipensp/itrace](https://github.com/felipensp/itrace) | Tracks runtime instruction execution in Linux programs | felipensp | mit | 23 |
| [https://github.com/craigz28/firmwalker](https://github.com/craigz28/firmwalker) | Script for searching the extracted firmware file system for goodies! | craigz28 | gpl-3.0 | 786 |
| [https://github.com/mvrozanti/RAT-via-Telegram](https://github.com/mvrozanti/RAT-via-Telegram) | Windows Remote Administration Tool via Telegram | mvrozanti | mit | 549 |
| [https://github.com/hrbrmstr/docparser](https://github.com/hrbrmstr/docparser) | 🧰 Tools to Upload/Parse Documents to 'docparser' and Retrieve Extracted Results | hrbrmstr | | 5 |
| [https://github.com/dreadl0ck/netcap](https://github.com/dreadl0ck/netcap) | A framework for secure and scalable network traffic analysis - https://netcap.io | dreadl0ck | gpl-3.0 | 1580 |
| [https://github.com/42wim/matterbridge](https://github.com/42wim/matterbridge) | bridge between mattermost, IRC, gitter, xmpp, slack, discord, telegram, rocketchat, twitch, ssh-chat, zulip, whatsapp, keybase, matrix, microsoft teams, nextcloud, mumble, vk and more with REST API (mattermost not required!) | 42wim | apache-2.0 | 5273 |
| [https://github.com/zbetcheckin/Security_list](https://github.com/zbetcheckin/Security_list) | Great security list for fun and profit | zbetcheckin | | 1512 |
| [https://github.com/coleifer/greendb](https://github.com/coleifer/greendb) | server frontend for lmdb | coleifer | | 20 |
| [https://github.com/MISP/cti-python-stix2](https://github.com/MISP/cti-python-stix2) | OASIS TC Open Repository: Python APIs for STIX 2 (MISP Fork) | MISP | bsd-3-clause | 7 |
| [https://github.com/sogeti-esec-lab/REBoot](https://github.com/sogeti-esec-lab/REBoot) | Bootkits Revisited | sogeti-esec-lab | gpl-3.0 | 43 |
| [https://github.com/CiscoCXSecurity/linikatz](https://github.com/CiscoCXSecurity/linikatz) | linikatz is a tool to attack AD on UNIX | CiscoCXSecurity | bsd-3-clause | 326 |
| [https://github.com/atc-project/atomic-threat-coverage](https://github.com/atc-project/atomic-threat-coverage) | Actionable analytics designed to combat threats | atc-project | apache-2.0 | 845 |
| [https://github.com/mitre-attack/car](https://github.com/mitre-attack/car) | Cyber Analytics Repository | mitre-attack | apache-2.0 | 719 |
| [https://github.com/elastic/ecs](https://github.com/elastic/ecs) | Elastic Common Schema | elastic | apache-2.0 | 870 |
| [https://github.com/9b/google-alerts](https://github.com/9b/google-alerts) | Python library for automating the administration of Google Alerts. | 9b | mit | 83 |
| [https://github.com/log2timeline/dfvfs](https://github.com/log2timeline/dfvfs) | Digital Forensics Virtual File System (dfVFS) | log2timeline | apache-2.0 | 174 |
| [https://github.com/PaloAltoNetworks/WireLurkerDetector](https://github.com/PaloAltoNetworks/WireLurkerDetector) | Script for detecting the WireLurker malware family | PaloAltoNetworks | isc | 414 |
| [https://github.com/fugawi/mate](https://github.com/fugawi/mate) | Mitre Att&ck Technique Emulation | fugawi | | 78 |
| [https://github.com/jsvine/pdfplumber](https://github.com/jsvine/pdfplumber) | Plumb a PDF for detailed information about each char, rectangle, line, et cetera — and easily extract text and tables. | jsvine | mit | 3167 |
| [https://github.com/austin-taylor/twitter_feed](https://github.com/austin-taylor/twitter_feed) | List of Cybersecurity professionals to follow based on categorized domain expertise | austin-taylor | | 3 |
| [https://github.com/Raikia/FiercePhish](https://github.com/Raikia/FiercePhish) | FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. | Raikia | gpl-3.0 | 1131 |
| [https://github.com/JonathanSalwan/Tigress_protection](https://github.com/JonathanSalwan/Tigress_protection) | Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM. | JonathanSalwan | | 673 |
| [https://github.com/secureworks/dalton](https://github.com/secureworks/dalton) | Suricata and Snort IDS rule and pcap testing system | secureworks | apache-2.0 | 355 |
| [https://github.com/digital4rensics/Malformity](https://github.com/digital4rensics/Malformity) | Malformity is a Maltego project based on the Canari framework for malicious binary and infrastructure research. | digital4rensics | | 119 |
| [https://github.com/McGill-DMaS/Kam1n0-Community](https://github.com/McGill-DMaS/Kam1n0-Community) | The Kam1n0 Assembly Analysis Platform | McGill-DMaS | apache-2.0 | 578 |
| [https://github.com/hannob/vulns](https://github.com/hannob/vulns) | Named vulnerabilities and their practical impact | hannob | other | 403 |
| [https://github.com/jaegeral/osint-timelines](https://github.com/jaegeral/osint-timelines) | Providing timelines based on OSINT Reports | jaegeral | mit | 32 |
| [https://github.com/D4-project/d4-core](https://github.com/D4-project/d4-core) | D4 core software (server and sample sensor client) | D4-project | agpl-3.0 | 39 |
| [https://github.com/frikky/pyQRadar](https://github.com/frikky/pyQRadar) | QRadar library for Python | frikky | mit | 2 |
| [https://github.com/ggerganov/kbd-audio](https://github.com/ggerganov/kbd-audio) | 🎤⌨️ Acoustic keyboard eavesdropping | ggerganov | mit | 5748 |
| [https://github.com/joswr1ght/cowpatty](https://github.com/joswr1ght/cowpatty) | coWPAtty: WPA2-PSK Cracking | joswr1ght | bsd-3-clause | 139 |
| [https://github.com/Captainarash/The_Holy_Book_of_X86](https://github.com/Captainarash/The_Holy_Book_of_X86) | A simple guide to x86 architecture, assembly, memory management, paging, segmentation, SMM, BIOS.... | Captainarash | cc-by-sa-4.0 | 729 |
| [https://github.com/jofpin/trape](https://github.com/jofpin/trape) | People tracker on the Internet: OSINT analysis and research tool by Jose Pino | jofpin | | 7246 |
| [https://github.com/Tierion/pymerkletools](https://github.com/Tierion/pymerkletools) | Python tools for creating Merkle trees, generating Merkle proofs, and verification of Merkle proofs | Tierion | mit | 138 |
| [https://github.com/pytroll/satpy](https://github.com/pytroll/satpy) | Python package for earth-observing satellite data processing | pytroll | gpl-3.0 | 866 |
| [https://github.com/pothosware/SoapyRedPitaya](https://github.com/pothosware/SoapyRedPitaya) | SoapySDR Red Pitaya module | pothosware | gpl-3.0 | 7 |
| [https://github.com/flightaware/dump1090](https://github.com/flightaware/dump1090) | Dump1090 is a simple Mode S decoder for RTLSDR devices | flightaware | other | 695 |
| [https://github.com/bitkeks/python-netflow-v9-softflowd](https://github.com/bitkeks/python-netflow-v9-softflowd) | PyPI "netflow" package. NetFlow v9 parser, collector and analyzer implemented in Python 3. Developed and tested with softflowd | bitkeks | mit | 85 |
| [https://github.com/malwaredllc/byob](https://github.com/malwaredllc/byob) | An open-source post-exploitation framework for students, researchers and developers. | malwaredllc | gpl-3.0 | 7990 |
| [https://github.com/Ledger-Donjon/lascar](https://github.com/Ledger-Donjon/lascar) | Ledger's Advanced Side-Channel Analysis Repository | Ledger-Donjon | lgpl-3.0 | 329 |
| [https://github.com/holoviz/holoviews](https://github.com/holoviz/holoviews) | With Holoviews, your data visualizes itself. | holoviz | bsd-3-clause | 2303 |
| [https://github.com/BoomerangDecompiler/boomerang](https://github.com/BoomerangDecompiler/boomerang) | Boomerang Decompiler - Fighting the code-rot :) | BoomerangDecompiler | other | 322 |
| [https://github.com/NC3-LU/Diagnostic](https://github.com/NC3-LU/Diagnostic) | Security diagnostic quick start guide. Identifying the best measures and establishing specific security procedures for your organization. | NC3-LU | agpl-3.0 | 11 |
| [https://github.com/thecasualcoder/tztail](https://github.com/thecasualcoder/tztail) | tztail (TimeZoneTAIL) allows you to view logs in the timezone you want | thecasualcoder | mit | 230 |
| [https://github.com/CERT-Polska/mwdb-core](https://github.com/CERT-Polska/mwdb-core) | Malware repository component for samples & static configuration with REST API interface. | CERT-Polska | other | 232 |
| [https://github.com/google/google-ctf](https://github.com/google/google-ctf) | Google CTF | google | apache-2.0 | 3129 |
| [https://github.com/cert-ee/s4a](https://github.com/cert-ee/s4a) | S4A main repository. SaltStack states, install script and build scripts | cert-ee | mit | 22 |
| [https://github.com/pfalcon/ScratchABlock](https://github.com/pfalcon/ScratchABlock) | Yet another crippled decompiler project | pfalcon | gpl-3.0 | 87 |
| [https://github.com/keycloak/keycloak](https://github.com/keycloak/keycloak) | Open Source Identity and Access Management For Modern Applications and Services | keycloak | apache-2.0 | 13974 |
| [https://github.com/antirez/RESP3](https://github.com/antirez/RESP3) | RESP protocol V3 repository. Contains the specification, and other related resource | antirez | | 191 |
| [https://github.com/intrigueio/intrigue-core](https://github.com/intrigueio/intrigue-core) | Discover Your Attack Surface! | intrigueio | other | 1214 |
| [https://github.com/certsocietegenerale/swordphish-awareness](https://github.com/certsocietegenerale/swordphish-awareness) | Swordphish Phishing Awareness Tool | certsocietegenerale | gpl-3.0 | 197 |
| [https://github.com/threatstop/crl-ocsp-whitelist](https://github.com/threatstop/crl-ocsp-whitelist) | | threatstop | | 4 |
| [https://github.com/triq-org/bitbench](https://github.com/triq-org/bitbench) | Visually dissect and analyze bit strings | triq-org | mit | 125 |
| [https://github.com/cylance/CyBot](https://github.com/cylance/CyBot) | Open Source Threat Intelligence Chat Bot | cylance | | 292 |
| [https://github.com/pjreddie/darknet](https://github.com/pjreddie/darknet) | Convolutional Neural Networks | pjreddie | other | 23449 |
| [https://github.com/isc-projects/dnsgen](https://github.com/isc-projects/dnsgen) | DNS packet generator | isc-projects | mpl-2.0 | 32 |
| [https://github.com/fdurvaux/sca-redpitaya](https://github.com/fdurvaux/sca-redpitaya) | | fdurvaux | | 8 |
| [https://github.com/Wenzel/r2vmi](https://github.com/Wenzel/r2vmi) | Hypervisor-Level Debugger based on Radare2 / LibVMI, using VMI IO and debug plugins | Wenzel | agpl-3.0 | 133 |
| [https://github.com/Concinnity-Risks/LogisticalBudget](https://github.com/Concinnity-Risks/LogisticalBudget) | This project contains code for comparing or ranking APT capabilities and operational capacity. The metrics are meant to quantify, rank, order, compare, or visualise quickly threat actors demonstrated operational capacities. In other words, it is meant to answer questions like 'Which APT produces the most binaries yearly', or 'which apt uses the most daomains'. | Concinnity-Risks | apache-2.0 | 35 |
| [https://github.com/wtsxDev/reverse-engineering](https://github.com/wtsxDev/reverse-engineering) | List of awesome reverse engineering resources | wtsxDev | | 7085 |
| [https://github.com/intezer/ppyssdeep](https://github.com/intezer/ppyssdeep) | pure python ssdeep | intezer | | 4 |
| [https://github.com/joxeankoret/pigaios](https://github.com/joxeankoret/pigaios) | A tool for matching and diffing source codes directly against binaries. | joxeankoret | gpl-3.0 | 528 |
| [https://github.com/m4ll0k/Infoga](https://github.com/m4ll0k/Infoga) | Infoga - Email OSINT | m4ll0k | gpl-3.0 | 1677 |
| [https://github.com/m4ll0k/Atlas](https://github.com/m4ll0k/Atlas) | Quick SQLMap Tamper Suggester | m4ll0k | gpl-3.0 | 988 |
| [https://github.com/geekscrapy/binGraph](https://github.com/geekscrapy/binGraph) | Simple tool to graph files for quick analysis | geekscrapy | agpl-3.0 | 52 |
| [https://github.com/mmarkdown/mmark](https://github.com/mmarkdown/mmark) | Mmark: a powerful markdown processor in Go geared towards the IETF | mmarkdown | other | 421 |
| [https://github.com/newaetech/chipwhisperer](https://github.com/newaetech/chipwhisperer) | ChipWhisperer - the complete open-source toolchain for side-channel power analysis and glitching attacks | newaetech | other | 790 |
| [https://github.com/D4-project/IPASN-History](https://github.com/D4-project/IPASN-History) | IP ASN History to find ASN announcing an IP and the closest prefix announcing it at a specific date | D4-project | agpl-3.0 | 71 |
| [https://github.com/michenriksen/wikiranger](https://github.com/michenriksen/wikiranger) | Gather information on Wiki contributions from IP ranges | michenriksen | mit | 24 |
| [https://github.com/simonw/datasette](https://github.com/simonw/datasette) | An open source multi-tool for exploring and publishing data | simonw | apache-2.0 | 6596 |
| [https://github.com/RedisAI/RedisAI](https://github.com/RedisAI/RedisAI) | A Redis module for serving tensors and executing deep learning graphs | RedisAI | other | 725 |
| [https://github.com/advanced-threat-research/Yara-Rules](https://github.com/advanced-threat-research/Yara-Rules) | Repository of YARA rules made by Trellix ATR Team | advanced-threat-research | apache-2.0 | 446 |
| [https://github.com/nospaceships/raw-socket-sniffer](https://github.com/nospaceships/raw-socket-sniffer) | Packet capture on Windows without a kernel driver | nospaceships | | 164 |
| [https://github.com/scala-native/scala-native](https://github.com/scala-native/scala-native) | Your favorite language gets closer to bare metal. | scala-native | other | 4223 |
| [https://github.com/Neo23x0/radiocarbon](https://github.com/Neo23x0/radiocarbon) | Leak File Analyzer | Neo23x0 | apache-2.0 | 59 |
| [https://github.com/salesforce/hassh](https://github.com/salesforce/hassh) | HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint. | salesforce | bsd-3-clause | 467 |
| [https://github.com/target/strelka](https://github.com/target/strelka) | Real-time, container-based file scanning at enterprise scale | target | other | 584 |
| [https://github.com/open5gs/open5gs](https://github.com/open5gs/open5gs) | Open5GS is a C-language Open Source implementation for 5G Core and EPC, i.e. the core network of LTE/NR network (Release-16) | open5gs | agpl-3.0 | 990 |
| [https://github.com/chris408/known_hosts-hashcat](https://github.com/chris408/known_hosts-hashcat) | A guide and tool for cracking ssh known_hosts files with hashcat | chris408 | | 287 |
| [https://github.com/plotly/dash](https://github.com/plotly/dash) | Analytical Web Apps for Python, R, Julia, and Jupyter. No JavaScript Required. | plotly | mit | 17585 |
| [https://github.com/woj-ciech/Danger-zone](https://github.com/woj-ciech/Danger-zone) | Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files. | woj-ciech | | 654 |
| [https://github.com/scylladb/scylladb](https://github.com/scylladb/scylladb) | NoSQL data store using the seastar framework, compatible with Apache Cassandra | scylladb | agpl-3.0 | 8614 |
| [https://github.com/scylladb/charybdefs](https://github.com/scylladb/charybdefs) | ScyllaDB fault injection filesystem | scylladb | other | 224 |
| [https://github.com/cmu-sei/cyobstract](https://github.com/cmu-sei/cyobstract) | A tool to extract structured cyber information from incident reports. | cmu-sei | other | 68 |
| [https://github.com/bakirtzisg/cybok-cli](https://github.com/bakirtzisg/cybok-cli) | A vulnerability assessment tool for system models | bakirtzisg | bsd-3-clause | 12 |
| [https://github.com/TheHive-Project/Hippocampe](https://github.com/TheHive-Project/Hippocampe) | Threat Feed Aggregation, Made Easy | TheHive-Project | agpl-3.0 | 157 |
| [https://github.com/stamparm/maltrail](https://github.com/stamparm/maltrail) | Malicious traffic detection system | stamparm | mit | 4786 |
| [https://github.com/volatilityfoundation/community](https://github.com/volatilityfoundation/community) | Volatility plugins developed and maintained by the community | volatilityfoundation | | 306 |
| [https://github.com/trunkmaster/nextspace](https://github.com/trunkmaster/nextspace) | NeXTSTEP-like desktop environment for Linux | trunkmaster | gpl-3.0 | 1714 |
| [https://github.com/palantir/alerting-detection-strategy-framework](https://github.com/palantir/alerting-detection-strategy-framework) | A framework for developing alerting and detection strategies for incident response. | palantir | mit | 474 |
| [https://github.com/CIRCL/SquashFu](https://github.com/CIRCL/SquashFu) | A backup program employing the use of SquashFS, Aufs and Rsync | CIRCL | mit | 11 |
| [https://github.com/mvelazc0/Oriana](https://github.com/mvelazc0/Oriana) | Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments. | mvelazc0 | bsd-3-clause | 170 |
| [https://github.com/chris408/ct-exposer](https://github.com/chris408/ct-exposer) | An OSINT tool that discovers sub-domains by searching Certificate Transparency logs | chris408 | gpl-3.0 | 418 |
| [https://github.com/kanishka-linux/reminiscence](https://github.com/kanishka-linux/reminiscence) | Self-Hosted Bookmark And Archive Manager | kanishka-linux | agpl-3.0 | 1606 |
| [https://github.com/flipkart-incubator/RTA](https://github.com/flipkart-incubator/RTA) | Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets. | flipkart-incubator | apache-2.0 | 374 |
| [https://github.com/eCrimeLabs/securityonion-ecrimelabs](https://github.com/eCrimeLabs/securityonion-ecrimelabs) | Implementation of informaiton from MISP through the eCrimeLabs API and into SecurityOnion | eCrimeLabs | mit | 6 |
| [https://github.com/benfred/py-spy](https://github.com/benfred/py-spy) | Sampling profiler for Python programs | benfred | mit | 9298 |
| [https://github.com/hlldz/SpookFlare](https://github.com/hlldz/SpookFlare) | Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures. | hlldz | apache-2.0 | 918 |
| [https://github.com/linkedin/Burrow](https://github.com/linkedin/Burrow) | Kafka Consumer Lag Checking | linkedin | apache-2.0 | 3360 |
| [https://github.com/erthink/libfpta](https://github.com/erthink/libfpta) | Ultra fast compact embedded database for tabular and semistructured data. | erthink | apache-2.0 | 125 |
| [https://github.com/36hours/idaemu](https://github.com/36hours/idaemu) | idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro. | 36hours | gpl-2.0 | 490 |
| [https://github.com/BasuCert/WinboxPoC](https://github.com/BasuCert/WinboxPoC) | Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847) | BasuCert | mit | 475 |
| [https://github.com/codeplutos/java-security-manager-bypass](https://github.com/codeplutos/java-security-manager-bypass) | | codeplutos | | 115 |
| [https://github.com/novogen/pydis](https://github.com/novogen/pydis) | Python bindings for the Zydis disassembler library | novogen | mit | 11 |
| [https://github.com/fox-it/Invoke-ACLPwn](https://github.com/fox-it/Invoke-ACLPwn) | | fox-it | mit | 471 |
| [https://github.com/JulesDT/RSA-Hastad](https://github.com/JulesDT/RSA-Hastad) | Little python tool to use the Chinese Remainder theorem attack on RSA under precise conditions. | JulesDT | gpl-3.0 | 22 |
| [https://github.com/google/dopamine](https://github.com/google/dopamine) | Dopamine is a research framework for fast prototyping of reinforcement learning algorithms. | google | apache-2.0 | 9931 |
| [https://github.com/FireyFly/pixd](https://github.com/FireyFly/pixd) | 🔍 Colourful visualization tool for binary files | FireyFly | mit | 484 |
| [https://github.com/nogoodconfig/pyarascanner](https://github.com/nogoodconfig/pyarascanner) | A simple many-rules to many-files YARA scanner for incident response or malware zoos. | nogoodconfig | apache-2.0 | 21 |
| [https://github.com/scott-griffiths/bitstring](https://github.com/scott-griffiths/bitstring) | A Python module to help you manage your bits | scott-griffiths | mit | 330 |
| [https://github.com/tylabs/dovehawk](https://github.com/tylabs/dovehawk) | Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings | tylabs | mit | 114 |
| [https://github.com/wazuh/wazuh](https://github.com/wazuh/wazuh) | Wazuh - The Open Source Security Platform | wazuh | other | 5137 |
| [https://github.com/python-jsonschema/jsonschema](https://github.com/python-jsonschema/jsonschema) | An implementation of the JSON Schema specification for Python | python-jsonschema | mit | 3897 |
| [https://github.com/CIRCL/cti-sep-repository](https://github.com/CIRCL/cti-sep-repository) | OASIS TC Open Repository: STIX Enhancement Proposals (SEPs) https://github.com/oasis-open/cti-sep-repository | CIRCL | other | 3 |
| [https://github.com/oasis-open/cti-sep-repository](https://github.com/oasis-open/cti-sep-repository) | OASIS TC Open Repository: STIX Enhancement Proposals (SEPs) https://github.com/oasis-open/cti-sep-repository | oasis-open | apache-2.0 | 16 |
| [https://github.com/ITI/ICS-Security-Tools](https://github.com/ITI/ICS-Security-Tools) | Tools, tips, tricks, and more for exploring ICS Security. | ITI | cc-by-4.0 | 1118 |
| [https://github.com/Neo23x0/munin](https://github.com/Neo23x0/munin) | Online hash checker for Virustotal and other services | Neo23x0 | apache-2.0 | 703 |
| [https://github.com/merbanan/rtl_433_tests](https://github.com/merbanan/rtl_433_tests) | This repository contains the regressions test suite for rtl_433 | merbanan | | 82 |
| [https://github.com/mcnees/LaTeX-Graph-Paper](https://github.com/mcnees/LaTeX-Graph-Paper) | Make your own quadrille, graph, hex, etc paper! Uses the pgf/TikZ package for LaTeX, which should be part of any modern TeX installation. | mcnees | other | 341 |
| [https://github.com/Ne0nd0g/merlin](https://github.com/Ne0nd0g/merlin) | Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. | Ne0nd0g | gpl-3.0 | 4068 |
| [https://github.com/mxmssh/IDAmetrics](https://github.com/mxmssh/IDAmetrics) | IDA plugin for software complexity metrics assessment | mxmssh | bsd-2-clause | 55 |
| [https://github.com/microsoft/binskim](https://github.com/microsoft/binskim) | A binary static analysis tool that provides security and correctness results for Windows Portable Executable and *nix ELF binary formats | microsoft | other | 623 |
| [https://github.com/wbenny/hvpp](https://github.com/wbenny/hvpp) | hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system | wbenny | mit | 881 |
| [https://github.com/microsoft/FASTER](https://github.com/microsoft/FASTER) | Fast persistent recoverable log and key-value store + cache, in C# and C++. | microsoft | mit | 5274 |
| [https://github.com/dutchcoders/gomisp](https://github.com/dutchcoders/gomisp) | Golang client for interfacing with MISP | dutchcoders | other | 3 |
| [https://github.com/randomascii/blogstuff](https://github.com/randomascii/blogstuff) | Support files related to blog posts on https://randomascii.wordpress.com/ | randomascii | other | 334 |
| [https://github.com/theblixguy/ScanLinks](https://github.com/theblixguy/ScanLinks) | Block unsafe and dangerous links on your Android device! | theblixguy | gpl-3.0 | 6 |
| [https://github.com/jaredly/treed](https://github.com/jaredly/treed) | Powerful Tree Editor | jaredly | | 1703 |
| [https://github.com/BVLC/caffe](https://github.com/BVLC/caffe) | Caffe: a fast open framework for deep learning. | BVLC | other | 32945 |
| [https://github.com/ryanjay0/miles-deep](https://github.com/ryanjay0/miles-deep) | Deep Learning Porn Video Classifier/Editor with Caffe | ryanjay0 | gpl-3.0 | 2531 |
| [https://github.com/rizinorg/cutter](https://github.com/rizinorg/cutter) | Free and Open Source Reverse Engineering Platform powered by rizin | rizinorg | gpl-3.0 | 12163 |
| [https://github.com/lorien/grab](https://github.com/lorien/grab) | Web Scraping Framework | lorien | mit | 2231 |
| [https://github.com/microsoft/Detours](https://github.com/microsoft/Detours) | Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form. | microsoft | mit | 3772 |
| [https://github.com/guidovranken/bignum-fuzzer](https://github.com/guidovranken/bignum-fuzzer) | | guidovranken | gpl-3.0 | 34 |
| [https://github.com/endgameinc/RTA](https://github.com/endgameinc/RTA) | | endgameinc | other | 918 |
| [https://github.com/xoreaxeaxeax/rosenbridge](https://github.com/xoreaxeaxeax/rosenbridge) | Hardware backdoors in some x86 CPUs | xoreaxeaxeax | mit | 2234 |
| [https://github.com/jordisk/TheHive2Sigma](https://github.com/jordisk/TheHive2Sigma) | Python script to automatically create sigma rules from The hive observables | jordisk | mit | 23 |
| [https://github.com/ptrkrysik/multi-rtl](https://github.com/ptrkrysik/multi-rtl) | Multi-channel receiver with use of RTL-SDR dongles | ptrkrysik | gpl-3.0 | 175 |
| [https://github.com/Evrytania/LTE-Cell-Scanner](https://github.com/Evrytania/LTE-Cell-Scanner) | LTE SDR cell scanner optimized to work with very low performance RF front ends (8bit A/D, 20dB noise figure) | Evrytania | agpl-3.0 | 477 |
| [https://github.com/rvolz/BicBucStriim](https://github.com/rvolz/BicBucStriim) | BicBucStriim streams books, digital books. It fills a gap in the functionality of current NAS devices that provide access to music, videos and photos -- but not books. BicBucStriim fills this gap and provides web-based access to your e-book collection. | rvolz | other | 388 |
| [https://github.com/openalpr/openalpr](https://github.com/openalpr/openalpr) | Automatic License Plate Recognition library | openalpr | agpl-3.0 | 10527 |
| [https://github.com/bfuzzy/auditd-attack](https://github.com/bfuzzy/auditd-attack) | A Linux Auditd rule set mapped to MITRE's Attack Framework | bfuzzy | mit | 740 |
| [https://github.com/mikeryan/crackle](https://github.com/mikeryan/crackle) | Crack and decrypt BLE encryption | mikeryan | bsd-2-clause | 681 |
| [https://github.com/dirtyfilthy/freshonions-torscraper](https://github.com/dirtyfilthy/freshonions-torscraper) | Fresh Onions is an open source TOR spider / hidden service onion crawler hosted at zlal32teyptf4tvi.onion | dirtyfilthy | agpl-3.0 | 433 |
| [https://github.com/hashtopolis/server](https://github.com/hashtopolis/server) | Hashtopolis - A Hashcat wrapper for distributed hashcracking | hashtopolis | gpl-3.0 | 1041 |
| [https://github.com/disclose/diodb](https://github.com/disclose/diodb) | Open-source vulnerability disclosure and bug bounty program database. | disclose | cc0-1.0 | 854 |
| [https://github.com/s0md3v/Photon](https://github.com/s0md3v/Photon) | Incredibly fast crawler designed for OSINT. | s0md3v | gpl-3.0 | 9105 |
| [https://github.com/kitao/pyxel](https://github.com/kitao/pyxel) | A retro game engine for Python | kitao | mit | 10808 |
| [https://github.com/nasa-jpl/open-source-rover](https://github.com/nasa-jpl/open-source-rover) | A build-it-yourself, 6-wheel rover based on the rovers on Mars! | nasa-jpl | apache-2.0 | 7121 |
| [https://github.com/mercuri0/attiny_433_prefilter](https://github.com/mercuri0/attiny_433_prefilter) | Prefilter for 433 MHz remotes (and similar protocolls) written for an attiny45 | mercuri0 | | 10 |
| [https://github.com/evyatarmeged/Raccoon](https://github.com/evyatarmeged/Raccoon) | A high performance offensive security tool for reconnaissance and vulnerability scanning | evyatarmeged | mit | 2595 |
| [https://github.com/codingo/SharePoint-Security](https://github.com/codingo/SharePoint-Security) | A Github Repository Created to compliment a BSides Canberra 2018 talk on SharePoint Security. | codingo | gpl-3.0 | 40 |
| [https://github.com/ThoughtfulDev/EagleEye](https://github.com/ThoughtfulDev/EagleEye) | Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search. | ThoughtfulDev | wtfpl | 3308 |
| [https://github.com/psf/black](https://github.com/psf/black) | The uncompromising Python code formatter | psf | mit | 30048 |
| [https://github.com/yongman/leto](https://github.com/yongman/leto) | A key value storage example powered by hashicorp raft and BadgerDB | yongman | mit | 99 |
| [https://github.com/dbohdan/remarshal](https://github.com/dbohdan/remarshal) | Convert between CBOR, JSON, MessagePack, TOML, and YAML | dbohdan | mit | 482 |
| [https://github.com/LordNoteworthy/al-khaser](https://github.com/LordNoteworthy/al-khaser) | Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection. | LordNoteworthy | gpl-2.0 | 4295 |
| [https://github.com/ClickHouse/ClickHouse](https://github.com/ClickHouse/ClickHouse) | ClickHouse® is a free analytics DBMS for big data | ClickHouse | apache-2.0 | 25977 |
| [https://github.com/mkaz/lanyon](https://github.com/mkaz/lanyon) | markdown web server | mkaz | mit | 508 |
| [https://github.com/mkaz/termgraph](https://github.com/mkaz/termgraph) | a python command-line tool which draws basic graphs in the terminal | mkaz | mit | 2891 |
| [https://github.com/1tayH/noisy](https://github.com/1tayH/noisy) | Simple random DNS, HTTP/S internet traffic noise generator | 1tayH | gpl-3.0 | 1452 |
| [https://github.com/tomerf-sndbox/noisy](https://github.com/tomerf-sndbox/noisy) | Simple random DNS, HTTP/S internet traffic noise generator | tomerf-sndbox | gpl-3.0 | 1 |
| [https://github.com/MojtabaTajik/Robber](https://github.com/MojtabaTajik/Robber) | Robber is open source tool for finding executables prone to DLL hijacking | MojtabaTajik | gpl-3.0 | 685 |
| [https://github.com/xmendez/wfuzz](https://github.com/xmendez/wfuzz) | Web application fuzzer | xmendez | gpl-2.0 | 4700 |
| [https://github.com/ANSSI-FR/AD-control-paths](https://github.com/ANSSI-FR/AD-control-paths) | Active Directory Control Paths auditing and graphing tools | ANSSI-FR | other | 584 |
| [https://github.com/dfxml-working-group/dfxml_schema](https://github.com/dfxml-working-group/dfxml_schema) | XML Schema for Digital Forensics XML | dfxml-working-group | other | 29 |
| [https://github.com/ptrkrysik/gr-gsm](https://github.com/ptrkrysik/gr-gsm) | Gnuradio blocks and tools for receiving GSM transmissions | ptrkrysik | other | 1137 |
| [https://github.com/Oros42/IMSI-catcher](https://github.com/Oros42/IMSI-catcher) | This program show you IMSI numbers of cellphones around you. | Oros42 | cc0-1.0 | 2494 |
| [https://github.com/vinbhaskara/MalwareGAN](https://github.com/vinbhaskara/MalwareGAN) | Visualizing malware behavior, and proactive protection using GANs against zero-day attacks. | vinbhaskara | | 38 |
| [https://github.com/monarc-project/pyMonarc](https://github.com/monarc-project/pyMonarc) | pyMonarc is a connector application which allows python to extract the information from Monarc | monarc-project | agpl-3.0 | 2 |
| [https://github.com/Nekmo/dirhunt](https://github.com/Nekmo/dirhunt) | Find web directories without bruteforce | Nekmo | mit | 1355 |
| [https://github.com/quicktype/quicktype](https://github.com/quicktype/quicktype) | Generate types and converters from JSON, Schema, and GraphQL | quicktype | apache-2.0 | 8800 |
| [https://github.com/TheCrowned/Hilbert-Image-to-Sound](https://github.com/TheCrowned/Hilbert-Image-to-Sound) | Turn an image into a sequence of sounds using a Hilbert Curve. | TheCrowned | gpl-3.0 | 12 |
| [https://github.com/horazont/xmpp-echo-bot](https://github.com/horazont/xmpp-echo-bot) | XMPP/Jabber echo bot (written in sed) | horazont | | 141 |
| [https://github.com/mit-pdos/xv6-public](https://github.com/mit-pdos/xv6-public) | xv6 OS | mit-pdos | other | 5936 |
| [https://github.com/bromiley/olaf](https://github.com/bromiley/olaf) | Office365 Log Analysis Framework | bromiley | gpl-3.0 | 79 |
| [https://github.com/nezza/ISO7816Analyzer](https://github.com/nezza/ISO7816Analyzer) | A simple ISO7816 analyzer that only requires the data-stream. | nezza | | 51 |
| [https://github.com/eCrimeLabs/vt2misp](https://github.com/eCrimeLabs/vt2misp) | Script to fetch data from virustotal and add it to a specific event as an object | eCrimeLabs | mit | 8 |
| [https://github.com/Lookyloo/sanejs](https://github.com/Lookyloo/sanejs) | Use CDNJS as a source to build hashes of known JS/CSS/IMG/... content used all over the internet | Lookyloo | bsd-2-clause | 13 |
| [https://github.com/CAIDA/bgpstream](https://github.com/CAIDA/bgpstream) | BGP measurement analysis for the masses | CAIDA | gpl-2.0 | 101 |
| [https://github.com/Vulnogram/Vulnogram](https://github.com/Vulnogram/Vulnogram) | Vulnogram is a tool for creating and editing CVE information in CVE JSON format | Vulnogram | mit | 95 |
| [https://github.com/airbus-seclab/bta](https://github.com/airbus-seclab/bta) | Open source Active Directory security audit framework. | airbus-seclab | other | 120 |
| [https://github.com/Boyan-MILANOV/ropium](https://github.com/Boyan-MILANOV/ropium) | ROPium is a tool that helps you building ROP exploits by finding and chaining gadgets together | Boyan-MILANOV | | 327 |
| [https://github.com/dat-ecosystem-archive/dat](https://github.com/dat-ecosystem-archive/dat) | :floppy_disk: peer-to-peer sharing & live syncronization of files via command line [ DEPRECATED - More info on active projects and modules at https://dat-ecosystem.org/ ] | dat-ecosystem-archive | bsd-3-clause | 8215 |
| [https://github.com/attack-community/attack-best-practices](https://github.com/attack-community/attack-best-practices) | | attack-community | | 8 |
| [https://github.com/CIRCL/IMAP-Proxy](https://github.com/CIRCL/IMAP-Proxy) | Modular IMAP proxy (including PyCIRCLeanMail and MISP forward modules) | CIRCL | gpl-3.0 | 23 |
| [https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force](https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force) | This repository hosts files relating to the TF-CSIRT Reference Security Incident Taxonomy Working Group. | enisaeu | cc0-1.0 | 56 |
| [https://github.com/karthikkbala/MISP-QRadar-Integration](https://github.com/karthikkbala/MISP-QRadar-Integration) | The Project can be used to integrate QRadar with MISP Threat Sharing Platform | karthikkbala | | 24 |
| [https://github.com/jech/polipo](https://github.com/jech/polipo) | The Polipo caching HTTP proxy | jech | mit | 1742 |
| [https://github.com/gchq/Palisade](https://github.com/gchq/Palisade) | A Tool for Complex and Scalable Data Access Policy Enforcement | gchq | apache-2.0 | 91 |
| [https://github.com/JusticeRage/FFM](https://github.com/JusticeRage/FFM) | Freedom Fighting Mode: open source hacking harness | JusticeRage | | 313 |
| [https://github.com/vishwaraj101/sslunpin](https://github.com/vishwaraj101/sslunpin) | Frida script to bypass ssl Pinning | vishwaraj101 | | 43 |
| [https://github.com/plotly/plotly.py](https://github.com/plotly/plotly.py) | The interactive graphing library for Python (includes Plotly Express) :sparkles: | plotly | mit | 12364 |
| [https://github.com/aaronpk/websub.rocks](https://github.com/aaronpk/websub.rocks) | Test suite and debug utilities for W3C WebSub | aaronpk | apache-2.0 | 21 |
| [https://github.com/JusticeRage/Manalyze](https://github.com/JusticeRage/Manalyze) | A static analyzer for PE executables. | JusticeRage | gpl-3.0 | 873 |
| [https://github.com/Patrowl/PatrowlManager](https://github.com/Patrowl/PatrowlManager) | PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform | Patrowl | agpl-3.0 | 508 |
| [https://github.com/nbedos/termtosvg](https://github.com/nbedos/termtosvg) | Record terminal sessions as SVG animations | nbedos | bsd-3-clause | 9514 |
| [https://github.com/mitshell/corenet](https://github.com/mitshell/corenet) | Minimal 3G and LTE / EPC core network | mitshell | gpl-2.0 | 93 |
| [https://github.com/jvoisin/snuffleupagus](https://github.com/jvoisin/snuffleupagus) | Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! | jvoisin | lgpl-3.0 | 617 |
| [https://github.com/nbs-system/naxsi](https://github.com/nbs-system/naxsi) | NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX | nbs-system | gpl-3.0 | 4156 |
| [https://github.com/aguinet/dragonffi](https://github.com/aguinet/dragonffi) | C Foreign Function Interface and JIT using Clang/LLVM | aguinet | apache-2.0 | 521 |
| [https://github.com/regit/suriwire](https://github.com/regit/suriwire) | Wireshark plugin to display Suricata analysis info | regit | gpl-3.0 | 67 |
| [https://github.com/quarkslab/irma](https://github.com/quarkslab/irma) | IRMA is an asynchronous & customizable analysis system for suspicious files. | quarkslab | apache-2.0 | 240 |
| [https://github.com/cryptolu/BlockSci](https://github.com/cryptolu/BlockSci) | A high-performance tool for Zcash blockchain science and exploration | cryptolu | gpl-3.0 | 10 |
| [https://github.com/MISP/MISP](https://github.com/MISP/MISP) | MISP (core software) - Open Source Threat Intelligence and Sharing Platform | MISP | agpl-3.0 | 4068 |
| [https://github.com/MISP/misp-cloud](https://github.com/MISP/misp-cloud) | misp-cloud - Cloud-ready images of MISP | MISP | | 62 |
| [https://github.com/thedevsaddam/gojsonq](https://github.com/thedevsaddam/gojsonq) | A simple Go package to Query over JSON/YAML/XML/CSV Data | thedevsaddam | mit | 1952 |
| [https://github.com/jd/asciidoc-book-toolchain](https://github.com/jd/asciidoc-book-toolchain) | Book publishing toolchain based on AsciiDoc | jd | | 123 |
| [https://github.com/dauxio/daux.io](https://github.com/dauxio/daux.io) | Daux.io is an documentation generator that uses a simple folder structure and Markdown files to create custom documentation on the fly. It helps you create great looking documentation in a developer friendly way. | dauxio | mit | 713 |
| [https://github.com/dfd-tud/deda](https://github.com/dfd-tud/deda) | | dfd-tud | gpl-3.0 | 1174 |
| [https://github.com/j00ru/windows-syscalls](https://github.com/j00ru/windows-syscalls) | Windows System Call Tables (NT/2000/XP/2003/Vista/2008/7/2012/8/10) | j00ru | | 1670 |
| [https://github.com/fmadio/pcap_merge](https://github.com/fmadio/pcap_merge) | High performance time ordered PCAP merging utility | fmadio | mit | 19 |
| [https://github.com/fmadio/pcap_flow](https://github.com/fmadio/pcap_flow) | calculate flow information from PCAP and extract tcp streams | fmadio | | 53 |
| [https://github.com/CERT-Polska/n6](https://github.com/CERT-Polska/n6) | Automated handling of data feeds for security teams | CERT-Polska | agpl-3.0 | 97 |
| [https://github.com/antirez/dump1090](https://github.com/antirez/dump1090) | Dump1090 is a simple Mode S decoder for RTLSDR devices | antirez | | 1978 |
| [https://github.com/MISP/misp-docker](https://github.com/MISP/misp-docker) | MISP Docker (XME edition) | MISP | | 229 |
| [https://github.com/MISP/docker-misp](https://github.com/MISP/docker-misp) | Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing | MISP | bsd-3-clause | 99 |
| [https://github.com/vibora-io/vibora](https://github.com/vibora-io/vibora) | Fast, asynchronous and elegant Python web framework. | vibora-io | mit | 5711 |
| [https://github.com/ryancdotorg/threshcrypt](https://github.com/ryancdotorg/threshcrypt) | A password-based implementation of threshold encryption | ryancdotorg | other | 28 |
| [https://github.com/shea256/secret-sharing](https://github.com/shea256/secret-sharing) | A system for securely splitting secrets with Shamir's Secret Sharing Scheme | shea256 | mit | 437 |
| [https://github.com/rommelfs/ticket-tools](https://github.com/rommelfs/ticket-tools) | | rommelfs | | 7 |
| [https://github.com/secrary/makin](https://github.com/secrary/makin) | makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore] | secrary | mit | 684 |
| [https://github.com/actor-framework/actor-framework](https://github.com/actor-framework/actor-framework) | An Open Source Implementation of the Actor Model in C++ | actor-framework | bsd-3-clause | 2824 |
| [https://github.com/tenzir/vast](https://github.com/tenzir/vast) | :crystal_ball: Visibility Across Space and Time The network telemetry engine for data-driven security investigations. | tenzir | bsd-3-clause | 416 |
| [https://github.com/erthink/t1ha](https://github.com/erthink/t1ha) | One of the fastest hash functions | erthink | other | 334 |
| [https://github.com/romanz/amodem](https://github.com/romanz/amodem) | Audio MODEM Communication Library in Python | romanz | other | 794 |
| [https://github.com/DCSO/flor](https://github.com/DCSO/flor) | A Python implementation of our efficient Bloom filter library. | DCSO | other | 27 |
| [https://github.com/cugu/awesome-forensics](https://github.com/cugu/awesome-forensics) | A curated list of awesome forensic analysis tools and resources | cugu | cc0-1.0 | 2179 |
| [https://github.com/penafieljlm/inquisitor](https://github.com/penafieljlm/inquisitor) | Opinionated organisation-centric OSINT footprinting inspired from recon-ng and Maltego | penafieljlm | | 144 |
| [https://github.com/Wandmalfarbe/pandoc-latex-template](https://github.com/Wandmalfarbe/pandoc-latex-template) | A pandoc LaTeX template to convert markdown files to PDF or LaTeX. | Wandmalfarbe | bsd-3-clause | 4593 |
| [https://github.com/arturadib/strapdown](https://github.com/arturadib/strapdown) | Instant and elegant Markdown documents in the browser | arturadib | mit | 2501 |
| [https://github.com/davidmerfield/Blot](https://github.com/davidmerfield/Blot) | Turns a folder into a blog | davidmerfield | cc0-1.0 | 1088 |
| [https://github.com/jaegeral/PySight2MISP](https://github.com/jaegeral/PySight2MISP) | PySight2MISP is a project that can be run to be used as glue between iSight intel API and MISP API | jaegeral | mit | 7 |
| [https://github.com/AssuranceMaladieSec/CertStreamMonitor](https://github.com/AssuranceMaladieSec/CertStreamMonitor) | Monitor certificates generated for specific domain strings and associated, store data into sqlite3 database, alert you when sites come online. | AssuranceMaladieSec | gpl-3.0 | 124 |
| [https://github.com/SSLMate/certspotter](https://github.com/SSLMate/certspotter) | Certificate Transparency Log Monitor | SSLMate | mpl-2.0 | 582 |
| [https://github.com/P1llus/ArcSight-Rest](https://github.com/P1llus/ArcSight-Rest) | Python library for the ArcSight logger REST API | P1llus | mit | 25 |
| [https://github.com/caschnee/misp-use-cases](https://github.com/caschnee/misp-use-cases) | | caschnee | | 14 |
| [https://github.com/yarrick/iodine](https://github.com/yarrick/iodine) | Official git repo for iodine dns tunnel | yarrick | isc | 4544 |
| [https://github.com/thosakwe/t2b](https://github.com/thosakwe/t2b) | A wicked-powerful text macro language for building binary files. | thosakwe | gpl-3.0 | 376 |
| [https://github.com/CERT-Polska/ursadb](https://github.com/CERT-Polska/ursadb) | Trigram database written in C++, suited for malware indexing | CERT-Polska | bsd-3-clause | 99 |
| [https://github.com/CERT-Polska/ursadb-cli](https://github.com/CERT-Polska/ursadb-cli) | Lightweight Python client for ursadb | CERT-Polska | bsd-3-clause | 8 |
| [https://github.com/CERT-Polska/mquery](https://github.com/CERT-Polska/mquery) | YARA malware query accelerator (web frontend) | CERT-Polska | agpl-3.0 | 346 |
| [https://github.com/tgalopin/simhashphp](https://github.com/tgalopin/simhashphp) | SimHash similarities algorithm implementation for PHP | tgalopin | mit | 135 |
| [https://github.com/renyxa/re-lab](https://github.com/renyxa/re-lab) | RE-lab is a joint effort of gimp.ru team and developers of various open source projects to do clean-room reverse engineering of various proprietary file formats useful for the mankind. | renyxa | | 64 |
| [https://github.com/KVM-VMI/nitro](https://github.com/KVM-VMI/nitro) | | KVM-VMI | gpl-3.0 | 45 |
| [https://github.com/scVENUS/PeekabooAV](https://github.com/scVENUS/PeekabooAV) | Peekaboo Extended Email Attachment Behavior Observation Owl | scVENUS | gpl-3.0 | 61 |
| [https://github.com/sodium-friends/learntocrypto](https://github.com/sodium-friends/learntocrypto) | Learn to crypto workshop | sodium-friends | isc | 1673 |
| [https://github.com/hashdd/pyhashdd](https://github.com/hashdd/pyhashdd) | A python library for building and using hash databases. | hashdd | other | 20 |
| [https://github.com/mseclab/PyJFuzz](https://github.com/mseclab/PyJFuzz) | PyJFuzz - Python JSON Fuzzer | mseclab | mit | 355 |
| [https://github.com/mseclab/nathan](https://github.com/mseclab/nathan) | Android Emulator for mobile security testing | mseclab | mit | 213 |
| [https://github.com/unfetter-discover/unfetter-analytic](https://github.com/unfetter-discover/unfetter-analytic) | Main Build directory | unfetter-discover | other | 167 |
| [https://github.com/InQuest/python-sandboxapi](https://github.com/InQuest/python-sandboxapi) | Minimal, consistent Python API for building integrations with malware sandboxes. | InQuest | gpl-2.0 | 117 |
| [https://github.com/mitre/caret](https://github.com/mitre/caret) | CARET - A tool for viewing cyber analytic relationships | mitre | other | 40 |
| [https://github.com/CERTCC/tapioca](https://github.com/CERTCC/tapioca) | CERT Tapioca for MITM network analysis | CERTCC | other | 175 |
| [https://github.com/guardicore/monkey](https://github.com/guardicore/monkey) | Infection Monkey - An automated pentest tool | guardicore | gpl-3.0 | 5989 |
| [https://github.com/Cyb3rWard0g/HELK](https://github.com/Cyb3rWard0g/HELK) | The Hunting ELK | Cyb3rWard0g | gpl-3.0 | 3361 |
| [https://github.com/OTRF/OSSEM](https://github.com/OTRF/OSSEM) | Open Source Security Events Metadata (OSSEM) | OTRF | mit | 1063 |
