Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Go 14,046 2,458 Updated Oct 6, 2025

owasp-amass / amass

In-depth attack surface mapping and asset discovery

Go 13,737 2,058 Updated Nov 5, 2025

gophish / gophish

Open-Source Phishing Toolkit

Go 13,255 2,750 Updated Sep 23, 2024

OJ / gobuster

Directory/File, DNS and VHost busting tool written in Go

Go 12,824 1,501 Updated Oct 31, 2025

anchore / grype

A vulnerability scanner for container images and filesystems

Go 10,964 706 Updated Nov 5, 2025

BishopFox / sliver

Adversary Emulation Framework

Go 10,188 1,392 Updated Nov 3, 2025

michenriksen / gitrob

Reconnaissance tool for GitHub organizations

Go 6,083 844 Updated Sep 20, 2022

michenriksen / aquatone

A Tool for Domain Flyovers

Go 5,870 907 Updated May 22, 2022

Ne0nd0g / merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

Go 5,414 844 Updated Apr 17, 2025

drk1wi / Modlishka

Modlishka. Reverse Proxy.

Go 5,204 932 Updated May 28, 2025

tenable / terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Go 5,189 538 Updated Jul 31, 2025

hakluke / hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Go 4,902 532 Updated Dec 21, 2024

tomnomnom / waybackurls

Fetch all the URLs that the Wayback Machine knows about for a domain

Go 4,179 528 Updated May 1, 2024

optiv / ScareCrow

ScareCrow - Payload creation framework designed around EDR bypass.

Go 2,854 521 Updated Aug 18, 2023

dwisiswant0 / go-dork

The fastest dork scanner written in Go.

Go 1,257 137 Updated Feb 4, 2024

runZeroInc / sshamble

SSHamble: Unexpected Exposures in SSH

Go 1,155 87 Updated Nov 2, 2025

VirusTotal / vt-cli

VirusTotal Command Line Interface

Go 1,125 106 Updated Oct 27, 2025

0xsha / CloudBrute

Awesome cloud enumerator

Go 1,056 155 Updated Mar 9, 2025

muraenateam / muraena

Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.

Go 1,030 184 Updated Nov 12, 2024

evilsocket / shellz

shellz is a small utility to manage your ssh, telnet, kubernetes, winrm, web or any custom shell in a single place.

Go 608 69 Updated Jul 13, 2024

trap-bytes / 403jump

HTTP 403 bypass tool

Go 602 64 Updated Mar 16, 2024

teler-sh / teler-waf

teler-waf is a Go HTTP middleware that protects local web services from OWASP Top 10 threats, known vulnerabilities, malicious actors, botnets, unwanted crawlers, and brute force attacks.

Go 390 34 Updated Mar 18, 2025

tenable / cnappgoat

CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.

Go 289 38 Updated Sep 4, 2024

mlcsec / headi

Customisable and automated HTTP header injection

Go 267 55 Updated Jun 27, 2024

n0mi1k / subby

An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.

Go 174 11 Updated May 5, 2024

Knodelz

Lists (31)

AD Tools 🏛️

Android Security 📱

AWS Security ☁️

C2 🟥

Cloudflare WAF ☁️

Code Analysis 👨🏻‍💻

Cryptography-Encoding-Crackin🔐

Digital Forensic 🟦

Email Header Analyzer 📧

Evasion Tools 🟥

Flipper Zero 🐬

Honeypots 🟦

ICS/SCADA Security 🔒

Incident Response 🟦

Information Gathering 🟥

IoT PT 🟥

M365 / Azure Security ☁️

Malware Analysis 🟦

Network PT 🟥

OSINT 🕵🏻

Phishing 📦

Reports 📝

Software Security

Steganography 🪄

WAF 🟦

Web Application PT 🟥

WiFi PT 🟥

Windows Events Log 🟦

Windows PT 🟥

Wordlists 📝

Yara 🟦

Stars