ring04h.md

Awesome Stars

A curated list of my GitHub stars! Generated by starred

Contents

• C

• C++

• CSS

• Go

• Groovy

• HTML

• Haskell

• Java

• JavaScript

• [Jupyter Notebook](#jupyter notebook)

• Lua

• Max

• Nemerle

• Objective-C

• Others

• PHP

• PLSQL

• Perl

• Perl6

• PowerShell

• Python

• Ruby

• Rust

• Scheme

• Shell

• Swift

• TeX

• TypeScript

C

• mysql-sniffer - mysql-sniffer is a network traffic analyzer tool for mysql, it is developed by Qihoo DBA and infrastructure team

• vuzzer -

• python-Levenshtein - The Levenshtein Python C extension module contains functions for fast computation of Levenshtein distance and string similarity

• json-c - https://github.com/json-c/json-c is the official code repository for json-c. See the wiki for release tarballs for download.

• netdata - Get control of your servers. Simple. Effective. Awesome. https://my-netdata.io/

• rsyslog - a Rocket-fast SYStem for LOG processing

• rooty - libpcap based ICMP encrypted backdoor for linux.

• mf_nonce_brute - 1st phase of mifare classic nested auth key recovery

• naxsi - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

• lanmap2 - builds database/visualizations of LAN structure from passively sifted information

• icmptunnel - Transparently tunnel your IP traffic through ICMP echo and reply packets.

• http-sniffer - A multi-threading tool to sniff TCP flow statistics and embedded HTTP headers from PCAP file. Each TCP flow carrying HTTP is exported to text file in json format.

• keysniffer - Linux kernel mode debugfs keylogger

• sslnuke - Transparent proxy that decrypts SSL traffic and prints out IRC messages.

• Kadimus - Kadimus is a tool to check sites to lfi vulnerability , and also exploit it...

• Auto_EAP - Automated Brute-Force Login Attacks Against EAP Networks.

• icmpsh - Simple reverse ICMP shell

• public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups

• wifi-arsenal - WiFi arsenal

• goaccess - GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.

• PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

• metasploit-payloads - Unified repository for different Metasploit Framework payloads

• s2e - S2E - A Platform for In-Vivo Multi-Path Software Analysis

• Mirai-Source-Code - Leaked Mirai Source Code for Research/IoC Development Purposes

• zmap - ZMap Internet Scanner

• thc-ipv6 - IPv6 attack toolkit

• FreeRDP - FreeRDP is a free remote desktop protocol client

• how2heap - A repository for learning various heap exploitation techniques.

• osxtun - create tun in osx

• ssocks - sSocks fork for windows support; original: https://sourceforge.net/projects/ssocks/

• kcp - KCP - A Fast and Reliable ARQ Protocol

• go-opencl - Go language binding to the OpenCL library

• skynet - A lightweight online game framework

• tcpcopy - An online request replication tool, also a tcp stream replay tool, fit for real testing, performance testing, stability testing, stress testing, load testing, smoke testing, etc

• poco - POCO C++ Libraries - Cross-platform C++ libraries with a network/internet focus.

• socks5_c - 一个轻量级的 socks5 代理, 带简单加密传输功能, 可穿透 GFW

• sshinner - A fast network solution for desktop user including intra-network export, ss5 proxy, dns proxy

• shadowsocks-libev - libev port of shadowsocks

• redsocks - transparent redirector of any TCP connection to proxy

• pwnat - pwnat punches holes in firewalls and NATs allowing any numbers of clients behind NATs to directly connect to a server behind a different NAT using a newly developed technique with no 3rd party, port forwarding, DMZ or spoofing

• proxychains - proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.

• proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.

• icmpsh - Simple reverse ICMP shell

• disque - Disque is a distributed message broker

• yar - Light, concurrent RPC framework for PHP & C

• passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup

• webdis - A Redis HTTP interface with JSON output

• masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

C++

• wkhtmltopdf - Convert HTML to PDF using Webkit (QtWebKit)

• protobuf - Protocol Buffers - Google's data interchange format

• dnscat2 -

• hunter - (l)user hunter using WinAPI calls only

• mxnet - Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more

• Pebble - Pebble分布式开发框架

• Teaf - Tencent Easy ACE Framework，基于ACE的高性能服务框架，有完善的监控统计，数据库访问等功能

• libco - libco is a coroutine library which is widely used in wechat back-end service. It has been running on tens of thousands of machines since 2013.

• s3fs-fuse - FUSE-based file system backed by Amazon S3

• tensorflow - Computation using data flow graphs for scalable machine learning

• Paddle - PArallel Distributed Deep LEarning

• udp2tcp_tunnel - UDP to TCP tunnel for sending datagrams through weak network

• udp_client_server - Simple udp client and server for udp2tcp_tunnel testing

• dns-tcp2udp - DNS TCP to UDP proxy

• fhscanhttplibrary - Automatically exported from code.google.com/p/fhscanhttplibrary

• libtins - High-level, multiplatform C++ network packet sniffing and crafting library.