| [https://github.com/socprime/SigmaRulesIntegration](https://github.com/socprime/SigmaRulesIntegration) | | socprime | other | 13 |
| [https://github.com/simsong/notepaper](https://github.com/simsong/notepaper) | Web-based notepaper | simsong | mit | 3 |
| [https://github.com/redcanaryco/atomic-red-team](https://github.com/redcanaryco/atomic-red-team) | Small and highly portable detection tests based on MITRE's ATT&CK. | redcanaryco | mit | 6728 |
| [https://github.com/ociredefz/lightaidra](https://github.com/ociredefz/lightaidra) | IRC-based mass router scanner/exploiter - The project is no longer maintained. | ociredefz | | 95 |
| [https://github.com/mitre-attack/attack-navigator](https://github.com/mitre-attack/attack-navigator) | Web app that provides basic navigation and annotation of ATT&CK matrices | mitre-attack | apache-2.0 | 1398 |
| [https://github.com/jenssegers/imagehash](https://github.com/jenssegers/imagehash) | 🌄 Perceptual image hashing for PHP | jenssegers | mit | 1841 |
| [https://github.com/kkirsche/CVE-2017-10271](https://github.com/kkirsche/CVE-2017-10271) | Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271) | kkirsche | apache-2.0 | 122 |
| [https://github.com/trailofbits/deepstate](https://github.com/trailofbits/deepstate) | A unit test-like interface for fuzzing and symbolic execution | trailofbits | apache-2.0 | 726 |
| [https://github.com/Matty9191/ssl-cert-check](https://github.com/Matty9191/ssl-cert-check) | Send notifications when SSL certificates are about to expire. | Matty9191 | gpl-2.0 | 604 |
| [https://github.com/9b/chirp](https://github.com/9b/chirp) | Interface to manage and centralize Google Alert information | 9b | mit | 230 |
| [https://github.com/angr/angr](https://github.com/angr/angr) | A powerful and user-friendly binary analysis platform! | angr | bsd-2-clause | 6189 |
| [https://github.com/f0rb1dd3n/Reptile](https://github.com/f0rb1dd3n/Reptile) | LKM Linux rootkit | f0rb1dd3n | | 2028 |
| [https://github.com/tombusby/cypherpunk-research](https://github.com/tombusby/cypherpunk-research) | This repository is essentially for compiling information about Cypherpunks, the history of the movement, and the people/events of note. | tombusby | | 473 |
| [https://github.com/Cyb3rPandaH/Tableau-ATTCK](https://github.com/Cyb3rPandaH/Tableau-ATTCK) | Understanding ATT&CK Matrix for Enterprise | Cyb3rPandaH | | 80 |
| [https://github.com/ttrifonov/zmqssl](https://github.com/ttrifonov/zmqssl) | SSL/TLS wrapper for ZMQ sockets | ttrifonov | apache-2.0 | 9 |
| [https://github.com/Cn33liz/JSMeter](https://github.com/Cn33liz/JSMeter) | JavaScript Reversed TCP Meterpreter Stager | Cn33liz | | 136 |
| [https://github.com/zulip/zulip](https://github.com/zulip/zulip) | Zulip server and web app—powerful open source team chat | zulip | apache-2.0 | 16660 |
| [https://github.com/lgandx/PCredz](https://github.com/lgandx/PCredz) | This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface. | lgandx | | 1595 |
| [https://github.com/jmbielec/geograpy3](https://github.com/jmbielec/geograpy3) | Extract countries, regions and cities from a URL | | other | 19 |
| [https://github.com/utds3lab/multiverse](https://github.com/utds3lab/multiverse) | A static binary rewriter that does not use heuristics | utds3lab | lgpl-3.0 | 280 |
| [https://github.com/junzis/aircraft-db](https://github.com/junzis/aircraft-db) | Query all types of flight identities, such as ICAO address, registration ID, aircraft model, etc. | junzis | | 59 |
| [https://github.com/josegonzalez/python-github-backup](https://github.com/josegonzalez/python-github-backup) | backup a github user or organization | josegonzalez | mit | 1043 |
| [https://github.com/mattn/memo](https://github.com/mattn/memo) | 📓 Memo Life For You | mattn | mit | 873 |
| [https://github.com/peco/peco](https://github.com/peco/peco) | Simplistic interactive filtering tool | peco | mit | 7168 |
| [https://github.com/DanMcInerney/net-creds](https://github.com/DanMcInerney/net-creds) | Sniffs sensitive data from interface or pcap | DanMcInerney | gpl-3.0 | 1469 |
| [https://github.com/sigchi/Document-Formats](https://github.com/sigchi/Document-Formats) | Everything you need to know to publish using LaTeX or Word and then some. | sigchi | gpl-2.0 | 305 |
| [https://github.com/eteran/edb-debugger](https://github.com/eteran/edb-debugger) | edb is a cross-platform AArch32/x86/x86-64 debugger. | eteran | gpl-2.0 | 2216 |
| [https://github.com/MISP/misp-noticelist](https://github.com/MISP/misp-noticelist) | Notice lists to inform users of MISP about legal or technical implication for some attributes, categories and objects | MISP | | 7 |
| [https://github.com/IDArlingTeam/IDArling](https://github.com/IDArlingTeam/IDArling) | Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays | IDArlingTeam | gpl-3.0 | 632 |
| [https://github.com/nolze/msoffcrypto-tool](https://github.com/nolze/msoffcrypto-tool) | Python tool and library for decrypting MS Office files with passwords or other keys | nolze | mit | 395 |
| [https://github.com/ankane/ip_anonymizer](https://github.com/ankane/ip_anonymizer) | IP address anonymizer for Ruby and Rails | ankane | mit | 78 |
| [https://github.com/erikbern/git-of-theseus](https://github.com/erikbern/git-of-theseus) | Analyze how a Git repo grows over time | erikbern | apache-2.0 | 2054 |
| [https://github.com/spdx/license-list-data](https://github.com/spdx/license-list-data) | Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON | spdx | | 339 |
| [https://github.com/fossas/fossa-cli](https://github.com/fossas/fossa-cli) | Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems. | fossas | mpl-2.0 | 1047 |
| [https://github.com/cea-sec/miasm](https://github.com/cea-sec/miasm) | Reverse engineering framework in Python | cea-sec | gpl-2.0 | 2914 |
| [https://github.com/cookiecutter/cookiecutter](https://github.com/cookiecutter/cookiecutter) | A cross-platform command-line utility that creates projects from cookiecutters (project templates), e.g. Python package projects, C projects. | cookiecutter | bsd-3-clause | 18319 |
| [https://github.com/ioc-fang/ioc-fanger](https://github.com/ioc-fang/ioc-fanger) | Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space . | ioc-fang | mit | 46 |
| [https://github.com/nerevu/riko](https://github.com/nerevu/riko) | A Python stream processing engine modeled after Yahoo! Pipes | nerevu | mit | 1590 |
| [https://github.com/Rafiot/defang](https://github.com/Rafiot/defang) | DO NOT USE THIS REPO, FOR TESTING PURPOSES ONLY. Master is there: https://bitbucket.org/johannestaas/defang | Rafiot | other | 2 |
| [https://github.com/google/gvisor](https://github.com/google/gvisor) | Application Kernel for Containers | google | apache-2.0 | 13189 |
| [https://github.com/ezelf/CVE-2018-9995_dvr_credentials](https://github.com/ezelf/CVE-2018-9995_dvr_credentials) | (CVE-2018-9995) Get DVR Credentials | ezelf | gpl-3.0 | 481 |
| [https://github.com/fivepiece/btc-bash-ng](https://github.com/fivepiece/btc-bash-ng) | math and bitcoin tools in gnu bc and bash | fivepiece | mit | 25 |
| [https://github.com/deepzec/Bad-Pdf](https://github.com/deepzec/Bad-Pdf) | Steal Net-NTLM Hash using Bad-PDF | deepzec | gpl-3.0 | 859 |
| [https://github.com/espebra/filebin](https://github.com/espebra/filebin) | Filebin is a web application that facilitates convenient file sharing over the web. | espebra | bsd-3-clause | 146 |
| [https://github.com/soorya19/sparsity-based-defenses](https://github.com/soorya19/sparsity-based-defenses) | Sparsity-based defenses against adversarial attacks on machine learning classifiers | soorya19 | bsd-3-clause | 8 |
| [https://github.com/libnet/nemesis](https://github.com/libnet/nemesis) | A command-line network packet crafting and injection utility | libnet | bsd-3-clause | 412 |
| [https://github.com/a13xp0p0v/linux-kernel-defence-map](https://github.com/a13xp0p0v/linux-kernel-defence-map) | Linux Kernel Defence Map shows the relationships between vulnerability classes, exploitation techniques, bug detection mechanisms, and defence technologies | a13xp0p0v | gpl-3.0 | 1528 |
| [https://github.com/vaexio/vaex](https://github.com/vaexio/vaex) | Out-of-Core hybrid Apache Arrow/NumPy DataFrame for Python, ML, visualization and exploration of big tabular data at a billion rows per second 🚀 | vaexio | mit | 7375 |
| [https://github.com/RelaxedJS/ReLaXed](https://github.com/RelaxedJS/ReLaXed) | Create PDF documents using web technologies | RelaxedJS | isc | 11738 |
| [https://github.com/sbilly/awesome-security](https://github.com/sbilly/awesome-security) | A collection of awesome software, libraries, documents, books, resources and cools stuffs about security. | sbilly | mit | 9086 |
| [https://github.com/jfrazee/awesome-nifi](https://github.com/jfrazee/awesome-nifi) | A list of useful Apache NiFi resources, processor bundles and tools | jfrazee | apache-2.0 | 862 |
| [https://github.com/tmcw/awesome-geojson](https://github.com/tmcw/awesome-geojson) | GeoJSON utilities that will make your life easier. | tmcw | cc0-1.0 | 1870 |
| [https://github.com/log2timeline/dftimewolf](https://github.com/log2timeline/dftimewolf) | A framework for orchestrating forensic collection, processing and data export | log2timeline | apache-2.0 | 212 |
| [https://github.com/keiichishima/yacryptopan](https://github.com/keiichishima/yacryptopan) | Yet another Crypto-PAn implementation for Python | keiichishima | bsd-2-clause | 24 |
| [https://github.com/xme/cuckoo](https://github.com/xme/cuckoo) | Miscellaneous files related to Cuckoo sandbox | xme | | 8 |
| [https://github.com/NC3-LU/MOSP](https://github.com/NC3-LU/MOSP) | A collaborative platform for creating, editing and sharing JSON objects. | NC3-LU | agpl-3.0 | 71 |
| [https://github.com/mseitzer/pytorch-fid](https://github.com/mseitzer/pytorch-fid) | Compute FID scores with PyTorch. | mseitzer | apache-2.0 | 1996 |
| [https://github.com/facebook/prophet](https://github.com/facebook/prophet) | Tool for producing high quality forecasts for time series data that has multiple seasonality with linear or non-linear growth. | facebook | mit | 15114 |
| [https://github.com/hasherezade/bearparser](https://github.com/hasherezade/bearparser) | Portable Executable parsing library (from PE-bear) | hasherezade | bsd-2-clause | 583 |
| [https://github.com/fastio/1store](https://github.com/fastio/1store) | NoSQL data store using the SEASTAR framework, compatible with Redis | fastio | agpl-3.0 | 1269 |
| [https://github.com/yongman/tidis](https://github.com/yongman/tidis) | Distributed transactional NoSQL database, Redis protocol compatible using tikv as backend | yongman | mit | 1406 |
| [https://github.com/palantir/windows-event-forwarding](https://github.com/palantir/windows-event-forwarding) | A repository for using windows event forwarding for incident detection and response | palantir | other | 1096 |
| [https://github.com/brangerbriz/messages-from-the-mines](https://github.com/brangerbriz/messages-from-the-mines) | An interactive art installation that excavates messages embedded in the Bitcoin blockchain | brangerbriz | gpl-3.0 | 34 |
| [https://github.com/Sab0tag3d/SIET](https://github.com/Sab0tag3d/SIET) | Smart Install Exploitation Tool | Sab0tag3d | | 517 |
| [https://github.com/deobald/vipassana-for-hackers](https://github.com/deobald/vipassana-for-hackers) | A document version of my "Vipassana for Hackers" talk | deobald | cc-by-sa-4.0 | 578 |
| [https://github.com/PDXBek/Misinformation](https://github.com/PDXBek/Misinformation) | Word lists for analyzing media reporting | PDXBek | | 22 |
| [https://github.com/palantir/osquery-configuration](https://github.com/palantir/osquery-configuration) | A repository for using osquery for incident detection and response | palantir | other | 725 |
| [https://github.com/fnando/sparkline](https://github.com/fnando/sparkline) | Generate SVG sparklines with JavaScript without any external dependency. | fnando | mit | 443 |
| [https://github.com/joshua-gould/canvas2pdf](https://github.com/joshua-gould/canvas2pdf) | Export your HTML canvas to PDF | joshua-gould | mit | 137 |
| [https://github.com/turicas/rows](https://github.com/turicas/rows) | A common, beautiful interface to tabular data, no matter the format | turicas | lgpl-3.0 | 824 |
| [https://github.com/kislyuk/yq](https://github.com/kislyuk/yq) | Command-line YAML, XML, TOML processor - jq wrapper for YAML/XML/TOML documents | kislyuk | apache-2.0 | 1997 |
| [https://github.com/tabler/tabler](https://github.com/tabler/tabler) | Tabler is free and open-source HTML Dashboard UI Kit built on Bootstrap | tabler | mit | 31926 |
| [https://github.com/masonicboom/ipscrub](https://github.com/masonicboom/ipscrub) | IP address anonymizer module for nginx | masonicboom | | 229 |
| [https://github.com/evilsocket/opensnitch](https://github.com/evilsocket/opensnitch) | OpenSnitch is a GNU/Linux port of the Little Snitch application firewall | evilsocket | gpl-3.0 | 7886 |
| [https://github.com/jseidl/Babadook](https://github.com/jseidl/Babadook) | Connection-less Powershell Persistent and Resilient Backdoor | jseidl | mit | 231 |
| [https://github.com/minimaxir/person-blocker](https://github.com/minimaxir/person-blocker) | Automatically "block" people in images (like Black Mirror) using a pretrained neural network. | minimaxir | other | 2023 |
| [https://github.com/dchrastil/ScrapedIn](https://github.com/dchrastil/ScrapedIn) | A tool to scrape LinkedIn without API restrictions for data reconnaissance | dchrastil | | 574 |
| [https://github.com/Scribery/aushape](https://github.com/Scribery/aushape) | A library and a tool for converting audit logs to XML and JSON | Scribery | lgpl-2.1 | 36 |
| [https://github.com/zevv/lsofgraph](https://github.com/zevv/lsofgraph) | lsof to graphviz | zevv | bsd-2-clause | 995 |
| [https://github.com/hvac/hvac](https://github.com/hvac/hvac) | :lock: Python 2.7/3.X client for HashiCorp Vault | hvac | apache-2.0 | 1027 |
| [https://github.com/daveherrald/botsv1](https://github.com/daveherrald/botsv1) | Splunk Boss of the SOC v1 data set. | daveherrald | | 109 |
| [https://github.com/MISP/MISP-sizer](https://github.com/MISP/MISP-sizer) | Sizing your MISP instance | MISP | mit | 8 |
| [https://github.com/dsmrreader/dsmr-reader](https://github.com/dsmrreader/dsmr-reader) | DSMR-protocol reader, telegram data storage and energy consumption visualizer. Free for non-commercial use. Docker installation: https://github.com/xirixiz/dsmr-reader-docker | dsmrreader | other | 417 |
| [https://github.com/square/certigo](https://github.com/square/certigo) | A utility to examine and validate certificates in a variety of formats | square | apache-2.0 | 840 |
| [https://github.com/carstein/Keyhole](https://github.com/carstein/Keyhole) | Simple reporting plugin for binary ninja | carstein | | 16 |
| [https://github.com/hasherezade/pe-sieve](https://github.com/hasherezade/pe-sieve) | Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). | hasherezade | bsd-2-clause | 2244 |
| [https://github.com/0x4D31/awesome-threat-detection](https://github.com/0x4D31/awesome-threat-detection) | A curated list of awesome threat detection and hunting resources | 0x4D31 | | 2382 |
| [https://github.com/google/upvote_py2](https://github.com/google/upvote_py2) | A multi-platform binary whitelisting solution | google | apache-2.0 | 447 |
| [https://github.com/dribdat/dribdat](https://github.com/dribdat/dribdat) | Open source hackathons-in-a-box | dribdat | mit | 44 |
| [https://github.com/booksbyus/mkbook](https://github.com/booksbyus/mkbook) | Hintjens' book production tools | booksbyus | other | 45 |
| [https://github.com/thec00n/smart-contract-honeypots](https://github.com/thec00n/smart-contract-honeypots) | This repo contains a collection of smart contract honeypots. | thec00n | | 245 |
| [https://github.com/hatching/vmcloak](https://github.com/hatching/vmcloak) | Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox. | hatching | | 420 |
| [https://github.com/aff4/pyaff4](https://github.com/aff4/pyaff4) | The Python implementation of the AFF4 standard. | aff4 | apache-2.0 | 40 |
| [https://github.com/eNMS-automation/eNMS](https://github.com/eNMS-automation/eNMS) | An enterprise-grade vendor-agnostic network automation platform. | eNMS-automation | gpl-3.0 | 721 |
| [https://github.com/hugapi/hug](https://github.com/hugapi/hug) | Embrace the APIs of the future. Hug aims to make developing APIs as simple as possible, but no simpler. | hugapi | mit | 6662 |
| [https://github.com/farsightsec/axa](https://github.com/farsightsec/axa) | The Advanced Exchange Access suite | farsightsec | apache-2.0 | 4 |
| [https://github.com/Moham3dRiahi/Th3inspector](https://github.com/Moham3dRiahi/Th3inspector) | Th3Inspector 🕵️ Best Tool For Information Gathering 🔎 | Moham3dRiahi | mit | 1450 |
| [https://github.com/Exa-Networks/exabgp](https://github.com/Exa-Networks/exabgp) | The BGP swiss army knife of networking | Exa-Networks | other | 1859 |
| [https://github.com/openeventdata/mordecai](https://github.com/openeventdata/mordecai) | Full text geoparsing as a Python library | openeventdata | mit | 678 |
| [https://github.com/cedricbonhomme/freshermeat](https://github.com/cedricbonhomme/freshermeat) | An open source software directory and release tracker. | cedricbonhomme | agpl-3.0 | 15 |
| [https://github.com/marasawr/fml](https://github.com/marasawr/fml) | I read 20 years of mostly-fail at cyber norms at the UN, and now you can too! | marasawr | | 19 |
| [https://github.com/MISP/yara-misp](https://github.com/MISP/yara-misp) | Export MISP attributes in Yara | MISP | | 12 |
| [https://github.com/IllusiveNetworks-Labs/HistoricProcessTree](https://github.com/IllusiveNetworks-Labs/HistoricProcessTree) | An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view. | IllusiveNetworks-Labs | bsd-3-clause | 52 |
| [https://github.com/initstring/linkedin2username](https://github.com/initstring/linkedin2username) | OSINT Tool: Generate username lists for companies on LinkedIn | initstring | mit | 759 |
| [https://github.com/googlecreativelab/open-nsynth-super](https://github.com/googlecreativelab/open-nsynth-super) | Open NSynth Super is an experimental physical interface for the NSynth algorithm | googlecreativelab | apache-2.0 | 2300 |
| [https://github.com/bisguzar/twitter-scraper](https://github.com/bisguzar/twitter-scraper) | Scrape the Twitter Frontend API without authentication. | bisguzar | mit | 3343 |
| [https://github.com/alexadam/img-encode](https://github.com/alexadam/img-encode) | Encode an image to sound and view it as a spectrogram - turn your images into music | alexadam | mit | 213 |
| [https://github.com/msuhanov/yarp](https://github.com/msuhanov/yarp) | Yet another registry parser | msuhanov | gpl-3.0 | 110 |
| [https://github.com/alex-ball/beamerswitch](https://github.com/alex-ball/beamerswitch) | Convenient mode selection in Beamer documents | alex-ball | | 19 |
| [https://github.com/crytic/ida-evm](https://github.com/crytic/ida-evm) | IDA Processor Module for the Ethereum Virtual Machine (EVM) | crytic | apache-2.0 | 266 |
| [https://github.com/incertum/cyber-matrix-ai](https://github.com/incertum/cyber-matrix-ai) | Collection of cyber security and "AI" relevant topics | incertum | | 71 |
| [https://github.com/certtools/malware_name_mapping](https://github.com/certtools/malware_name_mapping) | A mapping of used malware names to commonly known family names | certtools | | 54 |
| [https://github.com/eset/ipyida](https://github.com/eset/ipyida) | IPython console integration for IDA Pro | eset | other | 554 |
| [https://github.com/berzerk0/Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists) | Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular! | berzerk0 | cc-by-sa-4.0 | 7743 |
| [https://github.com/gdiepen/latexbeamer-handoutWithNotes](https://github.com/gdiepen/latexbeamer-handoutWithNotes) | Create Handouts with notes from your Latexbeamer presentation | gdiepen | | 38 |
| [https://github.com/D4-project/BGP-Ranking](https://github.com/D4-project/BGP-Ranking) | BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN) | D4-project | agpl-3.0 | 55 |
| [https://github.com/cocaman/retefe](https://github.com/cocaman/retefe) | Artefacts from various retefe campaigns | cocaman | | 10 |
| [https://github.com/nccgroup/Royal_APT](https://github.com/nccgroup/Royal_APT) | Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research | nccgroup | | 49 |
| [https://github.com/patternfly/patternfly-timeline](https://github.com/patternfly/patternfly-timeline) | A time based / event series interactive visualization using d3.js. Use drag and zoom to navigate in time. | patternfly | mit | 124 |
| [https://github.com/KasperskyLab/klara](https://github.com/KasperskyLab/klara) | Kaspersky's GReAT KLara | KasperskyLab | other | 624 |
| [https://github.com/eliasgranderubio/dagda](https://github.com/eliasgranderubio/dagda) | a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities | eliasgranderubio | apache-2.0 | 1005 |
| [https://github.com/serrastusbear/NewDomainSearch](https://github.com/serrastusbear/NewDomainSearch) | Script to pull newly-registered domains and check for similarity against a provided word list. | serrastusbear | gpl-3.0 | 10 |
| [https://github.com/mokaddem/PyMISP_wrapper](https://github.com/mokaddem/PyMISP_wrapper) | A simple PyMISP wrapper designed to ease the addition of commonly used operations on daily generated event | mokaddem | | 3 |
| [https://github.com/paralax/awesome-cybersecurity-internships](https://github.com/paralax/awesome-cybersecurity-internships) | a list of cybersecurity internships | paralax | | 398 |
| [https://github.com/Phat3/PINdemonium](https://github.com/Phat3/PINdemonium) | A pintool in order to unpack malware | Phat3 | gpl-3.0 | 220 |
| [https://github.com/Data4Democracy/hate_speech_detector](https://github.com/Data4Democracy/hate_speech_detector) | | Data4Democracy | | 29 |
| [https://github.com/conix-security/machoke](https://github.com/conix-security/machoke) | | conix-security | gpl-3.0 | 47 |
| [https://github.com/khamidou/lptrace](https://github.com/khamidou/lptrace) | Trace any Python program, anywhere! | khamidou | gpl-3.0 | 686 |
| [https://github.com/msuhanov/regf](https://github.com/msuhanov/regf) | Windows registry file format specification | msuhanov | | 257 |
| [https://github.com/psf/requests-html](https://github.com/psf/requests-html) | Pythonic HTML Parsing for Humans™ | psf | mit | 12793 |
| [https://github.com/honeytrap/honeytrap](https://github.com/honeytrap/honeytrap) | Advanced Honeypot framework. | honeytrap | other | 1103 |
| [https://github.com/programa-stic/barf-project](https://github.com/programa-stic/barf-project) | BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework | programa-stic | bsd-2-clause | 1350 |
| [https://github.com/pornin/CTTK](https://github.com/pornin/CTTK) | Constant-Time Toolkit | pornin | mit | 281 |
| [https://github.com/ntddk/virustream](https://github.com/ntddk/virustream) | A script to track malware IOCs with OSINT on Twitter. | ntddk | mit | 50 |
| [https://github.com/tatsu-i/fame_modules](https://github.com/tatsu-i/fame_modules) | | tatsu-i | | 2 |
| [https://github.com/apcshields/autocomplete-bibtex](https://github.com/apcshields/autocomplete-bibtex) | Adds Pandoc-style BibTeX citation key autocompletion to autocomplete+ for Atom. | apcshields | mit | 44 |
| [https://github.com/mohlcyber/MISP-MVISION-EDR](https://github.com/mohlcyber/MISP-MVISION-EDR) | Integration between MISP platform and McAfee MVISION EDR | mohlcyber | apache-2.0 | 11 |
| [https://github.com/s0md3v/Striker](https://github.com/s0md3v/Striker) | Striker is an offensive information and vulnerability scanner. | s0md3v | gpl-3.0 | 2000 |
| [https://github.com/nerves-project/nerves](https://github.com/nerves-project/nerves) | Craft and deploy bulletproof embedded software in Elixir | nerves-project | apache-2.0 | 1939 |
| [https://github.com/zricethezav/gitleaks](https://github.com/zricethezav/gitleaks) | Protect and discover secrets using Gitleaks 🔑 | zricethezav | mit | 11068 |
| [https://github.com/vitaly-kamluk/bitscout](https://github.com/vitaly-kamluk/bitscout) | Remote forensics meta tool | vitaly-kamluk | gpl-2.0 | 409 |
| [https://github.com/autumnai/leaf](https://github.com/autumnai/leaf) | Open Machine Intelligence Framework for Hackers. (GPU/CPU) | autumnai | apache-2.0 | 5489 |
| [https://github.com/phage-nz/ph0neutria](https://github.com/phage-nz/ph0neutria) | ph0neutria is a malware zoo builder that sources samples straight from the wild. Everything is stored in Viper for ease of access and manageability. | phage-nz | apache-2.0 | 302 |
| [https://github.com/randaller/cnn-rtlsdr](https://github.com/randaller/cnn-rtlsdr) | Deep learning signal classification using rtl-sdr dongle | randaller | | 248 |
| [https://github.com/openhwgroup/cva6](https://github.com/openhwgroup/cva6) | The CORE-V CVA6 is an Application class 6-stage RISC-V CPU capable of booting Linux | openhwgroup | other | 1587 |
| [https://github.com/Nightbringer21/fridump](https://github.com/Nightbringer21/fridump) | A universal memory dumper using Frida | Nightbringer21 | | 531 |
| [https://github.com/Rafiot/2018_Metz](https://github.com/Rafiot/2018_Metz) | Python exercises | Rafiot | mit | 2 |
| [https://github.com/uber-common/metta](https://github.com/uber-common/metta) | An information security preparedness tool to do adversarial simulation. | uber-common | mit | 976 |
| [https://github.com/ctxis/capemon](https://github.com/ctxis/capemon) | CAPE monitor DLLs | ctxis | gpl-3.0 | 40 |
| [https://github.com/ctxis/CAPE](https://github.com/ctxis/CAPE) | Malware Configuration And Payload Extraction | ctxis | | 699 |
| [https://github.com/Tencent/rapidjson](https://github.com/Tencent/rapidjson) | A fast JSON parser/generator for C++ with both SAX/DOM style API | Tencent | other | 12484 |
| [https://github.com/XMSS/xmss-reference](https://github.com/XMSS/xmss-reference) | Repository for the XMSS reference code, accompanying RFC 8391, XMSS: eXtended Merkle Signature Scheme | XMSS | cc0-1.0 | 30 |
| [https://github.com/fideliscyber/x509](https://github.com/fideliscyber/x509) | Proof of concept framework for transferring a file over x509 extension covert channel | fideliscyber | mit | 74 |
| [https://github.com/halpomeranz/dfis](https://github.com/halpomeranz/dfis) | Digital Forensic Investigative Scripts | halpomeranz | gpl-3.0 | 48 |
| [https://github.com/quiet/quiet](https://github.com/quiet/quiet) | Transmit data with sound. Includes binaries for soundcards and .wav files. | quiet | bsd-3-clause | 1498 |
| [https://github.com/quiet/org.quietmodem.Quiet](https://github.com/quiet/org.quietmodem.Quiet) | Quiet for Android - TCP over sound | quiet | | 1419 |
| [https://github.com/cmatthewbrooks/r2kit](https://github.com/cmatthewbrooks/r2kit) | A set of scripts for a radare-based malware code analysis workflow | cmatthewbrooks | | 64 |
| [https://github.com/matteomattei/PySquashfsImage](https://github.com/matteomattei/PySquashfsImage) | Python library to read Squashfs image files. | matteomattei | gpl-3.0 | 38 |
| [https://github.com/rommelfs/scanner](https://github.com/rommelfs/scanner) | nmap/ndiff based scanner with template based notification system in case of infrastructure changes | rommelfs | | 17 |
| [https://github.com/cea-sec/Sibyl](https://github.com/cea-sec/Sibyl) | A Miasm2 based function divination. | cea-sec | other | 488 |
| [https://github.com/cowrie/cowrie](https://github.com/cowrie/cowrie) | Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io | cowrie | other | 4081 |
| [https://github.com/orlikoski/CDQR](https://github.com/orlikoski/CDQR) | The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices | orlikoski | gpl-3.0 | 314 |
| [https://github.com/0xrawsec/gene](https://github.com/0xrawsec/gene) | Signature Engine for Windows Event Logs | 0xrawsec | gpl-3.0 | 128 |
| [https://github.com/0xrawsec/whids](https://github.com/0xrawsec/whids) | Open Source EDR for Windows | 0xrawsec | agpl-3.0 | 834 |
| [https://github.com/mitre/cti](https://github.com/mitre/cti) | Cyber Threat Intelligence Repository expressed in STIX 2.0 | mitre | other | 1232 |
| [https://github.com/nabla-c0d3/trust_stores_observatory](https://github.com/nabla-c0d3/trust_stores_observatory) | Continuously monitor and record the content of the major platforms' root certificate stores. | nabla-c0d3 | mit | 99 |
| [https://github.com/endgameinc/gym-malware](https://github.com/endgameinc/gym-malware) | | endgameinc | mit | 556 |
| [https://github.com/LAC-Japan/MISP-CSVImport](https://github.com/LAC-Japan/MISP-CSVImport) | CSV import tool for MISP | LAC-Japan | bsd-2-clause | 10 |
| [https://github.com/NetworkDeviceTaxonomy/wifi_taxonomy](https://github.com/NetworkDeviceTaxonomy/wifi_taxonomy) | Database of known signatures identified using the mechanism in "Passive Taxonomy of Wifi Clients using MLME Frame Contents" from research.google.com/pubs/pub45429.html | NetworkDeviceTaxonomy | apache-2.0 | 68 |
| [https://github.com/sgreben/tj](https://github.com/sgreben/tj) | stdin line timestamps. single binary, no dependencies. osx & linux & windows. plays well with jq. | sgreben | | 228 |
| [https://github.com/avast/retdec](https://github.com/avast/retdec) | RetDec is a retargetable machine-code decompiler based on LLVM. | avast | mit | 6804 |
| [https://github.com/eldraco/domain_analyzer](https://github.com/eldraco/domain_analyzer) | Analyze the security of any domain by finding all the information possible. Made in python. | eldraco | | 1744 |
| [https://github.com/FortyNorthSecurity/WMImplant](https://github.com/FortyNorthSecurity/WMImplant) | This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based. | FortyNorthSecurity | gpl-3.0 | 718 |
| [https://github.com/ANSSI-FR/transdep](https://github.com/ANSSI-FR/transdep) | Discover SPOF in DNS dependency graphs | ANSSI-FR | bsd-2-clause | 67 |
| [https://github.com/posativ/isso](https://github.com/posativ/isso) | a Disqus alternative | posativ | mit | 4669 |
| [https://github.com/TheDr1ver/crits_services](https://github.com/TheDr1ver/crits_services) | CRITs Services Collection | TheDr1ver | | 3 |
| [https://github.com/SwiftOnSecurity/sysmon-config](https://github.com/SwiftOnSecurity/sysmon-config) | Sysmon configuration file template with default high-quality event tracing | SwiftOnSecurity | | 3820 |
| [https://github.com/olafhartong/sysmon-modular](https://github.com/olafhartong/sysmon-modular) | A repository of sysmon configuration modules | olafhartong | mit | 2006 |
| [https://github.com/ha7ilm/openwebrx](https://github.com/ha7ilm/openwebrx) | Open source, multi-user SDR receiver software with a web interface | ha7ilm | agpl-3.0 | 886 |
| [https://github.com/gaasedelen/lighthouse](https://github.com/gaasedelen/lighthouse) | A Coverage Explorer for Reverse Engineers | gaasedelen | mit | 1788 |
| [https://github.com/wolverdude/GenSON](https://github.com/wolverdude/GenSON) | GenSON is a powerful, user-friendly JSON Schema generator built in Python. | wolverdude | mit | 420 |
| [https://github.com/stedolan/jq](https://github.com/stedolan/jq) | Command-line JSON processor | stedolan | other | 23461 |
| [https://github.com/cisco/joy](https://github.com/cisco/joy) | A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring. | cisco | other | 1198 |
| [https://github.com/alephdata/aleph](https://github.com/alephdata/aleph) | Search and browse documents and data; find the people and companies you look for. | alephdata | mit | 1680 |
| [https://github.com/alephdata/memorious](https://github.com/alephdata/memorious) | Lightweight web scraping toolkit for documents and structured data. | alephdata | mit | 282 |
| [https://github.com/satwikkansal/wtfpython](https://github.com/satwikkansal/wtfpython) | What the f*ck Python? 😱 | satwikkansal | wtfpl | 31887 |
| [https://github.com/TheHive-Project/TheHive4py](https://github.com/TheHive-Project/TheHive4py) | Python API Client for TheHive | TheHive-Project | agpl-3.0 | 193 |
| [https://github.com/emsec/ChameleonMini](https://github.com/emsec/ChameleonMini) | The ChameleonMini is a versatile contactless smartcard emulator compliant to NFC. The ChameleonMini was developed by https://kasper-oswald.de. The device is available at https://shop.kasper.it. For further information see the Getting Started Page https://rawgit.com/emsec/ChameleonMini/master/Doc/Doxygen/html/_page__getting_started.html or the Wiki tab above. | emsec | other | 1457 |
| [https://github.com/openwpm/OpenWPM](https://github.com/openwpm/OpenWPM) | A web privacy measurement framework | openwpm | other | 1234 |
| [https://github.com/BTrDB/btrdb-server](https://github.com/BTrDB/btrdb-server) | Berkeley Tree Database (BTrDB) server | BTrDB | mit | 897 |
| [https://github.com/majek/fluxcapacitor](https://github.com/majek/fluxcapacitor) | The engine that powers DeLorean! | majek | mit | 806 |
| [https://github.com/eldraco/Salamandra](https://github.com/eldraco/Salamandra) | Salamandra is a tool to find spy microphones that use radio freq to transmit. It uses SDR. | eldraco | | 745 |
| [https://github.com/pothosware/SoapyRTLSDR](https://github.com/pothosware/SoapyRTLSDR) | SoapySDR RTL-SDR Support Module | pothosware | mit | 93 |
| [https://github.com/pothosware/SoapySDR](https://github.com/pothosware/SoapySDR) | Vendor and platform neutral SDR support library. | pothosware | bsl-1.0 | 830 |
| [https://github.com/xmikos/soapy_power](https://github.com/xmikos/soapy_power) | Obtain power spectrum from SoapySDR devices (RTL-SDR, Airspy, SDRplay, HackRF, bladeRF, USRP, LimeSDR, etc.) | xmikos | mit | 125 |
| [https://github.com/taviso/rbndr](https://github.com/taviso/rbndr) | Simple DNS Rebinding Service | taviso | gpl-3.0 | 468 |
| [https://github.com/jaegeral/security-apis](https://github.com/jaegeral/security-apis) | A collective list of public APIs for use in security. Contributions welcome | jaegeral | mit | 706 |
| [https://github.com/bambenek/bitcoin_tracker](https://github.com/bambenek/bitcoin_tracker) | A NodeJS Template for a Twitter Bot that Tracks Transactions to Bitcoin Wallets | bambenek | | 20 |
| [https://github.com/spamhaus/pdns-logger](https://github.com/spamhaus/pdns-logger) | pdns-logger is a small daemon that will accept connections from the protobuf channel of powerdns-reursor and will log queries in several formats | spamhaus | mpl-2.0 | 13 |
| [https://github.com/jivoi/awesome-ml-for-cybersecurity](https://github.com/jivoi/awesome-ml-for-cybersecurity) | :octocat: Machine Learning for Cyber Security | jivoi | other | 5551 |
| [https://github.com/IAIK/meltdown](https://github.com/IAIK/meltdown) | This repository contains several applications, demonstrating the Meltdown bug. | IAIK | zlib | 3992 |
| [https://github.com/lanrat/certgraph](https://github.com/lanrat/certgraph) | An open source intelligence tool to crawl the graph of certificate Alternate Names | lanrat | gpl-2.0 | 253 |
| [https://github.com/AirbusCyber/grap](https://github.com/AirbusCyber/grap) | grap: define and match graph patterns within binaries | AirbusCyber | mit | 166 |
| [https://github.com/asciidoctor/asciidoctor](https://github.com/asciidoctor/asciidoctor) | :gem: A fast, open source text processor and publishing toolchain, written in Ruby, for converting AsciiDoc content to HTML 5, DocBook 5, and other formats. | asciidoctor | other | 4207 |
| [https://github.com/facebookresearch/py2bpf](https://github.com/facebookresearch/py2bpf) | A python to bpf (Berkeley Packet Filter bytecode) converter | facebookresearch | other | 165 |
| [https://github.com/axiomhq/hyperminhash](https://github.com/axiomhq/hyperminhash) | HyperMinHash: Bringing intersections to HyperLogLog | axiomhq | mit | 295 |
| [https://github.com/xschul/IMAProxy](https://github.com/xschul/IMAProxy) | IMAP transparent proxy | xschul | | 6 |
| [https://github.com/joeyespo/grip](https://github.com/joeyespo/grip) | Preview GitHub README.md files locally before committing them. | joeyespo | mit | 5810 |
| [https://github.com/luismartingarcia/protocol](https://github.com/luismartingarcia/protocol) | An ASCII Header Generator for Network Protocols | luismartingarcia | gpl-3.0 | 640 |
| [https://github.com/marcan/speculation-bugs](https://github.com/marcan/speculation-bugs) | Docs and resources on CPU Speculative Execution bugs | marcan | cc0-1.0 | 354 |
| [https://github.com/paboldin/meltdown-exploit](https://github.com/paboldin/meltdown-exploit) | Meltdown Exploit PoC | paboldin | | 930 |
| [https://github.com/ligurio/software-quality-wiki](https://github.com/ligurio/software-quality-wiki) | Software Quality Wiki | ligurio | mit | 2076 |
| [https://github.com/googleprojectzero/domato](https://github.com/googleprojectzero/domato) | DOM fuzzer | googleprojectzero | apache-2.0 | 1476 |
| [https://github.com/HASecuritySolutions/VulnWhisperer](https://github.com/HASecuritySolutions/VulnWhisperer) | Create actionable data from your Vulnerability Scans | HASecuritySolutions | apache-2.0 | 1271 |
| [https://github.com/EdOverflow/contact.sh](https://github.com/EdOverflow/contact.sh) | An OSINT tool to find contacts in order to report security vulnerabilities. | EdOverflow | mit | 240 |
| [https://github.com/remg427/misp42splunk](https://github.com/remg427/misp42splunk) | A Splunk app to use MISP in background | remg427 | lgpl-3.0 | 99 |
| [https://github.com/Siguza/IOHIDeous](https://github.com/Siguza/IOHIDeous) | IOHIDFamily 0day | Siguza | | 444 |
| [https://github.com/das-labor/neopg](https://github.com/das-labor/neopg) | The multiversal cryptoengine! | das-labor | other | 214 |
| [https://github.com/dafthack/MailSniper](https://github.com/dafthack/MailSniper) | MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain. | dafthack | mit | 2315 |
| [https://github.com/samuelcolvin/dnserver](https://github.com/samuelcolvin/dnserver) | Simple development DNS server written in python | samuelcolvin | mit | 118 |
| [https://github.com/g-oikonomou/sensniff](https://github.com/g-oikonomou/sensniff) | Live Traffic Capture and Sniffer for IEEE 802.15.4 networks | g-oikonomou | bsd-3-clause | 82 |
| [https://github.com/pimutils/todoman](https://github.com/pimutils/todoman) | ✅ A simple, standards-based, cli todo (aka: task) manager. | pimutils | isc | 349 |
| [https://github.com/pimutils/khal](https://github.com/pimutils/khal) | :calendar: CLI calendar application | pimutils | mit | 2090 |
| [https://github.com/kedartatwawadi/NN_compression](https://github.com/kedartatwawadi/NN_compression) | | kedartatwawadi | mit | 198 |
| [https://github.com/elasticdog/transcrypt](https://github.com/elasticdog/transcrypt) | transparently encrypt files within a git repository | elasticdog | mit | 1216 |
| [https://github.com/jdf/processing.py](https://github.com/jdf/processing.py) | Write Processing sketches in Python | jdf | apache-2.0 | 1523 |
| [https://github.com/dsprenkels/sss-cli](https://github.com/dsprenkels/sss-cli) | Command line program for secret-sharing strings | dsprenkels | mit | 52 |
| [https://github.com/dsprenkels/sss](https://github.com/dsprenkels/sss) | Library for the Shamir secret sharing scheme | dsprenkels | mit | 274 |
| [https://github.com/miek/inspectrum](https://github.com/miek/inspectrum) | Radio signal analyser | miek | gpl-3.0 | 1666 |
| [https://github.com/dataspectra/AIL-framework](https://github.com/dataspectra/AIL-framework) | AIL framework - Analysis Information Leak framework | dataspectra | agpl-3.0 | 4 |
| [https://github.com/CERT-Bund/misp-warninglists-analyzer](https://github.com/CERT-Bund/misp-warninglists-analyzer) | Checks observables/ioc in TheHive/Cortex against the MISP warningslists | CERT-Bund | | 11 |
| [https://github.com/stricaud/TA-misp](https://github.com/stricaud/TA-misp) | Splunk integration with MISP | stricaud | | 11 |
| [https://github.com/merbanan/rtl_433](https://github.com/merbanan/rtl_433) | Program to decode radio transmissions from devices on the ISM bands (and other frequencies) | merbanan | gpl-2.0 | 4247 |
| [https://github.com/syncthing/syncthing](https://github.com/syncthing/syncthing) | Open Source Continuous File Synchronization | syncthing | mpl-2.0 | 47452 |
| [https://github.com/MDudek-ICS/TRISIS-TRITON-HATMAN](https://github.com/MDudek-ICS/TRISIS-TRITON-HATMAN) | Repository containting original and decompiled files of TRISIS/TRITON/HATMAN malware | MDudek-ICS | | 201 |
| [https://github.com/IOActive/XDiFF](https://github.com/IOActive/XDiFF) | Extended Differential Fuzzing Framework | IOActive | | 317 |
| [https://github.com/cr-marcstevens/sha1_gpu_nearcollisionattacks](https://github.com/cr-marcstevens/sha1_gpu_nearcollisionattacks) | GPU code for the first SHA-1 collision attack and two freestart attacks | cr-marcstevens | other | 25 |
| [https://github.com/guedou/jupyter-radare2](https://github.com/guedou/jupyter-radare2) | Just a simple radare2 Jupyter kernel | guedou | lgpl-3.0 | 109 |
| [https://github.com/REDasmOrg/REDasm](https://github.com/REDasmOrg/REDasm) | The OpenSource Disassembler | REDasmOrg | gpl-3.0 | 1312 |
| [https://github.com/oasis-open/cti-stix2-json-schemas](https://github.com/oasis-open/cti-stix2-json-schemas) | OASIS TC Open Repository: Non-normative schemas and examples for STIX 2 | oasis-open | bsd-3-clause | 84 |
| [https://github.com/InvoicePlane/InvoicePlane](https://github.com/InvoicePlane/InvoicePlane) | A self-hosted open source application for managing your invoices, clients and payments. | InvoicePlane | other | 2084 |
| [https://github.com/laurent22/joplin](https://github.com/laurent22/joplin) | Joplin - an open source note taking and to-do application with synchronisation capabilities for Windows, macOS, Linux, Android and iOS. | laurent22 | other | 32767 |
| [https://github.com/vnotex/vnote](https://github.com/vnotex/vnote) | A pleasant note-taking platform. | vnotex | lgpl-3.0 | 9783 |
| [https://github.com/austin-taylor/flare](https://github.com/austin-taylor/flare) | An analytical framework for network traffic and behavioral analytics | austin-taylor | mit | 418 |
| [https://github.com/agronholm/cbor2](https://github.com/agronholm/cbor2) | Python CBOR (de)serializer with extensive tag support | agronholm | mit | 150 |
| [https://github.com/iovisor/bcc](https://github.com/iovisor/bcc) | BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more | iovisor | apache-2.0 | 15859 |
| [https://github.com/iovisor/bpf-docs](https://github.com/iovisor/bpf-docs) | Presentations and docs | iovisor | | 792 |
| [https://github.com/bitnine-oss/agensgraph](https://github.com/bitnine-oss/agensgraph) | AgensGraph, a transactional graph database based on PostgreSQL | bitnine-oss | other | 1215 |
| [https://github.com/ayastreb/jekyll-maps](https://github.com/ayastreb/jekyll-maps) | :earth_americas: Embed maps with filterable locations in Jekyll | ayastreb | mit | 124 |
| [https://github.com/seclab-ucr/INTANG](https://github.com/seclab-ucr/INTANG) | | seclab-ucr | gpl-3.0 | 2852 |
| [https://github.com/MISP/misp-compliance](https://github.com/MISP/misp-compliance) | Legal, procedural and policies document templates for operating MISP and information sharing communities | MISP | agpl-3.0 | 29 |
| [https://github.com/CERT-Polska/training-materials](https://github.com/CERT-Polska/training-materials) | | CERT-Polska | eupl-1.2 | 47 |
| [https://github.com/avast/yaracpp](https://github.com/avast/yaracpp) | C++ wrapper for YARA. | avast | mit | 46 |
| [https://github.com/achillean/redis-keys](https://github.com/achillean/redis-keys) | Using Shodan to get a breakdown of the most common key names in public Redis servers. | achillean | | 12 |
| [https://github.com/zmap/zgrab](https://github.com/zmap/zgrab) | **DEPRECATED** This project has been replaced by https://github.com/zmap/zgrab2 | zmap | other | 730 |
| [https://github.com/cytoscape/cytoscape.js](https://github.com/cytoscape/cytoscape.js) | Graph theory (network) library for visualisation and analysis | cytoscape | mit | 8761 |
| [https://github.com/GreyNoise-Intelligence/api.greynoise.io](https://github.com/GreyNoise-Intelligence/api.greynoise.io) | Code + documentation for the public GreyNoise API | GreyNoise-Intelligence | | 307 |
| [https://github.com/Cisco-Talos/mutiny-fuzzer](https://github.com/Cisco-Talos/mutiny-fuzzer) | | Cisco-Talos | other | 507 |
| [https://github.com/hegusung/AVSignSeek](https://github.com/hegusung/AVSignSeek) | Tool written in python3 to determine where the AV signature is located in a binary/payload | hegusung | mit | 303 |
| [https://github.com/DomainTools/domaintools_misp](https://github.com/DomainTools/domaintools_misp) | Official DomainTools Iris modules for MISP | DomainTools | | 6 |
