⚡️ Express inspired web framework written in Go

🤖 The free, Open Source alternative to OpenAI, Claude and others. Self-hosted and local-first. Drop-in replacement for OpenAI, running on consumer-grade hardware. No GPU required. Runs gguf, transf…

An open source, self-hosted implementation of the Tailscale control server

GitHub's official MCP Server

Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

Fast web fuzzer written in Go

Open source framework for building robust type-safe distributed systems with declarative infrastructure

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

An HTTP toolkit for security research.

The Havoc Framework

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

An OOB interaction gathering server and client library

🔍 Search anyone's digital footprint across 300+ websites

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Six Degrees of Domain Admin

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

evilginx3 + gophish

DetectDee: Hunt down social media accounts by username, email or phone across social networks.

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods

Subdomain takeover vulnerability checker

Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.

A GitHub CLI extension to generate a 3D model of your GitHub contribution history

Scrape the Twitter frontend API without authentication with Golang.

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!

A tool to fastly get all javascript sources/files

SatIntel is an OSINT tool for Satellites 🛰. Extract satellite telemetry, receive orbital predictions, and parse TLEs 🔭

A multi-purpose OSINT toolkit with a neat web-interface.

Entropy is a CLI tool that will scan your codebase for high entropy lines, which are often secrets.