security

OISF/suricata: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

dev-sec/ansible-collection-hardening: This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

ovh/debian-cis: PCI-DSS compliant Debian 10/11/12 hardening

rapid7/metasploit-framework: Metasploit Framework

netbiosX/Checklists: Red Teaming & Pentesting checklists for various engagements

Gallopsled/pwntools: CTF framework and exploit development library

danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

zaproxy/zaproxy: The ZAP by Checkmarx Core project

Z4nzu/hackingtool: ALL IN ONE Hacking Tool For Hackers

v2ray/v2ray-core: A platform for building proxies to bypass network restrictions.

mxrch/GHunt: 🕵️‍♂️ Offensive Google framework.

s0md3v/XSStrike: Most advanced XSS scanner.

maurosoria/dirsearch: Web path scanner

trustedsec/social-engineer-toolkit: The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

AlessandroZ/LaZagne: Credentials recovery project

n1nj4sec/pupy: Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

facebookresearch/xformers: Hackable and optimized Transformers building blocks, supporting a composable construction.

flipperdevices/flipperzero-firmware: Flipper Zero firmware source code

djsime1/awesome-flipperzero: 🐬 A collection of awesome resources for the Flipper Zero device.

LMGsec/o365creeper: Python script that performs email address validation against Office 365 without submitting login attempts.

NetSPI/MicroBurst: A collection of scripts for assessing Microsoft Azure security

nccgroup/ScoutSuite: Multi-Cloud Security Auditing Tool

CrowdStrike/CRT: Contact: CRT@crowdstrike.com

hausec/PowerZure: PowerShell framework to assess Azure security

silverhack/monkey365: Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.

FSecureLABS/Azurite: Enumeration and reconnaissance activities in the Microsoft Azure Cloud.

dafthack/MailSniper: MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

drk1wi/Modlishka: Modlishka. Reverse Proxy.

jofpin/trape: People tracker on the Internet: OSINT analysis and research tool by Jose Pino

mdsecactivebreach/o365-attack-toolkit: A toolkit to attack Office365