| [https://github.com/ptrus/suffix-trees](https://github.com/ptrus/suffix-trees) | Python implementation of Suffix Trees and Generalized Suffix Trees. Provided also methods with typcal aplications of STrees and GSTrees. | ptrus | mit | 107 |
| [https://github.com/secrary/SSMA](https://github.com/secrary/SSMA) | SSMA - Simple Static Malware Analyzer [This project is not maintained anymore by me] | secrary | gpl-3.0 | 401 |
| [https://github.com/netdata/netdata](https://github.com/netdata/netdata) | Real-time performance monitoring, done right! https://www.netdata.cloud | netdata | gpl-3.0 | 61043 |
| [https://github.com/ibmresilient/resilient-community-apps](https://github.com/ibmresilient/resilient-community-apps) | Source code for IBM SOAR Apps that are available on our App Exchange | ibmresilient | mit | 69 |
| [https://github.com/ntddk/onionstack](https://github.com/ntddk/onionstack) | A Pictorial Book of Tor Hidden Services. | ntddk | mit | 22 |
| [https://github.com/secureworks/flowsynth](https://github.com/secureworks/flowsynth) | a network packet capture compiler | secureworks | apache-2.0 | 173 |
| [https://github.com/metal3d/vymad](https://github.com/metal3d/vymad) | Vymad - Vym to markdown generator | metal3d | | 21 |
| [https://github.com/adulau/misp-osint-collection](https://github.com/adulau/misp-osint-collection) | Collection of best practices to add OSINT into MISP and/or MISP communities | adulau | | 57 |
| [https://github.com/pretalx/pretalx](https://github.com/pretalx/pretalx) | Conference planning tool: CfP, scheduling, speaker management | pretalx | other | 480 |
| [https://github.com/ANSSI-FR/SmartPGP](https://github.com/ANSSI-FR/SmartPGP) | SmartPGP is a JavaCard implementation of the OpenPGP card specifications | ANSSI-FR | gpl-2.0 | 170 |
| [https://github.com/x0rz/phishing_catcher](https://github.com/x0rz/phishing_catcher) | Phishing catcher using Certstream | x0rz | gpl-3.0 | 1442 |
| [https://github.com/simsong/dfxml](https://github.com/simsong/dfxml) | Digital Forensics XML project and library | simsong | other | 58 |
| [https://github.com/pbiernat/ripr](https://github.com/pbiernat/ripr) | Package Binary Code as a Python class using Binary Ninja and Unicorn Engine | pbiernat | mit | 349 |
| [https://github.com/MobSF/Mobile-Security-Framework-MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. | MobSF | gpl-3.0 | 12761 |
| [https://github.com/P1sec/pycrate](https://github.com/P1sec/pycrate) | A Python library to ease the development of encoders and decoders for various protocols and file formats; contains ASN.1 and CSN.1 compilers. | P1sec | lgpl-2.1 | 316 |
| [https://github.com/VCVRack/Rack](https://github.com/VCVRack/Rack) | The virtual Eurorack studio | VCVRack | other | 3653 |
| [https://github.com/google/turbinia](https://github.com/google/turbinia) | Automation and Scaling of Digital Forensics Tools | google | apache-2.0 | 601 |
| [https://github.com/LINCnil/pia-back](https://github.com/LINCnil/pia-back) | Programme développé avec le framework RubyOnRails mettant à disposition une API RESTful à destination des outils PIA et PIA-APP. | Program developped with RubyOnRails providing a RESTful API for the PIA and PIA-APP applications. | LINCnil | gpl-3.0 | 133 |
| [https://github.com/LINCnil/pia](https://github.com/LINCnil/pia) | Version web front office de lapplication PIA à déployer sur un serveur afin den donner laccès via un navigateur web | Front office of the PIA application to be deployed on a server in order to access it through a web browser. | LINCnil | gpl-3.0 | 216 |
| [https://github.com/milankowww/ppp_tcpip_zxspectrum](https://github.com/milankowww/ppp_tcpip_zxspectrum) | 1998 implementation of PPP + TCP/IP + various network apps for ZX Spectrum 48k | milankowww | gpl-2.0 | 5 |
| [https://github.com/repology/repology-updater](https://github.com/repology/repology-updater) | Repology backend service to update repository and package data | repology | gpl-3.0 | 410 |
| [https://github.com/yl2chen/cidranger](https://github.com/yl2chen/cidranger) | Fast IP to CIDR lookup in Golang | yl2chen | mit | 752 |
| [https://github.com/google/oss-fuzz](https://github.com/google/oss-fuzz) | OSS-Fuzz - continuous fuzzing for open source software. | google | apache-2.0 | 8028 |
| [https://github.com/infobyte/faraday](https://github.com/infobyte/faraday) | Open Source Vulnerability Management Platform | infobyte | gpl-3.0 | 3561 |
| [https://github.com/CERTCC/trommel](https://github.com/CERTCC/trommel) | TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators | CERTCC | other | 190 |
| [https://github.com/inikep/lizard](https://github.com/inikep/lizard) | Lizard (formerly LZ5) is an efficient compressor with very fast decompression. It achieves compression ratio that is comparable to zip/zlib and zstd/brotli (at low and medium compression levels) at decompression speed of 1000 MB/s and faster. | inikep | other | 569 |
| [https://github.com/Markus-Go/bonesi](https://github.com/Markus-Go/bonesi) | BoNeSi - the DDoS Botnet Simulator | Markus-Go | apache-2.0 | 565 |
| [https://github.com/JPCERTCC/STrelok](https://github.com/JPCERTCC/STrelok) | Application for STIX v2.0 objects management and analysis | JPCERTCC | | 25 |
| [https://github.com/propervillain/moistpetal](https://github.com/propervillain/moistpetal) | Open source offensive security platform for red team, by red team. | propervillain | apache-2.0 | 367 |
| [https://github.com/werkamsus/Lilith](https://github.com/werkamsus/Lilith) | Lilith, The Open Source C++ Remote Administration Tool (RAT) | werkamsus | mit | 601 |
| [https://github.com/yishn/tikzcd-editor](https://github.com/yishn/tikzcd-editor) | A simple visual editor for creating commutative diagrams. | yishn | mit | 1719 |
| [https://github.com/monperrus/crawler-user-agents](https://github.com/monperrus/crawler-user-agents) | Syntactic patterns of HTTP user-agents used by bots / robots / crawlers / scrapers / spiders. pull-request welcome :star: | monperrus | mit | 890 |
| [https://github.com/jpalanco/nmap-scada](https://github.com/jpalanco/nmap-scada) | nse scripts for scada identification | jpalanco | | 111 |
| [https://github.com/d30sa1/RootKits-List-Download](https://github.com/d30sa1/RootKits-List-Download) | This is the list of all rootkits found so far on github and other sites. | d30sa1 | gpl-3.0 | 1034 |
| [https://github.com/hasherezade/ida_ifl](https://github.com/hasherezade/ida_ifl) | IFL - Interactive Functions List (plugin for IDA Pro) | hasherezade | | 370 |
| [https://github.com/netbox-community/netbox](https://github.com/netbox-community/netbox) | The premiere source of truth powering network automation. Open source under Apache 2. Public demo: https://demo.netbox.dev | netbox-community | apache-2.0 | 11387 |
| [https://github.com/ccied/ugforum-analysis](https://github.com/ccied/ugforum-analysis) | Tools for Automated Analysis of Cybercriminal Markets | ccied | other | 51 |
| [https://github.com/openpreserve/format-corpus](https://github.com/openpreserve/format-corpus) | An openly-licensed corpus of small example files, covering a wide range of formats and creation tools. | openpreserve | | 147 |
| [https://github.com/ArchiveBox/ArchiveBox](https://github.com/ArchiveBox/ArchiveBox) | 🗃 Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more... | ArchiveBox | mit | 14442 |
| [https://github.com/annamcabee/Mitre-Attack-API](https://github.com/annamcabee/Mitre-Attack-API) | Python module to interact with the MITRE attack framework via the MITRE API | annamcabee | | 55 |
| [https://github.com/MISP/PyMISPWarningLists](https://github.com/MISP/PyMISPWarningLists) | Pythonic way to work with the warning lists defined there: https://github.com/MISP/misp-warninglists | MISP | bsd-3-clause | 23 |
| [https://github.com/juju4/ansible-MISP](https://github.com/juju4/ansible-MISP) | ansible role to setup MISP, Malware Information Sharing Platform & Threat Sharing | juju4 | bsd-2-clause | 45 |
| [https://github.com/MISP/misp-dashboard](https://github.com/MISP/misp-dashboard) | A dashboard for a real-time overview of threat intelligence from MISP instances | MISP | agpl-3.0 | 173 |
| [https://github.com/lcpz/awesome-copycats](https://github.com/lcpz/awesome-copycats) | Awesome WM themes | lcpz | | 2702 |
| [https://github.com/CaliDog/certstream-server-python](https://github.com/CaliDog/certstream-server-python) | Certificate Transparency Log aggregation, parsing, and streaming service | CaliDog | mit | 100 |
| [https://github.com/blschatz/pyaff4-bls](https://github.com/blschatz/pyaff4-bls) | | blschatz | | 6 |
| [https://github.com/aff4/Standard](https://github.com/aff4/Standard) | AFF4 Standard Documents | aff4 | | 24 |
| [https://github.com/InQuest/yara-rules](https://github.com/InQuest/yara-rules) | A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net. | InQuest | mit | 294 |
| [https://github.com/catid/leopard](https://github.com/catid/leopard) | Leopard-RS : O(N Log N) MDS Reed-Solomon Block Erasure Code for Large Data | catid | bsd-3-clause | 105 |
| [https://github.com/stratosphereips/Manati](https://github.com/stratosphereips/Manati) | A web-based tool to assist the work of the intuitive threat analysts. | stratosphereips | | 108 |
| [https://github.com/sebdraven/hack_lu_2017](https://github.com/sebdraven/hack_lu_2017) | Python and Machine Learning Workshop at Hack.lu 2017 | sebdraven | | 83 |
| [https://github.com/pinterest/rocksplicator](https://github.com/pinterest/rocksplicator) | RocksDB Replication | pinterest | apache-2.0 | 568 |
| [https://github.com/cloudflare/cfssl](https://github.com/cloudflare/cfssl) | CFSSL: Cloudflare's PKI and TLS toolkit | cloudflare | bsd-2-clause | 7391 |
| [https://github.com/chame1eon/binaryninja-frida](https://github.com/chame1eon/binaryninja-frida) | A plugin to integrate the Frida dynamic instrumentation toolkit into Binary Ninja. | chame1eon | mit | 44 |
| [https://github.com/arms22/SoftModem](https://github.com/arms22/SoftModem) | Audio Jack Modem Library for Arduino | arms22 | bsd-3-clause | 159 |
| [https://github.com/zyantific/zydis](https://github.com/zyantific/zydis) | Fast and lightweight x86/x86-64 disassembler and code generation library | zyantific | mit | 2543 |
| [https://github.com/mrexodia/zydis](https://github.com/mrexodia/zydis) | Fast and lightweight x86/x86-64 disassembler library | mrexodia | mit | 1 |
| [https://github.com/alexfru/SmallerC](https://github.com/alexfru/SmallerC) | Simple C compiler | alexfru | bsd-2-clause | 1158 |
| [https://github.com/openwall/john](https://github.com/openwall/john) | John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs | openwall | | 6935 |
| [https://github.com/brightmart/text_classification](https://github.com/brightmart/text_classification) | all kinds of text classification models and more with deep learning | brightmart | mit | 7450 |
| [https://github.com/oasis-open/cti-stix-visualization](https://github.com/oasis-open/cti-stix-visualization) | OASIS TC Open Repository: Lightweight visualization for STIX 2.0 objects and relationships | oasis-open | bsd-3-clause | 95 |
| [https://github.com/stratosphereips/whois-similarity-distance](https://github.com/stratosphereips/whois-similarity-distance) | This python scripts can calculate the WHOIS Similarity Distance between two given domains. | stratosphereips | mit | 30 |
| [https://github.com/agermanidis/livepython](https://github.com/agermanidis/livepython) | Visually trace Python code in real-time. | agermanidis | mit | 2464 |
| [https://github.com/fabrimagic72/malware-samples](https://github.com/fabrimagic72/malware-samples) | A collection of malware samples caught by several honeypots i manage | fabrimagic72 | | 1231 |
| [https://github.com/markmarkoh/datamaps](https://github.com/markmarkoh/datamaps) | Customizable SVG map visualizations for the web in a single Javascript file using D3.js | markmarkoh | mit | 3669 |
| [https://github.com/SHSauler/MISPnomer](https://github.com/SHSauler/MISPnomer) | Chrome extension for MISP IoC ingestion | SHSauler | agpl-3.0 | 5 |
| [https://github.com/giMini/PowerMemory](https://github.com/giMini/PowerMemory) | Exploit the credentials present in files and memory | giMini | other | 807 |
| [https://github.com/dannyfritz/commit-message-emoji](https://github.com/dannyfritz/commit-message-emoji) | Every commit is important. So let's celebrate each and every commit with a corresponding emoji! :smile: | dannyfritz | mit | 1477 |
| [https://github.com/rivermont/spidy](https://github.com/rivermont/spidy) | The simple, easy to use command line web crawler. | rivermont | gpl-3.0 | 296 |
| [https://github.com/mokaddem/rdb-to-redis-wrapper](https://github.com/mokaddem/rdb-to-redis-wrapper) | A TUI interface to easily inject keys from a RDB file into a running Redis server | mokaddem | | 1 |
| [https://github.com/nsqio/nsq](https://github.com/nsqio/nsq) | A realtime distributed messaging platform | nsqio | mit | 22873 |
| [https://github.com/PrivateBin/PrivateBin](https://github.com/PrivateBin/PrivateBin) | A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. | PrivateBin | other | 4442 |
| [https://github.com/tmc/pqstream](https://github.com/tmc/pqstream) | pqstream turns your postgres database into an event stream | tmc | mit | 463 |
| [https://github.com/LappleApple/awesome-leading-and-managing](https://github.com/LappleApple/awesome-leading-and-managing) | Awesome List of resources on leading people and being a manager. Geared toward tech, but potentially useful to anyone. | LappleApple | | 6315 |
| [https://github.com/SupportIntelligence/Icewater](https://github.com/SupportIntelligence/Icewater) | 16,432 Free Yara rules created by | SupportIntelligence | other | 358 |
| [https://github.com/tasdikrahman/tnote](https://github.com/tasdikrahman/tnote) | :clipboard: A command line note taking app so simple that even your grandparents will love it! | tasdikrahman | mit | 224 |
| [https://github.com/MAECProject/schemas](https://github.com/MAECProject/schemas) | MAEC Schemas and Schema Development | MAECProject | | 65 |
| [https://github.com/activecm/rita](https://github.com/activecm/rita) | Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis. | activecm | gpl-3.0 | 2028 |
| [https://github.com/mitre/cascade-server](https://github.com/mitre/cascade-server) | CASCADE Server | mitre | apache-2.0 | 217 |
| [https://github.com/facebookresearch/fairseq](https://github.com/facebookresearch/fairseq) | Facebook AI Research Sequence-to-Sequence Toolkit written in Python. | facebookresearch | mit | 19721 |
| [https://github.com/facebookresearch/StarSpace](https://github.com/facebookresearch/StarSpace) | Learning embeddings for classification, retrieval and ranking. | facebookresearch | mit | 3795 |
| [https://github.com/salesforce/ja3](https://github.com/salesforce/ja3) | JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way. | salesforce | bsd-3-clause | 1838 |
| [https://github.com/hrbrmstr/pypi-malicious-packages](https://github.com/hrbrmstr/pypi-malicious-packages) | Exposure analysis for skcsirt-sa-20170909-pypi-malicious-code | hrbrmstr | | 5 |
| [https://github.com/source-foundry/Hack](https://github.com/source-foundry/Hack) | A typeface designed for source code | source-foundry | other | 15192 |
| [https://github.com/CIRCL/yara-validator](https://github.com/CIRCL/yara-validator) | Validates yara rules and tries to repair the broken ones. | CIRCL | gpl-3.0 | 38 |
| [https://github.com/ehloonion/onionmx](https://github.com/ehloonion/onionmx) | Onion delivery, so delicious | ehloonion | | 178 |
| [https://github.com/MISP/misp-packer](https://github.com/MISP/misp-packer) | Build Automated Machine Images for MISP | MISP | gpl-3.0 | 25 |
| [https://github.com/Lazza/RecuperaBit](https://github.com/Lazza/RecuperaBit) | A tool for forensic file system reconstruction. | Lazza | gpl-3.0 | 409 |
| [https://github.com/google/material-design-lite](https://github.com/google/material-design-lite) | Material Design Components in HTML/CSS/JS | google | apache-2.0 | 32104 |
| [https://github.com/tomepel/Technical_Book_DL](https://github.com/tomepel/Technical_Book_DL) | This note presents in a technical though hopefully pedagogical way the three most common forms of neural network architectures: Feedforward, Convolutional and Recurrent. | tomepel | | 1398 |
| [https://github.com/mike01/pypacker](https://github.com/mike01/pypacker) | :package: The fastest and simplest packet manipulation lib for Python | mike01 | gpl-2.0 | 242 |
| [https://github.com/AlienVault-OTX/yabin](https://github.com/AlienVault-OTX/yabin) | A Yara rule generator for finding related samples and hunting | AlienVault-OTX | apache-2.0 | 137 |
| [https://github.com/dod-cyber-crime-center/DC3-MWCP](https://github.com/dod-cyber-crime-center/DC3-MWCP) | DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names. | dod-cyber-crime-center | other | 228 |
| [https://github.com/PaloAltoNetworks/minemeld-misp](https://github.com/PaloAltoNetworks/minemeld-misp) | MineMeld nodes for MISP | PaloAltoNetworks | apache-2.0 | 19 |
| [https://github.com/FSecureLABS/Athena](https://github.com/FSecureLABS/Athena) | GUI Tool to generate threat intelligence information in various formats | FSecureLABS | other | 42 |
| [https://github.com/secretsquirrel/SigThief](https://github.com/secretsquirrel/SigThief) | Stealing Signatures and Making One Invalid Signature at a Time | secretsquirrel | bsd-3-clause | 1368 |
| [https://github.com/ucsb-seclab/BootStomp](https://github.com/ucsb-seclab/BootStomp) | BootStomp: a bootloader vulnerability finder | ucsb-seclab | bsd-2-clause | 344 |
| [https://github.com/cmu-sei/BigGrep](https://github.com/cmu-sei/BigGrep) | A scalable search index for binary files | cmu-sei | other | 100 |
| [https://github.com/VirusTotal/yara](https://github.com/VirusTotal/yara) | The pattern matching swiss knife | VirusTotal | bsd-3-clause | 6118 |
| [https://github.com/parrt/lolviz](https://github.com/parrt/lolviz) | A simple Python data-structure visualization tool for lists of lists, lists, dictionaries; primarily for use in Jupyter notebooks / presentations | parrt | bsd-3-clause | 783 |
| [https://github.com/rommelfs/ALOD](https://github.com/rommelfs/ALOD) | automatic launch object detection for Mac OS X | rommelfs | other | 5 |
| [https://github.com/mak/mlib](https://github.com/mak/mlib) | Your bag of handy codes for malware researchers | mak | | 115 |
| [https://github.com/monarc-project/monarc-packer](https://github.com/monarc-project/monarc-packer) | Build automated machine images for MONARC and releases bundles. | monarc-project | | 10 |
| [https://github.com/osquery/osquery](https://github.com/osquery/osquery) | SQL powered operating system instrumentation, monitoring, and analytics. | osquery | other | 19443 |
| [https://github.com/wangyu-/udp2raw](https://github.com/wangyu-/udp2raw) | A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment) | wangyu- | mit | 5529 |
| [https://github.com/0x09AL/DropboxC2C](https://github.com/0x09AL/DropboxC2C) | DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations. | 0x09AL | mit | 144 |
| [https://github.com/securitytxt/security-txt](https://github.com/securitytxt/security-txt) | A proposed standard that allows websites to define security policies. | securitytxt | other | 1618 |
| [https://github.com/1ultimat3/PcapViz](https://github.com/1ultimat3/PcapViz) | Visualize network topologies and collect graph statistics based on pcap files | 1ultimat3 | | 283 |
| [https://github.com/Genetic-Malware/Ebowla](https://github.com/Genetic-Malware/Ebowla) | Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED) | Genetic-Malware | other | 697 |
| [https://github.com/maliceio/malice](https://github.com/maliceio/malice) | VirusTotal Wanna Be - Now with 100% more Hipster | maliceio | apache-2.0 | 1402 |
| [https://github.com/maciejkula/spotlight](https://github.com/maciejkula/spotlight) | Deep recommender models using PyTorch. | maciejkula | mit | 2783 |
| [https://github.com/CIRCL/volatility-misp](https://github.com/CIRCL/volatility-misp) | Volatility plugin to interface with MISP | CIRCL | gpl-3.0 | 10 |
| [https://github.com/telekom-security/BadIPFetch](https://github.com/telekom-security/BadIPFetch) | API to fetch detected bad ip addresses from the DTAG early warning system | telekom-security | | 11 |
| [https://github.com/MISP/misp-vagrant](https://github.com/MISP/misp-vagrant) | Deploy MISP Project software with Vagrant. | MISP | bsd-2-clause | 37 |
| [https://github.com/falconre/falcon](https://github.com/falconre/falcon) | Binary Analysis Framework in Rust | falconre | apache-2.0 | 488 |
| [https://github.com/hatlord/Spiderpig](https://github.com/hatlord/Spiderpig) | A document metadata spider. | hatlord | | 51 |
| [https://github.com/swisskyrepo/PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | swisskyrepo | mit | 42518 |
| [https://github.com/danni-m/redis-timeseries](https://github.com/danni-m/redis-timeseries) | Future development of redis-timeseries is at github.com/RedisLabsModules/redis-timeseries. | danni-m | other | 202 |
| [https://github.com/PUNCH-Cyber/YaraGuardian](https://github.com/PUNCH-Cyber/YaraGuardian) | Django web interface for managing Yara rules | PUNCH-Cyber | apache-2.0 | 174 |
| [https://github.com/rupa/z](https://github.com/rupa/z) | z - jump around | rupa | wtfpl | 14737 |
| [https://github.com/TailorDev/crick](https://github.com/TailorDev/crick) | 📊 Crick is a backend for the Watson time-tracker. | TailorDev | mit | 227 |
| [https://github.com/cupy/cupy](https://github.com/cupy/cupy) | NumPy & SciPy for GPU | cupy | mit | 6428 |
| [https://github.com/msuiche/porosity](https://github.com/msuiche/porosity) | *UNMAINTAINED* Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts | msuiche | | 891 |
| [https://github.com/doegox/python-cryptoplus](https://github.com/doegox/python-cryptoplus) | PyCryptoPlus: a pycrypto extension written 100% in Python | doegox | other | 68 |
| [https://github.com/4144414D/pytruecrypt](https://github.com/4144414D/pytruecrypt) | Truecrypt volume parsing library | 4144414D | gpl-3.0 | 28 |
| [https://github.com/mozilla/send](https://github.com/mozilla/send) | Simple, private file sharing from the makers of Firefox | mozilla | mpl-2.0 | 13178 |
| [https://github.com/trendmicro/defplorex](https://github.com/trendmicro/defplorex) | defplorex for BlackHat Arsenal | trendmicro | other | 111 |
| [https://github.com/SPRITZ-Research-Group/Skype-Type](https://github.com/SPRITZ-Research-Group/Skype-Type) | Don't Skype & Type! Keyboard acoustic eavesdropping tool. | SPRITZ-Research-Group | gpl-3.0 | 316 |
| [https://github.com/airbnb/binaryalert](https://github.com/airbnb/binaryalert) | BinaryAlert: Serverless, Real-time & Retroactive Malware Detection. | airbnb | apache-2.0 | 1286 |
| [https://github.com/hosom/file-extraction](https://github.com/hosom/file-extraction) | Extract files from network traffic with Zeek. | hosom | bsd-3-clause | 96 |
| [https://github.com/MISP/PyMISPGalaxies](https://github.com/MISP/PyMISPGalaxies) | Pythonic way to work with the galaxies defined there: https://github.com/MISP/misp-galaxy | MISP | bsd-3-clause | 16 |
| [https://github.com/Lookyloo/lookyloo](https://github.com/Lookyloo/lookyloo) | Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. | Lookyloo | other | 514 |
| [https://github.com/dirtbags/pcapdb](https://github.com/dirtbags/pcapdb) | A Distributed, Search-Optimized Full Packet Capture System | dirtbags | other | 235 |
| [https://github.com/unamer/vmware_escape](https://github.com/unamer/vmware_escape) | VMware Escape Exploit before VMware WorkStation 12.5.5 | unamer | | 883 |
| [https://github.com/efficient/cuckoofilter](https://github.com/efficient/cuckoofilter) | | efficient | other | 865 |
| [https://github.com/voxpupuli/puppet-misp](https://github.com/voxpupuli/puppet-misp) | This module installs and configures MISP (Malware Information Sharing Platform) | voxpupuli | | 14 |
| [https://github.com/monarc-project/MonarcAppFO](https://github.com/monarc-project/MonarcAppFO) | MONARC - Method for an Optimised aNAlysis of Risks by @NC3-LU | monarc-project | agpl-3.0 | 75 |
| [https://github.com/simonarnell/GDPRDPIAT](https://github.com/simonarnell/GDPRDPIAT) | A GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺 | simonarnell | mit | 32 |
| [https://github.com/Cisco-Talos/pyrebox](https://github.com/Cisco-Talos/pyrebox) | Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU | Cisco-Talos | gpl-2.0 | 1566 |
| [https://github.com/futurice/meeting-room-tablet](https://github.com/futurice/meeting-room-tablet) | Google Apps compatible meeting room reservator | futurice | bsd-3-clause | 176 |
| [https://github.com/alexhude/FRIEND](https://github.com/alexhude/FRIEND) | Flexible Register/Instruction Extender aNd Documentation | alexhude | | 520 |
| [https://github.com/pear/Crypt_GPG](https://github.com/pear/Crypt_GPG) | Encrypt/decrypt PGP messages with PHP | pear | lgpl-2.1 | 79 |
| [https://github.com/genuinetools/binctr](https://github.com/genuinetools/binctr) | Fully static, unprivileged, self-contained, containers as executable binaries. | genuinetools | mit | 2467 |
| [https://github.com/williballenthin/python-idb](https://github.com/williballenthin/python-idb) | Pure Python parser and analyzer for IDA Pro database files (.idb). | williballenthin | apache-2.0 | 418 |
| [https://github.com/SIDN/entrada](https://github.com/SIDN/entrada) | Entrada - A tool for DNS big data analytics | SIDN | gpl-3.0 | 40 |
| [https://github.com/antirez/connect4-montecarlo](https://github.com/antirez/connect4-montecarlo) | Simple connect 4 AI using Monte Carlo method | antirez | | 30 |
| [https://github.com/microsoft/MSRC-Security-Research](https://github.com/microsoft/MSRC-Security-Research) | Security Research from the Microsoft Security Response Center (MSRC) | microsoft | cc-by-4.0 | 1143 |
| [https://github.com/MarkBaggett/srum-dump](https://github.com/MarkBaggett/srum-dump) | A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet. | MarkBaggett | gpl-3.0 | 437 |
| [https://github.com/JonathanSalwan/Triton](https://github.com/JonathanSalwan/Triton) | Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code. | JonathanSalwan | apache-2.0 | 2567 |
| [https://github.com/holoviz/datashader](https://github.com/holoviz/datashader) | Quickly and accurately render even the largest data. | holoviz | bsd-3-clause | 2869 |
| [https://github.com/saminiir/level-ip](https://github.com/saminiir/level-ip) | A hacker's userspace TCP/IP stack | saminiir | mit | 2120 |
| [https://github.com/pzhaonet/mindr](https://github.com/pzhaonet/mindr) | an R package which converts markdown files (.md, .Rmd) into mindmaps (brainstorms) | pzhaonet | gpl-3.0 | 551 |
| [https://github.com/iagox86/dnscat2](https://github.com/iagox86/dnscat2) | | iagox86 | bsd-3-clause | 2804 |
| [https://github.com/airbus-cert/mispy](https://github.com/airbus-cert/mispy) | Another MISP module for Python | airbus-cert | apache-2.0 | 15 |
| [https://github.com/KeitaNakamura/neodark.vim](https://github.com/KeitaNakamura/neodark.vim) | A dark color scheme for vim | KeitaNakamura | | 395 |
| [https://github.com/metachris/pdfx](https://github.com/metachris/pdfx) | Extract text, metadata and references (pdf, url, doi, arxiv) from PDF. Optionally download all referenced PDFs. | metachris | apache-2.0 | 941 |
| [https://github.com/blacktop/docker-cuckoo](https://github.com/blacktop/docker-cuckoo) | Cuckoo Sandbox Dockerfile | blacktop | other | 314 |
| [https://github.com/openssl/openssl](https://github.com/openssl/openssl) | TLS/SSL and crypto library | openssl | apache-2.0 | 19877 |
| [https://github.com/acaudwell/Logstalgia](https://github.com/acaudwell/Logstalgia) | replay or stream website access logs as a retro arcade game | acaudwell | gpl-3.0 | 1647 |
| [https://github.com/Cisco-Talos/BASS](https://github.com/Cisco-Talos/BASS) | BASS - BASS Automated Signature Synthesizer | Cisco-Talos | gpl-2.0 | 168 |
| [https://github.com/ermongroup/markov-chain-gan](https://github.com/ermongroup/markov-chain-gan) | Code for "Generative Adversarial Training for Markov Chains" (ICLR 2017 Workshop) | ermongroup | mit | 77 |
| [https://github.com/googleprojectzero/functionsimsearch](https://github.com/googleprojectzero/functionsimsearch) | Some C++ example code to demonstrate how to perform code similarity searches using SimHashing. | googleprojectzero | apache-2.0 | 513 |
| [https://github.com/secfigo/Awesome-Fuzzing](https://github.com/secfigo/Awesome-Fuzzing) | A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis. | secfigo | cc0-1.0 | 4406 |
| [https://github.com/bpineau/redis-munin](https://github.com/bpineau/redis-munin) | Munin plugin for Redis. Monitors lots of things, with few dependencies (pure redis-cli + awk) | bpineau | | 55 |
| [https://github.com/NationalSecurityAgency/lemongraph](https://github.com/NationalSecurityAgency/lemongraph) | Log-based transactional graph engine | NationalSecurityAgency | other | 1109 |
| [https://github.com/jjo-sec/pynetsim](https://github.com/jjo-sec/pynetsim) | | jjo-sec | other | 15 |
| [https://github.com/cipher1729/js-crawler](https://github.com/cipher1729/js-crawler) | For crawling the web using scrapy, collecting javascripts and training a classifier with extracted features | cipher1729 | | 2 |
| [https://github.com/inconvergent/snek](https://github.com/inconvergent/snek) | See https://github.com/inconvergent/weir instead | inconvergent | other | 731 |
| [https://github.com/google/gumbo-parser](https://github.com/google/gumbo-parser) | An HTML5 parsing library in pure C99 | google | apache-2.0 | 5080 |
| [https://github.com/thinkst/canarytokens](https://github.com/thinkst/canarytokens) | Canarytokens helps track activity and actions on your network. | thinkst | other | 1187 |
| [https://github.com/thinkst/opencanary](https://github.com/thinkst/opencanary) | Modular and decentralised honeypot | thinkst | bsd-3-clause | 1590 |
| [https://github.com/dyninst/dyninst](https://github.com/dyninst/dyninst) | DyninstAPI: Tools for binary instrumentation, analysis, and modification. | dyninst | other | 599 |
| [https://github.com/thelounge/thelounge](https://github.com/thelounge/thelounge) | 💬 Modern, responsive, cross-platform, self-hosted web IRC client | thelounge | mit | 4871 |
| [https://github.com/m4b/bingrep](https://github.com/m4b/bingrep) | like ~~grep~~ UBER, but for binaries | m4b | mit | 1578 |
| [https://github.com/vladak/ipv6gen](https://github.com/vladak/ipv6gen) | IPv6 prefix generator | vladak | gpl-2.0 | 35 |
| [https://github.com/segmentio/ksuid](https://github.com/segmentio/ksuid) | K-Sortable Globally Unique IDs | segmentio | mit | 3765 |
| [https://github.com/blei-lab/edward](https://github.com/blei-lab/edward) | A probabilistic programming language in TensorFlow. Deep generative models, variational inference. | blei-lab | other | 4742 |
| [https://github.com/kudelskisecurity/scannerl](https://github.com/kudelskisecurity/scannerl) | The modular distributed fingerprinting engine | kudelskisecurity | gpl-3.0 | 220 |
| [https://github.com/orakaro/rainbowstream](https://github.com/orakaro/rainbowstream) | A smart and nice Twitter client on terminal written in Python. | orakaro | mit | 3482 |
| [https://github.com/wireapp/wire-server](https://github.com/wireapp/wire-server) | 🇪🇺 Wire back-end services | wireapp | agpl-3.0 | 2485 |
| [https://github.com/firehol/blocklist-ipsets](https://github.com/firehol/blocklist-ipsets) | ipsets dynamically updated with firehol's update-ipsets.sh script | firehol | | 2371 |
| [https://github.com/SNAS/openbmp](https://github.com/SNAS/openbmp) | OpenBMP Server Collector | SNAS | epl-1.0 | 219 |
| [https://github.com/RedisLabsModules/redablooms](https://github.com/RedisLabsModules/redablooms) | Scalable, counting Bloom filters Redis Module | RedisLabsModules | agpl-3.0 | 29 |
| [https://github.com/has2k1/plotnine](https://github.com/has2k1/plotnine) | A grammar of graphics for Python | has2k1 | mit | 3234 |
| [https://github.com/conix-security/BTG](https://github.com/conix-security/BTG) | BTG's purpose is to make fast and efficient search on IOC | conix-security | gpl-3.0 | 69 |
| [https://github.com/mfontanini/libtins](https://github.com/mfontanini/libtins) | High-level, multiplatform C++ network packet sniffing and crafting library. | mfontanini | bsd-2-clause | 1730 |
| [https://github.com/joewalnes/reconnecting-websocket](https://github.com/joewalnes/reconnecting-websocket) | A small decorator for the JavaScript WebSocket API that automatically reconnects | joewalnes | mit | 3927 |
| [https://github.com/MonroCoury/Forensic-Tools](https://github.com/MonroCoury/Forensic-Tools) | A collection of tools for forensic analysis | MonroCoury | mit | 249 |
| [https://github.com/markofu/pcaps](https://github.com/markofu/pcaps) | Public Repository of all Publicly Available Packet Captures that I've used or come across | markofu | | 135 |
| [https://github.com/opsxcq/exploit-CVE-2017-7494](https://github.com/opsxcq/exploit-CVE-2017-7494) | SambaCry exploit and vulnerable container (CVE-2017-7494) | opsxcq | | 323 |
| [https://github.com/viper-framework/pefile-tests](https://github.com/viper-framework/pefile-tests) | Test suite for pefile | viper-framework | other | 4 |
| [https://github.com/curi0usJack/luckystrike](https://github.com/curi0usJack/luckystrike) | A PowerShell based utility for the creation of malicious Office macro documents. | curi0usJack | gpl-3.0 | 1045 |
| [https://github.com/Cisco-Talos/file2pcap](https://github.com/Cisco-Talos/file2pcap) | | Cisco-Talos | gpl-2.0 | 158 |
| [https://github.com/RUB-NDS/PRET](https://github.com/RUB-NDS/PRET) | Printer Exploitation Toolkit - The tool that made dumpster diving obsolete. | RUB-NDS | gpl-2.0 | 3229 |
| [https://github.com/tillmannw/honeytrap](https://github.com/tillmannw/honeytrap) | a low-interaction honeypot | tillmannw | gpl-2.0 | 91 |
| [https://github.com/bpython/bpython](https://github.com/bpython/bpython) | bpython - A fancy curses interface to the Python interactive interpreter | bpython | other | 2205 |
| [https://github.com/mbechler/marshalsec](https://github.com/mbechler/marshalsec) | | mbechler | mit | 2810 |
| [https://github.com/tandasat/MemoryMon](https://github.com/tandasat/MemoryMon) | Detecting execution of kernel memory where is not backed by any image file | tandasat | mit | 210 |
| [https://github.com/govolution/betterdefaultpasslist](https://github.com/govolution/betterdefaultpasslist) | | govolution | | 581 |
| [https://github.com/chocolatey/choco](https://github.com/chocolatey/choco) | Chocolatey - the package manager for Windows | chocolatey | other | 8643 |
| [https://github.com/MartinThoma/LaTeX-examples](https://github.com/MartinThoma/LaTeX-examples) | Examples for the usage of LaTeX | MartinThoma | mit | 1360 |
| [https://github.com/m2dsupsdlclass/lectures-labs](https://github.com/m2dsupsdlclass/lectures-labs) | Slides and Jupyter notebooks for the Deep Learning lectures at Master Year 2 Data Science from Institut Polytechnique de Paris | m2dsupsdlclass | mit | 1303 |
| [https://github.com/mohlcyber/OpenDXL-MISP-IntelMQ-Output](https://github.com/mohlcyber/OpenDXL-MISP-IntelMQ-Output) | Automated OpenDXL Output information via IntelMQ | mohlcyber | | 14 |
| [https://github.com/mohlcyber/OpenDXL-ATD-MISP](https://github.com/mohlcyber/OpenDXL-ATD-MISP) | Automated threat intelligence collection with McAfee ATD, OpenDXL and MISP | mohlcyber | apache-2.0 | 22 |
| [https://github.com/schollz/howmanypeoplearearound](https://github.com/schollz/howmanypeoplearearound) | Count the number of people around you :family_man_man_boy: by monitoring wifi signals :satellite: | schollz | mit | 6664 |
| [https://github.com/msuiche/OPCDE](https://github.com/msuiche/OPCDE) | OPCDE Cybersecurity Conference Materials | msuiche | | 565 |
| [https://github.com/aviggiano/redis-roaring](https://github.com/aviggiano/redis-roaring) | Roaring Bitmaps for Redis | aviggiano | mit | 278 |
| [https://github.com/CERT-W/certitude](https://github.com/CERT-W/certitude) | The Seeker of IOC | CERT-W | gpl-2.0 | 125 |
| [https://github.com/isobit/ws-tcp-relay](https://github.com/isobit/ws-tcp-relay) | A simple relay between WebSocket clients and TCP servers | isobit | mit | 221 |
| [https://github.com/TheHive-Project/Cortex](https://github.com/TheHive-Project/Cortex) | Cortex: a Powerful Observable Analysis and Active Response Engine | TheHive-Project | agpl-3.0 | 970 |
| [https://github.com/fideliscyber/yalda](https://github.com/fideliscyber/yalda) | | fideliscyber | other | 40 |
| [https://github.com/leojcollard/cve-search-docker](https://github.com/leojcollard/cve-search-docker) | | leojcollard | mit | 14 |
| [https://github.com/Inria-Prosecco/proscript-messaging](https://github.com/Inria-Prosecco/proscript-messaging) | Supporting materials for our EuroS&P paper: Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach. | Inria-Prosecco | | 32 |
| [https://github.com/nexB/scancode-toolkit](https://github.com/nexB/scancode-toolkit) | :mag_right: ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors! | nexB | | 1566 |
| [https://github.com/python-security/pyt](https://github.com/python-security/pyt) | A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications | python-security | gpl-2.0 | 2105 |
| [https://github.com/Cisco-Talos/Decept](https://github.com/Cisco-Talos/Decept) | Decept Network Protocol Proxy | Cisco-Talos | other | 255 |
| [https://github.com/MISP/misp-galaxy](https://github.com/MISP/misp-galaxy) | Clusters and elements to attach to MISP events or attributes (like threat actors) | MISP | other | 378 |
| [https://github.com/timeoff-management/timeoff-management-application](https://github.com/timeoff-management/timeoff-management-application) | Simple yet powerful absence management software for small and medium size business (community edition) | timeoff-management | mit | 777 |
| [https://github.com/mozilla/ssh_scan](https://github.com/mozilla/ssh_scan) | DEPRECATED - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/) | mozilla | mpl-2.0 | 793 |
| [https://github.com/MISP/mail_to_misp](https://github.com/MISP/mail_to_misp) | Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails. | MISP | agpl-3.0 | 59 |
| [https://github.com/jymcheong/aptc](https://github.com/jymcheong/aptc) | Automated Payload Test Controller | jymcheong | unlicense | 8 |
| [https://github.com/zonination/perceptions](https://github.com/zonination/perceptions) | Perceptions of Probability and Numbers | zonination | mit | 781 |
| [https://github.com/newlog/r2msdn](https://github.com/newlog/r2msdn) | r2 plugin to add MSDN documentation URLs and parameter names to imported function calls | newlog | | 10 |
| [https://github.com/juliocesarfort/public-pentesting-reports](https://github.com/juliocesarfort/public-pentesting-reports) | A list of public penetration test reports published by several consulting firms and academic security groups. | juliocesarfort | | 6653 |
| [https://github.com/morallo/misp-bulk-tag](https://github.com/morallo/misp-bulk-tag) | This script performs bulk tagging operations over MISP. | morallo | | 2 |
| [https://github.com/discoproject/disco](https://github.com/discoproject/disco) | a Map/Reduce framework for distributed computing | discoproject | bsd-3-clause | 1640 |
| [https://github.com/rolandshoemaker/solvere](https://github.com/rolandshoemaker/solvere) | A validating recursive DNS resolver library and standalone server with DNSSEC support | rolandshoemaker | mit | 33 |
| [https://github.com/InnerSourceCommons/InnerSourcePatterns](https://github.com/InnerSourceCommons/InnerSourcePatterns) | Proven approaches that can guide you through applying open source best practices within your organization | InnerSourceCommons | cc-by-sa-4.0 | 620 |
| [https://github.com/paypal/autosklearn-zeroconf](https://github.com/paypal/autosklearn-zeroconf) | autosklearn-zeroconf is a fully automated binary classifier. It is based on the AutoML challenge winner auto-sklearn. Give it a dataset with known outcomes (labels) and it returns a list of predicted outcomes for your new data. It even estimates the precision for you! The engine is tuning massively parallel ensemble of machine learning pipelines for best precision/recall. | paypal | bsd-3-clause | 169 |
| [https://github.com/ripe-dns-anomaly/anomalyDetector](https://github.com/ripe-dns-anomaly/anomalyDetector) | this folder contains the possible anomaly detector(s) that can be used with the Ripe DNS measurements | ripe-dns-anomaly | | 11 |
| [https://github.com/RIPE-NCC/ripe-atlas-sagan](https://github.com/RIPE-NCC/ripe-atlas-sagan) | A parsing library for RIPE Atlas measurement results | RIPE-NCC | gpl-3.0 | 44 |
| [https://github.com/rishy/phishing-websites](https://github.com/rishy/phishing-websites) | Identifies phishing websites using a treebag model | rishy | | 22 |
| [https://github.com/RIPE-NCC/ripe-atlas-cousteau](https://github.com/RIPE-NCC/ripe-atlas-cousteau) | Python client for RIPE ATLAS API | RIPE-NCC | gpl-3.0 | 57 |
| [https://github.com/RIPE-NCC/ripe-atlas-tools](https://github.com/RIPE-NCC/ripe-atlas-tools) | Official command-line client for RIPE Atlas | RIPE-NCC | gpl-3.0 | 154 |
| [https://github.com/RIPE-Atlas-Community/ripe-atlas-community-contrib](https://github.com/RIPE-Atlas-Community/ripe-atlas-community-contrib) | Repository for links towards tools written during hackathons, and a collection of contributions by the community of the RIPE Atlas visualizations, tools for analysing measurements data and other scripts | RIPE-Atlas-Community | | 163 |
| [https://github.com/JoshData/hackathon.guide](https://github.com/JoshData/hackathon.guide) | A logistics guide to running a successful hackathon. | JoshData | | 171 |
| [https://github.com/MISP/misp-takedown](https://github.com/MISP/misp-takedown) | A curses-style interface for automatic takedown notification based on MISP events. | MISP | agpl-3.0 | 19 |
| [https://github.com/TryCatchHCF/Cloakify](https://github.com/TryCatchHCF/Cloakify) | CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection | TryCatchHCF | mit | 1323 |
| [https://github.com/keybase/saltpack](https://github.com/keybase/saltpack) | a modern crypto messaging format | keybase | bsd-3-clause | 943 |
| [https://github.com/polymorf/findcrypt-yara](https://github.com/polymorf/findcrypt-yara) | IDA pro plugin to find crypto constants (and more) | polymorf | bsd-3-clause | 989 |
| [https://github.com/Invoke-IR/ForensicPosters](https://github.com/Invoke-IR/ForensicPosters) | | Invoke-IR | | 370 |
| [https://github.com/Yara-Rules/yago](https://github.com/Yara-Rules/yago) | YaGo, converting Yara rules into JSON files. | Yara-Rules | apache-2.0 | 47 |
| [https://github.com/lief-project/LIEF](https://github.com/lief-project/LIEF) | LIEF - Library to Instrument Executable Formats | lief-project | apache-2.0 | 3312 |
| [https://github.com/nccgroup/Cyber-Defence](https://github.com/nccgroup/Cyber-Defence) | Information released publicly by NCC Group's Cyber Incident Response Team | nccgroup | | 456 |
| [https://github.com/hrbrmstr/radb](https://github.com/hrbrmstr/radb) | :microscope: Tools to Query the 'Merit' 'RADb' Network Route Server | hrbrmstr | | 7 |
| [https://github.com/Graylog2/graylog-plugin-threatintel](https://github.com/Graylog2/graylog-plugin-threatintel) | Graylog Processing Pipeline functions to enrich log messages with IoC information from threat intelligence databases | Graylog2 | other | 139 |
| [https://github.com/DCSO/tie2misp](https://github.com/DCSO/tie2misp) | Please use the new https://github.com/DCSO/tiffy instead! | DCSO | bsd-3-clause | 3 |
| [https://github.com/uforia/timestamp](https://github.com/uforia/timestamp) | Generic Timestamp Converter | uforia | | 4 |
| [https://github.com/MISP/ansible](https://github.com/MISP/ansible) | MISP - Ansible installation script | MISP | | 22 |
| [https://github.com/wisk/medusa](https://github.com/wisk/medusa) | An open source interactive disassembler | wisk | other | 998 |
| [https://github.com/pierbol/FloppySic](https://github.com/pierbol/FloppySic) | Foreinsic on old different types of floppydisk | pierbol | | 2 |
| [https://github.com/tomrittervg/ct-tools](https://github.com/tomrittervg/ct-tools) | Random tools to perform Certificate Transparency-related stuff | tomrittervg | other | 25 |
| [https://github.com/eriktews/certificate-transparency-tools](https://github.com/eriktews/certificate-transparency-tools) | Tools to interact with a certificate transparency server | eriktews | mit | 23 |
| [https://github.com/CERT-Bund/yara-exporter](https://github.com/CERT-Bund/yara-exporter) | Exporting MISP event attributes to yara rules usable with Thor apt scanner | CERT-Bund | mit | 22 |