CSS

• ChromeLogger - Chrome Keylogger Extension

• gobyexample - Go by Example

• normalize.css - A collection of HTML element and attribute style-normalizations

• agent - linux monitor agent

Go

• cayley - An open-source graph database

• wuzz - Interactive cli tool for HTTP inspection

• onionscan - OnionScan is a free and open source tool for investigating the Dark Web.

• zdns - DNS Lookup and Manipulation Tools

• goquery - Jquery style selector engine for HTML documents, in Go.

• keytransparency - A transparent and secure way to look up public keys.

• sonar-es-go - Go scripts to import sonar (https://scans.io/study/sonar.ssl) into elasticsearch

• httpparse - Capture and parse http traffics

• ssllabs-scan - A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

• zgrab - Application layer scanner that operates with ZMap

• poseidon - A search engine which can hold 100 trillion lines of log data.

• clair - Vulnerability Static Analysis for Containers

• rpcx - A RPC service framework based on net/rpc like alibaba Dubbo and weibo Motan. One of best performance RPC frameworks.

• sshbf - Simple SSH brute-forcer written in Go

• sshhipot - High-interaction MitM SSH honeypot

• pprof - pprof is a tool for visualization and analysis of profiling data

• go - my golang lib

• go-mysql-elasticsearch - Sync MySQL data into elasticsearch

• go-mysql - a powerful mysql toolset with Go

• initials-avatar - Initials avatar for golang

• bro-pdns - Passive DNS collection using Bro

• s5.go - Socks5 proxy server by golang

• whois-parser-go - Go module for whois info parser

• whois-go - Go module for domain whois

• whois - Whois client for Go.

• blacksheepwall - blacksheepwall is a hostname reconnaissance tool

• render - Go package for easily rendering JSON, XML, binary data, and HTML templates responses.

• IP-resolver - A command-line tool for getting a domain's IPs from multiple name servers.

• goquery - A little like that j-thing, only in Go.

• go-libxml2 - Interface to libxml2, with DOM interface

• go-pkg-xmlx - Extension to the standard Go XML package. Maintains a node tree that allows forward/backwards browsing and exposes some simple single/multi-node search functions.

• gokogiri - A light libxml wrapper for Go

• xurls - Extract urls from text

• grpc-go - The Go language implementation of gRPC. HTTP/2 based RPC

• gorpc - Simple, fast and scalable golang rpc library for high load

• netstack - IPv4 and IPv6 userland network stack

• vitess - Vitess is a database clustering system for horizontal scaling of MySQL.

• goworker-examples -

• nosurf - CSRF protection middleware for Go.

• toxiproxy - ⏰ 🔥 A TCP proxy to simulate network and system conditions for chaos and resiliency testing

• gopcap - A simple wrapper around libpcap for the Go programming language

• go-stun - A go implementation of the STUN client (RFC 3489 and RFC 5389)

• pool - 🚤 a limited consumer goroutine or unlimited goroutine pool for easier goroutine handling and cancellation

• goworker - goworker is a Go-based background worker that runs 10 to 100,000* times faster than Ruby-based workers.

• redigo - Go client for Redis

• go-commons-pool - a generic object pool for golang

• chisel - A fast TCP tunnel over HTTP

• s3gof3r - Fast, concurrent, streaming access to Amazon S3, including gof3r, a CLI. http://godoc.org/github.com/rlmcpherson/s3gof3r

• gin - Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.

• containerd - An open and reliable container runtime

• machinery - Machinery is an asynchronous task queue/job queue based on distributed message passing.

• dingo - An easy-to-use, distributed, extensible task/job queue framework for #golang

• goqless - Redis job queue for Go (golang)

• negroni - Idiomatic HTTP Middleware for Golang

• grpool - Lightweight Goroutine pool

• tunny - A goroutine pool for golang

• go-fetcher - 爬虫器(golang), 模拟浏览器特征保存cookie，referer，以达到爬虫的目的

• tunnel -

• gopkg - example for the go pkg's function

• golang-set - A simple set type for the Go language. Also used in Docker.

• gobook - The Go Programming Language

• go-daemon - A library for writing system daemons in golang.

• daemon - A daemon package for use with Go (golang) services with no dependencies

• grimd - ⚡ fast dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers

• martian - Martian is a library for building custom HTTP/S proxies

• kingshard - A high-performance MySQL proxy

• httpstat - It's like curl -v, with colours.

• gocode - An autocompletion daemon for the Go programming language

• shadowsocks-go - go port of shadowsocks

• hey - HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom

• vegeta - HTTP load testing tool and library. It's over 9000!

• cadvisor - Analyzes resource usage and performance characteristics of running containers.

• cli - A simple, fast, and fun package for building command line apps in Go

• terraform - Terraform is a tool for building, changing, and combining infrastructure safely and efficiently.

• nsq - A realtime distributed messaging platform

• consul - Consul is a tool for service discovery, monitoring and configuration.

• ngrok - Introspected tunnels to localhost

• syncthing - Open Source Continuous File Synchronization

• kubernetes - Production-Grade Container Scheduling and Management

• dns - DNS library in Go

• lantern - ??Lantern Latest Download https://github.com/getlantern/lantern/releases/tag/latest ??蓝灯最新版本下载 https://github.com/getlantern/forum/issues/833 ??

