Skip to content

Latest commit

 

History

History
2690 lines (2432 loc) · 325 KB

topics.md

File metadata and controls

2690 lines (2432 loc) · 325 KB

Awesome Stars Awesome

A curated list of my GitHub stars! Generated by starred.

Contents

algorithm

android

  • MobSF/mobsfscan - mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis r
  • alessandrodd/apk_api_key_extractor - Automatically extracts API Keys from APK files
  • FreeRDP/FreeRDP - FreeRDP is a free remote desktop protocol library and clients
  • EntySec/HatSploit - Modular penetration testing platform that enables you to write, test, and execute exploit code.
  • sensepost/objection - 📱 objection - runtime mobile exploration
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

angular

api

atom

automation

  • pablosnt/rekono - Execute full pentesting processes combining multiple hacking tools automatically
  • transitive-bullshit/awesome-puppeteer - A curated list of awesome puppeteer resources.
  • kameleo-io/local-api-examples - Useful and easy to understand examples written in Node.js and .NET Core about web scraping and automated browsing with Kameleo Client
  • pyppeteer/pyppeteer - Headless chrome/chromium automation library (unofficial port of puppeteer)
  • fast-facts/puppeteer-pro - A simple puppeteer wrapper to enable useful plugins with ease
  • kkoooqq/fakebrowser - 🤖 Fake fingerprints to bypass anti-bot systems. Simulate mouse and keyboard operations to make behavior like a real person.
  • niespodd/browser-fingerprinting - Analysis of Bot Protection systems with available countermeasures 🚿. How to defeat anti-bot system 👻 and get around browser fingerprinting scripts 🕵️‍♂️ when scraping the web?
  • berstend/puppeteer-extra - 💯 Teach puppeteer new tricks through plugins.
  • alpkeskin/mosint - An automated e-mail OSINT tool
  • ultrafunkamsterdam/undetected-chromedriver - Custom Selenium Chromedriver | Zero-Config | Passes ALL bot mitigation systems (like Distil / Imperva/ Datadadome / CloudFlare IUAM)
  • pratyakshm/WinRice - WinRice is a tool that uses PowerShell automation to setup your Windows devices.
  • bongochong/CombinedPrivacyBlockLists - Ad-blocking hosts files, IP block lists, PAC filters, and ABP / uBO subscriptions, all merged from multiple reputable sources, combined with my own research. Also, script-based utilities to help you c
  • A3h1nt/Grawler - Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file.
  • ph09nix/APSoft-Web-Scanner-v2 - Powerful dork searcher and vulnerability scanner for windows platform
  • OWASP/Nettacker - Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
  • ajinabraham/CMSScan - CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
  • NullArray/NetSet - Operational Security utility and automator.
  • apify/crawlee - Crawlee—A web scraping and browser automation library for Node.js that helps you build reliable crawlers. Fast.
  • screetsec/BruteSploit - BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used
  • wuseman/EMAGNET - Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, inst
  • NullArray/AutoSploit - Automated Mass Exploiter

awesome

awesome-list

aws

  • seanpianka/aws-incentives-api-rs - A Rust service for using the Amazon Gift Card API
  • kamerk22/AmazonGiftCode - Laravel package for Amazon Gift Codes On Demand (AGCOD). Integration for Amazon Incentive API 🎁
  • gl4ssesbo1/Nebula - Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Comp
  • BishopFox/smogcloud - Find cloud assets that no one wants exposed 🔎 ☁️
  • nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
  • miguelmota/s3scanner - Scan for open public S3 buckets
  • belane/CloudHunter - AWS, Azure and Google bucket scanner
  • MindPointGroup/cloudfrunt - A tool for identifying misconfigured CloudFront domains
  • carnal0wnage/weirdAAL - WeirdAAL (AWS Attack Library)
  • DenizParlak/Zeus - AWS Auditing & Hardening Tool
  • jassics/awesome-aws-security - Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security
  • jordanpotti/CloudScraper - CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
  • prowler-cloud/prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 2
  • donnemartin/awesome-aws - A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
  • sa7mon/S3Scanner - Scan for open S3 buckets and dump the contents
  • RhinoSecurityLabs/ccat - Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

azure

bash

  • D3Ext/WEF - Wi-Fi Exploitation Framework
  • denisidoro/navi - An interactive cheatsheet tool for the command-line
  • onceupon/Bash-Oneliner - A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.
  • arturoherrero/command-line-one-liners - Command line one-liners.
  • dwisiswant0/awesome-oneliner-bugbounty - A collection of awesome one-liner scripts especially for bug bounty tips.
  • clu3bot/owt - Update Version 3.1 added free SMS messaging.
  • bongochong/CombinedPrivacyBlockLists - Ad-blocking hosts files, IP block lists, PAC filters, and ABP / uBO subscriptions, all merged from multiple reputable sources, combined with my own research. Also, script-based utilities to help you c
  • himanshub16/ProxyMan - Configuring proxy settings made easy.
  • HightechSec/git-scanner - A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
  • NullArray/NetSet - Operational Security utility and automator.
  • jakewmeyer/Geo - 🌎 A Bash utility for easy wan, lan, router, dns, mac address, and geolocation output, with clean stdout for piping
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • screetsec/Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
  • leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

