A list of Free Software network services and web applications which can be hosted on your own servers

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

ripgrep recursively searches directories for a regex pattern while respecting your gitignore

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Metasploit Framework

Automatic SQL injection and database takeover tool

💫 Industrial-strength Natural Language Processing (NLP) in Python

🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

NVR with realtime local object detection for IP cameras

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

HomeKit support for the impatient.

A good looking terminal emulator which mimics the old cathode display...

A collection of awesome penetration testing resources, tools and other shiny things

Find secrets with Gitleaks 🔑

.NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!

💩🚀 Windows 95 in Electron. Runs on macOS, Linux, and Windows.

Find, verify, and analyze leaked credentials

Community guide to securing and improving privacy on macOS.

A little tool to play with Windows security

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Collection of malware source code for a variety of platforms in an array of different programming languages.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A fast TCP/UDP tunnel over HTTP

Impacket is a collection of Python classes for working with network protocols.

Sampling profiler for Python programs

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.