• go-nsq - The official Go package for NSQ

• go_spider - [爬虫框架 (golang)] An awesome Go concurrent Crawler(spider) framework. The crawler is flexible and modular. It can be expanded to an Individualized crawler easily or you can use the default crawl components only.

• kcptun - A Secure Tunnel Based On KCP with N:M Multiplexing

• socks - A SOCKS (SOCKS4, SOCKS4A and SOCKS5) Proxy Package for Go

• socks - socks -- a proxy server.

• tools - [mirror] Go Tools

• net - [mirror] Go supplementary network libraries

• everynet - golang for http socks5 proxy

• socket - socket lib

• stew - Stew is a very high performance package that extends common Go objects providing better alternatives or wrappers.

• gorequest - GoRequest -- Simplified HTTP client ( inspired by nodejs SuperAgent )

• tls-example - Golang crypto/tls example. x509 certificate create and sign.

• goreq - A Simplified Golang Http Client

• the-way-to-go_ZH_CN - 《The Way to Go》中文译本，中文正式名《Go入门指南》

• golang -

• cow - HTTP proxy written in Go. COW can automatically identify blocked sites and use parent proxies to access.

• fasthttp - Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http

• go-fundamental-programming - 《Go 编程基础》是一套针对 Google 出品的 Go 语言的视频语音教程，主要面向新手级别的学习者。

• gorm - The fantastic ORM library for Golang, aims to be developer friendly

• configor - Golang Configuration tool that support YAML, JSON, TOML, Shell Environment

• The-Golang-Standard-Library-by-Example - Golang标准库。对于程序员而言，标准库与语言本身同样重要，它好比一个百宝箱，能为各种常见的任务提供完美的解决方案。以示例驱动的方式讲解Golang的标准库。

• toml - TOML parser for Golang with reflection.

• etcd - Distributed reliable key-value store for the most critical data of a distributed system

• db - A productive data access layer for Go.

• build-web-application-with-golang - A golang ebook intro how to build a web with golang

• gotunnel2 - socks5 proxy.

• go-socks - SOCKS5 proxy library for Go

• goproxy - An HTTP proxy library for Go

• tour - Go 语言官方教程中文版

• go - Go 编程语言中文翻译

• qtunnel - A secure socket tunnel works on getqujing.com

• xtunnel -

• skynet - Skynet is a framework for distributed services in Go.

• goreplay - GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.

• glow - Glow is an easy-to-use distributed computation system written in Go, similar to Hadoop Map Reduce, Spark, Flink, Storm, etc. I am also working on another similar pure Go system, https://github.com/chrislusf/gleam , which is more flexible and more performant.

• go-simplejson - a Go package to interact with arbitrary JSON

• mysql - Go MySQL Driver is a MySQL driver for Go's (golang) database/sql package

• awesome-go - A curated list of awesome Go frameworks, libraries and software

• gopl-zh - Go圣经中文读书笔记(你懂的)

• transocks - Transparent SOCKS5 / HTTP proxy in Go

• go-socks5 - SOCKS5 server in Golang

• vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

• gryffin - Gryffin is a large scale web security scanning platform

• hyperfox - HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation.

Groovy

• jd-gui - A standalone Java Decompiler GUI

HTML

• xhtml2pdf - A library for converting HTML into PDFs using ReportLab

• osx-installer - Docker installer for Mac OS X

• pcapy - Pcapy is a Python extension module that interfaces with the libpcap packet capture library.

• metasploitable3 - Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

• DVRF - The Damn Vulnerable Router Firmware Project

• PacketStorm-Exploits - Collection of publicly available exploits from Packetstorm

• grokdebug -

• phantomjs - Scriptable Headless WebKit

• webdriver_guide - webdriver guide

• NPWG_zh - Network programming with Go 中文翻译版本

• domxssscanner - DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities

• GoogleScraper - A Python module to scrape several search engines (like Google, Yandex, Bing, Duckduckgo, Baidu and others) by using proxies (socks4/5, http proxy) and with many different IP's, including asynchronous networking support (very fast).

Haskell

• regex-genex - Given a list of regexes, generate all possible strings that matches all of them.

Java

• S2-046-PoC - S2-046-PoC

• burp-ysoserial - YSOSERIAL Integration with burp suite

• elasticsearch-knapsack - Knapsack plugin is an import/export tool for Elasticsearch

• wycheproof - Project Wycheproof tests crypto libraries against known attacks.

• android - cSploit - The most complete and advanced IT security professional toolkit on Android.

• android-oss - Kickstarter for Android. Bring new ideas to life, anywhere.

• AwesomeValidation - Android validation library which helps developer boil down the tedious work to three easy steps.

• ghostdriver - Ghost Driver is an implementation of the Remote WebDriver Wire protocol, using PhantomJS as back-end

• browsermob-proxy - A free utility to help web developers watch and manipulate network traffic from their AJAX applications.

