Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Open-source graph database, tuned for dynamic analytics environments. Easy to adopt, scale and own.

Get up and running with Llama 3.3, DeepSeek-R1, Phi-4, Gemma 3, and other large language models.

User-friendly AI Interface (Supports Ollama, OpenAI API, ...)

The Elastic stack (ELK) powered by Docker and Compose.

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

🦄🔒 Awesome list of secrets in environment variables 🖥️

OWASP Foundation Web Respository

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Make any web page a desktop application

A command-line tool and Rust library with Python bindings for generating regular expressions from user-provided test cases

OSX and iOS related security tools

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Security auditing tool for Azure environments

Script to update UFW with Cloudflare IPs

A Python library for scraping the Google search engine.

Database of websites for penetration testing

An online multiplayer version of the Elevation of Privilege (EoP) threat modeling card game

The Elevation of Privilege Threat Modeling Game

BlackHole is a modern macOS audio loopback driver that allows applications to pass audio to other applications with zero additional latency.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy. WPScan like plugin for Burp.

OBS Studio - Free and open source software for live streaming and screen recording

sslscan tests SSL/TLS enabled services to discover supported cipher suites

Pull out bits of URLs provided on stdin