A list of Free Software network services and web applications which can be hosted on your own servers

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

ripgrep recursively searches directories for a regex pattern while respecting your gitignore

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Metasploit Framework

Automatic SQL injection and database takeover tool

💫 Industrial-strength Natural Language Processing (NLP) in Python

NVR with realtime local object detection for IP cameras

🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

A collection of awesome penetration testing resources, tools and other shiny things

Find secrets with Gitleaks 🔑

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

A good looking terminal emulator which mimics the old cathode display...

HomeKit support for the impatient.

Find, verify, and analyze leaked credentials

.NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!

💩🚀 Windows 95 in Electron. Runs on macOS, Linux, and Windows.

Community guide to securing and improving privacy on macOS.

A little tool to play with Windows security

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Collection of malware source code for a variety of platforms in an array of different programming languages.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A fast TCP/UDP tunnel over HTTP

Impacket is a collection of Python classes for working with network protocols.

Sampling profiler for Python programs

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.