• parallec - Fast Parallel Async HTTP/SSH/TCP/UDP/Ping Client Java Library. Aggregate 100,000 APIs & send anywhere in 20 lines of code. Ping/HTTP Calls 8000 servers in 12 seconds. (Akka) www.parallec.io

• restcommander - Fast Parallel Async HTTP client as a Service to monitor and manage 10,000 web servers. (Java+Akka)

• ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

• crawljax - Crawljax: Crawling JavaScript-based Ajax Web Applications

• ajvm - A hobby jvm, just want to know how a java virtual machine works.

JavaScript

• csv2md - Convert csv data to markdown tables

• betwixt - ⚡ Web Debugging Proxy based on Chrome DevTools Network panel.

• JudasDNS - Nameserver DNS poisoning attacks made easy

• intrigue-core - Discover your attack surface!

• elasticsearch-head - A web front end for an elastic search cluster

• WhoDat - Pivotable Reverse WhoIs / PDNS Fusion with Registrant Tracking & Alerting plus API for automated queries (JSON/CSV/TXT)

• AtEar - Wireless Hacking, WiFi Security, Vulnerability Analyzer, Pentestration

• ssrfDetector - Server-side request forgery detector

• hexo - A fast, simple & powerful blog framework, powered by Node.js.

• chrome-remote-interface - Chrome Debugging Protocol interface for Node.js

• scans - AWS security scanning checks

• cropper - A simple jQuery image cropping plugin.

• Wappalyzer - Cross-platform utility that uncovers the technologies used on websites.

• ServiceWorkersDemos - Demo apps utilizing Service Workers.

• webdriverio - Webdriver/Selenium JavaScript bindings for Node.js

• phantomas - PhantomJS-based web performance metrics collector and monitoring tool

• hackathon-casperjs - CasperJS tests on Magento

• page-monitor - capture webpage and diff the dom change with phantomjs ?

• casperjs - Navigation scripting and testing utility for PhantomJS and SlimerJS

• phantom-proxy - a lightweight proxy that lets you to drive phantomjs from node.

• selenium - A browser automation framework and ecosystem.

• domain-regex - A regular expression for most valid domains (including the latest TLDs)

• livepool - Fiddler like cross platform debugging proxy for web developers base on NodeJS

• DataTables - Tables plug-in for jQuery

• OnlinePythonTutor - Visualize Python, Java, JavaScript, TypeScript, Ruby, C, and C++ code execution in your Web browser

• pm2 - Production process manager for Node.js apps with a built-in load balancer.

• easy-pie-chart - easy pie chart is a lightweight plugin to draw simple, animated pie charts for single values

• code2flow - Turn your Python and Javascript code into DOT flowcharts

• Semantic-UI - Semantic is a UI component framework based around useful principles from natural language.

Jupyter Notebook

• OTX-Python-SDK - Open Threat Exchange is an open community that allows participants to learn about the latest threats, research indicators of compromise observed in their environments, share threats they have identified, and automatically update their security infrastructure with the latest indicators to defend their environment.

Lua

• yinyangshi-touchelf - 阴阳师的触摸精灵脚本

• ngx_lua_waf - ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙

Max

• lscan - lscan is a library identification tool on statically linked/stripped binaries

Nemerle

• manpages-zh - Chinese Manual Page

Objective-C

• GCDWebServer - Lightweight GCD based HTTP server for OS X & iOS (includes web based uploader & WebDAV server)

• Today-Scripts - A widget for running scripts in the Today View in OS X Yosemite's Notification Center

• AutoGetRedEnv - 微信自动抢红包动态库

• trip-to-iOS - A curated list of delightful iOS resources.

• SXNews - High imitation Neteasy News. (include list,detail,photoset,weather,feedback)

Others

• be-a-professional-programmer - 成为专业程序员路上用到的各种优秀资料、神器及框架

• Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources

• awesome-reversing - A curated list of awesome reversing resources

• naxsi-rules -

• bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

• MobileApp-Pentest-Cheatsheet - The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

• Blog_Backup - A repository with various tutorials on how to do things in Pentesting, setup environments and other things

• pentest-bookmarks - A collection of penetration testing related sites

• wordpress_plugin_security_testing_cheat_sheet - WordPress Plugin Security Testing Cheat Sheet

• ThreatHunting - An informational repo about hunting for adversaries in your IT environment.

• security-cheatsheets - ?? A collection of cheatsheets for various infosec tools and topics.

• pentest-bookmarks - a collection of handy bookmarks

• AndroidWifiCracker - This was a project to create an android based wifi cracking tool as a proof of concept. It seemed to work well.

• snmpdos - Create a DDOS attack using SNMP servers

• Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities

• DeviceGuardBypassMitigationRules - A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses

• awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things

• Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers

• viewdns_api - ViewDNS API documentation

• GreatiOSJailbreakMaterial - Great iOS Jailbreak Material! - I read hundreds of papers and PPTs. Only list the most useful materials here!

• awesome-regex - A curated collection of awesome Regex libraries, tools, frameworks and software

• oh-my-free-data - 整理一些 DNSPod 开放数据

• APTnotes - Various public documents, whitepapers and articles about APT campaigns

• APTnotes - Various public documents, whitepapers and articles about APT campaigns

• Potatso - Potatso is an iOS client that implements Shadowsocks proxy with the leverage of NetworkExtension framework in iOS 9.