| [https://github.com/infosec-au/altdns](https://github.com/infosec-au/altdns) | Generates permutations, alterations and mutations of subdomains and then resolves them | infosec-au | apache-2.0 | 1839 |
| [https://github.com/errbufferoverfl/usb-canary](https://github.com/errbufferoverfl/usb-canary) | A Linux or OSX tool that uses psutil to monitor devices while your computer is locked. In the case it detects someone plugging in or unplugging devices it can be configured to send you an SMS or alert you via Slack or Pushover. | errbufferoverfl | gpl-3.0 | 564 |
| [https://github.com/k4m4/onioff](https://github.com/k4m4/onioff) | 🌰 An onion url inspector for inspecting deep web links. | k4m4 | mit | 514 |
| [https://github.com/msuhanov/Linux-write-blocker](https://github.com/msuhanov/Linux-write-blocker) | The kernel patch and userspace tools to enable Linux software write blocking | msuhanov | gpl-2.0 | 121 |
| [https://github.com/certsocietegenerale/fame](https://github.com/certsocietegenerale/fame) | FAME Automates Malware Evaluation | certsocietegenerale | gpl-3.0 | 761 |
| [https://github.com/Cymmetria/StrutsHoneypot](https://github.com/Cymmetria/StrutsHoneypot) | Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers | Cymmetria | mit | 70 |
| [https://github.com/threatexpress/domainhunter](https://github.com/threatexpress/domainhunter) | Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names | threatexpress | bsd-3-clause | 1241 |
| [https://github.com/scrapinghub/splash](https://github.com/scrapinghub/splash) | Lightweight, scriptable browser as a service with an HTTP API | scrapinghub | bsd-3-clause | 3711 |
| [https://github.com/vmware-archive/tic](https://github.com/vmware-archive/tic) | Bit9 + Carbon Black Threat Intelligence | vmware-archive | mit | 80 |
| [https://github.com/MISP/misp-objects](https://github.com/MISP/misp-objects) | Definition, description and relationship types of MISP objects | MISP | other | 71 |
| [https://github.com/google/tflow2](https://github.com/google/tflow2) | This software is currently maintained at https://github.com/taktv6/tflow2 | google | apache-2.0 | 38 |
| [https://github.com/fygrave/honeyntp](https://github.com/fygrave/honeyntp) | NTP logger/honeypot | fygrave | | 50 |
| [https://github.com/delvelabs/tachyon](https://github.com/delvelabs/tachyon) | Fast http dead file finder. | delvelabs | gpl-2.0 | 203 |
| [https://github.com/hzqst/Syscall-Monitor](https://github.com/hzqst/Syscall-Monitor) | Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+ | hzqst | mit | 640 |
| [https://github.com/posquit0/Awesome-CV](https://github.com/posquit0/Awesome-CV) | :page_facing_up: Awesome CV is LaTeX template for your outstanding job application | posquit0 | lppl-1.3c | 17584 |
| [https://github.com/json-schema-form/angular-schema-form](https://github.com/json-schema-form/angular-schema-form) | Generate forms from a JSON schema, with AngularJS! | json-schema-form | mit | 2463 |
| [https://github.com/MISP/misp-privacy-aware-exchange](https://github.com/MISP/misp-privacy-aware-exchange) | A privacy-aware exchange module to securely and privately share your indicators | MISP | agpl-3.0 | 13 |
| [https://github.com/homenc/HElib](https://github.com/homenc/HElib) | HElib is an open-source software library that implements homomorphic encryption. It supports the BGV scheme with bootstrapping and the Approximate Number CKKS scheme. HElib also includes optimizations for efficient homomorphic evaluation, focusing on effective use of ciphertext packing techniques and on the Gentry-Halevi-Smart optimizations. | homenc | other | 2889 |
| [https://github.com/jaegeral/awesome-incident-response-pro-bono](https://github.com/jaegeral/awesome-incident-response-pro-bono) | This repository is a curated list of pro bono incident response entities. | jaegeral | apache-2.0 | 17 |
| [https://github.com/equalitie/np1sec](https://github.com/equalitie/np1sec) | A library for off-the-record (deniable authenticated forward secure confidential) multiparty messaging | equalitie | lgpl-3.0 | 397 |
| [https://github.com/k4m4/movies-for-hackers](https://github.com/k4m4/movies-for-hackers) | 🎬 A curated list of movies every hacker & cyberpunk must watch. | k4m4 | cc0-1.0 | 9321 |
| [https://github.com/cr-marcstevens/sha1collisiondetection](https://github.com/cr-marcstevens/sha1collisiondetection) | Library and command line tool to detect SHA-1 collision in a file | cr-marcstevens | other | 1212 |
| [https://github.com/DinoTools/dionaea](https://github.com/DinoTools/dionaea) | Home of the dionaea honeypot | DinoTools | gpl-2.0 | 612 |
| [https://github.com/fabio-d/honeypot](https://github.com/fabio-d/honeypot) | Honeypot that emulates several protocols (incl. SSH, telnet, SMTP, HTTP, SSL and SIP) | fabio-d | gpl-2.0 | 47 |
| [https://github.com/dropbox/securitybot](https://github.com/dropbox/securitybot) | Distributed alerting for the masses! | dropbox | apache-2.0 | 995 |
| [https://github.com/oasis-open/cti-pattern-matcher](https://github.com/oasis-open/cti-pattern-matcher) | OASIS TC Open Repository: Match STIX content against STIX patterns | oasis-open | bsd-3-clause | 34 |
| [https://github.com/oasis-open/cti-pattern-validator](https://github.com/oasis-open/cti-pattern-validator) | OASIS TC Open Repository: Validate patterns used to express cyber observable content in STIX Indicators | oasis-open | bsd-3-clause | 20 |
| [https://github.com/microlinkhq/metascraper](https://github.com/microlinkhq/metascraper) | Get unified metadata from websites using Open Graph, Microdata, RDFa, Twitter Cards, JSON-LD, HTML, and more. | microlinkhq | mit | 1839 |
| [https://github.com/oasis-open/cti-documentation](https://github.com/oasis-open/cti-documentation) | OASIS TC Open Repository: GitHub Pages site for STIX and TAXII | oasis-open | bsd-3-clause | 79 |
| [https://github.com/jd7h/pritchard](https://github.com/jd7h/pritchard) | Data mining on public security advisories. | jd7h | | 4 |
| [https://github.com/atexio/mercure](https://github.com/atexio/mercure) | Mercure is a tool for security managers who want to train their colleague to phishing. | atexio | gpl-3.0 | 268 |
| [https://github.com/vorg/timeline.js](https://github.com/vorg/timeline.js) | A compact JavaScript animation library with a GUI timeline for fast editing. | vorg | | 514 |
| [https://github.com/snare/binjatron](https://github.com/snare/binjatron) | Binary Ninja plugin for Voltron integration | snare | mit | 159 |
| [https://github.com/MaartenBaert/ssr](https://github.com/MaartenBaert/ssr) | SimpleScreenRecorder, a screen recorder for Linux | MaartenBaert | gpl-3.0 | 2123 |
| [https://github.com/oasis-open/cti-python-stix2](https://github.com/oasis-open/cti-python-stix2) | OASIS TC Open Repository: Python APIs for STIX 2 | oasis-open | bsd-3-clause | 284 |
| [https://github.com/wbond/certvalidator](https://github.com/wbond/certvalidator) | Python library for validating X.509 certificates and paths | wbond | mit | 88 |
| [https://github.com/ExodusIntelligence/cpe_utils](https://github.com/ExodusIntelligence/cpe_utils) | A simple python library to assist in working with cpes | ExodusIntelligence | mit | 14 |
| [https://github.com/tribalchicken/postfix-cuckoolyse](https://github.com/tribalchicken/postfix-cuckoolyse) | A Postfix filter which takes a piped message and submits it to Cuckoo Sandbox | tribalchicken | | 12 |
| [https://github.com/python/cpython](https://github.com/python/cpython) | The Python programming language | python | other | 48597 |
| [https://github.com/SigmaHQ/sigma](https://github.com/SigmaHQ/sigma) | Generic Signature Format for SIEM Systems | SigmaHQ | other | 5682 |
| [https://github.com/nodesocket/jsonlite](https://github.com/nodesocket/jsonlite) | A simple, self-contained, serverless, zero-configuration, json document store. | nodesocket | apache-2.0 | 834 |
| [https://github.com/ColumPaget/Hashrat](https://github.com/ColumPaget/Hashrat) | Hashing tool supporting md5,sha1,sha256,sha512,whirlpool,jh and hmac versions of these. Includes recursive file hashing and other features. | ColumPaget | gpl-3.0 | 47 |
| [https://github.com/ResidentMario/geoplot](https://github.com/ResidentMario/geoplot) | High-level geospatial data visualization library for Python. | ResidentMario | mit | 1021 |
| [https://github.com/opieters/business-card](https://github.com/opieters/business-card) | A business card in LaTeX. | opieters | gpl-3.0 | 667 |
| [https://github.com/EC-DIGIT-CSIRC/MISP-ThreatExchange](https://github.com/EC-DIGIT-CSIRC/MISP-ThreatExchange) | Script to interface MISP with Facebook ThreatExchange | EC-DIGIT-CSIRC | | 11 |
| [https://github.com/maxbbraun/trump2cash](https://github.com/maxbbraun/trump2cash) | A stock trading bot powered by Trump tweets | maxbbraun | mit | 6149 |
| [https://github.com/autocrypt/memoryhole](https://github.com/autocrypt/memoryhole) | Protected E-mail Headers | autocrypt | | 71 |
| [https://github.com/zardus/ctf-tools](https://github.com/zardus/ctf-tools) | Some setup scripts for security research tools. | zardus | bsd-3-clause | 7006 |
| [https://github.com/UTSA-cyber/sceadan](https://github.com/UTSA-cyber/sceadan) | Systematic Classification Engine for Advanced Data ANalysis | UTSA-cyber | gpl-2.0 | 21 |
| [https://github.com/kaitai-io/kaitai_struct_python_runtime](https://github.com/kaitai-io/kaitai_struct_python_runtime) | Kaitai Struct: runtime for Python | kaitai-io | mit | 60 |
| [https://github.com/kaitai-io/kaitai_struct_formats](https://github.com/kaitai-io/kaitai_struct_formats) | Kaitai Struct: library of binary file formats (.ksy) | kaitai-io | | 591 |
| [https://github.com/deepmind/learning-to-learn](https://github.com/deepmind/learning-to-learn) | Learning to Learn in TensorFlow | deepmind | apache-2.0 | 4048 |
| [https://github.com/lgandx/PoC](https://github.com/lgandx/PoC) | Various PoCs | lgandx | | 485 |
| [https://github.com/MISP/SimpleQueue](https://github.com/MISP/SimpleQueue) | Multiprocessing queuing module extracted from AIL framework (Pre-Alpha stage) - to replace Cake::Resque in MISP | MISP | | 4 |
| [https://github.com/pinkflawd/r2graphity](https://github.com/pinkflawd/r2graphity) | Creating function call graphs based on radare2 framwork, plot fancy graphs and extract behavior indicators | pinkflawd | mit | 86 |
| [https://github.com/x0rz/tweets_analyzer](https://github.com/x0rz/tweets_analyzer) | Tweets metadata scraper & activity analyzer | x0rz | gpl-3.0 | 2819 |
| [https://github.com/marcurdy/dfir-toolset](https://github.com/marcurdy/dfir-toolset) | Dump of organized knowledge on DFIR | marcurdy | | 114 |
| [https://github.com/mispy-archive/ebooks_example](https://github.com/mispy-archive/ebooks_example) | Example of a full twitter_ebooks bot definition | mispy-archive | | 138 |
| [https://github.com/RediSearch/RediSearch](https://github.com/RediSearch/RediSearch) | A query and indexing engine for Redis, providing secondary indexing, full-text search, and aggregations. | RediSearch | other | 3984 |
| [https://github.com/spellchecker-lu/dictionary-lb-lu](https://github.com/spellchecker-lu/dictionary-lb-lu) | HunSpell dictionary and MyThes thesaurus for the Luxembourgish language. | spellchecker-lu | other | 18 |
| [https://github.com/ShellcodeSmuggler/IAT_POC](https://github.com/ShellcodeSmuggler/IAT_POC) | POC for IAT Parsing Payloads | ShellcodeSmuggler | | 45 |
| [https://github.com/AnttiKurittu/kirjuri](https://github.com/AnttiKurittu/kirjuri) | Kirjuri is a web application for managing cases and physical forensic evidence items. | AnttiKurittu | mit | 103 |
| [https://github.com/seveas/python-hpilo](https://github.com/seveas/python-hpilo) | Accessing the HP iLO XML interface from python | seveas | other | 289 |
| [https://github.com/0x3a/tor-dns](https://github.com/0x3a/tor-dns) | Monitoring 'DNS' inside the Tor network | 0x3a | | 91 |
| [https://github.com/ANSSI-FR/bootcode_parser](https://github.com/ANSSI-FR/bootcode_parser) | A boot record parser that identifies known good signatures for MBR, VBR and IPL. | ANSSI-FR | gpl-3.0 | 93 |
| [https://github.com/SAFETAG/SAFETAG](https://github.com/SAFETAG/SAFETAG) | SAFETAG is a curricula, a methodology, and a framework for security auditors working with advocacy groups. | SAFETAG | mit | 73 |
| [https://github.com/adamcaudill/EquationGroupLeak](https://github.com/adamcaudill/EquationGroupLeak) | Archive of leaked Equation Group materials | adamcaudill | | 718 |
| [https://github.com/sch3m4/libntoh](https://github.com/sch3m4/libntoh) | User-friendly C Library to perform TCP streams reassembly and IPv4/6 defragmentation | sch3m4 | other | 98 |
| [https://github.com/wille/cry](https://github.com/wille/cry) | Cross platform PoC ransomware written in Go | wille | | 204 |
| [https://github.com/pevma/SEPTun](https://github.com/pevma/SEPTun) | Suricata Extreme Performance Tuning guide | pevma | gpl-2.0 | 185 |
| [https://github.com/m3db/m3](https://github.com/m3db/m3) | M3 monorepo - Distributed TSDB, Aggregator and Query Engine, Prometheus Sidecar, Graphite Compatible, Metrics Platform | m3db | apache-2.0 | 4278 |
| [https://github.com/MISP/misp-website](https://github.com/MISP/misp-website) | MISP website (hugo-based) | MISP | other | 19 |
| [https://github.com/RichardLitt/open-source-protocol](https://github.com/RichardLitt/open-source-protocol) | :unlock: Open up web development | RichardLitt | mit | 44 |
| [https://github.com/jorilallo/jsonbrowse](https://github.com/jorilallo/jsonbrowse) | 🔎 Browse, filter and manipulate your JSON inside the browser | jorilallo | | 367 |
| [https://github.com/nojhan/liquidprompt](https://github.com/nojhan/liquidprompt) | A full-featured & carefully designed adaptive prompt for Bash & Zsh | nojhan | agpl-3.0 | 4219 |
| [https://github.com/FallibleInc/security-guide-for-developers](https://github.com/FallibleInc/security-guide-for-developers) | Security Guide for Developers (实用性开发人员安全须知) | FallibleInc | | 20422 |
| [https://github.com/Te-k/analyst-scripts](https://github.com/Te-k/analyst-scripts) | Scripts to analyze stuff | Te-k | | 118 |
| [https://github.com/oklog/oklog](https://github.com/oklog/oklog) | A distributed and coördination-free log management system | oklog | apache-2.0 | 2961 |
| [https://github.com/r00t-3xp10it/backdoorppt](https://github.com/r00t-3xp10it/backdoorppt) | transform your payload.exe into one fake word doc (.ppt) | r00t-3xp10it | | 439 |
| [https://github.com/not-kennethreitz/omnijson](https://github.com/not-kennethreitz/omnijson) | Like AnyJSON, but better. | not-kennethreitz | mit | 43 |
| [https://github.com/erik1o6/oscp](https://github.com/erik1o6/oscp) | oscp-scripts | erik1o6 | | 133 |
| [https://github.com/lateralblast/lunar](https://github.com/lateralblast/lunar) | A UNIX security auditing tool based on several security frameworks | lateralblast | | 280 |
| [https://github.com/ipankajg/ceed](https://github.com/ipankajg/ceed) | A tiny x86 compiler with ELF and PE target | ipankajg | bsd-2-clause | 129 |
| [https://github.com/PaloAltoNetworks/minemeld-core](https://github.com/PaloAltoNetworks/minemeld-core) | Engine of MineMeld | PaloAltoNetworks | apache-2.0 | 137 |
| [https://github.com/CheckPointSW/InviZzzible](https://github.com/CheckPointSW/InviZzzible) | InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them. | CheckPointSW | gpl-3.0 | 390 |
| [https://github.com/Plazmaz/MongoDB-HoneyProxy](https://github.com/Plazmaz/MongoDB-HoneyProxy) | A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server. | Plazmaz | gpl-3.0 | 81 |
| [https://github.com/jedisct1/minisign](https://github.com/jedisct1/minisign) | A dead simple tool to sign files and verify digital signatures. | jedisct1 | other | 1611 |
| [https://github.com/Netflix/vizceral](https://github.com/Netflix/vizceral) | WebGL visualization for displaying animated traffic graphs | Netflix | apache-2.0 | 3973 |
| [https://github.com/nccgroup/featherduster](https://github.com/nccgroup/featherduster) | An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction | nccgroup | bsd-3-clause | 991 |
| [https://github.com/bat-serjo/vivisect-py3](https://github.com/bat-serjo/vivisect-py3) | Vivisect in python3 | bat-serjo | apache-2.0 | 12 |
| [https://github.com/patois/IDACyber](https://github.com/patois/IDACyber) | Data Visualization Plugin for IDA Pro | patois | mit | 264 |
| [https://github.com/mattermost/mattermost-server](https://github.com/mattermost/mattermost-server) | Mattermost is an open source platform for secure collaboration across the entire software development lifecycle. | mattermost | other | 24213 |
| [https://github.com/lmrs2/secretgrind](https://github.com/lmrs2/secretgrind) | Secretgrind: a Valgrind analysis tool to detect secrets in memory | lmrs2 | | 54 |
| [https://github.com/jspsych/jsPsych](https://github.com/jspsych/jsPsych) | Create behavioral experiments in a browser using JavaScript | jspsych | mit | 868 |
| [https://github.com/netblue30/firejail](https://github.com/netblue30/firejail) | Linux namespaces and seccomp-bpf sandbox | netblue30 | gpl-2.0 | 4497 |
| [https://github.com/peterbrittain/asciimatics](https://github.com/peterbrittain/asciimatics) | A cross platform package to do curses-like operations, plus higher level APIs and widgets to create text UIs and ASCII art animations | peterbrittain | apache-2.0 | 3166 |
| [https://github.com/dloss/binary-parsing](https://github.com/dloss/binary-parsing) | A list of generic tools for parsing binary data structures, such as file formats, network protocols or bitstreams | dloss | mit | 635 |
| [https://github.com/toumorokoshi/nlgen](https://github.com/toumorokoshi/nlgen) | Natural Language Generator for Python | toumorokoshi | mit | 27 |
| [https://github.com/bolek42/rsa-sdr](https://github.com/bolek42/rsa-sdr) | | bolek42 | | 33 |
| [https://github.com/decaf-project/DECAF](https://github.com/decaf-project/DECAF) | DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF. | decaf-project | gpl-3.0 | 717 |
| [https://github.com/tridentli/trident](https://github.com/tridentli/trident) | Trident is a trusted and secure communication platform for enabling better communication between groups of trusted parties | tridentli | apache-2.0 | 20 |
| [https://github.com/mermaid-js/mermaid](https://github.com/mermaid-js/mermaid) | Generation of diagrams like flowcharts or sequence diagrams from text in a similar manner as markdown | mermaid-js | mit | 51000 |
| [https://github.com/google/grumpy](https://github.com/google/grumpy) | Grumpy is a Python to Go source code transcompiler and runtime. | google | apache-2.0 | 10536 |
| [https://github.com/seaweedfs/seaweedfs](https://github.com/seaweedfs/seaweedfs) | SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files! Blob store has O(1) disk seek, cloud tiering. Filer supports Cloud Drive, cross-DC active-active replication, Kubernetes, POSIX FUSE mount, S3 API, S3 Gateway, Hadoop, WebDAV, encryption, Erasure Coding. | seaweedfs | apache-2.0 | 15764 |
| [https://github.com/jamiemcg/Remarkable](https://github.com/jamiemcg/Remarkable) | Remarkable - The Markdown Editor for Linux http://remarkableapp.github.io | jamiemcg | mit | 1863 |
| [https://github.com/Maktm/FLIRTDB](https://github.com/Maktm/FLIRTDB) | A community driven collection of IDA FLIRT signature files | Maktm | | 1009 |
| [https://github.com/timeweb/ddosdetector](https://github.com/timeweb/ddosdetector) | A flexible tool for analyzing network traffic and automation of the process of protection against DDoS attacks. | timeweb | gpl-3.0 | 134 |
| [https://github.com/jekil/awesome-hacking](https://github.com/jekil/awesome-hacking) | Awesome hacking is an awesome collection of hacking tools. | jekil | | 2147 |
| [https://github.com/trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | Find credentials all over the place | trufflesecurity | agpl-3.0 | 9630 |
| [https://github.com/cryptax/confsec](https://github.com/cryptax/confsec) | Security, hacking conferences (list) | cryptax | | 392 |
| [https://github.com/hugsy/binja-retdec](https://github.com/hugsy/binja-retdec) | Binary Ninja plugin to decompile binaries using RetDec API | hugsy | mit | 159 |
| [https://github.com/pingcap/tidb](https://github.com/pingcap/tidb) | TiDB is an open-source, cloud-native, distributed, MySQL-Compatible database for elastic scale and real-time analytics. Try free: https://tidbcloud.com/free-trial | pingcap | apache-2.0 | 32742 |
| [https://github.com/aio-libs/yarl](https://github.com/aio-libs/yarl) | Yet another URL library | aio-libs | other | 857 |
| [https://github.com/BurntSushi/ripgrep](https://github.com/BurntSushi/ripgrep) | ripgrep recursively searches directories for a regex pattern while respecting your gitignore | BurntSushi | unlicense | 34015 |
| [https://github.com/a2o/snoopy](https://github.com/a2o/snoopy) | Snoopy Command Logger is a small library that logs all program executions on your Linux/BSD system. | a2o | gpl-2.0 | 1044 |
| [https://github.com/OpenKMIP/PyKMIP](https://github.com/OpenKMIP/PyKMIP) | A Python implementation of the KMIP specification. | OpenKMIP | apache-2.0 | 198 |
| [https://github.com/pcbje/ggraph](https://github.com/pcbje/ggraph) | Graph visualization of big messy data | pcbje | apache-2.0 | 789 |
| [https://github.com/harvard-itsecurity/docker-misp](https://github.com/harvard-itsecurity/docker-misp) | Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing | harvard-itsecurity | bsd-3-clause | 169 |
| [https://github.com/dudeintheshell/blackhole](https://github.com/dudeintheshell/blackhole) | | dudeintheshell | | 34 |
| [https://github.com/devongovett/regexgen](https://github.com/devongovett/regexgen) | Generate regular expressions that match a set of strings | devongovett | | 3190 |
| [https://github.com/gpg/gnupg](https://github.com/gpg/gnupg) | The GNU Privacy Guard. NOTE: Maintainers are not tracking this mirror. Do not make pull requests here, nor comment any commits, submit them usual way to bug tracker (https://www.gnupg.org/documentation/bts.html) or to the mailing list (https://www.gnupg.org/documentation/mailing-lists.html). | gpg | gpl-3.0 | 520 |
| [https://github.com/OpenPGP/openpgp.org](https://github.com/OpenPGP/openpgp.org) | OpenPGP.org website | OpenPGP | mit | 212 |
| [https://github.com/nickbytes/notella](https://github.com/nickbytes/notella) | Super clean notes app | nickbytes | mit | 3 |
| [https://github.com/0xrawsec/golang-misp](https://github.com/0xrawsec/golang-misp) | Golang Library to interact with your MISP instance | 0xrawsec | other | 19 |
| [https://github.com/PidgeyL/cve-search](https://github.com/PidgeyL/cve-search) | cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. | PidgeyL | other | 22 |
| [https://github.com/nbareil/SSTIC-Annex](https://github.com/nbareil/SSTIC-Annex) | Slides et Articles de sstic.org | nbareil | | 7 |
| [https://github.com/r00t-3xp10it/morpheus](https://github.com/r00t-3xp10it/morpheus) | Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool) | r00t-3xp10it | | 762 |
| [https://github.com/CISecurity/OVALRepo](https://github.com/CISecurity/OVALRepo) | | CISecurity | | 202 |
| [https://github.com/intel/tinycbor](https://github.com/intel/tinycbor) | Concise Binary Object Representation (CBOR) Library | intel | mit | 376 |
| [https://github.com/DNS-OARC/dnscap](https://github.com/DNS-OARC/dnscap) | Network capture utility designed specifically for DNS traffic | DNS-OARC | other | 247 |
| [https://github.com/dekimir/RamFuzz](https://github.com/dekimir/RamFuzz) | Combining Unit Tests, Fuzzing, and AI | dekimir | apache-2.0 | 292 |
| [https://github.com/tunz/js-vuln-db](https://github.com/tunz/js-vuln-db) | A collection of JavaScript engine CVEs with PoCs | tunz | | 2189 |
| [https://github.com/oasis-tcs/cti-stix2](https://github.com/oasis-tcs/cti-stix2) | OASIS CTI TC: Provides issue tracking and wiki pages for the STIX 2.x Work Products | oasis-tcs | other | 19 |
| [https://github.com/Unitech/pm2](https://github.com/Unitech/pm2) | Node.js Production Process Manager with a built-in Load Balancer. | Unitech | other | 37997 |
| [https://github.com/intelxed/xed](https://github.com/intelxed/xed) | x86 encoder decoder | intelxed | apache-2.0 | 1227 |
| [https://github.com/google/gonids](https://github.com/google/gonids) | gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/ | google | apache-2.0 | 149 |
| [https://github.com/MISP/misp-taxonomies](https://github.com/MISP/misp-taxonomies) | Taxonomies used in MISP taxonomy system and can be used by other information sharing tool. | MISP | other | 219 |
| [https://github.com/MISP/misp-modules](https://github.com/MISP/misp-modules) | Modules for expansion services, import and export in MISP | MISP | agpl-3.0 | 257 |
| [https://github.com/cloudtracer/ThreatPinchLookup](https://github.com/cloudtracer/ThreatPinchLookup) | Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension | cloudtracer | | 296 |
| [https://github.com/CVEProject/automation-working-group](https://github.com/CVEProject/automation-working-group) | CVE Automation Working Group | CVEProject | | 131 |
| [https://github.com/AlticeLabsProjects/kyoto](https://github.com/AlticeLabsProjects/kyoto) | Kyoto Tycoon key-value store (and the underlying Kyoto Cabinet library) | AlticeLabsProjects | gpl-3.0 | 259 |
| [https://github.com/pan-unit42/iocs](https://github.com/pan-unit42/iocs) | Indicators from Unit 42 Public Reports | pan-unit42 | mit | 580 |
| [https://github.com/Kafeine/public](https://github.com/Kafeine/public) | | Kafeine | | 19 |
| [https://github.com/faker-ruby/faker](https://github.com/faker-ruby/faker) | A library for generating fake data such as names, addresses, and phone numbers. | faker-ruby | mit | 10465 |
| [https://github.com/stickermule/rump](https://github.com/stickermule/rump) | Hot sync two Redis servers using dumps. | stickermule | mit | 446 |
| [https://github.com/dflemstr/rq](https://github.com/dflemstr/rq) | Record Query - A tool for doing record analysis and transformation | dflemstr | apache-2.0 | 2147 |
| [https://github.com/PUNCH-Cyber/stoq](https://github.com/PUNCH-Cyber/stoq) | An open source framework for enterprise level automated analysis. | PUNCH-Cyber | apache-2.0 | 385 |
| [https://github.com/OxalisCommunity/oxalis](https://github.com/OxalisCommunity/oxalis) | Oxalis - PEPPOL Access Point open source implementation - Core component | OxalisCommunity | other | 95 |
| [https://github.com/gchq/CyberChef](https://github.com/gchq/CyberChef) | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis | gchq | apache-2.0 | 19246 |
| [https://github.com/sensepost/DET](https://github.com/sensepost/DET) | (extensible) Data Exfiltration Toolkit (DET) | sensepost | mit | 788 |
| [https://github.com/cloudflare/bpftools](https://github.com/cloudflare/bpftools) | BPF Tools - packet analyst toolkit | cloudflare | bsd-3-clause | 1037 |
| [https://github.com/rastating/wordpress-exploit-framework](https://github.com/rastating/wordpress-exploit-framework) | A Ruby framework designed to aid in the penetration testing of WordPress systems. | rastating | gpl-3.0 | 956 |
| [https://github.com/Parsely/streamparse](https://github.com/Parsely/streamparse) | Run Python in Apache Storm topologies. Pythonic API, CLI tooling, and a topology DSL. | Parsely | apache-2.0 | 1465 |
| [https://github.com/Gorcenski/voting-machines](https://github.com/Gorcenski/voting-machines) | A repo for exploring the software quality of electronic voting machines | Gorcenski | mit | 244 |
| [https://github.com/onethawt/reverseengineering-reading-list](https://github.com/onethawt/reverseengineering-reading-list) | A list of Reverse Engineering articles, books, and papers | onethawt | | 1748 |
| [https://github.com/cve-search/VIA4CVE](https://github.com/cve-search/VIA4CVE) | Vulnerability Information Aggregator for CVEs | cve-search | other | 110 |
| [https://github.com/johnnykv/heralding](https://github.com/johnnykv/heralding) | Credentials catching honeypot | johnnykv | gpl-3.0 | 333 |
| [https://github.com/nils-werner/zget](https://github.com/nils-werner/zget) | Filename based peer to peer file transfer | nils-werner | mit | 479 |
| [https://github.com/joxeankoret/cosa-nostra](https://github.com/joxeankoret/cosa-nostra) | Cosa Nostra, a FOSS graph based malware clusterization toolkit. | joxeankoret | gpl-3.0 | 224 |
| [https://github.com/quentinhardy/odat](https://github.com/quentinhardy/odat) | ODAT: Oracle Database Attacking Tool | quentinhardy | | 1246 |
| [https://github.com/ytisf/PyExfil](https://github.com/ytisf/PyExfil) | A Python Package for Data Exfiltration | ytisf | mit | 649 |
| [https://github.com/sroberts/awesome-iocs](https://github.com/sroberts/awesome-iocs) | A collection of sources of indicators of compromise. | sroberts | other | 661 |
| [https://github.com/nsacyber/Control-Flow-Integrity](https://github.com/nsacyber/Control-Flow-Integrity) | A proposed hardware-based method for stopping known memory corruption exploitation techniques. #nsacyber | nsacyber | other | 140 |
| [https://github.com/screetsec/TheFatRat](https://github.com/screetsec/TheFatRat) | Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection . | screetsec | gpl-3.0 | 7043 |
| [https://github.com/pstirparo/utils](https://github.com/pstirparo/utils) | Different DFIR and CTI utilities | pstirparo | apache-2.0 | 31 |
| [https://github.com/kevthehermit/VolUtility](https://github.com/kevthehermit/VolUtility) | Web App for Volatility framework | kevthehermit | gpl-3.0 | 346 |
| [https://github.com/securing/gattacker](https://github.com/securing/gattacker) | A Node.js package for BLE (Bluetooth Low Energy) security assessment using Man-in-the-Middle and other attacks | securing | mit | 579 |
| [https://github.com/MISP/MISP-Taxii-Server](https://github.com/MISP/MISP-Taxii-Server) | An OpenTAXII Configuration for MISP | MISP | bsd-3-clause | 73 |
| [https://github.com/mehrdadrad/mylg](https://github.com/mehrdadrad/mylg) | Network Diagnostic Tool | mehrdadrad | mit | 2604 |
| [https://github.com/oasis-open/cti-stix-elevator](https://github.com/oasis-open/cti-stix-elevator) | OASIS Cyber Threat Intelligence (CTI) TC Open Repository: Convert STIX 1.2 XML to STIX 2.x JSON | oasis-open | bsd-3-clause | 46 |
| [https://github.com/charly077/MISP-privacy-aware-sharing-master-thesis](https://github.com/charly077/MISP-privacy-aware-sharing-master-thesis) | Git used for my master thesis: | charly077 | | 4 |
| [https://github.com/rootkovska/codehash.db](https://github.com/rootkovska/codehash.db) | A public database for software and firmware hashes | rootkovska | | 218 |
| [https://github.com/cchio/deep-pwning](https://github.com/cchio/deep-pwning) | Metasploit for machine learning. | cchio | mit | 520 |
| [https://github.com/Yelp/elastalert](https://github.com/Yelp/elastalert) | Easy & Flexible Alerting With ElasticSearch | Yelp | apache-2.0 | 7854 |
| [https://github.com/dakami/overflowd](https://github.com/dakami/overflowd) | Stochastic Traffic Factoring Utility | dakami | bsd-3-clause | 14 |
| [https://github.com/jonschipp/ISLET](https://github.com/jonschipp/ISLET) | Isolated, Scalable, & Lightweight Environment for Training | jonschipp | other | 111 |
| [https://github.com/TheHive-Project/TheHive](https://github.com/TheHive-Project/TheHive) | TheHive: a Scalable, Open Source and Free Security Incident Response Platform | TheHive-Project | agpl-3.0 | 2691 |
| [https://github.com/dabeaz/curio](https://github.com/dabeaz/curio) | Good Curio! | dabeaz | other | 3875 |
| [https://github.com/EmpireProject/Empire](https://github.com/EmpireProject/Empire) | Empire is a PowerShell and Python post-exploitation agent. | EmpireProject | bsd-3-clause | 6729 |
| [https://github.com/Neo23x0/signature-base](https://github.com/Neo23x0/signature-base) | YARA signature and IOC database for my scanners and tools | Neo23x0 | other | 1796 |
| [https://github.com/CISOfy/lynis](https://github.com/CISOfy/lynis) | Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. | CISOfy | gpl-3.0 | 10183 |
| [https://github.com/NLnetLabs/NSD.old](https://github.com/NLnetLabs/NSD.old) | The NLnet Labs Name Server Daemon (NSD) is an authoritative RFC compliant DNS nameserver. This is an outdated export of the subversion repository. For the current export, head to | NLnetLabs | bsd-3-clause | 17 |
| [https://github.com/NLnetLabs/unbound.old](https://github.com/NLnetLabs/unbound.old) | Unbound is a validating recursive DNS resolver. This is an old export of the subversion repository. For the current export, please use | NLnetLabs | bsd-3-clause | 22 |
| [https://github.com/scudette/memory-analysis](https://github.com/scudette/memory-analysis) | A Rekall interactive document for a Memory Analysis workshop/course. | scudette | other | 43 |
| [https://github.com/keithjjones/visualize_logs](https://github.com/keithjjones/visualize_logs) | A Python library and command line tools to provide interactive log visualization. | keithjjones | other | 133 |
| [https://github.com/stsi/fragroute-ipv6](https://github.com/stsi/fragroute-ipv6) | | stsi | other | 6 |
| [https://github.com/ajkeeton/fragroute](https://github.com/ajkeeton/fragroute) | Tweaked version of Dug Song's fragroute | ajkeeton | other | 3 |
| [https://github.com/hfiref0x/TDL](https://github.com/hfiref0x/TDL) | Driver loader for bypassing Windows x64 Driver Signature Enforcement | hfiref0x | bsd-2-clause | 905 |
| [https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools](https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools) | Set of tools to analyze Windows sandboxes for exposed attack surface. | googleprojectzero | apache-2.0 | 1675 |
| [https://github.com/topojson/topojson](https://github.com/topojson/topojson) | An extension of GeoJSON that encodes topology! 🌐 | topojson | other | 4343 |
| [https://github.com/CRIPTIM/private-sightings](https://github.com/CRIPTIM/private-sightings) | Private sharing of sightings of indicators of compromise using the private aggregation of time-series data scheme by Shi et al. | CRIPTIM | mit | 4 |
| [https://github.com/CRIPTIM/private-IOC-sharing](https://github.com/CRIPTIM/private-IOC-sharing) | Proof-of-concept implementation of cryptographic indicators of compromise. | CRIPTIM | mit | 6 |
| [https://github.com/mempodippy/vlany](https://github.com/mempodippy/vlany) | Linux LD_PRELOAD rootkit (x86 and x86_64 architectures) | mempodippy | gpl-3.0 | 881 |
| [https://github.com/BreakingMalwareResearch/atom-bombing](https://github.com/BreakingMalwareResearch/atom-bombing) | Brand New Code Injection for Windows | BreakingMalwareResearch | | 685 |
| [https://github.com/robertdavidgraham/telnetlogger](https://github.com/robertdavidgraham/telnetlogger) | Simulates enough of a Telnet connection in order to log failed login attempts. | robertdavidgraham | | 234 |
| [https://github.com/mkorman90/VolatilityBot](https://github.com/mkorman90/VolatilityBot) | VolatilityBot An automated memory analyzer for malware samples and memory dumps | mkorman90 | mit | 246 |
| [https://github.com/DE-CIX/pbgp-parser](https://github.com/DE-CIX/pbgp-parser) | PCAP BGP Parser | DE-CIX | other | 81 |
| [https://github.com/pyupio/safety-db](https://github.com/pyupio/safety-db) | A curated database of insecure Python packages | pyupio | other | 711 |
| [https://github.com/Pepitoh/VBad](https://github.com/Pepitoh/VBad) | VBA Obfuscation Tools combined with an MS office document generator | Pepitoh | mit | 473 |
| [https://github.com/jedisct1/edgedns](https://github.com/jedisct1/edgedns) | A high performance DNS cache designed for Content Delivery Networks | jedisct1 | isc | 458 |
| [https://github.com/Geal/nom](https://github.com/Geal/nom) | Rust parser combinator framework | Geal | mit | 7207 |
| [https://github.com/haegardev/unzip](https://github.com/haegardev/unzip) | | haegardev | | 1 |
| [https://github.com/snabbco/snabb](https://github.com/snabbco/snabb) | Snabb: Simple and fast packet networking | snabbco | apache-2.0 | 2854 |
| [https://github.com/dirtycow/dirtycow.github.io](https://github.com/dirtycow/dirtycow.github.io) | Dirty COW | dirtycow | | 3136 |
| [https://github.com/cve-search/PyCVESearch](https://github.com/cve-search/PyCVESearch) | Python wrapper for the API of cve-search | cve-search | other | 97 |
| [https://github.com/michenriksen/birdwatcher](https://github.com/michenriksen/birdwatcher) | Data analysis and OSINT framework for Twitter | michenriksen | mit | 398 |
| [https://github.com/whitesmith/hawkpost](https://github.com/whitesmith/hawkpost) | Generate links that users can use to submit messages encrypted with your public key. | whitesmith | mit | 898 |
| [https://github.com/MISP/misp-rfc](https://github.com/MISP/misp-rfc) | Specifications used in the MISP project including MISP core format | MISP | | 39 |
| [https://github.com/sanic-org/sanic](https://github.com/sanic-org/sanic) | Next generation Python web server/framework | Build fast. Run fast. | sanic-org | mit | 16565 |
| [https://github.com/tandasat/ExploitCapcom](https://github.com/tandasat/ExploitCapcom) | This is a standalone exploit for a vulnerable feature in Capcom.sys | tandasat | mit | 205 |
| [https://github.com/xujun10110/es_email_intel](https://github.com/xujun10110/es_email_intel) | Extract IOCs from emails, store them in ElasticSearch, and generate mails and feeds based on the data | xujun10110 | | 4 |
| [https://github.com/IoTPOT/IoTPOT](https://github.com/IoTPOT/IoTPOT) | We implement IoTPOT, a novel honeypot to emulate Telnet services of various IoT devices to analyze ongoing attacks in depth. IoTPOT consists of a frontend low-interaction responder cooperating with backend high-interaction virtual environments called IoTBOX. IoTBOX operates various virtual environments commonly used by embedded systems for different CPU architectures. | IoTPOT | | 26 |
| [https://github.com/martinbjeldbak/ultimate-beamer-theme-list](https://github.com/martinbjeldbak/ultimate-beamer-theme-list) | A collection of custom Beamer themes | martinbjeldbak | | 899 |
| [https://github.com/ddcc/d3-waterfall](https://github.com/ddcc/d3-waterfall) | | ddcc | mit | 81 |
| [https://github.com/john-kurkowski/tldextract](https://github.com/john-kurkowski/tldextract) | Accurately separates a URLs subdomain, domain, and public suffix, using the Public Suffix List (PSL). | john-kurkowski | bsd-3-clause | 1554 |
| [https://github.com/Blueliv/yaraQA](https://github.com/Blueliv/yaraQA) | | Blueliv | other | 14 |
| [https://github.com/hackergrrl/art-of-readme](https://github.com/hackergrrl/art-of-readme) | :love_letter: Things I've learned about writing good READMEs. | hackergrrl | | 6850 |
| [https://github.com/shendo/netsink](https://github.com/shendo/netsink) | Network sinkhole for isolated malware analysis | shendo | gpl-3.0 | 37 |
| [https://github.com/reelsense/markdeep](https://github.com/reelsense/markdeep) | 📝 Markdeep | reelsense | bsd-2-clause | 246 |
| [https://github.com/sebicas/bitcoin-sniffer](https://github.com/sebicas/bitcoin-sniffer) | Bitcoin P2P Network Sniffer | sebicas | | 72 |
| [https://github.com/bontchev/pcodedmp](https://github.com/bontchev/pcodedmp) | A VBA p-code disassembler | bontchev | gpl-3.0 | 407 |
| [https://github.com/keystone-engine/keystone](https://github.com/keystone-engine/keystone) | Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings | keystone-engine | gpl-2.0 | 1887 |
| [https://github.com/amix/neuralist](https://github.com/amix/neuralist) | A Python interface to access neural-redis | amix | mit | 77 |
| [https://github.com/miekg/mmark](https://github.com/miekg/mmark) | **OBSOLETE** See https://github.com/mmarkdown/mmark | miekg | other | 257 |
| [https://github.com/antirez/neural-redis](https://github.com/antirez/neural-redis) | Neural networks module for Redis | antirez | bsd-3-clause | 2217 |
| [https://github.com/decalage2/ViperMonkey](https://github.com/decalage2/ViperMonkey) | A VBA parser and emulation engine to analyze malicious macros. | decalage2 | | 918 |
| [https://github.com/oasis-open/cti-marking-prototype](https://github.com/oasis-open/cti-marking-prototype) | OASIS TC Open Repository: Prototype for processing granular data markings in STIX | oasis-open | bsd-3-clause | 4 |
| [https://github.com/mimoo/Diffie-Hellman_Backdoor](https://github.com/mimoo/Diffie-Hellman_Backdoor) | How to backdoor Diffie-Hellman | mimoo | | 590 |
| [https://github.com/mlsecproject/tiq-test](https://github.com/mlsecproject/tiq-test) | Threat Intelligence Quotient Test - Dataviz and Statistical Analysis of TI feeds | mlsecproject | gpl-3.0 | 158 |
| [https://github.com/OpenC2-org/openc2-org](https://github.com/OpenC2-org/openc2-org) | The Open Command and Control Forum promotes the global development and adoption of the OpenC2 language and reference material. | OpenC2-org | other | 28 |
| [https://github.com/ccdcoe/Frankencoding](https://github.com/ccdcoe/Frankencoding) | You're busted! | ccdcoe | | 15 |
| [https://github.com/twschiller/open-synthesis](https://github.com/twschiller/open-synthesis) | Open platform for CIA-style intelligence analysis | twschiller | gpl-3.0 | 176 |
| [https://github.com/hintjens/socialarchitecture](https://github.com/hintjens/socialarchitecture) | A primer on on-line community building | hintjens | other | 184 |
| [https://github.com/oasis-open/cti-cybox3-json-schemas](https://github.com/oasis-open/cti-cybox3-json-schemas) | OASIS TC Open Repository: Non-normative schemas and examples for CybOX 3 | oasis-open | bsd-3-clause | 3 |
| [https://github.com/push0ebp/sig-database](https://github.com/push0ebp/sig-database) | IDA FLIRT Signature Database | push0ebp | | 671 |
| [https://github.com/MISP/MISP-STIX-Converter](https://github.com/MISP/MISP-STIX-Converter) | A utility repo to assist with converting between MISP and STIX formats | MISP | lgpl-3.0 | 60 |
| [https://github.com/gohugoio/hugo](https://github.com/gohugoio/hugo) | The worlds fastest framework for building websites. | gohugoio | apache-2.0 | 63444 |
| [https://github.com/anisse/hashbot](https://github.com/anisse/hashbot) | Twitter bot that looks for hashes | anisse | | 8 |
| [https://github.com/mispy-archive/twitter_ebooks](https://github.com/mispy-archive/twitter_ebooks) | Better twitterbots for all your friends~ | mispy-archive | mit | 974 |
| [https://github.com/salesforce/threatshell](https://github.com/salesforce/threatshell) | | salesforce | bsd-3-clause | 64 |
| [https://github.com/tom8941/MISP-IOC-Validator](https://github.com/tom8941/MISP-IOC-Validator) | Validate IOC from MISP ; Export results and iocs to SIEM and sensors using syslog and CEF format | tom8941 | gpl-3.0 | 11 |
| [https://github.com/stamparm/ipsum](https://github.com/stamparm/ipsum) | Daily feed of bad IPs (with blacklist hit scores) | stamparm | unlicense | 858 |
| [https://github.com/mrexodia/idapatch](https://github.com/mrexodia/idapatch) | IDA plugin to patch IDA Pro in memory. | mrexodia | mit | 44 |
| [https://github.com/gcrahay/otx_misp](https://github.com/gcrahay/otx_misp) | Imports Alienvault OTX pulses to a MISP instance | gcrahay | other | 48 |
| [https://github.com/wsong/Typo-Distance](https://github.com/wsong/Typo-Distance) | Finds the likelihood that one string is a typo of another and generates likely typos from a given string | wsong | | 59 |
| [https://github.com/zmallen/pygraylog](https://github.com/zmallen/pygraylog) | Python API bindings for Graylog | zmallen | apache-2.0 | 12 |
| [https://github.com/eclecticiq/OpenTAXII](https://github.com/eclecticiq/OpenTAXII) | TAXII server implementation in Python from EclecticIQ | eclecticiq | bsd-3-clause | 150 |
| [https://github.com/infoscout/weighted-levenshtein](https://github.com/infoscout/weighted-levenshtein) | Weighted Levenshtein library | infoscout | mit | 97 |
| [https://github.com/aoh/radamsa](https://github.com/aoh/radamsa) | a general-purpose fuzzer | aoh | | 1207 |
| [https://github.com/shellphish/fuzzer](https://github.com/shellphish/fuzzer) | A Python interface to AFL, allowing for easy injection of testcases and other functionality. | shellphish | bsd-2-clause | 610 |
| [https://github.com/tom8941/DefenseCenter_Snort_Uploader](https://github.com/tom8941/DefenseCenter_Snort_Uploader) | Automatic upload of snort rules in SourceFire Defense Center | tom8941 | gpl-3.0 | 3 |
| [https://github.com/sdispater/pendulum](https://github.com/sdispater/pendulum) | Python datetimes made easy | sdispater | mit | 5156 |
| [https://github.com/santu47/Eramba](https://github.com/santu47/Eramba) | | santu47 | gpl-2.0 | 1 |
| [https://github.com/tomnomnom/gron](https://github.com/tomnomnom/gron) | Make JSON greppable! | tomnomnom | mit | 11561 |
| [https://github.com/yuki-kimoto/gitprep](https://github.com/yuki-kimoto/gitprep) | Portable GitHub system into your own server | yuki-kimoto | | 874 |
