🙃 A delightful community-driven (with 2,400+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python…

🌸 A command-line fuzzy finder

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A cat(1) clone with wings.

A self-hosted dashboard that puts all your feeds in one place

Powerful yet simple to use screenshot software 🖥️ 📸

A collection of awesome penetration testing resources, tools and other shiny things

😱 A curated list of amazingly awesome OSINT

Community guide to securing and improving privacy on macOS.

Create book from markdown files. Like Gitbook but implemented in Rust

A fast TCP/UDP tunnel over HTTP

Impacket is a collection of Python classes for working with network protocols.

The next gen ls command

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

A tiling window manager for X11

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A curated list of tools for incident response

A huge collection of Rofi based custom Applets, Launchers & Powermenus.

MacOS like theme for all gtk based desktops

proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" fo…

Like jq, but for HTML.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

A fast, simple, recursive content discovery tool written in Rust.

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

The all-in-one browser extension for offensive security professionals 🛠

A suite of utilities for converting to and working with CSV, the king of tabular file formats.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.