• iOS-Pro - 《 iOS 开发进阶》随书示例程序和勘误

• finalspeed - 高速双边加速软件,在高丢包,延迟环境下仍可达到90%物理带宽利用率.

• book - 学习笔记

• awesome-flask - A curated list of awesome Flask resources and plugins

• awesome-python-cn - Python资源大全中文版，包括：Web框架、网络爬虫、模板引擎、数据库、数据可视化、图片处理等，由伯乐在线持续更新。

• awesome - 😎 Curated list of awesome lists

• Awesome-Networking - A curated list of awesome networking libraries, resources and shiny things

• awesome-lua - A curated list of quality Lua packages and resources.

• python-pentest-tools - Python tools for penetration testers

• openresty-best-practices -

• awesome-django - A curated list of awesome Django apps, projects and resources.

• Scapy_zh-cn - Scapy中文使用文档

• python-github-projects - Collect and classify python projects on Github

• chinese_docker - docker中文文档，docker Chinese Documation

PHP

• Scanners-Box - [Project-Kob-6]The toolbox of open source scanners - 安全行业从业人员自研开源扫描器合集??

• SecLists - SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

• fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

• dvws - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

• SQLMAP-Web-GUI - PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!

• php-malware-finder - Detect potentially malicious PHP files

• phpvulhunter - A tool that can scan php vulnerabilities automatically using static analysis methods

• DVWA - Damn Vulnerable Web Application (DVWA)

• Sn1per - Automated Pentest Recon Scanner

• My-CTF-Web-Challenges - Collection of CTF Web challenges I made

• IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

• webshell - This is a webshell open source project

• domain - domain for website

• PHPidler - IRC bot

• falcon - Falcon是一款基于inotify-tools 开发的Web服务器文件监控平台 能够实时监控Web目录文件变化(新增，修改，删除)，判断文件内容是否包含恶意代码，自动隔离常见Webshell，保证Web目录文件安全

PLSQL

• VulApps - 快速搭建各种漏洞环境(Various vulnerability environment)

Perl

• nginx_syslog_patch - add the full syslog feature to Nginx

• O-Saft - O-Saft - OWASP SSL advanced forensic tool

• httpry - HTTP logging and information retrieval tool

• nikto - Nikto web server scanner

Perl6

• IoTSeeker - Created by Jin Qian via the GitHub Connector

PowerShell

• dnscat2-powershell - A Powershell client for dnscat2, an encrypted DNS command and control tool.

• Azurite - Enumeration and reconnaissance activities in the Microsoft Azure Cloud.

• nishang - Nishang - PowerShell for penetration testing and offensive security.

• CrackMapExec - A swiss army knife for pentesting networks

Python

• incubator-airflow - Apache Airflow (Incubating)

• luigi - Luigi is a Python module that helps you build complex pipelines of batch jobs. It handles dependency resolution, workflow management, visualization etc. It also comes with Hadoop support built in.

• md2pdf - Markdown to PDF conversion tool

• pdf-to-markdown - Convert PDF files into markdown files

• flare-ida - IDA Pro utilities from FLARE team

• anaconda - Anaconda turns your Sublime Text 3 in a full featured Python development IDE including autocompletion, code linting, IDE features, autopep8 formating, McCabe complexity checker Vagrant and Docker support for Sublime Text 3 using Jedi, PyFlakes, pep8, MyPy, PyLint, pep257 and McCabe that will never freeze your Sublime Text 3

• DottedDict - Python library that provides a method of accessing lists and dicts with a dotted path notation.

• docker-nfqueue-scapy - Docker container for intercepting packets with scapy from a netfilter queue (nfqueue)

• jdwp-shellifier -

• raven-python - Raven is a Python client for Sentry (getsentry.com)

• supervisor - Supervisor process control system for UNIX

• evilarc - Create tar/zip archives that can exploit directory traversal vulnerabilities

• SublimeLinter-flake8 - SublimeLinter plugin for python, using flake8.

• dockerscan - Docker security analysis & hacking tools

• werkzeug - A flexible WSGI implementation and toolkit

• pentest-wiki - PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

• python-nameparser - A simple Python module for parsing human names into their individual components

• fuzzywuzzy - Fuzzy String Matching in Python

• cinspect - Code inspection for Python builtins

• pywifi - A cross-platform module for manipulating WiFi devices.

• reGeorg - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

• java_deserialization_exploits - A collection of Java Deserialization Exploits

• nimbostratus-target - This repository holds a target infrastructure you can use for running the nimbostratus tools.

• reppy - Modern robots.txt Parser for Python

• sre_yield - Python module to generate regular all expression matches

• wfuzz - Web application fuzzer

• cansina - Web Content Discovery Tool

• python3-wappalyzer - python3-wappalyzer

• PyV8-OS-X - Compiled PyV8 for Mac OS X

• wappalyzer-python - Python wrapper for Wappalyzer (utility that uncovers the technologies used on websites)

• python-libnmap - libnmap is a python library to run nmap scans, parse and diff scan results. It supports python 2.6 up to 3.4. It's wonderful.