| [https://github.com/digitalbazaar/pyld](https://github.com/digitalbazaar/pyld) | JSON-LD processor written in Python | digitalbazaar | other | 503 |
| [https://github.com/ministryofpromise/tlp](https://github.com/ministryofpromise/tlp) | threat language parser | ministryofpromise | mit | 57 |
| [https://github.com/ufrisk/pcileech](https://github.com/ufrisk/pcileech) | Direct Memory Access (DMA) Attack Software | ufrisk | agpl-3.0 | 2765 |
| [https://github.com/linuz/Sticky-Keys-Slayer](https://github.com/linuz/Sticky-Keys-Slayer) | Scans for accessibility tools backdoors via RDP | linuz | gpl-3.0 | 304 |
| [https://github.com/Miserlou/omnihash](https://github.com/Miserlou/omnihash) | Hash files, strings, input streams and network resources in various common algorithms simultaneously | Miserlou | mit | 249 |
| [https://github.com/skorokithakis/shortuuid](https://github.com/skorokithakis/shortuuid) | A generator library for concise, unambiguous and URL-safe UUIDs. | skorokithakis | bsd-3-clause | 1753 |
| [https://github.com/freetaxii/stix2-graphics](https://github.com/freetaxii/stix2-graphics) | Graphics, icons, and diagrams to support STIX 2 | freetaxii | cc-by-sa-4.0 | 34 |
| [https://github.com/PidgeyL/MISP-Extractor](https://github.com/PidgeyL/MISP-Extractor) | Extract information from MISP via the API | PidgeyL | | 13 |
| [https://github.com/tesseract-ocr/tesseract](https://github.com/tesseract-ocr/tesseract) | Tesseract Open Source OCR Engine (main repository) | tesseract-ocr | apache-2.0 | 47278 |
| [https://github.com/madmaze/pytesseract](https://github.com/madmaze/pytesseract) | A Python wrapper for Google Tesseract | madmaze | apache-2.0 | 4501 |
| [https://github.com/Phillipmartin/gopassivedns](https://github.com/Phillipmartin/gopassivedns) | PassiveDNS in Go | Phillipmartin | mit | 118 |
| [https://github.com/commonsmachinery/blockhash-python](https://github.com/commonsmachinery/blockhash-python) | Implementation of perceptual image hash calculation in Python | commonsmachinery | mit | 125 |
| [https://github.com/dxa4481/Snapper](https://github.com/dxa4481/Snapper) | A security tool for grabbing screenshots of many web hosts | dxa4481 | gpl-2.0 | 276 |
| [https://github.com/MISP/PyTaxonomies](https://github.com/MISP/PyTaxonomies) | Python module to use the MISP Taxonomies | MISP | bsd-3-clause | 25 |
| [https://github.com/REMath/literature_review](https://github.com/REMath/literature_review) | Survey of program analysis research with a focus on machine code | REMath | | 533 |
| [https://github.com/waywardgeek/infnoise](https://github.com/waywardgeek/infnoise) | The world's easiest TRNG to get right | waywardgeek | cc0-1.0 | 624 |
| [https://github.com/celiadominguez/shcft](https://github.com/celiadominguez/shcft) | Sherlock Holmes Computer Forensics Tools | celiadominguez | | 5 |
| [https://github.com/jedisct1/piknik](https://github.com/jedisct1/piknik) | Copy/paste anything over the network. | jedisct1 | bsd-2-clause | 2280 |
| [https://github.com/PaloAltoNetworks/minemeld](https://github.com/PaloAltoNetworks/minemeld) | Main MineMeld documentation repo | PaloAltoNetworks | | 362 |
| [https://github.com/old-jekyll-templates/Arcana-Jekyll-Theme](https://github.com/old-jekyll-templates/Arcana-Jekyll-Theme) | Arcana Jekyll Theme | old-jekyll-templates | other | 26 |
| [https://github.com/MISP/cti-toolkit](https://github.com/MISP/cti-toolkit) | CERT Australia Cyber Threat Intelligence (CTI) Toolkit | MISP | other | 11 |
| [https://github.com/antirez/kilo](https://github.com/antirez/kilo) | A text editor in less than 1000 LOC with syntax highlight and search. | antirez | bsd-2-clause | 5679 |
| [https://github.com/misterch0c/firminator_backend](https://github.com/misterch0c/firminator_backend) | The first open source vulnerability scanner for firmwares | misterch0c | | 195 |
| [https://github.com/traefik/traefik](https://github.com/traefik/traefik) | The Cloud Native Application Proxy | traefik | mit | 40270 |
| [https://github.com/tehsyntx/loffice](https://github.com/tehsyntx/loffice) | Lazy Office Analyzer | tehsyntx | | 113 |
| [https://github.com/hamidreza-s/NanoChat](https://github.com/hamidreza-s/NanoChat) | A P2P, E2E encrypted and discoverable chat application on top of nanomsg library | hamidreza-s | | 108 |
| [https://github.com/laginimaineb/ExtractKeyMaster](https://github.com/laginimaineb/ExtractKeyMaster) | Exploit that extracts Qualcomm's KeyMaster keys using CVE-2015-6639 and CVE-2016-2431 | laginimaineb | | 323 |
| [https://github.com/ANSSI-FR/polichombr](https://github.com/ANSSI-FR/polichombr) | Collaborative malware analysis framework | ANSSI-FR | other | 346 |
| [https://github.com/melaniecebula/cat-ascii-faces](https://github.com/melaniecebula/cat-ascii-faces) | ₍˄·͈༝·͈˄₎◞ ̑̑ෆ⃛ (=ↀωↀ=)✧ (^・o・^)ノ” cat faces! | melaniecebula | | 238 |
| [https://github.com/ANSSI-FR/bmc-tools](https://github.com/ANSSI-FR/bmc-tools) | RDP Bitmap Cache parser | ANSSI-FR | cecill-2.1 | 341 |
| [https://github.com/stealth/opmsg](https://github.com/stealth/opmsg) | opmsg message encryption | stealth | other | 722 |
| [https://github.com/parltrack/parltrack](https://github.com/parltrack/parltrack) | Parliamentary Tracker Application | parltrack | | 63 |
| [https://github.com/blechschmidt/massdns](https://github.com/blechschmidt/massdns) | A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) | blechschmidt | gpl-3.0 | 2434 |
| [https://github.com/quarkslab/keyringer](https://github.com/quarkslab/keyringer) | Fork of keyringer from https://keyringer.pw (added some features like tree view, additional checks, ...) | quarkslab | gpl-3.0 | 8 |
| [https://github.com/doukremt/distance](https://github.com/doukremt/distance) | Levenshtein and Hamming distance computation | doukremt | other | 110 |
| [https://github.com/bartobri/no-more-secrets](https://github.com/bartobri/no-more-secrets) | A command line tool that recreates the famous data decryption effect seen in the 1992 movie Sneakers. | bartobri | gpl-3.0 | 5238 |
| [https://github.com/cx9527/strongdb](https://github.com/cx9527/strongdb) | gdb plugin for android debugging | cx9527 | gpl-3.0 | 100 |
| [https://github.com/tandasat/HyperPlatform](https://github.com/tandasat/HyperPlatform) | Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows. | tandasat | mit | 1216 |
| [https://github.com/CybOXProject/specifications](https://github.com/CybOXProject/specifications) | Cyber Observable Expression (CybOX™) | CybOXProject | | 4 |
| [https://github.com/ThreatHuntingProject/ThreatHunting](https://github.com/ThreatHuntingProject/ThreatHunting) | An informational repo about hunting for adversaries in your IT environment. | ThreatHuntingProject | | 1430 |
| [https://github.com/cloudflare/cfssl_trust](https://github.com/cloudflare/cfssl_trust) | CFSSL's CA trust store repository | cloudflare | bsd-2-clause | 207 |
| [https://github.com/HurricaneLabs/machinae](https://github.com/HurricaneLabs/machinae) | Machinae Security Intelligence Collector | HurricaneLabs | mit | 479 |
| [https://github.com/ethanrowe/python-merky](https://github.com/ethanrowe/python-merky) | Provides a python library for the somewhat flexible calculation of merkle trees. Flexible, not necessarily fast. | ethanrowe | mit | 6 |
| [https://github.com/laginimaineb/cve-2016-2431](https://github.com/laginimaineb/cve-2016-2431) | Qualcomm TrustZone kernel privilege escalation | laginimaineb | other | 51 |
| [https://github.com/IMcPwn/browser-backdoor](https://github.com/IMcPwn/browser-backdoor) | BrowserBackdoor is an Electron Application with a JavaScript WebSocket Backdoor and a Ruby Command-Line Listener | IMcPwn | mit | 341 |
| [https://github.com/icecoder/ICEcoder](https://github.com/icecoder/ICEcoder) | Browser code editor awesomeness | icecoder | other | 1366 |
| [https://github.com/fox-it/mofang](https://github.com/fox-it/mofang) | Mofang Indicators of Compromise | fox-it | | 9 |
| [https://github.com/Antelox/NemucodFR](https://github.com/Antelox/NemucodFR) | Extract the key and use it to recover encrypted files by Nemucod Ransomware [.crypted] | Antelox | mit | 18 |
| [https://github.com/ciscocsirt/malspider](https://github.com/ciscocsirt/malspider) | Malspider is a web spidering framework that detects characteristics of web compromises. | ciscocsirt | bsd-3-clause | 426 |
| [https://github.com/FIRSTdotorg/global-irt](https://github.com/FIRSTdotorg/global-irt) | Global IRT (Incident Response Team) is a project to describe common IRT and abuse contact information | FIRSTdotorg | bsd-2-clause | 43 |
| [https://github.com/kwouffe/halloffame](https://github.com/kwouffe/halloffame) | Manage reported vulnerabilies | kwouffe | | 2 |
| [https://github.com/Nakiami/mellivora](https://github.com/Nakiami/mellivora) | Mellivora is a CTF engine written in PHP | Nakiami | gpl-3.0 | 405 |
| [https://github.com/jaegeral/FireMISP](https://github.com/jaegeral/FireMISP) | FireEye Alert json files to MISP Malware information sharing plattform (Alpha) | jaegeral | mit | 29 |
| [https://github.com/lachesis/scallion](https://github.com/lachesis/scallion) | GPU-based Onion Hash generator | lachesis | other | 1166 |
| [https://github.com/IonicaBizau/git-stats](https://github.com/IonicaBizau/git-stats) | 🍀 Local git statistics including GitHub-like contributions calendars. | IonicaBizau | mit | 6050 |
| [https://github.com/rommelfs/vt-submit](https://github.com/rommelfs/vt-submit) | Program to submit files (with comments) to VirusTotal | rommelfs | | 2 |
| [https://github.com/cmu-sei/pharos](https://github.com/cmu-sei/pharos) | Automated static analysis tools for binary programs | cmu-sei | other | 1285 |
| [https://github.com/gitunique/cti-scripts](https://github.com/gitunique/cti-scripts) | Scripts for accessing and transforming cyber threat intelligence | gitunique | | 20 |
| [https://github.com/Rafiot/pdfid](https://github.com/Rafiot/pdfid) | Clone of PDFiD by Didier Stevens, as a package and with some improvements. | Rafiot | | 23 |
| [https://github.com/mit-nlp/MITIE](https://github.com/mit-nlp/MITIE) | MITIE: library and tools for information extraction | mit-nlp | | 2794 |
| [https://github.com/paralax/awesome-honeypots](https://github.com/paralax/awesome-honeypots) | an awesome list of honeypot resources | paralax | artistic-2.0 | 6451 |
| [https://github.com/OfflineIMAP/imapfw](https://github.com/OfflineIMAP/imapfw) | imapfw (IMAP/mail framework) | OfflineIMAP | mit | 463 |
| [https://github.com/CodeClubLux/TopCompiler](https://github.com/CodeClubLux/TopCompiler) | Top Compiler, compiling to JS | CodeClubLux | mit | 3 |
| [https://github.com/glmcdona/Process-Dump](https://github.com/glmcdona/Process-Dump) | Windows tool for dumping malware PE files from memory back to disk for analysis. | glmcdona | mit | 1295 |
| [https://github.com/koenrh/sidtoday-text](https://github.com/koenrh/sidtoday-text) | The SIDtoday Files | koenrh | | 6 |
| [https://github.com/das-labor/panopticon](https://github.com/das-labor/panopticon) | A libre cross-platform disassembler. | das-labor | gpl-3.0 | 1403 |
| [https://github.com/foospidy/HoneyPy](https://github.com/foospidy/HoneyPy) | A low to medium interaction honeypot. | foospidy | gpl-2.0 | 427 |
| [https://github.com/libyal/libvshadow](https://github.com/libyal/libvshadow) | Library and tools to access the Volume Shadow Snapshot (VSS) format | libyal | lgpl-3.0 | 92 |
| [https://github.com/dbohdan/structured-text-tools](https://github.com/dbohdan/structured-text-tools) | A list of command line tools for manipulating structured text data | dbohdan | | 6395 |
| [https://github.com/adamchainz/treepoem](https://github.com/adamchainz/treepoem) | Barcode rendering for Python supporting QRcode, Aztec, PDF417, I25, Code128, Code39 and many more types. | adamchainz | mit | 109 |
| [https://github.com/grierforensics/officedissector](https://github.com/grierforensics/officedissector) | Static analysis tools for Microsoft Office Open XML files and documents | grierforensics | other | 57 |
| [https://github.com/mitre/multiscanner](https://github.com/mitre/multiscanner) | Modular file scanning/analysis framework | mitre | other | 573 |
| [https://github.com/jessek/hashdeep](https://github.com/jessek/hashdeep) | | jessek | other | 615 |
| [https://github.com/xolox/vim-notes](https://github.com/xolox/vim-notes) | Easy note taking in Vim | xolox | | 1571 |
| [https://github.com/nsacyber/Windows-Secure-Host-Baseline](https://github.com/nsacyber/Windows-Secure-Host-Baseline) | Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber | nsacyber | other | 1405 |
| [https://github.com/pwnall/sphero-notes](https://github.com/pwnall/sphero-notes) | Notes on reverse-engineering sphero | pwnall | mit | 14 |
| [https://github.com/ofercas/ransomware_begone](https://github.com/ofercas/ransomware_begone) | ransomware_begone | ofercas | | 39 |
| [https://github.com/cedricbonhomme/newspipe](https://github.com/cedricbonhomme/newspipe) | A web news aggregator. | cedricbonhomme | agpl-3.0 | 344 |
| [https://github.com/igraph/igraph](https://github.com/igraph/igraph) | Library for the analysis of networks | igraph | gpl-2.0 | 1449 |
| [https://github.com/gbrindisi/malware](https://github.com/gbrindisi/malware) | malware source codes | gbrindisi | | 485 |
| [https://github.com/DFAX/dfax](https://github.com/DFAX/dfax) | (DEPRECATED) Digital Forensic Analysis eXpression | DFAX | | 7 |
| [https://github.com/vaab/gitchangelog](https://github.com/vaab/gitchangelog) | Creates a changelog from git log history. | vaab | other | 554 |
| [https://github.com/eleme/corvus](https://github.com/eleme/corvus) | A fast and lightweight Redis Cluster Proxy for Redis 3.0 | eleme | mit | 786 |
| [https://github.com/cve-search/Plugins](https://github.com/cve-search/Plugins) | Plugins written for CVE-Search | cve-search | | 24 |
| [https://github.com/kohler/hotcrp](https://github.com/kohler/hotcrp) | HotCRP conference review software | kohler | other | 268 |
| [https://github.com/lqdc/virus-names](https://github.com/lqdc/virus-names) | Virus names generator | lqdc | mit | 27 |
| [https://github.com/iilab/satellitefieldguide](https://github.com/iilab/satellitefieldguide) | Satellite field guide for NGOs, activists and human rights defenders | iilab | | 8 |
| [https://github.com/tweekmonster/tmux2html](https://github.com/tweekmonster/tmux2html) | :cat2: Render full tmux windows or individual panes as HTML | tweekmonster | mit | 654 |
| [https://github.com/ukncsc/stix-cvebuilder](https://github.com/ukncsc/stix-cvebuilder) | CVE Builder script that generates STIX formatted Exploit Target objects | ukncsc | other | 18 |
| [https://github.com/almende/vis](https://github.com/almende/vis) | ⚠️ This project is not maintained anymore! Please go to https://github.com/visjs | almende | | 7899 |
| [https://github.com/AGWA/git-crypt](https://github.com/AGWA/git-crypt) | Transparent file encryption in git | AGWA | gpl-3.0 | 6848 |
| [https://github.com/ANSSI-FR/OVALI](https://github.com/ANSSI-FR/OVALI) | Generic graph exploration, manipulation and visualization tool (Outil de Visualisation et Analyse de Liens Inter-objets) | ANSSI-FR | bsd-3-clause | 35 |
| [https://github.com/caradoc-org/caradoc](https://github.com/caradoc-org/caradoc) | A PDF parser and validator | caradoc-org | gpl-2.0 | 287 |
| [https://github.com/s3git/s3git](https://github.com/s3git/s3git) | s3git: git for Cloud Storage. Distributed Version Control for Data. Create decentralized and versioned repos that scale infinitely to 100s of millions of files. Clone huge PB-scale repos on your local SSD to make changes, commit and push back. Oh yeah, it dedupes too and offers directory versioning. | s3git | apache-2.0 | 1390 |
| [https://github.com/varnish/hitch](https://github.com/varnish/hitch) | A scalable TLS proxy by Varnish Software. | varnish | other | 1767 |
| [https://github.com/MISP/MISPego](https://github.com/MISP/MISPego) | Maltego Transform to put entities into MISP events | MISP | mit | 24 |
| [https://github.com/BromiumLabs/PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) | C++ application that uses memory and code hooks to detect packers | BromiumLabs | gpl-2.0 | 250 |
| [https://github.com/r043v/rdd](https://github.com/r043v/rdd) | redis database dumper | r043v | | 90 |
| [https://github.com/MISP/data-processing](https://github.com/MISP/data-processing) | Scripts to process big chunks of data from MISP and do in depth correlations on samples. | MISP | bsd-2-clause | 12 |
| [https://github.com/omererdem/honeything](https://github.com/omererdem/honeything) | TR-069 Honeypot | omererdem | gpl-3.0 | 101 |
| [https://github.com/niksite/url-normalize](https://github.com/niksite/url-normalize) | URL normalization for Python | niksite | mit | 78 |
| [https://github.com/UnkL4b/GitMiner](https://github.com/UnkL4b/GitMiner) | Tool for advanced mining for content on Github | UnkL4b | gpl-3.0 | 1955 |
| [https://github.com/libgenman/GenSearch](https://github.com/libgenman/GenSearch) | Powered by Library Genesis | libgenman | | 21 |
| [https://github.com/google/vsaq](https://github.com/google/vsaq) | VSAQ is an interactive questionnaire application to assess the security programs of third parties. | google | apache-2.0 | 808 |
| [https://github.com/jpmens/jo](https://github.com/jpmens/jo) | JSON output from a shell | jpmens | other | 4269 |
| [https://github.com/danigargu/IDAtropy](https://github.com/danigargu/IDAtropy) | IDAtropy is a plugin for Hex-Ray's IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib. | danigargu | gpl-3.0 | 124 |
| [https://github.com/xme/misp-docker](https://github.com/xme/misp-docker) | Docker container for MISP | xme | | 95 |
| [https://github.com/nimia/public_drown_scanner](https://github.com/nimia/public_drown_scanner) | | nimia | gpl-2.0 | 438 |
| [https://github.com/fulldecent/system-bus-radio](https://github.com/fulldecent/system-bus-radio) | Transmits AM radio on computers without radio transmitting hardware. | fulldecent | mit | 5971 |
| [https://github.com/passivetotal/python_api](https://github.com/passivetotal/python_api) | Python abstract API for PassiveTotal services in the form of libraries and command line utilities. | passivetotal | other | 86 |
| [https://github.com/honeynet/ghost-usb-honeypot](https://github.com/honeynet/ghost-usb-honeypot) | A honeypot for malware that propagates via USB storage devices | honeynet | gpl-3.0 | 80 |
| [https://github.com/lyle-nel/siga](https://github.com/lyle-nel/siga) | Population based metaheuristic for password cracking. Siga(Simple genetic algorithm) | lyle-nel | gpl-3.0 | 409 |
| [https://github.com/MISP/MISP-maltego](https://github.com/MISP/MISP-maltego) | Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset. | MISP | agpl-3.0 | 147 |
| [https://github.com/bifurcation/pyjose](https://github.com/bifurcation/pyjose) | A Python implementation of JOSE | bifurcation | | 14 |
| [https://github.com/S03D4-164/Hiryu](https://github.com/S03D4-164/Hiryu) | IOC Management and Visualization Tool | S03D4-164 | | 41 |
| [https://github.com/mandiant/iocs](https://github.com/mandiant/iocs) | FireEye Publicly Shared Indicators of Compromise (IOCs) | mandiant | apache-2.0 | 442 |
| [https://github.com/armbues/ioc_parser](https://github.com/armbues/ioc_parser) | Tool to extract indicators of compromise from security reports in PDF format | armbues | mit | 389 |
| [https://github.com/scrapinghub/portia](https://github.com/scrapinghub/portia) | Visual scraping for Scrapy | scrapinghub | bsd-3-clause | 8653 |
| [https://github.com/fjserna/CVE-2015-7547](https://github.com/fjserna/CVE-2015-7547) | Proof of concept for CVE-2015-7547 | fjserna | apache-2.0 | 548 |
| [https://github.com/jayjacobs/verisr](https://github.com/jayjacobs/verisr) | R package for working with data stored within VERIS framework | jayjacobs | | 13 |
| [https://github.com/bigchaindb/bigchaindb](https://github.com/bigchaindb/bigchaindb) | Meet BigchainDB. The blockchain database. | bigchaindb | apache-2.0 | 3935 |
| [https://github.com/kanzure/pdfparanoia](https://github.com/kanzure/pdfparanoia) | pdf watermark removal library for academic papers | kanzure | | 480 |
| [https://github.com/dfirlabs/focalpoint](https://github.com/dfirlabs/focalpoint) | Proof of concept Chrome extension to extract specific information from websites | dfirlabs | apache-2.0 | 1 |
| [https://github.com/gchq/Gaffer](https://github.com/gchq/Gaffer) | A large-scale entity and relation database supporting aggregation of properties | gchq | apache-2.0 | 1667 |
| [https://github.com/Wikinaut/agrep](https://github.com/Wikinaut/agrep) | AGREP - approximate GREP for fast fuzzy string searching. Files are searched for a string or regular expression, with approximate matching capabilities and user-definable records. Developed 1989-1991 by Udi Manber, Sun Wu et al. at the University of Arizona. ISC open source license since Sept. 2014. | Wikinaut | other | 270 |
| [https://github.com/CESNET/ipfixcol](https://github.com/CESNET/ipfixcol) | IPFIXcol is an implementation of an IPFIX (RFC 7011) collector | CESNET | other | 63 |
| [https://github.com/pyca/cryptography](https://github.com/pyca/cryptography) | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. | pyca | other | 5134 |
| [https://github.com/Kitt-AI/parsetron](https://github.com/Kitt-AI/parsetron) | A natural language semantic parser | Kitt-AI | apache-2.0 | 109 |
| [https://github.com/emsec/SCATools](https://github.com/emsec/SCATools) | Open tools for side-channel analysis and related techniques. Currently, this repository contains: 1) A near-field EM probe amplifier circuit | emsec | other | 32 |
| [https://github.com/wllm-rbnt/fft_process](https://github.com/wllm-rbnt/fft_process) | Classifying logs using FFT | wllm-rbnt | agpl-3.0 | 3 |
| [https://github.com/mtivadar/qiew](https://github.com/mtivadar/qiew) | Home of Qiew - Reverse engineering tool | mtivadar | gpl-2.0 | 154 |
| [https://github.com/restic/restic](https://github.com/restic/restic) | Fast, secure, efficient backup program | restic | bsd-2-clause | 18359 |
| [https://github.com/Kinto/kinto](https://github.com/Kinto/kinto) | A generic JSON document store with sharing and synchronisation capabilities. | Kinto | other | 4222 |
| [https://github.com/geohot/qira](https://github.com/geohot/qira) | QEMU Interactive Runtime Analyser | geohot | mit | 3569 |
| [https://github.com/rieck/derrick](https://github.com/rieck/derrick) | A Simple Network Stream Recorder | rieck | other | 32 |
| [https://github.com/rieck/harry](https://github.com/rieck/harry) | A Tool for Measuring String Similarity | rieck | gpl-3.0 | 110 |
| [https://github.com/hrbrmstr/pewpew](https://github.com/hrbrmstr/pewpew) | :star: :star: :star: Build your own IP Attack Maps with SOUND! | hrbrmstr | | 946 |
| [https://github.com/onyxbits/dummydroid](https://github.com/onyxbits/dummydroid) | Google Play checkin utility. Creates a configurable hardware profile and gets a GSF ID for it. | onyxbits | apache-2.0 | 55 |
| [https://github.com/CrowdStrike/travel-laptop](https://github.com/CrowdStrike/travel-laptop) | Auxiliary documentation and scripts around "A Reasonably Safe Travel Burner Laptop" | CrowdStrike | | 219 |
| [https://github.com/gophish/gophish](https://github.com/gophish/gophish) | Open-Source Phishing Toolkit | gophish | other | 8253 |
| [https://github.com/ALSchwalm/foresight](https://github.com/ALSchwalm/foresight) | A tool for predicting the output of random number generators | ALSchwalm | mit | 168 |
| [https://github.com/ForensicArtifacts/artifacts](https://github.com/ForensicArtifacts/artifacts) | Digital Forensics Artifact Repository | ForensicArtifacts | apache-2.0 | 786 |
| [https://github.com/fastos/tcpdive](https://github.com/fastos/tcpdive) | A TCP performance profiling tool. | fastos | gpl-2.0 | 1830 |
| [https://github.com/aboSamoor/polyglot](https://github.com/aboSamoor/polyglot) | Multilingual text (NLP) processing toolkit | aboSamoor | other | 2070 |
| [https://github.com/Storyyeller/Krakatau](https://github.com/Storyyeller/Krakatau) | Java decompiler, assembler, and disassembler | Storyyeller | gpl-3.0 | 1638 |
| [https://github.com/mbachry/exxo](https://github.com/mbachry/exxo) | Build portable Python binaries | mbachry | isc | 461 |
| [https://github.com/RPISEC/Malware](https://github.com/RPISEC/Malware) | Course materials for Malware Analysis by RPISEC | RPISEC | | 3279 |
| [https://github.com/probcomp/crosscat](https://github.com/probcomp/crosscat) | A domain-general, Bayesian method for analyzing high-dimensional data tables | probcomp | apache-2.0 | 322 |
| [https://github.com/simongog/sdsl-lite](https://github.com/simongog/sdsl-lite) | Succinct Data Structure Library 2.0 | simongog | other | 2080 |
| [https://github.com/jboone/tpms](https://github.com/jboone/tpms) | Tire Pressure Monitoring System decoding tools. | jboone | | 325 |
| [https://github.com/intel/pyMIC](https://github.com/intel/pyMIC) | | intel | bsd-3-clause | 52 |
| [https://github.com/OpenWhiteBox/AES](https://github.com/OpenWhiteBox/AES) | Implementations of white-box AES constructions and their cryptanalyses. | OpenWhiteBox | bsd-3-clause | 194 |
| [https://github.com/Googulator/TeslaCrack](https://github.com/Googulator/TeslaCrack) | Decryptor for the TeslaCrypt malware | Googulator | gpl-3.0 | 178 |
| [https://github.com/shikata-ga-nai/the-backdoor-factory](https://github.com/shikata-ga-nai/the-backdoor-factory) | Patch PE (x86/x64) and ELF (x86/x64 and ARM LE x32) binaries with shellcode | shikata-ga-nai | bsd-3-clause | 5 |
| [https://github.com/kala13x/scap](https://github.com/kala13x/scap) | Network Sniffer (Scan and Capture Incoming Packets) | kala13x | lgpl-3.0 | 83 |
| [https://github.com/hannob/ed25519hetzner](https://github.com/hannob/ed25519hetzner) | Script to scan OpenSSH host key and known_hosts files for shared keys from server hoster Hetzner | hannob | cc0-1.0 | 18 |
| [https://github.com/EC-DIGIT-CSIRC/Landesk-Registry-Entry-Parser](https://github.com/EC-DIGIT-CSIRC/Landesk-Registry-Entry-Parser) | Parses the registry entries for Landesk within the Software hive. | EC-DIGIT-CSIRC | | 4 |
| [https://github.com/EC-DIGIT-CSIRC/VirusTotal-Tools](https://github.com/EC-DIGIT-CSIRC/VirusTotal-Tools) | | EC-DIGIT-CSIRC | mit | 36 |
| [https://github.com/lumifyio/lumify](https://github.com/lumifyio/lumify) | open source big data integration, analytics, and visualization | lumifyio | apache-2.0 | 413 |
| [https://github.com/ricochet-im/ricochet](https://github.com/ricochet-im/ricochet) | Anonymous peer-to-peer instant messaging | ricochet-im | other | 3630 |
| [https://github.com/reinderien/mimic](https://github.com/reinderien/mimic) | [ab]using Unicode to create tragedy | reinderien | mit | 3720 |
| [https://github.com/drwetter/testssl.sh](https://github.com/drwetter/testssl.sh) | Testing TLS/SSL encryption anywhere on any port | drwetter | gpl-2.0 | 6496 |
| [https://github.com/mafintosh/dns-discovery](https://github.com/mafintosh/dns-discovery) | Discovery peers in a distributed system using regular dns and multicast dns. | mafintosh | mit | 189 |
| [https://github.com/tqdm/tqdm](https://github.com/tqdm/tqdm) | A Fast, Extensible Progress Bar for Python and CLI | tqdm | other | 23245 |
| [https://github.com/scadastrangelove/SCADAPASS](https://github.com/scadastrangelove/SCADAPASS) | SCADA StrangeLove Default/Hardcoded Passwords List | scadastrangelove | | 400 |
| [https://github.com/MacLemon/CongressChecklist](https://github.com/MacLemon/CongressChecklist) | A list of things to do, to pack and tips on attending a congress, especially Chaos Communication Congress. | MacLemon | | 319 |
| [https://github.com/jipegit/FECT](https://github.com/jipegit/FECT) | Fast Evidence Collector Toolkit is an incident response toolkit to collect evidences on a suspicious windows computer | jipegit | other | 39 |
| [https://github.com/anl-cyberscience/FlexTransform](https://github.com/anl-cyberscience/FlexTransform) | Enables dynamic translation of structured data between formats | anl-cyberscience | other | 14 |
| [https://github.com/anl-cyberscience/LQMToolset](https://github.com/anl-cyberscience/LQMToolset) | Flexible framework that allows automation to process cyber threat information and update endpoint defense tools. | anl-cyberscience | other | 21 |
| [https://github.com/cseagle/fREedom](https://github.com/cseagle/fREedom) | capstone based disassembler for extracting to binnavi | cseagle | gpl-2.0 | 220 |
| [https://github.com/yahoo/redislite](https://github.com/yahoo/redislite) | Redis in a python module. | yahoo | other | 525 |
| [https://github.com/cure53/HTTPLeaks](https://github.com/cure53/HTTPLeaks) | HTTPLeaks - All possible ways, a website can leak HTTP requests | cure53 | bsd-2-clause | 1655 |
| [https://github.com/clayh53/tufte-jekyll](https://github.com/clayh53/tufte-jekyll) | Minimal Jekyll blog styled to resemble the look and layout of Edward Tufte's books | clayh53 | mit | 557 |
| [https://github.com/ghedo/pflask](https://github.com/ghedo/pflask) | :sake: Lightweight process containers for Linux | ghedo | bsd-2-clause | 193 |
| [https://github.com/osirislab/Fentanyl](https://github.com/osirislab/Fentanyl) | Fentanyl is an IDAPython script that makes patching significantly easier | osirislab | | 188 |
| [https://github.com/nanomsg/nanomsg](https://github.com/nanomsg/nanomsg) | nanomsg library | nanomsg | other | 5517 |
| [https://github.com/mrsarm/mongotail](https://github.com/mrsarm/mongotail) | Command line tool to log all MongoDB queries in a "tail"able way | mrsarm | gpl-3.0 | 177 |
| [https://github.com/soulaklabs/bitoduc.fr](https://github.com/soulaklabs/bitoduc.fr) | A website about french words for computer concepts. | soulaklabs | | 228 |
| [https://github.com/d3/d3-shape](https://github.com/d3/d3-shape) | Graphical primitives for visualization, such as lines and areas. | d3 | isc | 2340 |
| [https://github.com/hashcat/hashcat](https://github.com/hashcat/hashcat) | World's fastest and most advanced password recovery utility | hashcat | | 15965 |
| [https://github.com/hashcat/hashcat-legacy](https://github.com/hashcat/hashcat-legacy) | Advanced CPU-based password recovery utility | hashcat | | 2116 |
| [https://github.com/Lab41/SkyLine](https://github.com/Lab41/SkyLine) | An Exploration into Graph Databases | Lab41 | | 28 |
| [https://github.com/PoorBillionaire/USN-Journal-Parser](https://github.com/PoorBillionaire/USN-Journal-Parser) | Python script to parse the NTFS USN Journal | PoorBillionaire | other | 92 |
| [https://github.com/PoorBillionaire/Windows-Prefetch-Parser](https://github.com/PoorBillionaire/Windows-Prefetch-Parser) | Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files | PoorBillionaire | other | 94 |
| [https://github.com/dgraph-io/dgraph](https://github.com/dgraph-io/dgraph) | Native GraphQL Database with graph backend | dgraph-io | other | 18605 |
| [https://github.com/PeterNotenboom/SwiftCodes](https://github.com/PeterNotenboom/SwiftCodes) | Swift Codes or BIC Codes for all the Banks in the world. Cached to json. | PeterNotenboom | mit | 152 |
| [https://github.com/facebook/zstd](https://github.com/facebook/zstd) | Zstandard - Fast real-time compression algorithm | facebook | other | 18579 |
| [https://github.com/MISP/misp-workbench](https://github.com/MISP/misp-workbench) | MISP Workbench | MISP | | 26 |
| [https://github.com/RedHatProductSecurity/Certificates-Shipped](https://github.com/RedHatProductSecurity/Certificates-Shipped) | A list of certificates shipped by various vendors and Open Source Projects | RedHatProductSecurity | gpl-2.0 | 38 |
| [https://github.com/samyk/magspoof](https://github.com/samyk/magspoof) | A portable device that can spoof/emulate any magnetic stripe, credit card or hotel card "wirelessly", even on standard magstripe (non-NFC/RFID) readers. It can disable Chip&PIN and predict AMEX card numbers with 100% accuracy. | samyk | | 3157 |
| [https://github.com/daedafusion/cyber-ontology](https://github.com/daedafusion/cyber-ontology) | Cyber Intelligence Ontology | daedafusion | cc-by-sa-4.0 | 47 |
| [https://github.com/samratashok/nishang](https://github.com/samratashok/nishang) | Nishang - Offensive PowerShell for red team, penetration testing and offensive security. | samratashok | other | 6952 |
| [https://github.com/elceef/dnstwist](https://github.com/elceef/dnstwist) | Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation | elceef | | 3574 |
| [https://github.com/thnyheim/misp2bro](https://github.com/thnyheim/misp2bro) | Python script that gets IOC from MISP and converts it into BRO intel files. | thnyheim | gpl-2.0 | 12 |
| [https://github.com/graphistry/pygraphistry](https://github.com/graphistry/pygraphistry) | PyGraphistry is a Python library to quickly load, shape, embed, and explore big graphs with the GPU-accelerated Graphistry visual graph analyzer | graphistry | bsd-3-clause | 1742 |
| [https://github.com/biokoda/actordb](https://github.com/biokoda/actordb) | ActorDB distributed SQL database | biokoda | mpl-2.0 | 1883 |
| [https://github.com/CIRCL/dma-frontend](https://github.com/CIRCL/dma-frontend) | Pre-pre-pre Beta DMA frontend | CIRCL | agpl-3.0 | 5 |
| [https://github.com/JamesHabben/sysmon-queries](https://github.com/JamesHabben/sysmon-queries) | Queries to parse sysmon event log file with microsoft logparser | JamesHabben | | 54 |
| [https://github.com/elceef/bitlocker](https://github.com/elceef/bitlocker) | Volatility Framework plugin for extracting BitLocker FVEK (Full Volume Encryption Key) | elceef | | 183 |
| [https://github.com/surevine/spiffing](https://github.com/surevine/spiffing) | Jolly good library for SPIF/Label/Clearance handling | surevine | mit | 10 |
| [https://github.com/microsoft/microsoft-pdb](https://github.com/microsoft/microsoft-pdb) | Information from Microsoft about the PDB format. We'll try to keep this up to date. Just trying to help the CLANG/LLVM community get onto Windows. | microsoft | other | 1664 |
| [https://github.com/SekoiaLab/Fastir_Collector](https://github.com/SekoiaLab/Fastir_Collector) | | SekoiaLab | gpl-3.0 | 479 |
| [https://github.com/benbalter/word-to-markdown](https://github.com/benbalter/word-to-markdown) | A ruby gem to liberate content from Microsoft Word documents | benbalter | mit | 1326 |
| [https://github.com/Rurik/Noriben](https://github.com/Rurik/Noriben) | Noriben - Portable, Simple, Malware Analysis Sandbox | Rurik | other | 923 |
| [https://github.com/markdbenson/dapper](https://github.com/markdbenson/dapper) | A publishing tool for static websites. | markdbenson | | 44 |
| [https://github.com/n1nj4sec/pr0cks](https://github.com/n1nj4sec/pr0cks) | python script setting up a transparent proxy to forward all TCP and DNS traffic through a SOCKS / SOCKS5 or HTTP(CONNECT) proxy using iptables -j REDIRECT target | n1nj4sec | gpl-3.0 | 339 |
| [https://github.com/vyrus001/go-mimikatz](https://github.com/vyrus001/go-mimikatz) | A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion. | vyrus001 | | 481 |
| [https://github.com/tillmannw/swffile](https://github.com/tillmannw/swffile) | swffile.py - SWF file parser module in Python | tillmannw | | 28 |
| [https://github.com/Lookingglass/opentpx](https://github.com/Lookingglass/opentpx) | Open Threat Partner eXchange | Lookingglass | other | 39 |
| [https://github.com/8u1a/plyara](https://github.com/8u1a/plyara) | Parse Yara rules and operate over them more easily. | 8u1a | apache-2.0 | 50 |
| [https://github.com/veorq/blueflower](https://github.com/veorq/blueflower) | a grep -r for secrets | veorq | gpl-3.0 | 175 |
| [https://github.com/bwall/pemcracker](https://github.com/bwall/pemcracker) | Tool to crack encrypted PEM files | bwall | mit | 138 |
| [https://github.com/eniac/faas](https://github.com/eniac/faas) | Factoring as a Service | eniac | lgpl-3.0 | 240 |
| [https://github.com/phaag/nfdump](https://github.com/phaag/nfdump) | Netflow processing tools | phaag | other | 599 |
| [https://github.com/awesomedata/awesome-public-datasets](https://github.com/awesomedata/awesome-public-datasets) | A topic-centric list of HQ open datasets. | awesomedata | mit | 51708 |
| [https://github.com/Yelp/threat_intel](https://github.com/Yelp/threat_intel) | Threat Intelligence APIs | Yelp | mit | 259 |
| [https://github.com/XiphosResearch/exploits](https://github.com/XiphosResearch/exploits) | Miscellaneous exploit code | XiphosResearch | | 1342 |
| [https://github.com/koalaman/shellcheck](https://github.com/koalaman/shellcheck) | ShellCheck, a static analysis tool for shell scripts | koalaman | gpl-3.0 | 30381 |
| [https://github.com/GitbookIO/gitbook](https://github.com/GitbookIO/gitbook) | 📝 Modern documentation format and toolchain using Git and Markdown | GitbookIO | apache-2.0 | 25124 |
| [https://github.com/jjo-sec/pdns-scala](https://github.com/jjo-sec/pdns-scala) | Attempt at a Scala transaltion of CIRCL.LU's PyPDNS Python module | jjo-sec | | 2 |
| [https://github.com/1e0ng/simhash](https://github.com/1e0ng/simhash) | A Python Implementation of Simhash Algorithm | 1e0ng | mit | 857 |
| [https://github.com/yahoo/gryffin](https://github.com/yahoo/gryffin) | Gryffin is a large scale web security scanning platform. | yahoo | bsd-3-clause | 2075 |
| [https://github.com/abenassi/Google-Search-API](https://github.com/abenassi/Google-Search-API) | Python based api for searching google web, images, calc, and currency conversion. | abenassi | | 516 |
| [https://github.com/NPS-DEEP/hashdb](https://github.com/NPS-DEEP/hashdb) | hashdb block hash database tool and API | NPS-DEEP | other | 44 |
| [https://github.com/n1nj4sec/pupy](https://github.com/n1nj4sec/pupy) | Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python | n1nj4sec | other | 7278 |
| [https://github.com/Suor/flaws](https://github.com/Suor/flaws) | Finds flaws in your python code | Suor | bsd-2-clause | 38 |
| [https://github.com/obsidianforensics/hindsight](https://github.com/obsidianforensics/hindsight) | Web browser forensics for Google Chrome/Chromium | obsidianforensics | apache-2.0 | 803 |
| [https://github.com/fuzzdb-project/fuzzdb](https://github.com/fuzzdb-project/fuzzdb) | Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. | fuzzdb-project | | 7027 |
| [https://github.com/google/brotli](https://github.com/google/brotli) | Brotli compression format | google | mit | 11595 |
| [https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys](https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys) | 3D reproduction of TSA Master keys | Xyl2k | other | 2968 |
| [https://github.com/timtadh/zhang-shasha](https://github.com/timtadh/zhang-shasha) | Tree edit distance using the Zhang Shasha algorithm | timtadh | other | 360 |
| [https://github.com/CIRCL/PyEUPI](https://github.com/CIRCL/PyEUPI) | Client API to query the Phishing Initiative service API | CIRCL | other | 19 |
| [https://github.com/lloyd/yajl](https://github.com/lloyd/yajl) | A fast streaming JSON parsing library in C. | lloyd | isc | 2062 |
| [https://github.com/horia141/sdhash](https://github.com/horia141/sdhash) | Python library for image hashing and deduplication | horia141 | mit | 11 |
| [https://github.com/Leviathan1995/Pylsy](https://github.com/Leviathan1995/Pylsy) | Pylsy is a simple python library draw tables in the Terminal. Just two lines of code . | Leviathan1995 | other | 466 |
| [https://github.com/BayshoreNetworks/yextend](https://github.com/BayshoreNetworks/yextend) | Yara integrated software to handle archive file data. | BayshoreNetworks | bsd-3-clause | 250 |
| [https://github.com/alexbredo/honeypot-camera](https://github.com/alexbredo/honeypot-camera) | observation camera honeypot | alexbredo | bsd-2-clause | 49 |
| [https://github.com/alexbredo/honeypot-ftp](https://github.com/alexbredo/honeypot-ftp) | FTP Honeypot | alexbredo | bsd-2-clause | 23 |
| [https://github.com/jedisct1/bloom-filter](https://github.com/jedisct1/bloom-filter) | A dead simple bloom filter in C | jedisct1 | other | 9 |
| [https://github.com/ashish-gehani/SPADE](https://github.com/ashish-gehani/SPADE) | SPADE: Support for Provenance Auditing in Distributed Environments | ashish-gehani | gpl-3.0 | 114 |
| [https://github.com/troglobit/netcalc](https://github.com/troglobit/netcalc) | Simplified clone of sipcalc with ipcalc looks | troglobit | bsd-3-clause | 40 |
| [https://github.com/rbsec/dnscan](https://github.com/rbsec/dnscan) | | rbsec | gpl-3.0 | 824 |
| [https://github.com/StamusNetworks/scirius](https://github.com/StamusNetworks/scirius) | Scirius is a web application for Suricata ruleset management and threat hunting. | StamusNetworks | gpl-3.0 | 512 |
| [https://github.com/dnSpy/dnSpy](https://github.com/dnSpy/dnSpy) | .NET debugger and assembly editor | dnSpy | | 22039 |
| [https://github.com/lifting-bits/mcsema](https://github.com/lifting-bits/mcsema) | Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode | lifting-bits | agpl-3.0 | 2405 |
| [https://github.com/BreakingMalware/Selfie](https://github.com/BreakingMalware/Selfie) | A Tool to Unpack Self-Modifying Code using DynamoRIO | BreakingMalware | | 139 |
| [https://github.com/dirkmoors/python-bloomfilter](https://github.com/dirkmoors/python-bloomfilter) | A pure python bloomfilter implementation with JSON (de)serialisation and (zlib) compression | dirkmoors | | 4 |
| [https://github.com/lytics/anomalyzer](https://github.com/lytics/anomalyzer) | Probabilistic anomaly detection for time series data | lytics | apache-2.0 | 282 |
| [https://github.com/StamusNetworks/ansible-misp](https://github.com/StamusNetworks/ansible-misp) | Ansible playbook to install Malware Information Sharing Platform (MISP) | StamusNetworks | gpl-3.0 | 16 |
| [https://github.com/cayleygraph/cayley](https://github.com/cayleygraph/cayley) | An open-source graph database | cayleygraph | apache-2.0 | 14384 |
| [https://github.com/nabla-c0d3/ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2) | Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications. | nabla-c0d3 | other | 2676 |
| [https://github.com/danvk/webdiff](https://github.com/danvk/webdiff) | Two-column web-based git difftool | danvk | apache-2.0 | 236 |
| [https://github.com/kkar/TeamViewer-dumper-in-CPP](https://github.com/kkar/TeamViewer-dumper-in-CPP) | Dumps TeamViewer ID,Password and account settings from a running TeamViewer instance by enumerating child windows. | kkar | | 41 |
| [https://github.com/lmco/laikaboss](https://github.com/lmco/laikaboss) | Laika BOSS: Object Scanning System | lmco | apache-2.0 | 700 |
| [https://github.com/MuseumofModernArt/collection](https://github.com/MuseumofModernArt/collection) | The Museum of Modern Art (MoMA) collection data | MuseumofModernArt | | 1249 |
| [https://github.com/syllog1sm/cython-sparsehash](https://github.com/syllog1sm/cython-sparsehash) | Cython wrappers for Google's sparsehash library, and the murmur hash functions | syllog1sm | | 17 |
| [https://github.com/PaloAltoNetworks/misp-to-autofocus](https://github.com/PaloAltoNetworks/misp-to-autofocus) | Script for pulling events from a MISP database and converting them to Autofocus queries. | PaloAltoNetworks | | 12 |
| [https://github.com/PaloAltoNetworks/report_to_misp](https://github.com/PaloAltoNetworks/report_to_misp) | Parse a report and import the events into MISP | PaloAltoNetworks | | 25 |
| [https://github.com/seiflotfy/cuckoofilter](https://github.com/seiflotfy/cuckoofilter) | Cuckoo Filter: Practically Better Than Bloom | seiflotfy | mit | 939 |
| [https://github.com/Rafiot/HackedTeamCerts](https://github.com/Rafiot/HackedTeamCerts) | A bunch of certificates from the Hacking Team leak | Rafiot | | 70 |
| [https://github.com/helpsystems/pcapy](https://github.com/helpsystems/pcapy) | Pcapy is a Python extension module that interfaces with the libpcap packet capture library. | helpsystems | other | 368 |
| [https://github.com/jedisct1/massresolver](https://github.com/jedisct1/massresolver) | Mass DNS resolution tool | jedisct1 | bsd-2-clause | 36 |
| [https://github.com/david415/HoneyBadger](https://github.com/david415/HoneyBadger) | Quantum Insert detector/recorder | david415 | gpl-3.0 | 300 |
| [https://github.com/repbin/repbin](https://github.com/repbin/repbin) | Replicating Encrypted PasteBin | repbin | other | 76 |
| [https://github.com/libhostile/libhostile](https://github.com/libhostile/libhostile) | "What if I tossed small pox into a room filled with sprinters after filling their water cups with red bull." | libhostile | bsd-3-clause | 33 |
| [https://github.com/CIRCL/pbtc](https://github.com/CIRCL/pbtc) | Passive Bitcoin Project | CIRCL | agpl-3.0 | 10 |
| [https://github.com/rapid7/ssh-badkeys](https://github.com/rapid7/ssh-badkeys) | A collection of static SSH keys (public and private) that have made their way into software and hardware products. | rapid7 | mit | 753 |
