An opinionated list of awesome Python frameworks, libraries, software and resources.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A book-in-progress about the Linux kernel and its insides.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

An advanced memory forensics framework

Malicious traffic detection system

the LLM vulnerability scanner

PEDA - Python Exploit Development Assistance for GDB

Open Source Vulnerability Management Platform

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

The FLARE team's open-source tool to identify capabilities in executable files.

Windows Exploit Suggester - Next Generation

A DNS meta-query spider that enumerates DNS records, and subdomains.

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

File upload vulnerability scanner and exploitation tool.

Mimikatz implementation in pure Python

The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems.

Tweets metadata scraper & activity analyzer

DNS Enumeration Script

Privilege Escalation Project - Windows / Linux / Mac

Decompiler Explorer! Compare tools on the forefront of static analysis, now in your web browser!

Tools & Interesting Things for RedTeam Ops

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Extract credentials from lsass remotely

Notes about attacking Jenkins servers

Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.