• burp-HttpFuzzer - Burp plugin to do random fuzzing of HTTP requests

• python_learn - 郭帅用于学习的python's code

• hacking_script - 开发或收集的一些网络安全方面的脚本、小工具

• gunicorn - gunicorn 'Green Unicorn' is a WSGI HTTP Server for UNIX, fast clients and sleepy applications.

• webpwn3r - WebPwn3r - Web Applications Security Scanner.

• operative-framework - This is a framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules (Viadeo search,Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics ...)

• celerybeat-mongo - A Celery Beat Scheduler that uses MongoDB to store both schedule definitions and status information

• ztag - Tagging and annotation framework for scan data

• wig - WebApp Information Gatherer

• Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

• wdb - An improbable web debugger through WebSockets

• pysandbox - WARNING: pysandbox is BROKEN BY DESIGN, please move to a new sandboxing solution (run python in a sandbox, not the opposite!)

• exitmap - A fast and modular scanner for Tor exit relays.

• truffleHog - Searches through git repositories for high entropy strings, digging deep into commit history

• aiomysql - aiomysql is a library for accessing a MySQL database from the asyncio

• sslstrip - A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

• ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

• zschema - A schema language for JSON documents that allows validation and compilation into various database engines

• domain-scan - A standard pipeline for running open source scanning tools on domains to measure things like speed, accessibiity, and HTTPS.

• osint-combiner - Combining OSINT sources in Elastic Stack

• elasticsearch-py - Official Python low-level client for Elasticsearch.

• Kvasir - Kvasir: Penetration Test Data Management

• pyes - Python connector for ElasticSearch - the pythonic way to use ElasticSearch

• python-logstash - Python logging handler for Logstash.

• scansio-sonar-es - Python scripts to parse scans.io ssl data and ingest into elasticsearch for searching

• autoDANE - Auto Domain Admin and Network Exploitation.

• iSniff-GPS - Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices

• CMSmap -

• PyJFuzz - PyJFuzz - Python JSON Fuzzer

• SQLViking - sniff/log database traffic or actively execute arbitrary queries via TCP injection

• ivre - Network recon framework.

• impacket - Impacket is a collection of Python classes for working with network protocols.

• smbmap - SMBMap is a handy SMB enumeration tool

• python-evtx - Pure Python parser for recent Windows Event Log files (.evtx)

• spraywmi - SprayWMI is an easy way to get mass shells on systems that support WMI. Much more effective than PSEXEC as it does not leave remnants on a system.

• http-sniffer - A simple implementation of HTTP proxy server in Twisted which applies some transformations for content

• nosqlpot - The NoSQL Honeypot Framework

• Keylogger - A simple keylogger for Windows, Linux and Mac by Giacomo Lawrance

• routersploit - The Router Exploitation Framework

• shellfire - Exploitation shell for exploiting LFI, RFI, and command injection vulnerabilities

• rainmap-lite - Rainmap Lite - Responsive web based interface that allows users to launch Nmap scans from their mobiles/tablets/web browsers!

• POC-T - 渗透测试插件化并发框架

• wifijammer - Continuously jam all wifi clients/routers

• commix - Automated All-in-One OS command injection and exploitation tool.

• LaZagne - Credentials recovery project

• foghorn - The foghorn project is a DNS proxy intended to reduce user exposure to phishing and other malicious items that can be interdicted by DNS greylisting

• wifite -

• apt2 - automated penetration toolkit

• python-wpa-supplicant - WPA Supplicant wrapper for Python

• pwnypack - Certified Edible Dinosaurs official CTF toolkit

• Routerhunter-2.0 - Testing vulnerabilities in devices and routers connected to the Internet.

• dnsrecon - DNS Enumeration Script

• HoneyPy - A low interaction honeypot.

• air-hammer -

• creak - Poison, reset, spoof, redirect MITM script

• ABPTTS - TCP tunneling over HTTP/HTTPS for web application servers

• multitun - Tunnel arbitrary traffic through an innocuous WebSocket. Clients can 'see' each other, resulting in a stealth WebSocket VPN.

• lianwifi - wifi万能钥匙api

• OpenDoor - OWASP WEB Directory Scanner

• WAFNinja - WAFNinja is a tool which contains two functions to attack Web Application Firewalls.

• xsser - From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016

• binwalk - Firmware Analysis Tool

• Fireaway - Next Generation Firewall Audit and Bypass Tool

• DPAT - Domain Password Audit Tool for Pentesters

• cloudflare_enum - Cloudflare DNS Enumeration Tool for Pentesters

• AuthMatrix - AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.

• Haveibeenpwn-script - Simple python script to find pwned email with a nickname

• research - dataset and code for 2016 paper "Learning a Driving Simulator"

• macOS-Security-and-Privacy-Guide - A practical guide to securing macOS.

• the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode

• mallory - Mallory - MiTM TCP and UDP Proxy

• rollmac - Automated WiFi limit evasion

• neural-style - Neural style in TensorFlow! 🎨

• DeepLearningFlappyBird - Flappy Bird hack using Deep Reinforcement Learning (Deep Q-learning).