| [https://github.com/Shopify/ejson](https://github.com/Shopify/ejson) | EJSON is a small library to manage encrypted secrets using asymmetric encryption. | Shopify | mit | 1153 |
| [https://github.com/RPISEC/MBE](https://github.com/RPISEC/MBE) | Course materials for Modern Binary Exploitation by RPISEC | RPISEC | bsd-2-clause | 4952 |
| [https://github.com/floragunn/search-guard](https://github.com/floragunn/search-guard) | Search Guard is an Open Source Elasticsearch plugin that offers encryption, authentication, and authorisation. | floragunn | apache-2.0 | 2139 |
| [https://github.com/znb/Scripts](https://github.com/znb/Scripts) | General scripts for random stuff | znb | | 38 |
| [https://github.com/Phoul/yara_rules](https://github.com/Phoul/yara_rules) | yara rules for crypto detection | Phoul | bsd-3-clause | 30 |
| [https://github.com/ctz/cifra](https://github.com/ctz/cifra) | A collection of cryptographic primitives targeted at embedded use. | ctz | cc0-1.0 | 304 |
| [https://github.com/Parsely/pykafka](https://github.com/Parsely/pykafka) | Apache Kafka client for Python; high-level & low-level consumer/producer, with great performance. | Parsely | apache-2.0 | 1107 |
| [https://github.com/zer0box/zer0m0n](https://github.com/zer0box/zer0m0n) | zer0m0n driver for cuckoo sandbox | zer0box | gpl-3.0 | 21 |
| [https://github.com/AuditProject/truecrypt-verified-mirror](https://github.com/AuditProject/truecrypt-verified-mirror) | Verified Windows, OSX, Linux TrueCrypt v. 7.1a binaries and source files | AuditProject | | 846 |
| [https://github.com/ot/succinct](https://github.com/ot/succinct) | A collection of succinct data structures | ot | other | 178 |
| [https://github.com/Rafiot/MultiProcQueue](https://github.com/Rafiot/MultiProcQueue) | Multiprocessing queuing module extracted from AIL framework (Pre-Alpha stage) | Rafiot | | 5 |
| [https://github.com/t-d-k/LibreCrypt](https://github.com/t-d-k/LibreCrypt) | LibreCrypt: Transparent on-the-fly disk encryption for Windows. LUKS compatible. | t-d-k | | 685 |
| [https://github.com/YoloSwagTeam/feedstail](https://github.com/YoloSwagTeam/feedstail) | Feedstail is a tail-f-like utility for feeds. It monitor a feed and emits new entries. Feedstail aim to be simple, hackable and compatible with rsstail its C brother. | YoloSwagTeam | gpl-3.0 | 29 |
| [https://github.com/JamesHabben/evolve](https://github.com/JamesHabben/evolve) | Web interface for the Volatility Memory Forensics Framework | JamesHabben | | 250 |
| [https://github.com/dominictarr/pull-box-stream](https://github.com/dominictarr/pull-box-stream) | One way streaming encryption based on libsodium's secretbox primitive | dominictarr | mit | 84 |
| [https://github.com/CIRCL/PyRichHeader](https://github.com/CIRCL/PyRichHeader) | A Python parser for Rich Headers | CIRCL | | 13 |
| [https://github.com/extremeshok/clamav-unofficial-sigs](https://github.com/extremeshok/clamav-unofficial-sigs) | ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com | extremeshok | other | 472 |
| [https://github.com/jfalken/github_commit_crawler](https://github.com/jfalken/github_commit_crawler) | Tool used to continuously monitor a Github org for mistaken public commits | jfalken | | 166 |
| [https://github.com/nologic/idaref](https://github.com/nologic/idaref) | IDA Pro Instruction Reference Plugin | nologic | gpl-2.0 | 608 |
| [https://github.com/CIRCL/PyCIRCLean](https://github.com/CIRCL/PyCIRCLean) | Python library used by CIRCLean (the USB sanitizer) and others | CIRCL | bsd-3-clause | 46 |
| [https://github.com/google/honggfuzz](https://github.com/google/honggfuzz) | Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based) | google | apache-2.0 | 2646 |
| [https://github.com/yougov/raleway-webfont](https://github.com/yougov/raleway-webfont) | | yougov | ofl-1.1 | 18 |
| [https://github.com/nlohmann/json](https://github.com/nlohmann/json) | JSON for Modern C++ | nlohmann | mit | 32358 |
| [https://github.com/trendmicro/tlsh](https://github.com/trendmicro/tlsh) | | trendmicro | other | 603 |
| [https://github.com/openaddresses/openaddresses](https://github.com/openaddresses/openaddresses) | A repository of global open address data. | openaddresses | bsd-3-clause | 2474 |
| [https://github.com/matze/mtheme](https://github.com/matze/mtheme) | A modern LaTeX Beamer theme | matze | | 5615 |
| [https://github.com/smartdec/smartdec](https://github.com/smartdec/smartdec) | SmartDec decompiler | smartdec | gpl-3.0 | 352 |
| [https://github.com/daverstephens/The-SOC-Shop](https://github.com/daverstephens/The-SOC-Shop) | Repository of scripts/tools that may be useful in Security Operations Centres (SOC) | daverstephens | gpl-2.0 | 51 |
| [https://github.com/BII-Lab/Yeti-Project](https://github.com/BII-Lab/Yeti-Project) | Maintains the public documents, zone file, trust anchor of Yeti Project | BII-Lab | mit | 64 |
| [https://github.com/mfouesneau/asciiplot](https://github.com/mfouesneau/asciiplot) | Package that allows you to plot simple graphs in ASCII, a la matplotlib | mfouesneau | | 67 |
| [https://github.com/OISF/libhtp](https://github.com/OISF/libhtp) | LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. | OISF | bsd-3-clause | 258 |
| [https://github.com/ultrajson/ultrajson](https://github.com/ultrajson/ultrajson) | Ultra fast JSON decoder and encoder written in C with Python bindings | ultrajson | other | 3876 |
| [https://github.com/victims/victims-cve-db](https://github.com/victims/victims-cve-db) | CVE database store | victims | other | 126 |
| [https://github.com/MITRECND/snugglefish](https://github.com/MITRECND/snugglefish) | Simple NGram Fast Indexer & Searcher | MITRECND | | 35 |
| [https://github.com/MITRECND/WhoDat](https://github.com/MITRECND/WhoDat) | Pivotable Reverse WhoIs / PDNS Fusion with Registrant Tracking & Alerting plus API for automated queries (JSON/CSV/TXT) | MITRECND | | 152 |
| [https://github.com/joxeankoret/multiav](https://github.com/joxeankoret/multiav) | MultiAV scanner with Python and JSON API. Disclaimer: I don't maintain it any more. | joxeankoret | other | 305 |
| [https://github.com/cryptostorm-dev/cstorm_fishycerts.vuln.party](https://github.com/cryptostorm-dev/cstorm_fishycerts.vuln.party) | The Repository Formerly Known As Fishycerts, vuln.party is a place to study & share SSL certificates & other CA-based crypto-buffonery for fun and... more fun. Also for Science! | cryptostorm-dev | | 40 |
| [https://github.com/BowlingX/flexcss](https://github.com/BowlingX/flexcss) | A simple css pattern-library using flexbox, build for hellofellow | BowlingX | mit | 85 |
| [https://github.com/Neo23x0/yarGen](https://github.com/Neo23x0/yarGen) | yarGen is a generator for YARA rules | Neo23x0 | other | 1130 |
| [https://github.com/sooshie/Security-Data-Analysis](https://github.com/sooshie/Security-Data-Analysis) | A series of labs that will help users apply various data science techniques to security related data. | sooshie | | 126 |
| [https://github.com/megumiteam/staticpress](https://github.com/megumiteam/staticpress) | [WordPress Plugin] staticpress - A WordPress plugin to Export your WordPress to static site | megumiteam | | 199 |
| [https://github.com/dcjones/hat-trie](https://github.com/dcjones/hat-trie) | An efficient trie implementation. | dcjones | mit | 239 |
| [https://github.com/pytries/marisa-trie](https://github.com/pytries/marisa-trie) | Static memory-efficient Trie-like structures for Python (2.x and 3.x) based on marisa-trie C++ library. | pytries | mit | 951 |
| [https://github.com/fox-it/quantuminsert](https://github.com/fox-it/quantuminsert) | Quantum Insert | fox-it | unlicense | 203 |
| [https://github.com/jaegeral/viper2stix](https://github.com/jaegeral/viper2stix) | This tool will export viper information to valid stix file | jaegeral | other | 4 |
| [https://github.com/tr3w/ExpImp-Lookup](https://github.com/tr3w/ExpImp-Lookup) | Looks for all export and import names that contain a specified string in all Portable Executable in a directory tree | tr3w | gpl-2.0 | 6 |
| [https://github.com/vladimarius/pyap](https://github.com/vladimarius/pyap) | Python address detector and parser | vladimarius | mit | 173 |
| [https://github.com/bdcht/amoco](https://github.com/bdcht/amoco) | yet another tool for analysing binaries | bdcht | gpl-2.0 | 435 |
| [https://github.com/Vector35/deprecated-binaryninja-python](https://github.com/Vector35/deprecated-binaryninja-python) | Deprecated Binary Ninja prototype written in Python | Vector35 | gpl-2.0 | 514 |
| [https://github.com/tigran-a/relbot](https://github.com/tigran-a/relbot) | Neighbors-keep-alive-based p2p bot detection tool taking as input NetFlow/IPFIX | tigran-a | other | 5 |
| [https://github.com/thomasf/internet](https://github.com/thomasf/internet) | go package for indexing and querying certain aspects of bgp dumps and some other things. | thomasf | | 12 |
| [https://github.com/MyNameIsMeerkat/pyREtic](https://github.com/MyNameIsMeerkat/pyREtic) | pyREtic is an extensible framework for in-memory Python bytecode reverse engineering | MyNameIsMeerkat | gpl-3.0 | 241 |
| [https://github.com/antirez/otree](https://github.com/antirez/otree) | a simple btree implementation with automatic space reclaiming | antirez | bsd-3-clause | 261 |
| [https://github.com/CIRCL/email-abuse](https://github.com/CIRCL/email-abuse) | Email Abuse - A Versatile Software for Email review, analysis and reporting | CIRCL | | 18 |
| [https://github.com/dnsviz/dnsviz](https://github.com/dnsviz/dnsviz) | | dnsviz | gpl-2.0 | 714 |
| [https://github.com/dnstap/dnstap-ldns](https://github.com/dnstap/dnstap-ldns) | reference dnstap decoding utility | dnstap | apache-2.0 | 17 |
| [https://github.com/Lasagne/Lasagne](https://github.com/Lasagne/Lasagne) | Lightweight library to build and train neural networks in Theano | Lasagne | other | 3825 |
| [https://github.com/SilenceIM/Silence](https://github.com/SilenceIM/Silence) | PROJECT MOVED: https://git.silence.dev/Silence/Silence-Android/ (GitHub is just a mirror.) | SilenceIM | gpl-3.0 | 1087 |
| [https://github.com/fygrave/moloch_zmq](https://github.com/fygrave/moloch_zmq) | ZMQ data explort plugin for Moloch | fygrave | bsd-3-clause | 6 |
| [https://github.com/mailgun/flanker](https://github.com/mailgun/flanker) | Python email address and Mime parsing library | mailgun | apache-2.0 | 1555 |
| [https://github.com/hillar/moloch_zmq](https://github.com/hillar/moloch_zmq) | ZMQ data explort plugin for Moloch | hillar | bsd-3-clause | 1 |
| [https://github.com/steeve/france.code-civil](https://github.com/steeve/france.code-civil) | Le code civil français sous git | steeve | | 2654 |
| [https://github.com/jordan-wright/elastichoney](https://github.com/jordan-wright/elastichoney) | A Simple Elasticsearch Honeypot | jordan-wright | mit | 171 |
| [https://github.com/TakahiroHaruyama/openioc_scan](https://github.com/TakahiroHaruyama/openioc_scan) | openioc_scan Volatility Framework plugin | TakahiroHaruyama | gpl-2.0 | 40 |
| [https://github.com/USBGuard/usbguard](https://github.com/USBGuard/usbguard) | USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system) | USBGuard | gpl-2.0 | 879 |
| [https://github.com/yasuhironet/bgpdump2](https://github.com/yasuhironet/bgpdump2) | Bgpdump2: A Tool to Read and Compare the BGP RIB Dump Files. | yasuhironet | gpl-3.0 | 40 |
| [https://github.com/WestpointLtd/tls_prober](https://github.com/WestpointLtd/tls_prober) | A tool to fingerprint SSL/TLS servers | WestpointLtd | mit | 245 |
| [https://github.com/mafintosh/airpaste](https://github.com/mafintosh/airpaste) | A 1-1 network pipe that auto discovers other peers using mdns | mafintosh | mit | 795 |
| [https://github.com/hannob/pgpecosystem](https://github.com/hannob/pgpecosystem) | Scripts to parse and analyze pgp key server data | hannob | cc0-1.0 | 31 |
| [https://github.com/facebook/ThreatExchange](https://github.com/facebook/ThreatExchange) | Share threat information with vetted partners | facebook | other | 943 |
| [https://github.com/jonstewart/fsrip](https://github.com/jonstewart/fsrip) | Output Filesystem Information as JSON using The Sleuthkit | jonstewart | apache-2.0 | 14 |
| [https://github.com/syn2cat/syndilights](https://github.com/syn2cat/syndilights) | A blinkenlights implementation by syn2cat | syn2cat | gpl-3.0 | 2 |
| [https://github.com/jipegit/IRNotes](https://github.com/jipegit/IRNotes) | Some IR notes | jipegit | | 72 |
| [https://github.com/ayeowch/bitnodes](https://github.com/ayeowch/bitnodes) | Bitnodes estimates the relative size of the Bitcoin peer-to-peer network by finding all of its reachable nodes. | ayeowch | mit | 538 |
| [https://github.com/plasma-disassembler/plasma](https://github.com/plasma-disassembler/plasma) | Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax. | plasma-disassembler | gpl-3.0 | 2976 |
| [https://github.com/ops-trust/portal](https://github.com/ops-trust/portal) | Ops-Trust Platform - Portal | ops-trust | apache-2.0 | 21 |
| [https://github.com/certsocietegenerale/FIR](https://github.com/certsocietegenerale/FIR) | Fast Incident Response | certsocietegenerale | gpl-3.0 | 1460 |
| [https://github.com/erwanlr/Fingerprinter](https://github.com/erwanlr/Fingerprinter) | CMS/LMS/Library etc Versions Fingerprinter | erwanlr | other | 246 |
| [https://github.com/google/rowhammer-test](https://github.com/google/rowhammer-test) | Test DRAM for bit flips caused by the rowhammer problem | google | | 910 |
| [https://github.com/Neo23x0/Loki](https://github.com/Neo23x0/Loki) | Loki - Simple IOC and Incident Response Scanner | Neo23x0 | gpl-3.0 | 2610 |
| [https://github.com/mkdocs/mkdocs](https://github.com/mkdocs/mkdocs) | Project documentation with Markdown. | mkdocs | bsd-2-clause | 15222 |
| [https://github.com/ledisdb/ledisdb](https://github.com/ledisdb/ledisdb) | A high performance NoSQL Database Server powered by Go | ledisdb | mit | 3901 |
| [https://github.com/usbarmory/usbarmory](https://github.com/usbarmory/usbarmory) | USB armory - open source flash-drive-sized computer | usbarmory | | 1177 |
| [https://github.com/CIRCL/url-abuse](https://github.com/CIRCL/url-abuse) | URL Abuse - A Versatile Software for URL review, analysis and black-list reporting | CIRCL | agpl-3.0 | 128 |
| [https://github.com/dpetker/dataglobe](https://github.com/dpetker/dataglobe) | A more generic version of https://github.com/dataarts/armsglobe for visualizing source/destination data | dpetker | other | 10 |
| [https://github.com/Kozea/Radicale](https://github.com/Kozea/Radicale) | A simple CalDAV (calendar) and CardDAV (contact) server. | Kozea | gpl-3.0 | 2580 |
| [https://github.com/bumptech/stud](https://github.com/bumptech/stud) | The Scalable TLS Unwrapping Daemon | bumptech | other | 1428 |
| [https://github.com/alexwebr/stud](https://github.com/alexwebr/stud) | The Scalable TLS Unwrapping Daemon | alexwebr | other | 1 |
| [https://github.com/the-tcpdump-group/tcpdump](https://github.com/the-tcpdump-group/tcpdump) | the TCPdump network dissector | the-tcpdump-group | other | 2023 |
| [https://github.com/sloria/TextBlob](https://github.com/sloria/TextBlob) | Simple, Pythonic, text processing--Sentiment analysis, part-of-speech tagging, noun phrase extraction, translation, and more. | sloria | mit | 8340 |
| [https://github.com/polera/rblwatch](https://github.com/polera/rblwatch) | RBL lookups with Python | polera | bsd-2-clause | 37 |
| [https://github.com/NeowayLabs/neosearch](https://github.com/NeowayLabs/neosearch) | Full Text Search Library | NeowayLabs | | 29 |
| [https://github.com/jonschipp/mal-dnssearch](https://github.com/jonschipp/mal-dnssearch) | Compare multiple log formats against malware reputation lists. | jonschipp | | 88 |
| [https://github.com/pudo/dataset](https://github.com/pudo/dataset) | Easy-to-use data handling for SQL data stores with support for implicit table creation, bulk loading, and transactions. | pudo | mit | 4225 |
| [https://github.com/google/stenographer](https://github.com/google/stenographer) | Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com | google | apache-2.0 | 1746 |
| [https://github.com/robertdavidgraham/pemcrack](https://github.com/robertdavidgraham/pemcrack) | Cracks SSL PEM files that hold encrypted private keys. Brute forces or dictionary cracks. This code is extraordinarily slow, DON'T JUDGE ME!!! | robertdavidgraham | mit | 297 |
| [https://github.com/jjyg/metasm](https://github.com/jjyg/metasm) | This is the main repository for metasm, a free assembler / disassembler / compiler written in ruby | jjyg | lgpl-2.1 | 426 |
| [https://github.com/citizenlab/spyware-scan](https://github.com/citizenlab/spyware-scan) | | citizenlab | bsd-3-clause | 29 |
| [https://github.com/mimoo/RSA-and-LLL-attacks](https://github.com/mimoo/RSA-and-LLL-attacks) | attacking RSA via lattice reductions (LLL) | mimoo | | 614 |
| [https://github.com/KoreLogicSecurity/mastiff](https://github.com/KoreLogicSecurity/mastiff) | Malware static analysis framework | KoreLogicSecurity | | 159 |
| [https://github.com/F-Secure/Sulo](https://github.com/F-Secure/Sulo) | Dynamic instrumentation tool for Adobe Flash Player built on Intel Pin | F-Secure | | 150 |
| [https://github.com/de4dot/de4dot](https://github.com/de4dot/de4dot) | .NET deobfuscator and unpacker. | de4dot | gpl-3.0 | 6030 |
| [https://github.com/google/rekall](https://github.com/google/rekall) | Rekall Memory Forensic Framework | google | gpl-2.0 | 1831 |
| [https://github.com/bez0r/BeaconBits](https://github.com/bez0r/BeaconBits) | Network timing evaluation used to detect beacons, works with argus flow as the source | bez0r | gpl-3.0 | 18 |
| [https://github.com/martinmarinov/TempestSDR](https://github.com/martinmarinov/TempestSDR) | Remote video eavesdropping using a software-defined radio platform | martinmarinov | gpl-3.0 | 986 |
| [https://github.com/ant4g0nist/lisa.py](https://github.com/ant4g0nist/lisa.py) | - An Exploit Dev Swiss Army Knife. | ant4g0nist | apache-2.0 | 634 |
| [https://github.com/tandasat/findpg](https://github.com/tandasat/findpg) | Windbg extension to find PatchGuard pages | tandasat | mit | 102 |
| [https://github.com/NorthernSec/CVE-Scan](https://github.com/NorthernSec/CVE-Scan) | Scan systems with NMap and parse the output to a list of CVE's, CWE's and DPE's | NorthernSec | bsd-4-clause | 239 |
| [https://github.com/dimsemenov/PhotoSwipe](https://github.com/dimsemenov/PhotoSwipe) | JavaScript image gallery for mobile and desktop, modular, framework independent | dimsemenov | mit | 22324 |
| [https://github.com/kaie/sphere-detection](https://github.com/kaie/sphere-detection) | Various modules to implement the DetecTor design from http://detector.kuix.de | kaie | mpl-2.0 | 53 |
| [https://github.com/lpsantil/rt0](https://github.com/lpsantil/rt0) | A minimal C runtime for Linux i386 & x86_64 | lpsantil | bsd-2-clause | 568 |
| [https://github.com/stribika/sshlabs](https://github.com/stribika/sshlabs) | SSH configuration analysis | stribika | unlicense | 71 |
| [https://github.com/jbremer/goatse.mbr](https://github.com/jbremer/goatse.mbr) | A 512-byte bootloader displaying ASCII Goatse on boot. | jbremer | | 29 |
| [https://github.com/StreisandEffect/streisand](https://github.com/StreisandEffect/streisand) | Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists. | StreisandEffect | other | 22895 |
| [https://github.com/wekan/wekan](https://github.com/wekan/wekan) | The Open Source kanban (built with Meteor). Keep variable/table/field names camelCase. For translations, only add Pull Request changes to wekan/i18n/en.i18n.json , other translations are done at https://transifex.com/wekan/wekan only. | wekan | mit | 18289 |
| [https://github.com/defuse/swatd](https://github.com/defuse/swatd) | Run a script when one or more sensors fail. | defuse | gpl-3.0 | 852 |
| [https://github.com/vz-risk/veris](https://github.com/vz-risk/veris) | Vocabulary for Event Recording and Incident Sharing (VERIS) | vz-risk | other | 481 |
| [https://github.com/rbsec/sslscan](https://github.com/rbsec/sslscan) | sslscan tests SSL/TLS enabled services to discover supported cipher suites | rbsec | gpl-3.0 | 1765 |
| [https://github.com/eurecom-s3/hdd_firmware_tools](https://github.com/eurecom-s3/hdd_firmware_tools) | Tools for viewing and extracting HDD firmware files | eurecom-s3 | mit | 69 |
| [https://github.com/bwall/HashPump](https://github.com/bwall/HashPump) | A tool to exploit the hash length extension attack in various hashing algorithms | bwall | mit | 1040 |
| [https://github.com/CIRCL/cve-portal](https://github.com/CIRCL/cve-portal) | Common Vulnerabilities and Exposures - Portal | CIRCL | agpl-3.0 | 73 |
| [https://github.com/ANSSI-FR/SysvolExplorer](https://github.com/ANSSI-FR/SysvolExplorer) | Active Directory Group Policy analyzer | ANSSI-FR | | 78 |
| [https://github.com/sshock/AFFLIBv3](https://github.com/sshock/AFFLIBv3) | AFF is an open and extensible file format to store disk images and associated metadata. | sshock | other | 67 |
| [https://github.com/jduck/asus-cmd](https://github.com/jduck/asus-cmd) | ASUS Router infosvr UDP Broadcast root Command Execution | jduck | | 251 |
| [https://github.com/palantir/plottable](https://github.com/palantir/plottable) | :bar_chart: A library of modular chart components built on D3 | palantir | mit | 2890 |
| [https://github.com/psypanda/hashID](https://github.com/psypanda/hashID) | Software to identify the different types of hashes - | psypanda | | 1171 |
| [https://github.com/twitter/AnomalyDetection](https://github.com/twitter/AnomalyDetection) | Anomaly Detection with R | twitter | gpl-3.0 | 3473 |
| [https://github.com/samyk/usbdriveby](https://github.com/samyk/usbdriveby) | USBdriveby exploits the trust of USB devices by emulating an HID keyboard and mouse, installing a cross-platform firewall-evading backdoor, and rerouting DNS within seconds of plugging it in. | samyk | gpl-2.0 | 1193 |
| [https://github.com/tennc/webshell](https://github.com/tennc/webshell) | This is a webshell open source project | tennc | mit | 8498 |
| [https://github.com/blackfist/sonyhack](https://github.com/blackfist/sonyhack) | | blackfist | | 21 |
| [https://github.com/iSECPartners/Android-SSL-TrustKiller](https://github.com/iSECPartners/Android-SSL-TrustKiller) | Bypass SSL certificate pinning for most applications | iSECPartners | other | 652 |
| [https://github.com/gpoore/minted](https://github.com/gpoore/minted) | minted is a LaTeX package that provides syntax highlighting using the Pygments library. Highlighted source code can be customized using fancyvrb. | gpoore | | 1567 |
| [https://github.com/bortzmeyer/key-checker](https://github.com/bortzmeyer/key-checker) | Monitor and analyze DNSSEC key rollovers | bortzmeyer | | 24 |
| [https://github.com/XPIR-team/XPIR](https://github.com/XPIR-team/XPIR) | XPIR: Private Information Retrieval for Everyone | XPIR-team | other | 102 |
| [https://github.com/rapid7/dap](https://github.com/rapid7/dap) | Data Analysis Pipeline | rapid7 | mit | 148 |
| [https://github.com/google/snappy](https://github.com/google/snappy) | A fast compressor/decompressor | google | other | 5421 |
| [https://github.com/Zentific/vmidbg](https://github.com/Zentific/vmidbg) | PoC LibVMI-based GDB server for virtual machines | Zentific | other | 48 |
| [https://github.com/coruus/pyasn1-modules](https://github.com/coruus/pyasn1-modules) | Export of pyasn1.cvs.sourceforge.net:/cvsroot/pyasn1-modules | coruus | bsd-2-clause | 9 |
| [https://github.com/umpirsky/country-list](https://github.com/umpirsky/country-list) | :globe_with_meridians: List of all countries with names and ISO 3166-1 codes in all languages and data formats. | umpirsky | mit | 4986 |
| [https://github.com/nabla-c0d3/sslyze](https://github.com/nabla-c0d3/sslyze) | Fast and powerful SSL/TLS scanning library. | nabla-c0d3 | agpl-3.0 | 2807 |
| [https://github.com/gamelinux/passivedns](https://github.com/gamelinux/passivedns) | A network sniffer that logs all DNS server replies for use in a passive DNS setup | gamelinux | | 1550 |
| [https://github.com/pwarren/rtl-entropy](https://github.com/pwarren/rtl-entropy) | An entropy generator using SDR peripherals, including rtl-sdr and BladeRF | pwarren | gpl-3.0 | 345 |
| [https://github.com/ahupp/python-magic](https://github.com/ahupp/python-magic) | A python wrapper for libmagic | ahupp | other | 2219 |
| [https://github.com/USArmyResearchLab/Dshell](https://github.com/USArmyResearchLab/Dshell) | Dshell is a network forensic analysis framework. | USArmyResearchLab | other | 5380 |
| [https://github.com/kbandla/APTnotes](https://github.com/kbandla/APTnotes) | Various public documents, whitepapers and articles about APT campaigns | kbandla | | 3143 |
| [https://github.com/bsdphk/Ntimed](https://github.com/bsdphk/Ntimed) | Network time synchronization software, NTPD replacement. | bsdphk | | 381 |
| [https://github.com/emirozer/fake2db](https://github.com/emirozer/fake2db) | create custom test databases that are populated with fake data | emirozer | gpl-2.0 | 2144 |
| [https://github.com/mithrandi/ssh-key-generator](https://github.com/mithrandi/ssh-key-generator) | A utility for deterministically generating ssh keypairs | mithrandi | mit | 46 |
| [https://github.com/google/end-to-end](https://github.com/google/end-to-end) | End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP) | google | apache-2.0 | 4087 |
| [https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector](https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector) | AIMSICD • Fight IMSI-Catcher, StingRay and silent SMS! | CellularPrivacy | gpl-3.0 | 4261 |
| [https://github.com/elliotlepers/Amazon-Killer](https://github.com/elliotlepers/Amazon-Killer) | Extension Chrome et Firefox pour chercher un livre sur Amazon et l'acheter dans une vraie librairie. | elliotlepers | | 109 |
| [https://github.com/herrcore/punbup](https://github.com/herrcore/punbup) | Python unbup script for McAfee .bup files (with some additional fun features). This script is fully implemented in python it's not just another wrapper around 7zip! | herrcore | other | 36 |
| [https://github.com/herrcore/CmdDesktopSwitch](https://github.com/herrcore/CmdDesktopSwitch) | CmdDesktopSwitch is a small utility that lists all windows desktops and provides the option to switch between them. This can be used to identify and watch malware that has created a hidden desktop. | herrcore | | 32 |
| [https://github.com/binux/pyspider](https://github.com/binux/pyspider) | A Powerful Spider(Web Crawler) System in Python. | binux | apache-2.0 | 15631 |
| [https://github.com/superponible/volatility-plugins](https://github.com/superponible/volatility-plugins) | Plugins I've written for Volatility | superponible | | 159 |
| [https://github.com/seastorm/PuttyRider](https://github.com/seastorm/PuttyRider) | Hijack Putty sessions in order to sniff conversation and inject Linux commands. | seastorm | other | 346 |
| [https://github.com/CalebFenton/simplify](https://github.com/CalebFenton/simplify) | Android virtual machine and deobfuscator | CalebFenton | other | 4055 |
| [https://github.com/radare/radare2-capstone](https://github.com/radare/radare2-capstone) | Vala API and R2 plugins for the Capstone disassembler framework | radare | | 24 |
| [https://github.com/ivre/ivre](https://github.com/ivre/ivre) | Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more! | ivre | gpl-3.0 | 2720 |
| [https://github.com/pronto/SSH-Ranking](https://github.com/pronto/SSH-Ranking) | SSH Ranking system! :D (re-write of ssh-fail-watcher) | pronto | apache-2.0 | 26 |
| [https://github.com/Neo23x0/ReginScanner](https://github.com/Neo23x0/ReginScanner) | Scanner for Regin Virtual Filesystems | Neo23x0 | | 25 |
| [https://github.com/Th4nat0s/No_Sandboxes](https://github.com/Th4nat0s/No_Sandboxes) | Test suite for bypassing Malware sandboxes. | Th4nat0s | unlicense | 36 |
| [https://github.com/snare/calculon](https://github.com/snare/calculon) | A terminal-based programmer's calculator endowed with unholy acting talent by the Robot Devil | snare | | 82 |
| [https://github.com/snare/voltron](https://github.com/snare/voltron) | A hacky debugger UI for hackers | snare | mit | 5816 |
| [https://github.com/pan-unit42/public_tools](https://github.com/pan-unit42/public_tools) | | pan-unit42 | mit | 656 |
| [https://github.com/secretsquirrel/the-backdoor-factory](https://github.com/secretsquirrel/the-backdoor-factory) | Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors | secretsquirrel | bsd-3-clause | 3051 |
| [https://github.com/v0s/plus22](https://github.com/v0s/plus22) | Tool to analyze 64-bit binaries with 32-bit Hex-Rays Decompiler | v0s | other | 78 |
| [https://github.com/YahooArchive/PyIOCe](https://github.com/YahooArchive/PyIOCe) | Python IOC Editor | YahooArchive | apache-2.0 | 56 |
| [https://github.com/miekg/pandoc2rfc](https://github.com/miekg/pandoc2rfc) | Use pandoc to create XML suitable for xml2rfc | miekg | other | 80 |
| [https://github.com/DIGImend/usbhid-dump](https://github.com/DIGImend/usbhid-dump) | USB HID device dumping utility | DIGImend | | 114 |
| [https://github.com/unixfreak0037/officeparser](https://github.com/unixfreak0037/officeparser) | Extract embedded files and macros from office documents. | unixfreak0037 | mit | 157 |
| [https://github.com/buaazp/zimg](https://github.com/buaazp/zimg) | A lightweight and high performance image storage and processing system. | buaazp | bsd-3-clause | 2677 |
| [https://github.com/getnikola/nikola](https://github.com/getnikola/nikola) | A static website and blog generator | getnikola | mit | 2342 |
| [https://github.com/google/timesketch](https://github.com/google/timesketch) | Collaborative forensic timeline analysis | google | apache-2.0 | 2028 |
| [https://github.com/clymb3r/KdExploitMe](https://github.com/clymb3r/KdExploitMe) | A kernel driver to practice writing exploits against, as well as some example exploits using public techniques. | clymb3r | bsd-2-clause | 397 |
| [https://github.com/thesp0nge/wordstress](https://github.com/thesp0nge/wordstress) | A security scanner for Wordpress blogging engine | thesp0nge | mit | 34 |
| [https://github.com/dholm/voidwalker](https://github.com/dholm/voidwalker) | A GDB toolbox for low-level debugging | dholm | gpl-3.0 | 128 |
| [https://github.com/AnimeshShaw/Hash-Algorithm-Identifier](https://github.com/AnimeshShaw/Hash-Algorithm-Identifier) | A python tool to identify different Hash Function Algorithms | AnimeshShaw | apache-2.0 | 389 |
| [https://github.com/CubicaLabs/IDASynergy](https://github.com/CubicaLabs/IDASynergy) | A combination of an IDAPython Plugin and a control version system that result in a new reverse engineering collaborative addon for IDA Pro. By | CubicaLabs | mit | 91 |
| [https://github.com/crossbario/autobahn-python](https://github.com/crossbario/autobahn-python) | WebSocket and WAMP in Python for Twisted and asyncio | crossbario | mit | 2380 |
| [https://github.com/Lookyloo/uwhoisd](https://github.com/Lookyloo/uwhoisd) | A 'Universal WHOIS' proxy server - you query it, it gives back the correct details | Lookyloo | mit | 9 |
| [https://github.com/brandonlw/Psychson](https://github.com/brandonlw/Psychson) | Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches (BadUSB) | brandonlw | mit | 3926 |
| [https://github.com/kgaughan/uwhoisd](https://github.com/kgaughan/uwhoisd) | A 'Universal WHOIS' proxy server - you query it, it gives back the correct details | kgaughan | mit | 38 |
| [https://github.com/wifiphisher/wifiphisher](https://github.com/wifiphisher/wifiphisher) | The Rogue Access Point Framework | wifiphisher | gpl-3.0 | 11226 |
| [https://github.com/360netlab/flint](https://github.com/360netlab/flint) | The python client of passivedns.cn | 360netlab | bsd-2-clause | 91 |
| [https://github.com/yinqiwen/ardb](https://github.com/yinqiwen/ardb) | A redis protocol compatible nosql, it support multiple storage engines as backend like Google's LevelDB, Facebook's RocksDB, OpenLDAP's LMDB, PerconaFT, WiredTiger, ForestDB. | yinqiwen | bsd-3-clause | 1752 |
| [https://github.com/volatilityfoundation/profiles](https://github.com/volatilityfoundation/profiles) | Volatility profiles for Linux and Mac OS X | volatilityfoundation | | 295 |
| [https://github.com/dholm/dotgdb](https://github.com/dholm/dotgdb) | GDB scripts to add support for low level debugging and reverse engineering | dholm | | 137 |
| [https://github.com/kevthehermit/Maildb](https://github.com/kevthehermit/Maildb) | Python Web App to Parse and Track Email and http Pcap Files. | kevthehermit | other | 55 |
| [https://github.com/tmux-plugins/tmux-resurrect](https://github.com/tmux-plugins/tmux-resurrect) | Persists tmux environment across system restarts. | tmux-plugins | mit | 9283 |
| [https://github.com/wapiflapi/binglide](https://github.com/wapiflapi/binglide) | Visual reverse engineering tool. Veles is better, use it. Don't use this. | wapiflapi | mit | 571 |
| [https://github.com/CIRCL/potiron](https://github.com/CIRCL/potiron) | Potiron - Normalize, Index and Visualize Network Capture | CIRCL | | 73 |
| [https://github.com/johnnykv/mnemosyne](https://github.com/johnnykv/mnemosyne) | Normalizer for honeypot data. | johnnykv | gpl-3.0 | 42 |
| [https://github.com/jviereck/vedit](https://github.com/jviereck/vedit) | A new code editor - different by behavior | jviereck | | 64 |
| [https://github.com/ctfs/write-ups-2014](https://github.com/ctfs/write-ups-2014) | Wiki-like CTF write-ups repository, maintained by the community. 2014 | ctfs | | 1790 |
| [https://github.com/signalapp/Signal-Android](https://github.com/signalapp/Signal-Android) | A private messenger for Android. | signalapp | gpl-3.0 | 22980 |
| [https://github.com/certtools/intelmq-manager](https://github.com/certtools/intelmq-manager) | IntelMQ Manager is a graphical interface to manage configurations for IntelMQ framework. | certtools | | 99 |
| [https://github.com/radareorg/radare2](https://github.com/radareorg/radare2) | UNIX-like reverse engineering framework and command-line toolset | radareorg | lgpl-3.0 | 17099 |
| [https://github.com/Rafiot/MyNSA](https://github.com/Rafiot/MyNSA) | Playing the NSA at home, and discover what your devices do in the background. | Rafiot | | 3 |
| [https://github.com/OpenRCE/sulley](https://github.com/OpenRCE/sulley) | A pure-python fully automated and unattended fuzzing framework. | OpenRCE | gpl-2.0 | 1342 |
| [https://github.com/usb-tools/USBProxy-legacy](https://github.com/usb-tools/USBProxy-legacy) | A proxy for USB devices, libUSB and gadgetFS - this project is unmaintained, try here: https://github.com/usb-tools/Facedancer | usb-tools | gpl-2.0 | 399 |
| [https://github.com/CIRCL/AIL-framework](https://github.com/CIRCL/AIL-framework) | AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project | CIRCL | agpl-3.0 | 1200 |
| [https://github.com/kyrus/crypto-un-locker](https://github.com/kyrus/crypto-un-locker) | | kyrus | mit | 32 |
| [https://github.com/freeoks/SD0_reader](https://github.com/freeoks/SD0_reader) | Program for reading Mayhem hidden filesystem | freeoks | | 6 |
| [https://github.com/FinFisher/FinFly-Web](https://github.com/FinFisher/FinFly-Web) | | FinFisher | | 228 |
| [https://github.com/CIRCL/bgp-ranking](https://github.com/CIRCL/bgp-ranking) | BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN). | CIRCL | other | 98 |
| [https://github.com/xyz2tex/svg2tikz](https://github.com/xyz2tex/svg2tikz) | An Inkscape extension for exporting SVG paths as TikZ/PGF paths | xyz2tex | other | 386 |
| [https://github.com/dkovar/ircollect](https://github.com/dkovar/ircollect) | ircollect | dkovar | apache-2.0 | 29 |
| [https://github.com/certtools/intelmq](https://github.com/certtools/intelmq) | IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol. | certtools | agpl-3.0 | 778 |
| [https://github.com/regit/pshitt](https://github.com/regit/pshitt) | Passwords of SSH Intruders Transferred to Text | regit | gpl-3.0 | 137 |
| [https://github.com/blackswanburst/classify6](https://github.com/blackswanburst/classify6) | An command line tool (written in OCAML) to classify IPv6 addresses, and provide a bit of further information. | blackswanburst | | 5 |
| [https://github.com/crits/crits](https://github.com/crits/crits) | CRITs - Collaborative Research Into Threats | crits | other | 825 |
| [https://github.com/DrWhax/truecrypt-archive](https://github.com/DrWhax/truecrypt-archive) | Archive of (almost) all truecrypt releases - Please audit this repository! | DrWhax | | 678 |
| [https://github.com/onionshare/onionshare](https://github.com/onionshare/onionshare) | Securely and anonymously share files, host websites, and chat with friends using the Tor network | onionshare | other | 5380 |
| [https://github.com/ikkisoft/bradamsa](https://github.com/ikkisoft/bradamsa) | Burp Suite extension to generate Intruder payloads using Radamsa | ikkisoft | gpl-3.0 | 85 |
| [https://github.com/google/certificate-transparency](https://github.com/google/certificate-transparency) | Auditing for TLS certificates. | google | apache-2.0 | 828 |
| [https://github.com/addthis/hydra](https://github.com/addthis/hydra) | | addthis | apache-2.0 | 439 |
| [https://github.com/theopolis/uefi-firmware-parser](https://github.com/theopolis/uefi-firmware-parser) | Parse BIOS/Intel ME/UEFI firmware related structures: Volumes, FileSystems, Files, etc | theopolis | other | 576 |
| [https://github.com/sumanj/frankencert](https://github.com/sumanj/frankencert) | Frankencert - Adversarial Testing of Certificate Validation in SSL/TLS Implementations | sumanj | | 154 |
| [https://github.com/gentilkiwi/mimikatz](https://github.com/gentilkiwi/mimikatz) | A little tool to play with Windows security | gentilkiwi | | 16255 |
| [https://github.com/chris-barry/darkweb-everywhere](https://github.com/chris-barry/darkweb-everywhere) | HTTPS Everywhere rulesets for hidden services and eepsites. | chris-barry | other | 154 |
| [https://github.com/secviz/davix](https://github.com/secviz/davix) | Data Analysis and Visualization Linux Toolset | secviz | | 58 |
| [https://github.com/PoshSec/PoshSec](https://github.com/PoshSec/PoshSec) | PoshSec PowerShell Module | PoshSec | other | 157 |
| [https://github.com/jamu/pwnypot](https://github.com/jamu/pwnypot) | Malicious Code Execution Detection Prevention (MCEDP) High Interaction Client Honeypot | jamu | | 9 |
| [https://github.com/elastic/beats](https://github.com/elastic/beats) | :tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash | elastic | other | 11345 |
| [https://github.com/Trefex/arduino-airquality](https://github.com/Trefex/arduino-airquality) | In this project, we are building an Arduino based platform to measure air quality and map it using GPS coordinates. | Trefex | | 52 |
| [https://github.com/awruef/find-heartbleed](https://github.com/awruef/find-heartbleed) | clang checker to find heartbleed | awruef | | 83 |
| [https://github.com/MISP/PyMISP](https://github.com/MISP/PyMISP) | Python library using the MISP Rest API | MISP | other | 328 |
| [https://github.com/chipsec/chipsec](https://github.com/chipsec/chipsec) | Platform Security Assessment Framework | chipsec | gpl-2.0 | 2526 |
| [https://github.com/kevthehermit/RATDecoders](https://github.com/kevthehermit/RATDecoders) | Python Decoders for Common Remote Access Trojans | kevthehermit | mit | 992 |
| [https://github.com/simsong/bulk_extractor](https://github.com/simsong/bulk_extractor) | This is the development tree. Production downloads are at: | simsong | other | 725 |
| [https://github.com/robertdavidgraham/heartleech](https://github.com/robertdavidgraham/heartleech) | Demonstrates the "heartbleed" problem using full OpenSSL stack | robertdavidgraham | agpl-3.0 | 691 |
| [https://github.com/rscmbbng/Border-Check](https://github.com/rscmbbng/Border-Check) | | rscmbbng | | 25 |
| [https://github.com/tweepy/tweepy](https://github.com/tweepy/tweepy) | Twitter for Python! | tweepy | mit | 9232 |
| [https://github.com/vmt/udis86](https://github.com/vmt/udis86) | Disassembler Library for x86 and x86-64 | vmt | bsd-2-clause | 879 |
| [https://github.com/google/pyringe](https://github.com/google/pyringe) | Debugger capable of attaching to and injecting code into python processes. | google | other | 1630 |
| [https://github.com/everpix/Everpix-Intelligence](https://github.com/everpix/Everpix-Intelligence) | Uncensored Everpix metrics, financials and business data for your perusing | everpix | | 2432 |
| [https://github.com/rr-debugger/rr](https://github.com/rr-debugger/rr) | Record and Replay Framework | rr-debugger | other | 7449 |
| [https://github.com/flowztul/pandoras_bochs](https://github.com/flowztul/pandoras_bochs) | Official repository of Pandora's Bochs, a Bochs-based automated unpacker for runtime-packed Windows executables | flowztul | | 13 |
| [https://github.com/rescrv/busybee](https://github.com/rescrv/busybee) | BusyBee is a high-performance messaging layer | rescrv | bsd-3-clause | 39 |
| [https://github.com/veorq/SipHash](https://github.com/veorq/SipHash) | High-speed secure pseudorandom function for short messages | veorq | cc0-1.0 | 519 |
| [https://github.com/mmozeiko/aes-finder](https://github.com/mmozeiko/aes-finder) | Utility to find AES keys in running processes | mmozeiko | | 801 |
| [https://github.com/DarthTon/Xenos](https://github.com/DarthTon/Xenos) | Windows dll injector | DarthTon | mit | 1513 |
| [https://github.com/eset/malware-ioc](https://github.com/eset/malware-ioc) | Indicators of Compromises (IOC) of our various investigations | eset | bsd-2-clause | 1277 |
| [https://github.com/alfredxing/brick](https://github.com/alfredxing/brick) | Open-source webfont service | alfredxing | | 2878 |
| [https://github.com/corelan/windbglib](https://github.com/corelan/windbglib) | Public repository for windbglib, a wrapper around pykd.pyd (for Windbg), used by mona.py | corelan | bsd-3-clause | 280 |
| [https://github.com/simsong/privacy-auditing-book](https://github.com/simsong/privacy-auditing-book) | Privacy auditing book | simsong | | 11 |
| [https://github.com/p2p-hacker-fr/articles](https://github.com/p2p-hacker-fr/articles) | Collection of collaborative articles about p2p | p2p-hacker-fr | | 12 |
| [https://github.com/dsiroky/snakemq](https://github.com/dsiroky/snakemq) | Small cross-platform Python library for easy and reliable communication between hosts. | dsiroky | mit | 124 |
| [https://github.com/papers-we-love/papers-we-love](https://github.com/papers-we-love/papers-we-love) | Papers from the computer science community to read and discuss. | papers-we-love | | 65433 |
| [https://github.com/yatish27/linkedin-scraper](https://github.com/yatish27/linkedin-scraper) | Scrapes the public profile of the linkedin page | yatish27 | mit | 536 |
| [https://github.com/SteveClement/irssi-python](https://github.com/SteveClement/irssi-python) | Irssi-python bindings | SteveClement | gpl-2.0 | 2 |
| [https://github.com/cokebottle/ASgrank](https://github.com/cokebottle/ASgrank) | ASgrank | cokebottle | | 3 |
| [https://github.com/JustinAzoff/bro-pdns](https://github.com/JustinAzoff/bro-pdns) | Passive DNS collection using Bro | JustinAzoff | mit | 170 |
| [https://github.com/sleuthkit/sleuthkit](https://github.com/sleuthkit/sleuthkit) | The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. | sleuthkit | | 2128 |
| [https://github.com/jeffbryner/timeBoss](https://github.com/jeffbryner/timeBoss) | UI for forensic filtering of filesystem mac times. | jeffbryner | other | 15 |
| [https://github.com/bez0r/pDNS2](https://github.com/bez0r/pDNS2) | Passive DNS V2 | bez0r | gpl-3.0 | 64 |
| [https://github.com/dnsdb/dnsdbq](https://github.com/dnsdb/dnsdbq) | DNSDB API Client, C Version | dnsdb | | 74 |
| [https://github.com/resume/resume.github.com](https://github.com/resume/resume.github.com) | Resumes generated using the GitHub informations | resume | | 58705 |
| [https://github.com/bitly/dablooms](https://github.com/bitly/dablooms) | scaling, counting, bloom filter library | bitly | mit | 962 |
| [https://github.com/hfaran/Tornado-JSON](https://github.com/hfaran/Tornado-JSON) | A simple JSON API framework based on Tornado | hfaran | mit | 270 |
| [https://github.com/chokepoint/azazel](https://github.com/chokepoint/azazel) | Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. | chokepoint | gpl-2.0 | 722 |
| [https://github.com/bup/bup](https://github.com/bup/bup) | Very efficient backup system based on the git packfile format, providing fast incremental saves and global deduplication (among and within files, including virtual machine images). Please post problems or patches to the mailing list for discussion (see the end of the README below). | bup | other | 6820 |
