Lists (16)
ATLAS Adversarial ML
AI/ML Security: MITRE ATLAS (atlas.mitre.org) + OWASP LLM Top 10 + Google SAIF. Covers prompt injection, model tampering, data poisoning, agent security, privac28 repositories
TA0001 Initial Access
Initial Access (TA0001): Gaining initial foothold in target networks. Includes phishing, exploiting public-facing apps, supply chain compromise, valid accounts. https://attack.mitre.org/tactics/TA000160 repositories
TA0002 Execution
Execution (TA0002): Running malicious code on target systems. Includes command interpreters, scripting, native APIs, exploitation for client execution. https://attack.mitre.org/tactics/TA0002319 repositories
TA0003 Persistence
Persistence (TA0003): Maintaining access across restarts and credential changes. Includes registry run keys, scheduled tasks, bootkit, implants, account manipulation. https://attack.mitre.org/tactics/TA000334 repositories
TA0004 Privilege Escalation
Privilege Escalation (TA0004): Gaining higher-level permissions. Includes exploitation, access token manipulation, UAC bypass, AD escalation, sudo/setuid abuse. https://attack.mitre.org/tactics/TA000492 repositories
TA0005 Defense Evasion
Defense Evasion (TA0005): Avoiding detection. Includes obfuscation, disabling security tools, process injection, masquerading, AMSI/ETW bypass, rootkits. https://attack.mitre.org/tactics/TA0005325 repositories
TA0006 Credential Access
Credential Access (TA0006): Stealing credentials. Includes password dumping, Kerberoasting, credential harvesting, brute force, keylogging, LSASS access. https://attack.mitre.org/tactics/TA0006135 repositories
TA0007 Discovery
Discovery (TA0007): Understanding target environment. Includes network enumeration, AD recon, system info gathering, account discovery, BloodHound. https://attack.mitre.org/tactics/TA0007151 repositories
TA0008 Lateral Movement
Lateral Movement (TA0008): Moving through the network. Includes pass-the-hash, RDP, SMB/WMI exec, SSH tunneling, pivoting, proxychains. https://attack.mitre.org/tactics/TA000878 repositories
TA0009 Collection
Collection (TA0009): Gathering target data. Includes screen capture, keylogging, email harvesting, clipboard data, memory dumping, secret scanning. https://attack.mitre.org/tactics/TA000921 repositories
TA0010 Exfiltration
Exfiltration (TA0010): Stealing data from target. Includes covert channels, DNS tunneling, steganography, encrypted transfers, cloud storage abuse. https://attack.mitre.org/tactics/TA001010 repositories
TA0011 Command and Control (C2)
Command and Control (TA0011): Communicating with compromised systems. Includes C2 frameworks (Cobalt Strike, Sliver), domain fronting, protocol tunneling. https://attack.mitre.org/tactics/TA0011247 repositories
TA0040 Impact
Impact (TA0040): Disrupting availability or integrity. Includes ransomware, data destruction, defacement, resource hijacking, service disruption. https://attack.mitre.org/tactics/TA00406 repositories
TA0042 Resource Development
Resource Development (TA0042): Building attack infrastructure. Includes payload development, infrastructure setup, capability acquisition, tool compilation. https://attack.mitre.org/tactics/TA0042419 repositories
TA0043 Reconnaissance
Reconnaissance (TA0043): Gathering target information. Includes OSINT, subdomain enumeration, network scanning, social engineering research. https://attack.mitre.org/tactics/TA0043168 repositories
Threat Hunting
Threat Hunting related repositories123 repositories
Starred repositories
81
stars
written in JavaScript
Clear filter
📝 Algorithms and data structures implemented in JavaScript with explanations and links to further readings
⚡ Dynamically generated stats for your github readmes
uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.
Google Chrome, Firefox, and Thunderbird extension that lets you write email in Markdown and render it before sending.
🎨 A curated list of delightful VS Code packages and resources.
An AI-powered task-management system you can drop into Cursor, Lovable, Windsurf, Roo, and others.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…
The open curriculum for learning web development
Community curated list of templates for the nuclei engine to find security vulnerabilities.
The Browser Exploitation Framework Project
WebGoat is a deliberately insecure application
Captcha solver extension for humans, available for Chrome, Edge and Firefox
Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.
Create a good-looking DMG for your macOS app in seconds
KCon is a famous Hacker Con powered by Knownsec Team.
A collaborative, multi-platform, red teaming framework
scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
Cloud Security Posture Management (CSPM)
HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources.
An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.