• cve-search - cve-search - a tool to perform local searches for known vulnerabilities

• ntpdos - Create a DDOS attack using NTP servers

• nightfury -

• sqlmap - Automatic SQL injection and database takeover tool

• MITMf - Framework for Man-In-The-Middle attacks

• pycookiecheat - Borrow cookies from your browser's authenticated session for use in Python scripts.

• curlc - ➰ curl wrapper that uses chrome cookies

• pycurl - PycURL - Python interface to libcurl

• curl_to_requests - Python module for converting cURL commands into equivalent Python code using the requests library

• HTTPretty - HTTP client mocking tool for Python, it's like ruby's FakeWeb for python

• moto - Moto is a library that allows your python tests to easily mock out the boto library

• uncurl - A library to convert curl requests to python-requests.

• HT_infra - VPS infrastructure found in HT dumps

• ThreatExchange - Share threat information with vetted partners

• social-engineer-toolkit - The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

• aws_pwn - A collection of AWS penetration testing junk

• tlsnotary - This project is an old version. Do not use it. New development moved to https://github.com/tlsnotary/tlsnotary. Prove to an auditor that an HTTPS page was in your browser

• flint - The python client of passivedns.cn

• PyPDNS - Client API to query any Passive DNS implementation following the Passive DNS - Common Output Format.

• python_api - Python abstract API for PassiveTotal services in the form of libraries and command line utilities.

• NoSQLMap - Automated Mongo database and NoSQL web application exploitation tool

• boto3 - AWS SDK for Python

• aliyun-oss-python-sdk - Aliyun OSS SDK for Python

• note - 学习笔记

• python-cymruwhois - Python client for the whois.cymru.com service

• whois - Collects WHOIS details for every IPv4 netblock. Reports supported via Elasticsearch.

• ipwhois - Retrieve and parse whois data for IPv4 and IPv6 addresses

• python-whois - A python module for retrieving and parsing WHOIS data

• viewdns-api - API en python para viewdns

• fetch-some-proxies - Simple Python script for fetching "some" (usable) proxies

• pypress - flask team blog

• CloudTesting - 云计算产品性能测试指南（A Simple Guide on Testing Cloud Products）

• ProxyBroker - Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS

• tldextract - Accurately separate the TLD from the registered domain and subdomains of a URL, using the Public Suffix List.

• flask-restful - Simple framework for creating REST APIs

• flask-mail - Flask-Mail adds SMTP mail sending to your Flask applications

• flask-login - Flask user session management.

• flask-celery - Celery integration for Flask (SINCE CELERY 3.0 THIS IS NO LONGER NEEDED)

• pluginbase - A simple but flexible plugin system for Python.

• Tornado-MySQL - PyMySQL fork for Tornado

• flask-celery-example - A simple example for using Flask + Celery

• tornado - Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.

• reddit - the code that powers reddit.com

• zhihu-python - 获取知乎内容信息，包括问题，答案，用户，收藏夹信息

• lxml - The lxml XML toolkit for Python

• kidole - Passively fingerprint web applications based on their URLs

• stormtrooper - A machine learning approach to fingerprinting web traffic

• wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

• dejavu - Audio fingerprinting and recognition in Python

• mwebfp - LNHG - Mass Web Fingerprinter

• python-Wappalyzer - Python driver for Wappalyzer, a web application detection utility.

• plecost - Plecost - Wordpress finger printer Tool

• WeRoBot - WeRoBot 是一个微信公众号开发框架

• OSTrICa -

• python - IP数据库Python语言解析代码（IPIP.net）

• subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains.

• gooseeker -

• fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality.

• ansible - Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications? automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.

• iOSBlogCN - 中文 iOS/Mac 开发博客列表

• noteshrink - Convert scans of handwritten notes to beautiful, compact PDFs

• ungoogled-chromium - Modifications to Google Chromium for removing Google integration and enhancing privacy, control, and transparency

• Nscan - Nscan: Fast internet-wide scanner

• Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

• Flask-SocketIO - Socket.IO integration for Flask applications.

• flask-rq - RQ (Redis Queue) integration for Flask applications

• PyMySQL - Pure Python MySQL Client

• MySQLdb1 - MySQL database connector for Python (legacy version)

• proxy2 - HTTP/HTTPS proxy in a single python script

• arq - Fast job queuing and RPC in python with asyncio, redis and msgpack.

• rq-scheduler - A light library that adds job scheduling capabilities to RQ (Redis Queue)

• rq - Simple job queues for Python

• snakepit-game -

• xxe-recursive-download -

• docopt - Pythonic command line arguments parser, that will make you smile

• w3af - w3af: web application attack and audit framework, the open source web vulnerability scanner.

• sentry - Sentry is a cross-platform crash reporting and aggregation platform.