| [https://github.com/jedisct1/iptrap](https://github.com/jedisct1/iptrap) | A simple, but damn fast sinkhole | jedisct1 | other | 60 |
| [https://github.com/Katee/quietnet](https://github.com/Katee/quietnet) | Simple chat program that communicates using inaudible sounds | Katee | mit | 2930 |
| [https://github.com/meejah/txtorcon](https://github.com/meejah/txtorcon) | Twisted-based asynchronous Tor control protocol implementation. Includes unit-tests, examples, state-tracking code and configuration abstraction. | meejah | mit | 237 |
| [https://github.com/ytisf/theZoo](https://github.com/ytisf/theZoo) | A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public. | ytisf | other | 9078 |
| [https://github.com/cryptotronix/hashlet](https://github.com/cryptotronix/hashlet) | Driver and application software for the Cryptotronix Hashlet | cryptotronix | gpl-3.0 | 60 |
| [https://github.com/ambitioninc/fleming](https://github.com/ambitioninc/fleming) | Python functions for manipulating datetime objects with respect to their time zone | ambitioninc | other | 50 |
| [https://github.com/influxdata/influxdb](https://github.com/influxdata/influxdb) | Scalable datastore for metrics, events, and real-time analytics | influxdata | mit | 24382 |
| [https://github.com/cmichi/twitterwall](https://github.com/cmichi/twitterwall) | Display topic-related tweets in realtime. Using node.js, socket.io & jQuery. | cmichi | | 41 |
| [https://github.com/bwall/ircsnapshot](https://github.com/bwall/ircsnapshot) | Tool to gather information from IRC servers | bwall | mit | 87 |
| [https://github.com/jrnold/ggthemes](https://github.com/jrnold/ggthemes) | Additional themes, scales, and geoms for ggplot2 | jrnold | | 1204 |
| [https://github.com/NullHypothesis/exitmap](https://github.com/NullHypothesis/exitmap) | A fast and modular scanner for Tor exit relays. The canonical repository (including issue tracker) is at https://gitlab.torproject.org/tpo/network-health/exitmap | NullHypothesis | gpl-3.0 | 456 |
| [https://github.com/FFM/pycryptopan](https://github.com/FFM/pycryptopan) | A Crypto-PAn implementation for python | FFM | lgpl-3.0 | 8 |
| [https://github.com/joke2k/faker](https://github.com/joke2k/faker) | Faker is a Python package that generates fake data for you. | joke2k | mit | 14942 |
| [https://github.com/d-fence/frit](https://github.com/d-fence/frit) | A framework that ease the use of the numerous forensic open source tools. | d-fence | gpl-3.0 | 6 |
| [https://github.com/skyhover/Deckard](https://github.com/skyhover/Deckard) | Code clone detection; clone-related bug detection; sematic clone analysis | skyhover | other | 183 |
| [https://github.com/wallabag/wallabag](https://github.com/wallabag/wallabag) | wallabag is a self hostable application for saving web pages: Save and classify articles. Read them later. Freely. | wallabag | mit | 7550 |
| [https://github.com/spotify/annoy](https://github.com/spotify/annoy) | Approximate Nearest Neighbors in C++/Python optimized for memory usage and loading/saving to disk | spotify | apache-2.0 | 10429 |
| [https://github.com/catid/cymric](https://github.com/catid/cymric) | Cymric - Portable secure random number generator | catid | | 19 |
| [https://github.com/mozilla/cipherscan](https://github.com/mozilla/cipherscan) | A very simple way to find out which SSL ciphersuites are supported by a target. | mozilla | mpl-2.0 | 1861 |
| [https://github.com/asciidoctor/asciidoctor-pdf](https://github.com/asciidoctor/asciidoctor-pdf) | :page_with_curl: Asciidoctor PDF: A native PDF converter for AsciiDoc based on Asciidoctor and Prawn, written entirely in Ruby. | asciidoctor | mit | 1017 |
| [https://github.com/cr0hn/info2cpe](https://github.com/cr0hn/info2cpe) | Library to convert a information text (server banner, for example) into CPE v2.3 value | cr0hn | gpl-2.0 | 20 |
| [https://github.com/certtools/contactdb](https://github.com/certtools/contactdb) | The ContactDB project was initiated to cover the need for a tool to maintain contacts for CSIRT teams | certtools | agpl-3.0 | 35 |
| [https://github.com/wopot/jsgifkeylogger](https://github.com/wopot/jsgifkeylogger) | a javascript keylogger included in a gif file | wopot | mit | 38 |
| [https://github.com/offensive-security/exploitdb](https://github.com/offensive-security/exploitdb) | The official Exploit Database repository | offensive-security | gpl-2.0 | 7561 |
| [https://github.com/SoftEtherVPN/SoftEtherVPN](https://github.com/SoftEtherVPN/SoftEtherVPN) | Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable. | SoftEtherVPN | apache-2.0 | 9409 |
| [https://github.com/unixpickle/JamWiFi](https://github.com/unixpickle/JamWiFi) | A GUI, easy to use WiFi network jammer for Mac OS X | unixpickle | | 774 |
| [https://github.com/exaexa/codecrypt](https://github.com/exaexa/codecrypt) | Post-quantum cryptography tool (THIS REPOSITORY IS ONLY A MIRROR OF THE MAIN ONE, PLEASE DO NOT FILE BUGS HERE) | exaexa | lgpl-3.0 | 281 |
| [https://github.com/python-visualization/folium](https://github.com/python-visualization/folium) | Python Data. Leaflet.js Maps. | python-visualization | mit | 5946 |
| [https://github.com/elvanderb/TCP-32764](https://github.com/elvanderb/TCP-32764) | some codes and notes about the backdoor listening on TCP-32764 in linksys WAG200G. | elvanderb | other | 1290 |
| [https://github.com/KDr2/redis-leveldb](https://github.com/KDr2/redis-leveldb) | A redis-protocol compatible frontend to google's leveldb | KDr2 | mit | 188 |
| [https://github.com/ifduyue/pyssdb](https://github.com/ifduyue/pyssdb) | An SSDB Client Library for Python | ifduyue | bsd-2-clause | 109 |
| [https://github.com/ideawu/ssdb](https://github.com/ideawu/ssdb) | SSDB - A fast NoSQL database, an alternative to Redis | ideawu | bsd-3-clause | 7966 |
| [https://github.com/srinikom/leveldb-server](https://github.com/srinikom/leveldb-server) | Database server based on leveldb storage engine | srinikom | bsd-3-clause | 122 |
| [https://github.com/farsightsec/wdns](https://github.com/farsightsec/wdns) | low-level DNS library | farsightsec | apache-2.0 | 17 |
| [https://github.com/spyoungtech/grequests](https://github.com/spyoungtech/grequests) | Requests + Gevent = <3 | spyoungtech | bsd-2-clause | 4138 |
| [https://github.com/averagesecurityguy/twanalyze](https://github.com/averagesecurityguy/twanalyze) | Extract useful information from a Twitter account. | averagesecurityguy | bsd-3-clause | 35 |
| [https://github.com/enigma0x3/Old-Powershell-payload-Excel-Delivery](https://github.com/enigma0x3/Old-Powershell-payload-Excel-Delivery) | This version touches disk for registry persistence. | enigma0x3 | | 23 |
| [https://github.com/kevthehermit/YaraPcap](https://github.com/kevthehermit/YaraPcap) | Process HTTP Pcaps With YARA | kevthehermit | | 86 |
| [https://github.com/chrislee35/passivedns-client](https://github.com/chrislee35/passivedns-client) | passivedns-client provides a library and a query tool for querying several passive DNS providers | chrislee35 | mit | 190 |
| [https://github.com/sripathikrishnan/redis-rdb-tools](https://github.com/sripathikrishnan/redis-rdb-tools) | Parse Redis dump.rdb files, Analyze Memory, and Export Data to JSON | sripathikrishnan | mit | 4592 |
| [https://github.com/bd808/python-iptools](https://github.com/bd808/python-iptools) | A few useful functions and objects for manipulating ip addresses in python. | bd808 | bsd-2-clause | 68 |
| [https://github.com/EtiennePerot/parcimonie.sh](https://github.com/EtiennePerot/parcimonie.sh) | Refresh your GnuPG keyring without disclosing your whole contact list to the world | EtiennePerot | wtfpl | 219 |
| [https://github.com/golismero/golismero](https://github.com/golismero/golismero) | GoLismero - The Web Knife | golismero | gpl-2.0 | 808 |
| [https://github.com/SpiderLabs/Responder](https://github.com/SpiderLabs/Responder) | Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. | SpiderLabs | gpl-3.0 | 3922 |
| [https://github.com/toolswatch/vFeed](https://github.com/toolswatch/vFeed) | The Correlated CVE Vulnerability And Threat Intelligence Database API | toolswatch | other | 892 |
| [https://github.com/carmaa/inception](https://github.com/carmaa/inception) | Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces. | carmaa | | 1481 |
| [https://github.com/abemassry/wsend-gpg](https://github.com/abemassry/wsend-gpg) | Encrypted end to end file transfer | abemassry | gpl-3.0 | 102 |
| [https://github.com/kholia/passe-partout](https://github.com/kholia/passe-partout) | passe-partout is a tool to extract SSL private keys from process memory written by Nicolas Collignon and Jean-Baptiste Aviat (passe-partout@hsc.fr). | kholia | | 63 |
| [https://github.com/kholia/PGPCrack-NG](https://github.com/kholia/PGPCrack-NG) | PGPCrack-NG is a program designed to brute-force symmetrically encrypted PGP files. It is a replacment for the long dead PGPCrack. | kholia | | 25 |
| [https://github.com/pierce403/keyhunter](https://github.com/pierce403/keyhunter) | A tool to recover lost bitcoin private keys from dead harddrives. | pierce403 | | 284 |
| [https://github.com/wavexx/fgallery](https://github.com/wavexx/fgallery) | a modern, minimalist javascript photo gallery | wavexx | gpl-2.0 | 248 |
| [https://github.com/encrypt-to/encrypt.to](https://github.com/encrypt-to/encrypt.to) | Send encrypted PGP messages with one click | encrypt-to | mit | 130 |
| [https://github.com/jackjack-jj/pywallet](https://github.com/jackjack-jj/pywallet) | bitcoin wallet importer/exporter | jackjack-jj | | 451 |
| [https://github.com/1aN0rmus/TekDefense-Automater](https://github.com/1aN0rmus/TekDefense-Automater) | Automater - IP URL and MD5 OSINT Analysis | 1aN0rmus | mit | 477 |
| [https://github.com/etsy/MIDAS](https://github.com/etsy/MIDAS) | Mac Intrusion Detection Analysis System | etsy | | 835 |
| [https://github.com/indutny/bud](https://github.com/indutny/bud) | **NOT MAINTAINED** Bud - The TLS Terminator | indutny | | 455 |
| [https://github.com/infosec-sharing-archive/MISP-TAXII--broken-](https://github.com/infosec-sharing-archive/MISP-TAXII--broken-) | (broken) THIS TOOL IS NOT MAINTAINED AND NOT WORKING ANYMORE WITH MISP | infosec-sharing-archive | agpl-3.0 | 1 |
| [https://github.com/ReFirmLabs/binwalk](https://github.com/ReFirmLabs/binwalk) | Firmware Analysis Tool | ReFirmLabs | mit | 8646 |
| [https://github.com/bramcohen/DissidentX](https://github.com/bramcohen/DissidentX) | Bram's steganographic framework | bramcohen | | 482 |
| [https://github.com/jperla/sentiment-data](https://github.com/jperla/sentiment-data) | sentiment analysis datasets | jperla | | 93 |
| [https://github.com/danielmiessler/SecLists](https://github.com/danielmiessler/SecLists) | SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. | danielmiessler | mit | 42729 |
| [https://github.com/hbs/PySSSS](https://github.com/hbs/PySSSS) | Python Shamir Secret Sharing Scheme | hbs | | 47 |
| [https://github.com/P1sec/country_adjacency](https://github.com/P1sec/country_adjacency) | Country adjacency datasets | P1sec | agpl-3.0 | 9 |
| [https://github.com/wummel/linkchecker](https://github.com/wummel/linkchecker) | check links in web documents or full websites | wummel | gpl-2.0 | 1382 |
| [https://github.com/basil00/Divert](https://github.com/basil00/Divert) | WinDivert: Windows Packet Divert | basil00 | other | 1831 |
| [https://github.com/oleiade/trousseau](https://github.com/oleiade/trousseau) | File based encrypted key-value store | oleiade | mit | 950 |
| [https://github.com/philgyford/twelescreen](https://github.com/philgyford/twelescreen) | A fullscreen, one-Tweet-at-a-time Twitter display. Runs on Node.js. | philgyford | other | 40 |
| [https://github.com/protobuf-c/protobuf-c](https://github.com/protobuf-c/protobuf-c) | Protocol Buffers implementation in C | protobuf-c | other | 2193 |
| [https://github.com/kohler/ipsumdump](https://github.com/kohler/ipsumdump) | Ipsumdump and other programs for command-line network trace manipulation. | kohler | | 31 |
| [https://github.com/JustinAzoff/bro_scripts](https://github.com/JustinAzoff/bro_scripts) | Analysis scripts for the Bro Intrusion Detection System | JustinAzoff | other | 57 |
| [https://github.com/facebook/rocksdb](https://github.com/facebook/rocksdb) | A library that provides an embeddable, persistent key-value store for fast storage. | facebook | gpl-2.0 | 23894 |
| [https://github.com/dzzie/VS_LIBEMU](https://github.com/dzzie/VS_LIBEMU) | Visual Studio 2008 port of the libemu library that includes scdbg.exe, a modification of the sctest project, that includes more hooks, interactive debugging, reporting features, and ability to work with file format exploit shellcode. Will run under WINE | dzzie | | 160 |
| [https://github.com/DanMcInerney/LANs.py](https://github.com/DanMcInerney/LANs.py) | Inject code and spy on wifi users | DanMcInerney | gpl-3.0 | 2505 |
| [https://github.com/viper-framework/viper](https://github.com/viper-framework/viper) | Binary analysis and management framework | viper-framework | other | 1497 |
| [https://github.com/jeffbryner/pyKeylogger](https://github.com/jeffbryner/pyKeylogger) | python client/server keystroke logger | jeffbryner | other | 19 |
| [https://github.com/piannucci/blurt](https://github.com/piannucci/blurt) | Data over audio | piannucci | mit | 78 |
| [https://github.com/tomchop/malcom](https://github.com/tomchop/malcom) | Malcom - Malware Communications Analyzer | tomchop | other | 1052 |
| [https://github.com/gokyle/sshcrypt](https://github.com/gokyle/sshcrypt) | Encrypt files using Cryptobox and SSH keys. | gokyle | isc | 16 |
| [https://github.com/Pythonity/font-awesome-to-png](https://github.com/Pythonity/font-awesome-to-png) | Exports Font Awesome icons as PNG images | Pythonity | | 623 |
| [https://github.com/ArmoredPidgin/pidgin-hardened](https://github.com/ArmoredPidgin/pidgin-hardened) | Clone of the official pidgin repository, with hardening options (apparmor profile, gcc options) | ArmoredPidgin | gpl-2.0 | 3 |
| [https://github.com/bwalex/tc-play](https://github.com/bwalex/tc-play) | Free and simple TrueCrypt/VeraCrypt Implementation based on dm-crypt | bwalex | bsd-2-clause | 535 |
| [https://github.com/konklone/fisacourt](https://github.com/konklone/fisacourt) | Watching the FISA Court's public docket. | konklone | cc0-1.0 | 41 |
| [https://github.com/bennoleslie/pexif](https://github.com/bennoleslie/pexif) | Python EXIF parsing | bennoleslie | mit | 120 |
| [https://github.com/luispedro/BuildingMachineLearningSystemsWithPython](https://github.com/luispedro/BuildingMachineLearningSystemsWithPython) | Source Code for the book Building Machine Learning Systems with Python | luispedro | mit | 2111 |
| [https://github.com/Xen0ph0n/YaraGenerator](https://github.com/Xen0ph0n/YaraGenerator) | Automatic Yara Rule Generation | Xen0ph0n | | 307 |
| [https://github.com/infosec-sharing-archive/misp-maltego-old](https://github.com/infosec-sharing-archive/misp-maltego-old) | few transforms to make Maltego interface with MISP REST API (deprecated, use MISP-maltego) | infosec-sharing-archive | | 6 |
| [https://github.com/hexgolems/pint](https://github.com/hexgolems/pint) | A debugger backend and LUA wrapper for PIN | hexgolems | | 30 |
| [https://github.com/antonmks/Alenka](https://github.com/antonmks/Alenka) | GPU database engine | antonmks | other | 1157 |
| [https://github.com/panda-re/panda](https://github.com/panda-re/panda) | Platform for Architecture-Neutral Dynamic Analysis | panda-re | other | 2148 |
| [https://github.com/averagesecurityguy/scripts](https://github.com/averagesecurityguy/scripts) | Scripts I use during pentest engagements. | averagesecurityguy | other | 910 |
| [https://github.com/jbremer/darm](https://github.com/jbremer/darm) | A light-weight and efficient disassembler written in C for the ARMv7 instruction set. | jbremer | bsd-3-clause | 205 |
| [https://github.com/akngs/dviz](https://github.com/akngs/dviz) | | akngs | mit | 372 |
| [https://github.com/robertdavidgraham/masscan](https://github.com/robertdavidgraham/masscan) | TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. | robertdavidgraham | other | 19995 |
| [https://github.com/takemaru/graphillion](https://github.com/takemaru/graphillion) | Fast, lightweight graphset operation library | takemaru | other | 409 |
| [https://github.com/pyeve/eve](https://github.com/pyeve/eve) | REST API framework designed for human beings | pyeve | other | 6550 |
| [https://github.com/csirtgadgets/krenk-protocol](https://github.com/csirtgadgets/krenk-protocol) | the simplest way to convey disclosure guidelines. | csirtgadgets | lgpl-3.0 | 1 |
| [https://github.com/i4ki/pymalelf](https://github.com/i4ki/pymalelf) | Python bindings to libmalelf (https://github.com/SecPlus/libmalelf) | i4ki | other | 4 |
| [https://github.com/CybOXProject/python-cybox](https://github.com/CybOXProject/python-cybox) | A Python library for parsing, manipulating, and generating CybOX content. | CybOXProject | bsd-3-clause | 72 |
| [https://github.com/cartazio/HaNS](https://github.com/cartazio/HaNS) | HaNS, a haskell network stack (currently an archeology project, but maybe can be revived) | cartazio | bsd-3-clause | 4 |
| [https://github.com/sopel-irc/sopel](https://github.com/sopel-irc/sopel) | :robot::speech_balloon: An easy-to-use and highly extensible IRC Bot framework. Formerly Willie. | sopel-irc | other | 921 |
| [https://github.com/intrepidusgroup/xref_finder](https://github.com/intrepidusgroup/xref_finder) | | intrepidusgroup | | 21 |
| [https://github.com/spotify/sparkey](https://github.com/spotify/sparkey) | Simple constant key/value storage library, for read-heavy systems with infrequent large bulk inserts. | spotify | apache-2.0 | 982 |
| [https://github.com/wibiti/uncompyle2](https://github.com/wibiti/uncompyle2) | Python 2.7 decompiler | wibiti | | 1183 |
| [https://github.com/mushorg/buttinsky](https://github.com/mushorg/buttinsky) | Botnet monitoring is a crucial part in threat analysis and often neglected due to the lack of proper open source tools. Our tool will provide an open source framework for automated botnet monitoring. The modular design will allow full customization of the used protocols, the monitoring clients behavior, how we log the collected information, processing of the data to analyze the botnets purpose, size and threat and how the monitoring task are distributed between dedicated nodes. | mushorg | gpl-3.0 | 77 |
| [https://github.com/devrandom/gitian-builder](https://github.com/devrandom/gitian-builder) | Build packages in a secure deterministic fashion inside a VM | devrandom | other | 394 |
| [https://github.com/STIXProject/schemas](https://github.com/STIXProject/schemas) | STIX Schema Development | STIXProject | | 74 |
| [https://github.com/bryannolen/DFIR-PUBLIC](https://github.com/bryannolen/DFIR-PUBLIC) | | bryannolen | | 12 |
| [https://github.com/mailpile/Mailpile](https://github.com/mailpile/Mailpile) | A free & open modern, fast email client with user-friendly encryption and privacy features | mailpile | other | 8672 |
| [https://github.com/goldsmith/Wikipedia](https://github.com/goldsmith/Wikipedia) | A Pythonic wrapper for the Wikipedia API | goldsmith | mit | 2516 |
| [https://github.com/MAECProject/python-maec](https://github.com/MAECProject/python-maec) | A Python library for parsing, manipulating, and generating MAEC content. | MAECProject | bsd-3-clause | 38 |
| [https://github.com/wking/rss2email](https://github.com/wking/rss2email) | open-source tool for Windows, Mac OS and UNIX for getting news from RSS feeds in email | wking | gpl-2.0 | 264 |
| [https://github.com/Rafiot/bgpranking-hilbert](https://github.com/Rafiot/bgpranking-hilbert) | Representation of the IP addresses gathered in BGP Ranking on an Hilbert Map. | Rafiot | | 3 |
| [https://github.com/nbareil/seccomp-nurse](https://github.com/nbareil/seccomp-nurse) | Sandboxing framework based on SECCOMP | nbareil | | 51 |
| [https://github.com/holman/gifme](https://github.com/holman/gifme) | Fucking animations. You need them. | holman | | 323 |
| [https://github.com/greatscottgadgets/hackrf](https://github.com/greatscottgadgets/hackrf) | low cost software radio platform | greatscottgadgets | gpl-2.0 | 4926 |
| [https://github.com/Bitmessage/PyBitmessage](https://github.com/Bitmessage/PyBitmessage) | Reference client for Bitmessage: a P2P encrypted decentralised communication protocol: | Bitmessage | other | 2735 |
| [https://github.com/cjdelisle/cjdns](https://github.com/cjdelisle/cjdns) | An encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. | cjdelisle | gpl-3.0 | 4929 |
| [https://github.com/DrDub/urlclassy](https://github.com/DrDub/urlclassy) | URL Classy: Guessing a class for a URL only from its text | DrDub | gpl-3.0 | 6 |
| [https://github.com/urllib3/urllib3](https://github.com/urllib3/urllib3) | Python HTTP library with thread-safe connection pooling, file post support, user friendly, and more. | urllib3 | mit | 3185 |
| [https://github.com/jamessan/vim-gnupg](https://github.com/jamessan/vim-gnupg) | This script implements transparent editing of gpg encrypted files. | jamessan | | 651 |
| [https://github.com/martinblech/xmltodict](https://github.com/martinblech/xmltodict) | Python module that makes working with XML feel like you are working with JSON | martinblech | mit | 4960 |
| [https://github.com/REhints/HexRaysCodeXplorer](https://github.com/REhints/HexRaysCodeXplorer) | Hex-Rays Decompiler plugin for better code navigation | REhints | | 1962 |
| [https://github.com/richo/hw_rand](https://github.com/richo/hw_rand) | A python wrapper for poking at RDRAND | richo | mit | 11 |
| [https://github.com/robotmay/photographer-io](https://github.com/robotmay/photographer-io) | An open source photography community. No longer in production but still open source. | robotmay | mit | 670 |
| [https://github.com/CIRCL/pcapdj](https://github.com/CIRCL/pcapdj) | pcapdj - dispatch pcap files | CIRCL | agpl-3.0 | 38 |
| [https://github.com/isislovecruft/python-gnupg](https://github.com/isislovecruft/python-gnupg) | A modified version of python-gnupg, including security patches, extensive documentation, and extra features. | isislovecruft | other | 408 |
| [https://github.com/davidbau/seedrandom](https://github.com/davidbau/seedrandom) | seeded random number generator for Javascript | davidbau | | 1826 |
| [https://github.com/PowerShellMafia/PowerSploit](https://github.com/PowerShellMafia/PowerSploit) | PowerSploit - A PowerShell Post-Exploitation Framework | PowerShellMafia | other | 10028 |
| [https://github.com/Rafiot/STARTTLS-Probe](https://github.com/Rafiot/STARTTLS-Probe) | Probe SMTP servers to find out if they support STARTTLS | Rafiot | | 1 |
| [https://github.com/certsocietegenerale/event2timeline](https://github.com/certsocietegenerale/event2timeline) | Simple Microsoft Windows sessions event logs visualization | certsocietegenerale | gpl-3.0 | 134 |
| [https://github.com/swirepe/personalscripts](https://github.com/swirepe/personalscripts) | a peek into what I do during the day | swirepe | | 13 |
| [https://github.com/gevent/gevent](https://github.com/gevent/gevent) | Coroutine-based concurrency library for Python | gevent | other | 5832 |
| [https://github.com/fonnesbeck/statistical-analysis-python-tutorial](https://github.com/fonnesbeck/statistical-analysis-python-tutorial) | Statistical Data Analysis in Python | fonnesbeck | | 1470 |
| [https://github.com/EiNSTeiN-/decompiler](https://github.com/EiNSTeiN-/decompiler) | A decompiler with multiple backend support, written in Python. Works with IDA and Capstone. | EiNSTeiN- | | 502 |
| [https://github.com/celery/celery](https://github.com/celery/celery) | Distributed Task Queue (development branch) | celery | other | 20359 |
| [https://github.com/saimn/sigal](https://github.com/saimn/sigal) | yet another simple static gallery generator | saimn | mit | 770 |
| [https://github.com/blanu/Dust](https://github.com/blanu/Dust) | A Polymorphic Engine for Filtering-Resistant Transport Protocols | blanu | | 274 |
| [https://github.com/Veil-Framework/Veil-Evasion](https://github.com/Veil-Framework/Veil-Evasion) | Veil Evasion is no longer supported, use Veil 3.0! | Veil-Framework | other | 1734 |
| [https://github.com/armon/bloomd](https://github.com/armon/bloomd) | C network daemon for bloom filters | armon | other | 1219 |
| [https://github.com/armon/hlld](https://github.com/armon/hlld) | C network daemon for HyperLogLogs | armon | other | 441 |
| [https://github.com/fredley/soma-pi](https://github.com/fredley/soma-pi) | A frontend for soma-pi, a Soma FM playing Pi Jukebox | fredley | | 19 |
| [https://github.com/CIRCL/IP-ASN-history](https://github.com/CIRCL/IP-ASN-history) | IP-ASN-history is a server software to store efficiently the history of BGP announces and quickly lookup IP addresses origins | CIRCL | agpl-3.0 | 42 |
| [https://github.com/totetmatt/GephiStreamer](https://github.com/totetmatt/GephiStreamer) | Python classes for streaming graph to gephi | totetmatt | | 74 |
| [https://github.com/arkime/arkime](https://github.com/arkime/arkime) | Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system. | arkime | other | 5330 |
| [https://github.com/nbareil/net2pcap](https://github.com/nbareil/net2pcap) | Net2PCAP is a simple network-to-pcap capture file for Linux. Its goal is to be as simple as possible to be used in hostile environments | nbareil | | 38 |
| [https://github.com/bitblaze-fuzzball/fuzzball](https://github.com/bitblaze-fuzzball/fuzzball) | FuzzBALL: Vine-based Binary Symbolic Execution | bitblaze-fuzzball | other | 209 |
| [https://github.com/nieluj/sstic2013](https://github.com/nieluj/sstic2013) | | nieluj | | 3 |
| [https://github.com/icsharpcode/ILSpy](https://github.com/icsharpcode/ILSpy) | .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform! | icsharpcode | | 16268 |
| [https://github.com/MarioVilas/url_shortener_utils](https://github.com/MarioVilas/url_shortener_utils) | Having fun with URL shorteners | MarioVilas | | 5 |
| [https://github.com/rjhansen/nsrllookup](https://github.com/rjhansen/nsrllookup) | Checks with NSRL RDS servers looking for for hash matches | rjhansen | isc | 100 |
| [https://github.com/rjhansen/nsrlsvr](https://github.com/rjhansen/nsrlsvr) | | rjhansen | isc | 73 |
| [https://github.com/inveniosoftware/dictdiffer](https://github.com/inveniosoftware/dictdiffer) | Dictdiffer is a module that helps you to diff and patch dictionaries. | inveniosoftware | other | 761 |
| [https://github.com/CIRCL/Circlean](https://github.com/CIRCL/Circlean) | USB key cleaner | CIRCL | bsd-3-clause | 393 |
| [https://github.com/tumi8/vermont](https://github.com/tumi8/vermont) | Vermont (VERsatile MONitoring Toolkit) is an open-source software toolkit for the creation and processing of network flow data. | tumi8 | gpl-2.0 | 55 |
| [https://github.com/caesar0301/pkt2flow](https://github.com/caesar0301/pkt2flow) | A simple utility to classify packets into flows. It's so simple that only one task is aimed to finish. For Deep Packet Inspection or flow classification, it's so common to analyze the feature of one specific flow. I have make the attempt to use made-ready tools like tcpflows, tcpslice, tcpsplit, but all these tools try to either decrease the trace volume (under requirement) or resemble the packets into flow payloads (over requirement). I have not found a simple tool to classify the packets into flows without further processing. This is why this program is born. | caesar0301 | mit | 139 |
| [https://github.com/9b/pcap_tools](https://github.com/9b/pcap_tools) | Help summarize a PCAP file | 9b | | 33 |
| [https://github.com/haegardev/ipv4index](https://github.com/haegardev/ipv4index) | IPv4 address index for fast insert/query/delete/merge/diff operations | haegardev | | 1 |
| [https://github.com/Gallopsled/pwntools](https://github.com/Gallopsled/pwntools) | CTF framework and exploit development library | Gallopsled | other | 9600 |
| [https://github.com/hubert3/iSniff-GPS](https://github.com/hubert3/iSniff-GPS) | Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices | hubert3 | | 971 |
| [https://github.com/williballenthin/python-registry](https://github.com/williballenthin/python-registry) | Pure Python parser for Windows Registry hives. | williballenthin | apache-2.0 | 382 |
| [https://github.com/frida/frida-python](https://github.com/frida/frida-python) | Frida Python bindings | frida | other | 657 |
| [https://github.com/laurentj/slimerjs](https://github.com/laurentj/slimerjs) | A scriptable browser like PhantomJS, based on Firefox | laurentj | other | 2981 |
| [https://github.com/givp/RoyGBiv](https://github.com/givp/RoyGBiv) | RoyGBiv is a python module for analyzing image colors | givp | | 25 |
| [https://github.com/zed-0xff/pedump](https://github.com/zed-0xff/pedump) | dump windows PE files using ruby | zed-0xff | mit | 277 |
| [https://github.com/cbd/edis](https://github.com/cbd/edis) | An Erlang implementation of Redis | cbd | apache-2.0 | 464 |
| [https://github.com/emeau/itrace](https://github.com/emeau/itrace) | hook objc_msgSend to trace Objective-C method callz | emeau | | 117 |
| [https://github.com/BrightcoveOS/Diamond](https://github.com/BrightcoveOS/Diamond) | | BrightcoveOS | | 1194 |
| [https://github.com/mschiffm/cvrfparse](https://github.com/mschiffm/cvrfparse) | CVRF parsing/validation utility | mschiffm | mit | 28 |
| [https://github.com/gorhill/cablegatesearch.net](https://github.com/gorhill/cablegatesearch.net) | Cablegate's cables: Full-text search web site | gorhill | | 32 |
| [https://github.com/mushorg/conpot](https://github.com/mushorg/conpot) | ICS/SCADA honeypot | mushorg | gpl-2.0 | 1041 |
| [https://github.com/heipei/engine-cuda](https://github.com/heipei/engine-cuda) | engine-cuda is a CUDA/OpenCL engine for the popular OpenSSL cryptography framework. | heipei | gpl-3.0 | 64 |
| [https://github.com/honeynet/beeswarm](https://github.com/honeynet/beeswarm) | Honeypot deployment made easy | honeynet | gpl-3.0 | 238 |
| [https://github.com/a0rtega/pafish](https://github.com/a0rtega/pafish) | Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do | a0rtega | gpl-3.0 | 2414 |
| [https://github.com/infincia/Cardrand](https://github.com/infincia/Cardrand) | This is a simple demonstration of two things, pulling random entropy out of a hardware smart card, and feeding that data into the Linux kernel pool using an ioctl call. Makes it possible for any Linux system to have a real hardware random number generator | infincia | other | 7 |
| [https://github.com/deresz/funcap](https://github.com/deresz/funcap) | IDA Pro script to add some useful runtime info to static analysis | deresz | | 452 |
| [https://github.com/dzzie/pdfstreamdumper](https://github.com/dzzie/pdfstreamdumper) | research tool for the analysis of malicious pdf documents. make sure to run the installer first to get all of the 3rd party dlls installed correctly. | dzzie | | 259 |
| [https://github.com/iSECPartners/LibTech-Auditing-Cheatsheet](https://github.com/iSECPartners/LibTech-Auditing-Cheatsheet) | | iSECPartners | | 197 |
| [https://github.com/iSECPartners/yontma](https://github.com/iSECPartners/yontma) | You'll never take me alive. | iSECPartners | other | 81 |
| [https://github.com/honza/rembrant](https://github.com/honza/rembrant) | rembrant is a photo organizational tool and an online gallery builder | honza | bsd-2-clause | 9 |
| [https://github.com/allfro/canari](https://github.com/allfro/canari) | Local and Remote Maltego Rapid Transform Development Framework | allfro | | 105 |
| [https://github.com/lobsters/lobsters](https://github.com/lobsters/lobsters) | Computing-focused community centered around link aggregation and discussion | lobsters | other | 3363 |
| [https://github.com/andrix/python-snappy](https://github.com/andrix/python-snappy) | Python bindings for the snappy google library | andrix | other | 446 |
| [https://github.com/heapwolf/levelui](https://github.com/heapwolf/levelui) | A GUI for LevelDB management based on atom-shell. | heapwolf | mit | 715 |
| [https://github.com/carlosgprado/MILF](https://github.com/carlosgprado/MILF) | An IDA Pro swiss army knife (with a sexy name!) | carlosgprado | | 54 |
| [https://github.com/stephenbrannon/IOCextractor](https://github.com/stephenbrannon/IOCextractor) | IOC (Indicator of Compromise) Extractor: a program to help extract IOCs from text files. | stephenbrannon | | 132 |
| [https://github.com/redis/node-redis](https://github.com/redis/node-redis) | A high-performance Node.js Redis client. | redis | mit | 15628 |
| [https://github.com/toxinu/leselys](https://github.com/toxinu/leselys) | I'm Leselys, your very elegant RSS reader. | toxinu | other | 231 |
| [https://github.com/elhoim/mwcrawler](https://github.com/elhoim/mwcrawler) | Python Malware Crawler for Zoos and Repositories | elhoim | | 3 |
| [https://github.com/cvandeplas/pystemon](https://github.com/cvandeplas/pystemon) | Monitoring tool for PasteBin-alike sites written in Python. Inspired by pastemon http://github.com/xme/pastemon | cvandeplas | agpl-3.0 | 321 |
| [https://github.com/jedisct1/Pincaster](https://github.com/jedisct1/Pincaster) | A fast persistent nosql database with a HTTP/JSON interface, not only for geographical data. | jedisct1 | other | 171 |
| [https://github.com/jedisct1/libsodium](https://github.com/jedisct1/libsodium) | A modern, portable, easy to use crypto library. | jedisct1 | other | 10553 |
| [https://github.com/airblade/vim-gitgutter](https://github.com/airblade/vim-gitgutter) | A Vim plugin which shows git diff markers in the sign column and stages/previews/undoes hunks and partial hunks. | airblade | mit | 7858 |
| [https://github.com/von/PerProxy](https://github.com/von/PerProxy) | A python-based proxy that uses Perspectives to detect and thwart SSL MITM attacks. | von | | 7 |
| [https://github.com/threatstream/threatstream-api](https://github.com/threatstream/threatstream-api) | | threatstream | other | 21 |
| [https://github.com/deadbits/Intersect-2.5](https://github.com/deadbits/Intersect-2.5) | Post-Exploitation Framework | deadbits | | 65 |
| [https://github.com/gitdurandal/Intersect-2.5](https://github.com/gitdurandal/Intersect-2.5) | Post-Exploitation Framework | gitdurandal | | 5 |
| [https://github.com/hellman/xortool](https://github.com/hellman/xortool) | A tool to analyze multi-byte xor cipher | hellman | | 1160 |
| [https://github.com/coolwanglu/flasm](https://github.com/coolwanglu/flasm) | My modified version of Flasm the Flash disassembler | coolwanglu | other | 7 |
| [https://github.com/coolwanglu/pdf2htmlEX](https://github.com/coolwanglu/pdf2htmlEX) | Convert PDF to HTML without losing text or format. | coolwanglu | other | 9630 |
| [https://github.com/bigsnarfdude/d3py](https://github.com/bigsnarfdude/d3py) | a plottling library for python, based on D3 | bigsnarfdude | | 37 |
| [https://github.com/sethhall/bro-apt1](https://github.com/sethhall/bro-apt1) | This is a script module for Bro that encapsulates and detects activity related to the Mandiant APT1 report. | sethhall | | 46 |
| [https://github.com/MaStr/OFFLINEART](https://github.com/MaStr/OFFLINEART) | Source Repository for Aram Bartholl's OFFLINEART project. More information at http://www.offlineart.net (we be filled later) | MaStr | | 16 |
| [https://github.com/stephenfewer/ReflectiveDLLInjection](https://github.com/stephenfewer/ReflectiveDLLInjection) | Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. | stephenfewer | bsd-3-clause | 2038 |
| [https://github.com/jbangert/trapcc](https://github.com/jbangert/trapcc) | Computing with traps | jbangert | bsd-3-clause | 1111 |
| [https://github.com/Hexxeh/rpi-update](https://github.com/Hexxeh/rpi-update) | An easier way to update the firmware of your Raspberry Pi | Hexxeh | mit | 1934 |
| [https://github.com/cantino/reckon](https://github.com/cantino/reckon) | Flexibly import bank account CSV files into Ledger for command-line accounting | cantino | mit | 362 |
| [https://github.com/ipython/ipython](https://github.com/ipython/ipython) | Official repository for IPython itself. Other repos in the IPython organization contain things like the website, documentation builds, etc. | ipython | bsd-3-clause | 15568 |
| [https://github.com/jwilberding/bcp](https://github.com/jwilberding/bcp) | Broadcast Copy | jwilberding | gpl-3.0 | 263 |
| [https://github.com/gleeda/Volatility-Plugins](https://github.com/gleeda/Volatility-Plugins) | Plugins for the most recent branch of Volatility | gleeda | | 19 |
| [https://github.com/JohnCoogan/twitter-graph-visualization](https://github.com/JohnCoogan/twitter-graph-visualization) | Analysis of the Twitter Social graph using Python, NetworkX, and D3.js | JohnCoogan | | 58 |
| [https://github.com/tblobaum/redis-graph](https://github.com/tblobaum/redis-graph) | a graph database using redis sets | tblobaum | mit | 57 |
| [https://github.com/twitter/fatcache](https://github.com/twitter/fatcache) | Memcache on SSD | twitter | apache-2.0 | 1298 |
| [https://github.com/blasty/moneyshot](https://github.com/blasty/moneyshot) | hax 'n shit | blasty | | 108 |
| [https://github.com/i4ki/libmalelf](https://github.com/i4ki/libmalelf) | Library for Dissect and Infect ELF Binaries. | i4ki | other | 40 |
| [https://github.com/stevedekorte/vertexdb](https://github.com/stevedekorte/vertexdb) | C based graph db server using tokyocabinet & libevent | stevedekorte | other | 294 |
| [https://github.com/networkx/networkx](https://github.com/networkx/networkx) | Network Analysis in Python | networkx | other | 11777 |
| [https://github.com/bokeh/bokeh](https://github.com/bokeh/bokeh) | Interactive Data Visualization in the browser, from Python | bokeh | bsd-3-clause | 16855 |
| [https://github.com/krmaxwell/maltrieve](https://github.com/krmaxwell/maltrieve) | A tool to retrieve malware directly from the source for security researchers. | krmaxwell | gpl-3.0 | 556 |
| [https://github.com/RMLL/rmll2013-graphics](https://github.com/RMLL/rmll2013-graphics) | sandbox for all graphics resources & creations | RMLL | | 1 |
| [https://github.com/dschuermann/wireshark2latex](https://github.com/dschuermann/wireshark2latex) | Generate TikZ graphics from tcpdump/Wireshark captures | dschuermann | | 20 |
| [https://github.com/joshleitzel/rawthought](https://github.com/joshleitzel/rawthought) | Aaron Swartz's blog posts in Markdown, PDF, ePub, and Mobi | joshleitzel | | 196 |
| [https://github.com/adamsmith/game-theory-poker](https://github.com/adamsmith/game-theory-poker) | A game-theoretic poker player (written in 2005) | adamsmith | | 175 |
| [https://github.com/oreillymedia/open_government](https://github.com/oreillymedia/open_government) | Open Government, released as part of #PDFtribute | oreillymedia | other | 1292 |
| [https://github.com/jdjkelly/www.aaronsw.com](https://github.com/jdjkelly/www.aaronsw.com) | An archival copy. | jdjkelly | | 80 |
| [https://github.com/MITRECND/yaraprocessor](https://github.com/MITRECND/yaraprocessor) | Yara is awesome, but sometimes you need to manipulate the data streams you're scanning in different ways. | MITRECND | bsd-2-clause | 94 |
| [https://github.com/toxinu/pyhn](https://github.com/toxinu/pyhn) | Hacker news command line client | toxinu | mit | 387 |
| [https://github.com/darjeeling/python-blake2](https://github.com/darjeeling/python-blake2) | blake2 python module | darjeeling | | 26 |
| [https://github.com/williballenthin/python-evtx](https://github.com/williballenthin/python-evtx) | Pure Python parser for recent Windows Event Log files (.evtx) | williballenthin | apache-2.0 | 573 |
| [https://github.com/dchest/b2sum](https://github.com/dchest/b2sum) | Go implementation of b2sum utility to calculate BLAKE2 checksums (GitHub Mirror) | dchest | mit | 16 |
| [https://github.com/germgeis/SelfModifyingCode](https://github.com/germgeis/SelfModifyingCode) | This project deals with self modifying code for windows executable | germgeis | | 3 |
| [https://github.com/bbrodriges/pholcidae](https://github.com/bbrodriges/pholcidae) | Tiny python web crawler | bbrodriges | mit | 170 |
| [https://github.com/ilvalle/vtraffic](https://github.com/ilvalle/vtraffic) | Archived | ilvalle | other | 18 |
| [https://github.com/haegardev/libnfdump](https://github.com/haegardev/libnfdump) | libnfdump - library to natively access netflow records stored by nfcapd | haegardev | | 3 |
| [https://github.com/berggren/foorep](https://github.com/berggren/foorep) | Forensics/Malware repository | berggren | bsd-2-clause | 18 |
| [https://github.com/oldeurope/rwthctf2012](https://github.com/oldeurope/rwthctf2012) | | oldeurope | | 40 |
| [https://github.com/TAXIIProject/TAXII-Specifications](https://github.com/TAXIIProject/TAXII-Specifications) | A repository for development of the TAXII Specifications. For official releases, please see http://taxiiproject.github.io/releases/ | TAXIIProject | | 39 |
| [https://github.com/regit/SuricataC](https://github.com/regit/SuricataC) | A Suricata unix socket client coded in plain C | regit | gpl-2.0 | 2 |
| [https://github.com/CIRCL/bgpranking-redis-api](https://github.com/CIRCL/bgpranking-redis-api) | API to access the Redis database of a BGP Ranking instance. | CIRCL | other | 17 |
| [https://github.com/gleitz/howdoi](https://github.com/gleitz/howdoi) | instant coding answers via the command line | gleitz | mit | 9727 |
| [https://github.com/okoeroo/drssl](https://github.com/okoeroo/drssl) | DoctorSSL enables you to diagnose the SSL enables services and generate a report. | okoeroo | | 10 |
| [https://github.com/Fitblip/vdb-fork](https://github.com/Fitblip/vdb-fork) | A fork of @invisig0th's VDB, for bugfixes, and other stuff. | Fitblip | | 9 |
| [https://github.com/mandiant/Reversing](https://github.com/mandiant/Reversing) | | mandiant | | 112 |
| [https://github.com/botherder/vxcage](https://github.com/botherder/vxcage) | REST API based malware repository (abandoned) | botherder | | 104 |
| [https://github.com/rethinkdb/rethinkdb](https://github.com/rethinkdb/rethinkdb) | The open-source database for the realtime web. | rethinkdb | other | 25753 |
| [https://github.com/MaStr/Forban](https://github.com/MaStr/Forban) | Forban is a p2p application for link-local and local area network. Forban works independently from Internet and use only the local area capabilities to announce, discover, search or share files.Forban is a kind of p2p application for link-local and local area network. Forban works independently from Internet and use only the local area capabilities to announce, discover, search or share files. Forban relies on HTTP and he is opportunistic (meaning replicating any files seen in his proximity or interest). The name took his origins from the old French word (a forban is a kind of pirate). “Forban” can be also a play word in English at a time where government or corporate want to ban access to the Internet. The current implementation is written in Python. The Forban protocols are minimalistic to ease the accessibility to build independent Forban in any decent language or even in shell scripts (using tcpdump and wget for example). | MaStr | | 1 |
| [https://github.com/mothran/mongol](https://github.com/mothran/mongol) | A simple python tool to pinpoint the IP addresses of machines working for the Great Firewall of China. | mothran | | 1277 |
| [https://github.com/unbit/gitwhoosh](https://github.com/unbit/gitwhoosh) | A git repository indexer (using whoosh as the engine) | unbit | | 19 |
| [https://github.com/OpenRefine/OpenRefine](https://github.com/OpenRefine/OpenRefine) | OpenRefine is a free, open source power tool for working with messy data and improving it | OpenRefine | bsd-3-clause | 9102 |
| [https://github.com/anandkunal/goq](https://github.com/anandkunal/goq) | A persistent queue implemented in Go. | anandkunal | | 29 |
| [https://github.com/agl/pond](https://github.com/agl/pond) | Pond | agl | bsd-3-clause | 906 |
| [https://github.com/iamultra/xmppmitm](https://github.com/iamultra/xmppmitm) | XMPP Man-in-the-Middle, quick & dirty | iamultra | | 42 |
| [https://github.com/jeffbryner/pyioc](https://github.com/jeffbryner/pyioc) | Python tools for IOC (Indicator of Compromise) handling | jeffbryner | other | 94 |
| [https://github.com/thomasbhatia/Packet-IO-Engine](https://github.com/thomasbhatia/Packet-IO-Engine) | A high-performance and batching-oriented device driver for Intel 82598/82599-based network interface cards, the work is done in cooperation with ANLAB and NDSL. | thomasbhatia | other | 1 |
| [https://github.com/MITRECND/chopshop](https://github.com/MITRECND/chopshop) | Protocol Analysis/Decoder Framework | MITRECND | | 471 |
| [https://github.com/snare/ida-efiutils](https://github.com/snare/ida-efiutils) | Some scripts for IDA Pro to assist with reverse engineering EFI binaries | snare | | 257 |