• ShadowDNS - A DNS forwarder using Shadowsocks as the server

• shadowsocks - backup of https://github.com/shadowsocks/shadowsocks

• PySocksipyChain - Modified socks.py which supports chained proxies

• tcpprox - A small command-line TCP proxy utility written in Python

• Tcp-DNS-proxy - A TCP dns proxy which can get the RIGHT ip address

• rtcp2udp - Reverse TCP Port to UDP Forwarding Tools

• udp2tcp-bridge - a python script to translate a udp stream to tcp

• tcp2udp - Tool for convert tcp traffic to udp. Firewall bypassing

• python-pty-shells - Python PTY backdoors - full PTY or nothing!

• django-debug-toolbar - A configurable set of panels that display various debug information about the current request/response.

• maltrail - Malicious traffic detection system

• flask - A microframework based on Werkzeug, Jinja2 and good intentions

• httpie - Modern command line HTTP client ? user-friendly curl alternative with intuitive UI, JSON support, syntax highlighting, wget-like downloads, extensions, etc. https://httpie.org

• algorithms - An educational library of algorithms in Python

• schedule - Python job scheduling for humans.

• django-taggit - Simple tagging for django

• furl - URL parsing and manipulation made easy.

• flanker - Python email address and Mime parsing library

• requests-futures - Asynchronous Python HTTP Requests for Humans using Futures

• django-q - A multiprocessing distributed task queue for Django

• exploit-database-bin-sploits - Exploit Database binary exploits located in the /sploits directory

• dnspython - a powerful DNS toolkit for python

• python-daemon - Python daemonizer for Unix, Linux and OS X

• daemonocle - A Python library for creating super fancy Unix daemons

• awesome-python - A curated list of awesome Python frameworks, libraries, software and resources

• envoy - Python Subprocesses for Humans?.

• grequests - Requests + Gevent = <3

• dnsyo - Check your DNS against over 1000 global DNS servers

• mrq - Mr. Queue - A distributed worker task queue in Python using Redis & gevent

• huey - a little task queue for python

• bandit - Python AST-based static analyzer from OpenStack Security Group

• django-websocket-redis - Websockets for Django applications using Redis as message queue

• weakfilescan - 动态多线程敏感信息泄露检测工具

• cupp - Common User Passwords Profiler (CUPP)

• mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers

• xsscrapy - XSS spider - 66/66 wavsep XSS detected

• popper -

• shadowsocks -

• docker-py - A Python library for the Docker Engine API

• bogeyman - Socks5 Proxy over HTTP

• dirsearch - Web path scanner

• thorns - thorns_project 分布式异步队列系统

• wyportmap - 目标端口扫描+系统服务指纹识别

• wydomain - to discover subdomains of your target domain

Ruby

• inetdata - Internet data acquisition

• wordpress-exploit-framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

• brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications

• octopress - Octopress is an obsessively designed framework for Jekyll blogging. It’s easy to configure and easy to deploy. Sweet huh?

• phishlulz -

• metasploit-framework - Metasploit Framework

• sslkeylog - A Ruby library that logs SSL session keys in NSS Key Log Format.

• passivetotal_tools - Tools to aid in the usage of PassiveTotal (https://www.passivetotal.org)

• book - Redis Cookbook 一书的原文件

• WhatWeb - Website Fingerprinter

• logstash-patterns-core -

• BinProxy - BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.

• WhatWeb - Website Fingerprinter

Rust

• geckodriver - WebDriver <-> Marionette proxy

Scheme

• radamsa - a general-purpose fuzzer

• pywebkitgtk - Python bindings to the WebKit GTK+ port

Shell

• payloads - Git All the Payloads! A collection of web attack payloads.

• fish-shell - The user-friendly command line shell.

• theme-bobthefish - A Powerline-style, Git-aware fish theme optimized for awesome.

• vscan - vulnerability scanner tool using nmap and nse scripts

• BruteX - Automatically brute force all services running on a target.

• HT-WPS-Breaker - HT-WPS Breaker (High Touch WPS Breaker)

• yi-hack - Xiaomi Yi Ants camera hack

• pentestpackage - a package of Pentest scripts I have made or commonly use

• rfc-reader - this is a command line (linux, osx) rfc reader

• pentest - ⛔ offsec batteries included

• backdoor-apk - backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

• sslkeylog - My copy of the sslkeylog utility

• concourse - BOSH Release

• m-cli - ? Swiss Army Knife for macOS

• LinEnum - Scripted Local Linux Enumeration & Privilege Escalation Checks

• brootkit - Lightweight rootkit implemented by bash shell scripts v0.10

Swift

• ios-oss - Kickstarter for iOS. Bring new ideas to life, anywhere.

• SwiftGuide - 这份指南汇集了Swift语言主流学习资源，并以开发者的视角整理编排。http://dev.swiftguide.cn

• awesome-ios - A curated list of awesome iOS ecosystem, including Objective-C and Swift Projects

• swift-package-manager - The Package Manager for the Swift Programming Language

TeX

• tensorflow-zh - 谷歌全新开源人工智能系统TensorFlow官方文档中文版

TypeScript

• growth - Growth - App to help you Be Awesome Developer & Awesome Hacker

License

To the extent possible under law, ring04h has waived all copyright and related or neighboring rights to this work.