| [https://github.com/juuso/keychaindump](https://github.com/juuso/keychaindump) | A proof-of-concept tool for reading OS X keychain passwords | juuso | | 492 |
| [https://github.com/lclevy/odd_verify](https://github.com/lclevy/odd_verify) | odd_verify.py, a tool to recompute Original Decision data from your Canon EOS DSLR | lclevy | gpl-2.0 | 6 |
| [https://github.com/mailvelope/mailvelope](https://github.com/mailvelope/mailvelope) | Browser extension for OpenPGP encryption with Webmail | mailvelope | agpl-3.0 | 1535 |
| [https://github.com/asweigart/codebreaker](https://github.com/asweigart/codebreaker) | "Hacking Secret Ciphers with Python" programs | asweigart | | 322 |
| [https://github.com/talkatv/talkatv](https://github.com/talkatv/talkatv) | An open source commenting system | talkatv | agpl-3.0 | 206 |
| [https://github.com/jsommers/pytricia](https://github.com/jsommers/pytricia) | A library for fast IP address lookup in Python. | jsommers | lgpl-3.0 | 176 |
| [https://github.com/cuckoosandbox/community](https://github.com/cuckoosandbox/community) | Repository of modules and signatures contributed by the community | cuckoosandbox | | 302 |
| [https://github.com/zynga/hiccup](https://github.com/zynga/hiccup) | [DEPRECATED] Hiccup is a framework that allows the Burp Suite (a web application security testing tool, http://portswigger.net/burp/) to be extended and customized, through the interface provided by Burp Extender (http://portswigger.net/burp/extender/). Its aim is to allow for the development and integration of custom testing functionality into the Burp tool using Python request/response handler plugins. | zynga | mit | 42 |
| [https://github.com/gmsoft-tuxicoman/pom-ng](https://github.com/gmsoft-tuxicoman/pom-ng) | Packet-o-matic NG ! | gmsoft-tuxicoman | | 62 |
| [https://github.com/wavii/darner](https://github.com/wavii/darner) | simple, lightweight message queue | wavii | other | 864 |
| [https://github.com/mandiant/AuditParser](https://github.com/mandiant/AuditParser) | AuditParser | mandiant | apache-2.0 | 54 |
| [https://github.com/CybOXProject/Tools](https://github.com/CybOXProject/Tools) | CybOX Tools and Scripts | CybOXProject | | 40 |
| [https://github.com/jfrancois/SDBF](https://github.com/jfrancois/SDBF) | Smart DNS Brute Forcer | jfrancois | gpl-3.0 | 20 |
| [https://github.com/twitter/twemcache](https://github.com/twitter/twemcache) | Twemcache is the Twitter Memcached | twitter | bsd-3-clause | 925 |
| [https://github.com/bdarnell/plop](https://github.com/bdarnell/plop) | Python Low-Overhead Profiler | bdarnell | mit | 922 |
| [https://github.com/zeek/trace-summary](https://github.com/zeek/trace-summary) | Generates network traffic summaries. | zeek | other | 20 |
| [https://github.com/slifty/torwolf](https://github.com/slifty/torwolf) | A game of communication, deception, and media | slifty | | 20 |
| [https://github.com/niklasfemerstrand/rc_openpgpjs](https://github.com/niklasfemerstrand/rc_openpgpjs) | OpenPGP for Roundcube via JavaScript | niklasfemerstrand | gpl-2.0 | 113 |
| [https://github.com/bortzmeyer/dns-lg](https://github.com/bortzmeyer/dns-lg) | DNS Looking Glass | bortzmeyer | | 74 |
| [https://github.com/ecprice/newsdiffs](https://github.com/ecprice/newsdiffs) | Automatic scraper that tracks changes in news articles over time. | ecprice | other | 477 |
| [https://github.com/antirez/hping](https://github.com/antirez/hping) | hping network tool | antirez | other | 1180 |
| [https://github.com/sroberts/malwarehouse](https://github.com/sroberts/malwarehouse) | A warehouse for your malware | sroberts | other | 126 |
| [https://github.com/adulau/GoUUID](https://github.com/adulau/GoUUID) | UUID generator/parser for Go | adulau | other | 2 |
| [https://github.com/nkrode/RedisLive](https://github.com/nkrode/RedisLive) | Visualize your redis instances, analyze query patterns and spikes. | nkrode | mit | 3073 |
| [https://github.com/asciimoo/exrex](https://github.com/asciimoo/exrex) | Irregular methods on regular expressions | asciimoo | agpl-3.0 | 743 |
| [https://github.com/adulau/gitlog2timesheet](https://github.com/adulau/gitlog2timesheet) | generate timesheet from git logs | adulau | | 3 |
| [https://github.com/jianli/git-playback](https://github.com/jianli/git-playback) | A git command to play back file history. | jianli | | 121 |
| [https://github.com/tomrittervg/separator-oracle](https://github.com/tomrittervg/separator-oracle) | | tomrittervg | | 8 |
| [https://github.com/MerlijnWajer/tracy](https://github.com/MerlijnWajer/tracy) | tracy - a system call tracer and injector. Find us in #tracy on irc.freenode.net | MerlijnWajer | wtfpl | 72 |
| [https://github.com/GOVCERT-LU/rt_bot](https://github.com/GOVCERT-LU/rt_bot) | simple request tracker xmpp bot | GOVCERT-LU | other | 8 |
| [https://github.com/caesar0301/awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools) | A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors. | caesar0301 | cc0-1.0 | 2602 |
| [https://github.com/mhils/HoneyProxy](https://github.com/mhils/HoneyProxy) | This project is now part of @mitmproxy. | mhils | mit | 195 |
| [https://github.com/jbremer/pyasm2](https://github.com/jbremer/pyasm2) | An easy and powerful assembler engine in python. | jbremer | | 47 |
| [https://github.com/ayrus/afterglow-cloud](https://github.com/ayrus/afterglow-cloud) | AfterGlow Cloud is a security visualization tool which lets users upload data and visualize the data as graphs on-the-fly (part of Google Summer of Code 2012). | ayrus | | 15 |
| [https://github.com/fygrave/dnslyzer](https://github.com/fygrave/dnslyzer) | DNS traffic indexer and analyzer | fygrave | | 25 |
| [https://github.com/cve-search/cve-search](https://github.com/cve-search/cve-search) | cve-search - a tool to perform local searches for known vulnerabilities | cve-search | agpl-3.0 | 1958 |
| [https://github.com/djfiander/BiblioBox](https://github.com/djfiander/BiblioBox) | Inspired by griffey's LibraryBox project, create a standalone ebook server | djfiander | | 12 |
| [https://github.com/obfuscurity/tasseo](https://github.com/obfuscurity/tasseo) | Live dashboard for Graphite | obfuscurity | other | 1541 |
| [https://github.com/psychomario/ntlmsspparse](https://github.com/psychomario/ntlmsspparse) | Parses ntlmssp netlm[v2] hashes out of a pcap file for use with a password cracker. | psychomario | | 65 |
| [https://github.com/droe/sslsplit](https://github.com/droe/sslsplit) | Transparent SSL/TLS interception | droe | bsd-2-clause | 1540 |
| [https://github.com/MaStr/mkPirateBox-Forban](https://github.com/MaStr/mkPirateBox-Forban) | Module for Openwrt-Piratebox-Package | MaStr | | 9 |
| [https://github.com/simsong/tcpflow](https://github.com/simsong/tcpflow) | TCP/IP packet demultiplexer. Download from: | simsong | gpl-3.0 | 1436 |
| [https://github.com/simsong/AFFLIBv3](https://github.com/simsong/AFFLIBv3) | AFF is now being maintained at https://github.com/sshock/AFFLIBv3 | simsong | other | 51 |
| [https://github.com/ddopson/underscore-cli](https://github.com/ddopson/underscore-cli) | Command-line utility-belt for hacking JSON and Javascript. | ddopson | other | 1705 |
| [https://github.com/stricaud/faup](https://github.com/stricaud/faup) | Fast URL decoder library | stricaud | wtfpl | 170 |
| [https://github.com/griffey/LibraryBox](https://github.com/griffey/LibraryBox) | Fork of PirateBox designed for educational and library use. | griffey | | 63 |
| [https://github.com/selfspy/selfspy](https://github.com/selfspy/selfspy) | Log everything you do on the computer, for statistics, future reference and all-around fun! | selfspy | gpl-3.0 | 2315 |
| [https://github.com/fdietz/team_dashboard](https://github.com/fdietz/team_dashboard) | Visualize your team's metrics all in one place. | fdietz | | 860 |
| [https://github.com/sneakybeaky/mod_redis](https://github.com/sneakybeaky/mod_redis) | An Apache HTTPD module for speaking to redis via HTTP | sneakybeaky | | 131 |
| [https://github.com/liquidsnake/pygexf](https://github.com/liquidsnake/pygexf) | a python library to generate gexf file format | liquidsnake | other | 2 |
| [https://github.com/lam0re/scoreboard](https://github.com/lam0re/scoreboard) | An animated scoreboard for challenge-based CTFs | lam0re | bsd-3-clause | 9 |
| [https://github.com/twitter/twemproxy](https://github.com/twitter/twemproxy) | A fast, light-weight proxy for memcached and redis | twitter | apache-2.0 | 11614 |
| [https://github.com/athrun/flickr-backup](https://github.com/athrun/flickr-backup) | useful scripts to backup my flickr account | athrun | | 1 |
| [https://github.com/megamattron/SplinterNet](https://github.com/megamattron/SplinterNet) | A serverless, unblockable messaging system for Android. | megamattron | | 414 |
| [https://github.com/PirateBox-Dev/PirateBoxScripts](https://github.com/PirateBox-Dev/PirateBoxScripts) | David Dart's Piratebox scripts reformed for laptop usage. | PirateBox-Dev | | 23 |
| [https://github.com/blackthorne/Codetective](https://github.com/blackthorne/Codetective) | a tool to determine the crypto/encoding algorithm used according to traces from its representation | blackthorne | | 128 |
| [https://github.com/adulau/DomainClassifier](https://github.com/adulau/DomainClassifier) | DomainClassifier is a Python (2/3) library to extract and classify Internet domains/hostnames/IP addresses from raw unstructured text files following their DNS existence, localization or attributes. | adulau | | 70 |
| [https://github.com/karlseguin/the-little-redis-book](https://github.com/karlseguin/the-little-redis-book) | | karlseguin | | 1400 |
| [https://github.com/chrislee35/IMAPCrypt](https://github.com/chrislee35/IMAPCrypt) | GPG Encrypts an IMAP folder | chrislee35 | mit | 12 |
| [https://github.com/trevp/tlslite](https://github.com/trevp/tlslite) | TLS Library in python | trevp | other | 236 |
| [https://github.com/j4mie/rediset](https://github.com/j4mie/rediset) | Composable, cacheable, lazy trees of Redis set operations | j4mie | unlicense | 18 |
| [https://github.com/agl/crlset-tools](https://github.com/agl/crlset-tools) | Tools for dealing with Chrome's CRLSets | agl | | 131 |
| [https://github.com/djrbliss/libplayground](https://github.com/djrbliss/libplayground) | A simple framework for developing Linux kernel heap exploit techniques | djrbliss | gpl-2.0 | 108 |
| [https://github.com/ubuwaits/beautiful-web-type](https://github.com/ubuwaits/beautiful-web-type) | In-depth guide to the best open-source typefaces: https://beautifulwebtype.com | ubuwaits | mit | 7169 |
| [https://github.com/crossbear/Crossbear](https://github.com/crossbear/Crossbear) | | crossbear | | 31 |
| [https://github.com/berggren/fordrop](https://github.com/berggren/fordrop) | Core fordrop, including XMPP federation | berggren | | 10 |
| [https://github.com/jakecarpenter/Canvas-Prompter](https://github.com/jakecarpenter/Canvas-Prompter) | JavaScript/HTML5 Canvas based teleprompter | jakecarpenter | mit | 4 |
| [https://github.com/savonet/liquidsoap](https://github.com/savonet/liquidsoap) | Audio and video streaming language | savonet | gpl-2.0 | 1024 |
| [https://github.com/thedjpetersen/subway](https://github.com/thedjpetersen/subway) | ABANDONED - A web based IRC client | thedjpetersen | | 1484 |
| [https://github.com/manjuraj/config](https://github.com/manjuraj/config) | my configurations | manjuraj | | 5 |
| [https://github.com/RaRe-Technologies/gensim-simserver](https://github.com/RaRe-Technologies/gensim-simserver) | [NO LONGER MAINTAINED AS OPEN SOURCE - USE SCALETEXT.COM INSTEAD] | RaRe-Technologies | agpl-3.0 | 106 |
| [https://github.com/cryptosphere/cryptosphere](https://github.com/cryptosphere/cryptosphere) | Encrypted peer-to-peer web application platform for decentralized, privacy-preserving applications | cryptosphere | mit | 1161 |
| [https://github.com/beefproject/beef](https://github.com/beefproject/beef) | The Browser Exploitation Framework Project | beefproject | | 7801 |
| [https://github.com/arangodb/arangodb](https://github.com/arangodb/arangodb) | 🥑 ArangoDB is a native multi-model database with flexible data models for documents, graphs, and key-values. Build high performance applications using a convenient SQL-like query language or JavaScript extensions. | arangodb | apache-2.0 | 12658 |
| [https://github.com/jbittel/httpry](https://github.com/jbittel/httpry) | HTTP logging and information retrieval tool | jbittel | | 553 |
| [https://github.com/antirez/lamernews](https://github.com/antirez/lamernews) | Lamer News -- an HN style social news site written in Ruby/Sinatra/Redis/JQuery | antirez | other | 1361 |
| [https://github.com/adulau/pdns-qof](https://github.com/adulau/pdns-qof) | Passive DNS Common Output Format | adulau | | 30 |
| [https://github.com/semk/voldemort](https://github.com/semk/voldemort) | A simple static site generator using Jinja2 and Markdown templates. | semk | apache-2.0 | 48 |
| [https://github.com/niho/related](https://github.com/niho/related) | A high performance distributed graph database. | niho | mit | 128 |
| [https://github.com/pockethub/PocketHub](https://github.com/pockethub/PocketHub) | PocketHub Android App | pockethub | apache-2.0 | 9427 |
| [https://github.com/liheyuan/BloomFilter-For-KeSeek](https://github.com/liheyuan/BloomFilter-For-KeSeek) | An C++ implementation of BloomFilter using bitset and MurmurHash3 | liheyuan | | 33 |
| [https://github.com/fpletz/kernelroll](https://github.com/fpletz/kernelroll) | linux kernel module for advanced rickrolling | fpletz | gpl-3.0 | 214 |
| [https://github.com/cuckoosandbox/cuckoo](https://github.com/cuckoosandbox/cuckoo) | Cuckoo Sandbox is an automated dynamic malware analysis system | cuckoosandbox | other | 5090 |
| [https://github.com/hgn/captcp](https://github.com/hgn/captcp) | A open source program for TCP analysis of PCAP files | hgn | gpl-3.0 | 110 |
| [https://github.com/not-kennethreitz/envoy](https://github.com/not-kennethreitz/envoy) | Python Subprocesses for Humans™. | not-kennethreitz | mit | 2259 |
| [https://github.com/edma2/asmscan](https://github.com/edma2/asmscan) | a port scanner written in x86 assembly | edma2 | | 97 |
| [https://github.com/sambaTux/Ubuntu10.04_server_on_soekris_net5501-70_CF](https://github.com/sambaTux/Ubuntu10.04_server_on_soekris_net5501-70_CF) | Ubuntu10.04 server 32Bit on soekris net5501-70 with CompactFlash (CF) as storage device. | sambaTux | | 3 |
| [https://github.com/secYOUre/Encounter](https://github.com/secYOUre/Encounter) | cryptocounters for our PETs | secYOUre | bsd-3-clause | 23 |
| [https://github.com/regit/coccigrep](https://github.com/regit/coccigrep) | Semantic grep for the C language based on coccinelle | regit | gpl-3.0 | 113 |
| [https://github.com/adulau/pdns-toolkit](https://github.com/adulau/pdns-toolkit) | Passive DNS visualization and Passive DNS server toolkit | adulau | | 36 |
| [https://github.com/stephenmcd/drawnby](https://github.com/stephenmcd/drawnby) | Drawn By is a collaborative real-time sketching app built for the 2011 Django Dash. | stephenmcd | bsd-2-clause | 24 |
| [https://github.com/twbs/bootstrap](https://github.com/twbs/bootstrap) | The most popular HTML, CSS, and JavaScript framework for developing responsive, mobile first projects on the web. | twbs | mit | 160214 |
| [https://github.com/aaronhalford/dot-grid-templates](https://github.com/aaronhalford/dot-grid-templates) | Printable dot grid notebook templates | aaronhalford | | 38 |
| [https://github.com/adulau/lesoir2text](https://github.com/adulau/lesoir2text) | The following script fetches the most read article from lesoir.be (from their official sitemap) and make an ascii text file of all the articles with the junk removed. | adulau | | 3 |
| [https://github.com/webwurst/chattle](https://github.com/webwurst/chattle) | Small chat application demonstrating asynchronous responses in Bottle using gevent | webwurst | | 12 |
| [https://github.com/seatgeek/fuzzywuzzy](https://github.com/seatgeek/fuzzywuzzy) | Fuzzy String Matching in Python | seatgeek | gpl-2.0 | 8773 |
| [https://github.com/z4r/python-rtkit](https://github.com/z4r/python-rtkit) | Python Api for Request Tracker's REST interface | z4r | other | 67 |
| [https://github.com/ewiger/jsmodem](https://github.com/ewiger/jsmodem) | JSModem for JSLinux | ewiger | mit | 118 |
| [https://github.com/Rafiot/Directory-Indexing](https://github.com/Rafiot/Directory-Indexing) | Index all the strings of all the files in a directory | Rafiot | | 6 |
| [https://github.com/r0ket/r0ket](https://github.com/r0ket/r0ket) | This is r0ket science! | r0ket | | 165 |
| [https://github.com/ianozsvald/EuroPython2011_HighPerformanceComputing](https://github.com/ianozsvald/EuroPython2011_HighPerformanceComputing) | Code for High Performance Computing tutorial for EuroPython 2011 | ianozsvald | | 100 |
| [https://github.com/amereservant/MediaWiki-Codex-Clone-Skin](https://github.com/amereservant/MediaWiki-Codex-Clone-Skin) | This is a clone of the WordPress.org Codex theme. | amereservant | | 8 |
| [https://github.com/bdcht/grandalf](https://github.com/bdcht/grandalf) | graph and drawing algorithms framework | bdcht | other | 161 |
| [https://github.com/Bibzball/Git-Mediawiki](https://github.com/Bibzball/Git-Mediawiki) | Gate between git and mediawiki | Bibzball | | 31 |
| [https://github.com/mkrecny/redis-extend](https://github.com/mkrecny/redis-extend) | A repository of non-native, useful redis commands, scripted in lua. | mkrecny | | 62 |
| [https://github.com/radii/observatory](https://github.com/radii/observatory) | EFF SSL Observatory | radii | | 22 |
| [https://github.com/adulau/logs-ranking](https://github.com/adulau/logs-ranking) | logs-ranking is a simple Perl script to add BGP Ranking to log files to ease the discovery of suspicious activities | adulau | | 3 |
| [https://github.com/pedrocr/codecomp](https://github.com/pedrocr/codecomp) | Analyze the evolution of open-source code | pedrocr | gpl-2.0 | 19 |
| [https://github.com/jduck/file-dissect](https://github.com/jduck/file-dissect) | File Dissect is a cross-platform framework and UI for analyzing various file formats. It is based on wxWidgets since it provides a native feel regardless of base OS. | jduck | bsd-3-clause | 20 |
| [https://github.com/clips/pattern](https://github.com/clips/pattern) | Web mining module for Python, with tools for scraping, natural language processing, machine learning, network analysis and visualization. | clips | bsd-3-clause | 8343 |
| [https://github.com/jeffmurphy/DAQ-PCAPRR](https://github.com/jeffmurphy/DAQ-PCAPRR) | DAQ Round Robin PCAP module. | jeffmurphy | | 3 |
| [https://github.com/adulau/bgpranking-API](https://github.com/adulau/bgpranking-API) | Simple whois-like services for BGP Ranking | adulau | | 6 |
| [https://github.com/bsandrow/hn-profile](https://github.com/bsandrow/hn-profile) | Scraping profile info from news.ycombinator.com | bsandrow | mit | 9 |
| [https://github.com/JuliaLang/julia](https://github.com/JuliaLang/julia) | The Julia Programming Language | JuliaLang | mit | 40772 |
| [https://github.com/bdamele/shellcodeexec](https://github.com/bdamele/shellcodeexec) | Script to execute in memory a sequence of opcodes | bdamele | | 400 |
| [https://github.com/hpfeeds/hpfeeds](https://github.com/hpfeeds/hpfeeds) | Honeynet Project generic authenticated datafeed protocol | hpfeeds | gpl-3.0 | 201 |
| [https://github.com/adulau/dotfiles](https://github.com/adulau/dotfiles) | Minimal dotfiles and scripts used on my various GNU/Linux hosts | adulau | | 5 |
| [https://github.com/zacharyvoase/jsonpipe](https://github.com/zacharyvoase/jsonpipe) | Convert JSON to a UNIX-friendly line-based format. | zacharyvoase | unlicense | 302 |
| [https://github.com/ether/etherpad-lite](https://github.com/ether/etherpad-lite) | Etherpad: A modern really-real-time collaborative document editor. | ether | apache-2.0 | 13456 |
| [https://github.com/addthis/stream-lib](https://github.com/addthis/stream-lib) | Stream summarizer and cardinality estimator. | addthis | apache-2.0 | 2232 |
| [https://github.com/chrislee35/flowtag](https://github.com/chrislee35/flowtag) | FlowTag visualizes pcap files for forensic analysis | chrislee35 | mit | 28 |
| [https://github.com/cies/resume](https://github.com/cies/resume) | My resume as a PDF including the well commented LaTeX source and build instructions. | cies | | 382 |
| [https://github.com/mprentice/GraphViz-sty](https://github.com/mprentice/GraphViz-sty) | graphviz.sty - A library for using GraphViz dot files in LaTeX | mprentice | | 40 |
| [https://github.com/DrWhax/mpOTR](https://github.com/DrWhax/mpOTR) | Our aim is to build a multi-party 'off the record' messaging plugin for various clients. | DrWhax | | 34 |
| [https://github.com/adulau/dnscap](https://github.com/adulau/dnscap) | Patched version of dnscap (network capture utility designed specifically for DNS traffic) | adulau | | 8 |
| [https://github.com/altercation/solarized](https://github.com/altercation/solarized) | precision color scheme for multiple applications (terminal, vim, etc.) with both dark/light modes | altercation | mit | 15352 |
| [https://github.com/flazz/vim-colorschemes](https://github.com/flazz/vim-colorschemes) | one colorscheme pack to rule them all! | flazz | | 3318 |
| [https://github.com/berggren/fordropweb](https://github.com/berggren/fordropweb) | Forensic Dropbox | berggren | other | 22 |
| [https://github.com/wmorgan/whistlepig](https://github.com/wmorgan/whistlepig) | A minimalist realtime full-text search index | wmorgan | other | 149 |
| [https://github.com/DNS-OARC/PacketQ](https://github.com/DNS-OARC/PacketQ) | A tool that provides a basic SQL-frontend to PCAP-files | DNS-OARC | gpl-3.0 | 379 |
| [https://github.com/jstorimer/kitabu](https://github.com/jstorimer/kitabu) | A framework for creating e-books from Markdown/Textile text markup using Ruby. Using the Prince PDF generator, you'll be able to get high quality PDFs. | jstorimer | | 49 |
| [https://github.com/cr/mkPirateBox](https://github.com/cr/mkPirateBox) | .ipk package that turns your mint OpenWRT into a PirateBox | cr | | 69 |
| [https://github.com/mattsta/redisfuse](https://github.com/mattsta/redisfuse) | FUSE File System for Redis specializing in CRUDing strings and hashes (and R of everything else) | mattsta | | 28 |
| [https://github.com/RafeKettler/magicmethods](https://github.com/RafeKettler/magicmethods) | Guide to Python's magic methods | RafeKettler | | 1620 |
| [https://github.com/bookmine/libgen-tools](https://github.com/bookmine/libgen-tools) | LibGen Tools (Digital media collection management) | bookmine | gpl-3.0 | 8 |
| [https://github.com/schacon/git-scribe](https://github.com/schacon/git-scribe) | basically the best way to write an ebook | schacon | mit | 1348 |
| [https://github.com/trolldbois/python-cymru-services](https://github.com/trolldbois/python-cymru-services) | API to use Cymru services | trolldbois | gpl-3.0 | 27 |
| [https://github.com/adulau/logstash](https://github.com/adulau/logstash) | logstash - logs/event transport, processing, management, search. | adulau | other | 2 |
| [https://github.com/adulau/wikirc2text](https://github.com/adulau/wikirc2text) | MediaWiki RecentChanges into text line while keeping track of changes seen | adulau | | 2 |
| [https://github.com/rhodimus/jQuery-News-Ticker](https://github.com/rhodimus/jQuery-News-Ticker) | An easy to use, slick and flexible news ticker plugin for jQuery. | rhodimus | | 284 |
| [https://github.com/openannotation/annotator](https://github.com/openannotation/annotator) | Annotation tools for the web. Select text, images, or (nearly) anything else, and add your notes. | openannotation | other | 2560 |
| [https://github.com/jordansissel/fpm](https://github.com/jordansissel/fpm) | Effing package management! Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity. | jordansissel | other | 10579 |
| [https://github.com/adulau/Library-Genesis](https://github.com/adulau/Library-Genesis) | Library Genesis (code base from https://www.assembla.com/code/libgen/subversion/nodes) + tarball update from official website - this is just a free software to manage a bookshelf. This code can be used for any structured private or public bookshelf. I'm not the author or maintainer. This is kept for archival purpose. | adulau | | 70 |
| [https://github.com/kni/redis-sharding](https://github.com/kni/redis-sharding) | Redis Sharding is a multiplexed proxy-server, designed to work with the database divided to several servers. | kni | | 114 |
| | It's a temporary substitution of Redis Cluster that is under development. | | | |
| [https://github.com/bitcoin/bitcoin](https://github.com/bitcoin/bitcoin) | Bitcoin Core integration/staging tree | bitcoin | mit | 66744 |
| [https://github.com/Doist/redis_graph](https://github.com/Doist/redis_graph) | Python graph database implemented on top of Redis | Doist | | 132 |
| [https://github.com/jgarzik/cpuminer](https://github.com/jgarzik/cpuminer) | CPU miner for bitcoin | jgarzik | other | 824 |
| [https://github.com/koorchik/FastNotes-Proto](https://github.com/koorchik/FastNotes-Proto) | Trying mojolicious | koorchik | | 31 |
| [https://github.com/elastic/logstash](https://github.com/elastic/logstash) | Logstash - transport and process your logs, events, or other data | elastic | other | 13132 |
| [https://github.com/xme/known_hosts_bruteforcer](https://github.com/xme/known_hosts_bruteforcer) | Perl script to bruteforce SSH known_hosts files. | xme | | 24 |
| [https://github.com/mgan59/python-pinboard](https://github.com/mgan59/python-pinboard) | A Python module to access Pinboard.in via its API. This is a fork/modification of mudge/python-delicious | mgan59 | other | 169 |
| [https://github.com/ogrisel/paper2ebook](https://github.com/ogrisel/paper2ebook) | Utility to re-structure research papers published in US Letter or A4 format PDF files to typically remove the 2 columns layout. | ogrisel | apache-2.0 | 53 |
| [https://github.com/Diablo-D3/DiabloMiner](https://github.com/Diablo-D3/DiabloMiner) | OpenCL miner for Bitcoin | Diablo-D3 | gpl-3.0 | 529 |
| [https://github.com/adulau/Net-Whois-RIS](https://github.com/adulau/Net-Whois-RIS) | Perl module to query RIPE Routing Information Service (RIS) | adulau | | 2 |
| [https://github.com/Rafiot/Whois-Server](https://github.com/Rafiot/Whois-Server) | Implementation of a Whois Server with a redis backend | Rafiot | | 16 |
| [https://github.com/abneptis/GoUUID](https://github.com/abneptis/GoUUID) | UUID generator/parser for Go | abneptis | other | 13 |
| [https://github.com/pagekite/PyPagekite](https://github.com/pagekite/PyPagekite) | Python implementation of the PageKite remote front-end protocols. | pagekite | agpl-3.0 | 663 |
| [https://github.com/getpelican/pelican](https://github.com/getpelican/pelican) | Static site generator that supports Markdown and reST syntax. Powered by Python. | getpelican | agpl-3.0 | 11193 |
| [https://github.com/clee/mobipocket](https://github.com/clee/mobipocket) | Ruby interface for reading (and eventually writing) mobipocket books | clee | mit | 16 |
| [https://github.com/adulau/bgp-ranking](https://github.com/adulau/bgp-ranking) | For an Internet Service Provider, AS numbers are a logical representation of the other ISP peering or communicating with his autonomous system. ISP customers are using the capacity of the Internet Service Provider to reach Internet services over other AS. Some of those communications can be malicious (e.g. due to malware activities on an end-user equipments) and hosted at specific AS location. In order to provide an improved security view on those AS numbers, a trust ranking scheme will be implemented based on existing dataset of compromised systems, malware C&C IP and existing datasets of the ISPs. | adulau | other | 4 |
| [https://github.com/NewEraCracker/LOIC](https://github.com/NewEraCracker/LOIC) | Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox's LOIC project. USE ON YOUR OWN RISK. WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. | NewEraCracker | other | 2117 |
| [https://github.com/symkat/SymPullCDN](https://github.com/symkat/SymPullCDN) | SymPullCDN is a reverse caching proxy for use with Google Application Engine | symkat | other | 40 |
| [https://github.com/dotse/dns2db](https://github.com/dotse/dns2db) | DNS2db is no longer supported and has been replaced by the superior PacketQ. PacketQ is much faster and no longer relies on Sqlite. Go to https://github.com/dotse/packetq/ for more information. The information and source on this page is provided for historical reasons. | dotse | | 9 |
| [https://github.com/lethain/Redis-Python-Datastructures](https://github.com/lethain/Redis-Python-Datastructures) | simple python datastructure wrappings for redis | lethain | mit | 105 |
| [https://github.com/grugq/RunTracer](https://github.com/grugq/RunTracer) | PIN tool runtracer suite | grugq | | 42 |
| [https://github.com/edipretoro/WebService--Instapaper](https://github.com/edipretoro/WebService--Instapaper) | Basic interface to the Instapaper API | edipretoro | | 2 |
| [https://github.com/lachesis/zzz-scratch-pybitcoin](https://github.com/lachesis/zzz-scratch-pybitcoin) | Python Conversion of the Bitcoin Client | lachesis | | 13 |
| [https://github.com/FlowingMedia/TimeFlow](https://github.com/FlowingMedia/TimeFlow) | Timeline visualization application | FlowingMedia | | 447 |
| [https://github.com/adulau/arc](https://github.com/adulau/arc) | Paul Graham's Brand New Lisp | adulau | other | 2 |
| [https://github.com/zeromq/pyzmq](https://github.com/zeromq/pyzmq) | PyZMQ: Python bindings for zeromq | zeromq | other | 3195 |
| [https://github.com/andrewf/pcap2har](https://github.com/andrewf/pcap2har) | A convertor from .pcap network capture files to HTTP Archive files. | andrewf | bsd-2-clause | 222 |
| [https://github.com/quuxlabs/Spear](https://github.com/quuxlabs/Spear) | The reference implementation of the SPEAR ranking algorithm in Python. | quuxlabs | | 35 |
| [https://github.com/mape/node-wargames](https://github.com/mape/node-wargames) | Visualization of an IRC channel in a wargame theme. | mape | mit | 168 |
| [https://github.com/ieure/sicp](https://github.com/ieure/sicp) | Structure and Interpretation of Computer Programs, Second Edition | ieure | | 991 |
| [https://github.com/SvenDowideit/fireGPG](https://github.com/SvenDowideit/fireGPG) | FireGPG is a Firefox extension under MPL that provides an integrated interface to apply GnuPG operations to the text of any web page, including encryption, decryption, signing, and signature verification. | SvenDowideit | other | 18 |
| [https://github.com/adulau/paper-token](https://github.com/adulau/paper-token) | paper token is a PDF generator to create paper-based OTP token. | adulau | | 4 |
| [https://github.com/quuxlabs/DeliciousAPI](https://github.com/quuxlabs/DeliciousAPI) | Unofficial Python API for retrieving data from Delicious | quuxlabs | | 39 |
| [https://github.com/twitter-archive/snowflake](https://github.com/twitter-archive/snowflake) | Snowflake is a network service for generating unique ID numbers at high scale with some simple guarantees. | twitter-archive | | 7150 |
| [https://github.com/edsu/linkypedia](https://github.com/edsu/linkypedia) | a web based tool to monitor how your website content is used in wikipedia | edsu | | 37 |
| [https://github.com/paulgirard/pygexf](https://github.com/paulgirard/pygexf) | a python library to generate gexf file format | paulgirard | other | 119 |
| [https://github.com/rubys/venus](https://github.com/rubys/venus) | Planet Venus is an awesome river of news feed reader. It downloads news feeds published by web sites and aggregates their content together into a single combined feed, latest news first. | rubys | other | 263 |
| [https://github.com/saucelabs/monocle](https://github.com/saucelabs/monocle) | An async programming framework with a blocking look-alike syntax. | saucelabs | other | 331 |
| [https://github.com/Rafiot/bgp-ranking](https://github.com/Rafiot/bgp-ranking) | For an Internet Service Provider, AS numbers are a logical representation of the other ISP peering or communicating with his autonomous system. ISP customers are using the capacity of the Internet Service Provider to reach Internet services over other AS. Some of those communications can be malicious (e.g. due to malware activities on an end-user equipments) and hosted at specific AS location. In order to provide an improved security view on those AS numbers, a trust ranking scheme will be implemented based on existing dataset of compromised systems, malware C&C IP and existing datasets of the ISPs. | Rafiot | other | 20 |
| [https://github.com/penma/dpaper](https://github.com/penma/dpaper) | Archive binary data on paper, for the lulz | penma | | 5 |
| [https://github.com/masonoise/redis-cheatsheet](https://github.com/masonoise/redis-cheatsheet) | Cheatsheet for Redis | masonoise | | 55 |
| [https://github.com/jgoerzen/pygopherd](https://github.com/jgoerzen/pygopherd) | Multiprotocol Gopher/Web Server [Python] | jgoerzen | gpl-2.0 | 166 |
| [https://github.com/jsundram/streamgraph.js](https://github.com/jsundram/streamgraph.js) | | jsundram | | 156 |
| [https://github.com/eleybourn/Book-Catalogue](https://github.com/eleybourn/Book-Catalogue) | A book cataloging tool for Android phones. | eleybourn | gpl-3.0 | 363 |
| [https://github.com/basho/ebloom](https://github.com/basho/ebloom) | A NIF wrapper around a basic bloom filter. | basho | | 62 |
| [https://github.com/tbrumm/RT-Extension-QueueDeactivatedScrips](https://github.com/tbrumm/RT-Extension-QueueDeactivatedScrips) | Deactivate global Scrips on Queue Level | tbrumm | | 5 |
| [https://github.com/axiak/pybloomfiltermmap](https://github.com/axiak/pybloomfiltermmap) | Fast Python Bloom Filter using Mmap | axiak | mit | 732 |
| [https://github.com/refaim/reposeer](https://github.com/refaim/reposeer) | Library Genesis import tool | refaim | other | 7 |
| [https://github.com/gollum/gollum](https://github.com/gollum/gollum) | A simple, Git-powered wiki with a sweet API and local frontend. | gollum | mit | 12845 |
| [https://github.com/pklaus/timetable](https://github.com/pklaus/timetable) | A LaTeX package for creating one-week timetables as they can frequently be found in universities or schools. | pklaus | | 38 |
| [https://github.com/erh/mongo-munin](https://github.com/erh/mongo-munin) | Munin plugins for MongoDB | erh | | 148 |
| [https://github.com/kazu-yamamoto/pgpdump](https://github.com/kazu-yamamoto/pgpdump) | A PGP packet visualizer | kazu-yamamoto | other | 147 |
| [https://github.com/g2p/git-fs](https://github.com/g2p/git-fs) | A filesystem interface to git repositories | g2p | gpl-2.0 | 226 |
| [https://github.com/singpolyma/shttpd](https://github.com/singpolyma/shttpd) | An HTTP server written in POSIX shell script | singpolyma | other | 40 |
| [https://github.com/progrium/localtunnel](https://github.com/progrium/localtunnel) | Expose localhost servers to the Internet | progrium | mit | 3131 |
| [https://github.com/gonzoua/EBook-EPUB](https://github.com/gonzoua/EBook-EPUB) | EBook::EPUB perl module for generating EPUB document | gonzoua | bsd-2-clause | 32 |
| [https://github.com/adulau/hotp-js](https://github.com/adulau/hotp-js) | A simple Javascript HOTP implementation (HMAC-Based One-Time Password Algorithm) as described in RFC 4226. The library relies on crypto-js (http://code.google.com/p/crypto-js/) for the javascript HMAC-SHA1 implementation. | adulau | | 28 |
| [https://github.com/adulau/Forban](https://github.com/adulau/Forban) | Forban is a p2p application for link-local and local area networks. Forban works independently from the Internet and uses only the local area capabilities to announce, discover, search or share files. Forban relies on HTTP and it is "opportunistic". | adulau | | 133 |
| [https://github.com/quartzjer/TeleHash](https://github.com/quartzjer/TeleHash) | Old v1 repo, please see http://github.org/telehash now. | quartzjer | other | 740 |
| [https://github.com/ranguard/text-vcard](https://github.com/ranguard/text-vcard) | Perl package to edit and create vCard(s) (RFC 2426) | ranguard | | 21 |
| [https://github.com/clever-algorithms/CleverAlgorithms](https://github.com/clever-algorithms/CleverAlgorithms) | Clever Algorithms: Nature-Inspired Programming Recipes | clever-algorithms | | 1891 |
| [https://github.com/latsami/close-commenting](https://github.com/latsami/close-commenting) | A simple text-publishing Django application enabling per paragraph comments. | latsami | gpl-3.0 | 2 |
| [https://github.com/Abigail/Regexp--Common](https://github.com/Abigail/Regexp--Common) | Common patterns | Abigail | other | 31 |
| [https://github.com/OSQA/osqa](https://github.com/OSQA/osqa) | An open source Q&A(question and answer) eco-system. Issue tracking is at http://jira.osqa.net | OSQA | other | 289 |
| [https://github.com/IlyaSkriblovsky/txredisapi](https://github.com/IlyaSkriblovsky/txredisapi) | non-blocking redis client for python twisted | IlyaSkriblovsky | apache-2.0 | 232 |
| [https://github.com/tpope/vim-pathogen](https://github.com/tpope/vim-pathogen) | pathogen.vim: manage your runtimepath | tpope | vim | 11951 |
| [https://github.com/luispedro/milk](https://github.com/luispedro/milk) | MILK: Machine Learning Toolkit | luispedro | mit | 611 |
| [https://github.com/Pistos/Top-Hacker-News](https://github.com/Pistos/Top-Hacker-News) | Poller and RSS feed of the top Hacker News links | Pistos | | 5 |
| [https://github.com/mstevens/email-arf](https://github.com/mstevens/email-arf) | Email::ARF perl module for parsing ARF | mstevens | other | 2 |
| [https://github.com/scy/levitation](https://github.com/scy/levitation) | Tools to convert Wikipedia dumps into Git repositories. | scy | | 126 |
| [https://github.com/mithro/media2iki](https://github.com/mithro/media2iki) | Convert MediaWiki into an ikiwiki while preserving all history | mithro | gpl-2.0 | 12 |
| [https://github.com/fs111/TheSilentGuy](https://github.com/fs111/TheSilentGuy) | the talking IRC bot | fs111 | mit | 5 |
| [https://github.com/tstack/lnav](https://github.com/tstack/lnav) | Log file navigator | tstack | bsd-2-clause | 4700 |
| [https://github.com/phreeza/cells](https://github.com/phreeza/cells) | a game where players programm agents that compete for resources in a simulated environment | phreeza | mit | 222 |
| [https://github.com/rmurphey/jqfundamentals](https://github.com/rmurphey/jqfundamentals) | Code repository for jQuery Fundamentals training | rmurphey | | 1168 |
| [https://github.com/singpolyma/git-mediawiki](https://github.com/singpolyma/git-mediawiki) | Talk to a mediawiki from git | singpolyma | | 6 |
| [https://github.com/viveleroi/notepad-generator](https://github.com/viveleroi/notepad-generator) | Source code for the notepad generator tool from Botsko.net | viveleroi | | 17 |
| [https://github.com/jweslley/bashreduce](https://github.com/jweslley/bashreduce) | map/reduce in bash | jweslley | | 11 |
| [https://github.com/bestpractical/rtir](https://github.com/bestpractical/rtir) | | bestpractical | | 101 |
| [https://github.com/toddr/perl-net-jabber-bot](https://github.com/toddr/perl-net-jabber-bot) | Net::Jabber::Bot module for Perl | toddr | | 14 |
| [https://github.com/mnutt/hid.im-firefox](https://github.com/mnutt/hid.im-firefox) | Firefox extension to convert an image to a torrent | mnutt | mit | 20 |
| [https://github.com/atl/twitstream](https://github.com/atl/twitstream) | A simple asynchronous HTTP library in python for speaking with Twitter's streaming API, with numerous example applications. | atl | mit | 60 |
| [https://github.com/wireghoul/graudit](https://github.com/wireghoul/graudit) | grep rough audit - source code auditing tool | wireghoul | gpl-3.0 | 1148 |
| [https://github.com/vecna/sniffjoke](https://github.com/vecna/sniffjoke) | a client-only layer of protection from the wiretap/sniff/IDS analysis | vecna | gpl-3.0 | 90 |
| [https://github.com/zxombie/contiki-arduino](https://github.com/zxombie/contiki-arduino) | Contiki ported to various Arduino boards | zxombie | | 22 |
| [https://github.com/paulsm/pyzeroconf](https://github.com/paulsm/pyzeroconf) | A pure python implementation of multicast DNS service discovery | paulsm | | 102 |
| [https://github.com/rieck/malheur](https://github.com/rieck/malheur) | A Tool for Automatic Analysis of Malware Behavior | rieck | gpl-3.0 | 338 |
| [https://github.com/runpaint/vim-recipes](https://github.com/runpaint/vim-recipes) | A cookbook for the Vim text editor. | runpaint | other | 274 |
| [https://github.com/nodejs/http-parser](https://github.com/nodejs/http-parser) | http request/response parser for c | nodejs | mit | 6117 |
| [https://github.com/bronson/pdfdir](https://github.com/bronson/pdfdir) | Utilities to operate on lots of PDF files | bronson | | 22 |
| [https://github.com/lkeijser/stonevpn](https://github.com/lkeijser/stonevpn) | Easy OpenVPN certificate and configuration management | lkeijser | gpl-2.0 | 48 |
| [https://github.com/jelmer/dulwich](https://github.com/jelmer/dulwich) | Pure-Python Git implementation | jelmer | other | 1807 |
| [https://github.com/redis/redis](https://github.com/redis/redis) | Redis is an in-memory database that persists on disk. The data model is key-value, but many different kind of values are supported: Strings, Lists, Sets, Sorted Sets, Hashes, Streams, HyperLogLogs, Bitmaps. | redis | bsd-3-clause | 57442 |
| [https://github.com/todotxt/todo.txt-cli](https://github.com/todotxt/todo.txt-cli) | ☑️ A simple and extensible shell script for managing your todo.txt file. | todotxt | gpl-3.0 | 5061 |
| [https://github.com/vim-perl/vim-perl](https://github.com/vim-perl/vim-perl) | Support for Perl 5 in Vim | vim-perl | vim | 488 |
| [https://github.com/minad/olelo](https://github.com/minad/olelo) | Wiki with git backend | minad | mit | 242 |
| [https://github.com/sanko/net-bittorrent](https://github.com/sanko/net-bittorrent) | Perl based BitTorrent module available on CPAN | sanko | other | 13 |
| [https://github.com/linuxfrorg/linuxfr.org](https://github.com/linuxfrorg/linuxfr.org) | The new version of LinuxFr.org will be in Ruby on Rails. It was NoNo's resolution for 2009 (well, achieved!). You may add other enhancements at http://linuxfr.org/suivi/ as you have a look at the website | linuxfrorg | agpl-3.0 | 120 |
| [https://github.com/samuelclay/NewsBlur](https://github.com/samuelclay/NewsBlur) | NewsBlur is a personal news reader that brings people together to talk about the world. A new sound of an old instrument. | samuelclay | mit | 6126 |
| [https://github.com/xHire/wrapsix](https://github.com/xHire/wrapsix) | The fastest software NAT64 | xHire | gpl-3.0 | 30 |
| [https://github.com/akrennmair/newsbeuter](https://github.com/akrennmair/newsbeuter) | Newsbeuter is an open-source RSS/Atom feed reader for text terminals. | akrennmair | mit | 778 |
| [https://github.com/jaybaird/python-bloomfilter](https://github.com/jaybaird/python-bloomfilter) | Scalable Bloom Filter implemented in Python | jaybaird | mit | 1565 |
| [https://github.com/akkumar/jreversepro](https://github.com/akkumar/jreversepro) | JReversePro Java Decompiler | akkumar | | 82 |
| [https://github.com/internetarchive/bookreader](https://github.com/internetarchive/bookreader) | The Internet Archive BookReader | internetarchive | agpl-3.0 | 755 |
| [https://github.com/mcr/tcpdump](https://github.com/mcr/tcpdump) | the TCPdump network dissector. now moved to: | mcr | other | 84 |
| [https://github.com/internetarchive/openlibrary](https://github.com/internetarchive/openlibrary) | One webpage for every book ever published! | internetarchive | agpl-3.0 | 3828 |
| [https://github.com/mojolicious/mojo](https://github.com/mojolicious/mojo) | :sparkles: Mojolicious - Perl real-time web framework | mojolicious | artistic-2.0 | 2361 |
| [https://github.com/webpy/webpy](https://github.com/webpy/webpy) | web.py is a web framework for python that is as simple as it is powerful. | webpy | other | 5742 |
| [https://github.com/tarcieri/reia](https://github.com/tarcieri/reia) | Ruby-like hybrid OOP/functional programming language for BEAM, the Erlang VM | tarcieri | mit | 777 |
| [https://github.com/sr/git-wiki](https://github.com/sr/git-wiki) | A quick & dirty git-powered Sinatra wiki | sr | | 531 |
| [https://github.com/lydgate/git-todo-py](https://github.com/lydgate/git-todo-py) | A fork of todo.py that commits all changes into a git repository. | lydgate | gpl-2.0 | 20 |
| [https://github.com/arclanguage/anarki](https://github.com/arclanguage/anarki) | Community-managed fork of the Arc dialect of Lisp; for commit privileges submit a pull request. | arclanguage | other | 1123 |