bitcoin

blockchain

bootstrap

bot

  • c99tn/vMass - vMass Bot 🪝 Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
  • doener2323/doenerium - Fully undetected grabber (grabs wallets, passwords, cookies, modifies discord client etc.)
  • samc621/SneakerBot - All-in-one bot, with auto captcha-solving and proxy management, using Node.js and Puppeteer.
  • kameleo-io/local-api-examples - Useful and easy to understand examples written in Node.js and .NET Core about web scraping and automated browsing with Kameleo Client
  • kkoooqq/fakebrowser - 🤖 Fake fingerprints to bypass anti-bot systems. Simulate mouse and keyboard operations to make behavior like a real person.
  • niespodd/browser-fingerprinting - Analysis of Bot Protection systems with available countermeasures 🚿. How to defeat anti-bot system 👻 and get around browser fingerprinting scripts 🕵️‍♂️ when scraping the web?
  • xHak9x/fbi - Facebook Information
  • vitaminarts/Telegram-scraper-api - An easy-to-use PHP api for Getting contents of Telegram's public channels and groups Messages without needing to join them.
  • hendrikbgr/YandexMail-Account-Creator - 🚀 Create hundreds of free YandexMail Email Accounts in the matter of minutes 🚀
  • gocrawler/bingbot - A crawler that crawls search engine! 😎 Usable for collecting site with dorks and wildcards. Also provides output in web interface with more than 3 API endpoints!
  • anouarbensaad/vulnx - vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collecti
  • UndeadSec/Idisagree - Control remote computers using discord bot and python 3.
  • lreiner/Whatsapp-Message-Spammer - This Script spams as many Messages as you want in a Chat. Tampermonkey Executable to inject Extensions to Whatsapp Web. Free to use for everyone. 📩
  • rndinfosecguy/Scavenger - Crawler (Bot) searching for credential leaks on paste sites.

c

  • FreeRDP/FreeRDP - FreeRDP is a free remote desktop protocol library and clients
  • hashcat/hashcat - World's fastest and most advanced password recovery utility
  • nil0x42/duplicut - Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
  • csete/gpredict - Gpredict satellite tracking application
  • nullsecuritynet/tools - Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.
  • openwall/john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

chrome

chrome-extension

  • 0140454/hackbar - A browser extension for Penetration Testing
  • gildas-lormeau/SingleFile - Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
  • checkly/headless-recorder - Chrome extension that records your browser interactions and generates a Playwright or Puppeteer script.
  • LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
  • dessant/buster - Captcha solver extension for humans
  • ninoseki/mitaka - A browser extension for OSINT search
  • WorldBrain/Memex - Browser extension to curate, annotate, and discuss the most valuable content and ideas on the web. As individuals, teams and communities.

cli

computer-vision

cpp

cryptocurrency

  • UnamSanctam/SilentXMRMiner - A Silent (Hidden) Monero (XMR) Miner Builder
  • Michal2SAB/Bitcoin-Stealer - Generate random bitcoin wallets, private keys (seeds) and then check if they match a wallet that contains some kind of balance, and then take it. Node.js
  • whittlem/pycryptobot - Python Crypto Bot (PyCryptoBot)
  • DavidMGilbert/btc-hack - An automated bitcoin wallet generator that brute forces random wallet addresses by checking their balance in real-time using an online API .
  • stellar/go - Stellar's public monorepo of go code
  • xmrig/xmrig - RandomX, KawPow, CryptoNight and GhostRider unified CPU/GPU miner and RandomX benchmark
  • PoC-Consortium/scavenger - A fast Burstcoin miner written in Rust
  • greatis/Anti-WebMiner - Anti-WebMiner protects your PC against web cryptocurrency miners (JS scripts like Coinhive executed in the browser) by modifying Windows hosts file

csharp

css

  • X-SLAYER/Website-Cloner - It allows you to download a website from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer.
  • StylishThemes/GitHub-Dark - :octocat: Dark GitHub style

cybersecurity

  • securisec/chepy - Chepy is a python lib/cli equivalent of the awesome CyberChef tool.
  • GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
  • projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
  • loseys/Oblivion - Data leak checker & OSINT Tool
  • pablosnt/rekono - Execute full pentesting processes combining multiple hacking tools automatically
  • h33tlit/SniffCon-Ultimate-Recon-Dashboard-For-Bug-Bounty-And-Pentesting - Sniffcon has a wide list of powerful online bug bounty tools which can be used to find security vulnerabilities.
  • cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
  • LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
  • bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️
  • kleiton0x00/ppmap - A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
  • Ramalingasamy012/admin-finder - This tool is used to find the admin login page of a website.
  • Viralmaniar/BigBountyRecon - BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
  • infobyte/faraday - Open Source Vulnerability Management Platform
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
  • lucasfrag/Kali-Linux-Tools-Interface - Graphical Web interface developed to facilitate the use of security information tools.
  • EONRaider/blackhat-python3 - Source code for the book "Black Hat Python" by Justin Seitz. The code has been fully converted to Python 3, reformatted to comply with PEP8 standards and refactored to eliminate dependency issues invo
  • MandConsultingGroup/Scylla - The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
  • humblelad/Shodan-Dorks - Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.
  • RhinoSecurityLabs/ccat - Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
  • Viralmaniar/Passhunt - Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
  • 1N3/Sn1per - Attack Surface Management Platform | Sn1perSecurity LLC
  • sham00n/waybulk - Search a list of domains on the wayback machine
  • SofianeHamlaoui/Lockdoor-Framework - 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
  • BullsEye0/ghost_eye - Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye can
  • sham00n/buster - An advanced tool for email reconnaissance
  • bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
  • smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

data

data-analysis

  • gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

database

deep-learning

  • AlexeyAB/darknet - YOLOv4 / Scaled-YOLOv4 / YOLO - Neural Networks for Object Detection (Windows and Linux version of Darknet )

devops

discord

django

docker

dotnet

electron

ethereum

  • UnamSanctam/SilentCryptoMiner - A Silent (Hidden) Free Crypto Miner Builder - Supports ETH, ETC, XMR and many more.
  • Michal2SAB/Bitcoin-Stealer - Generate random bitcoin wallets, private keys (seeds) and then check if they match a wallet that contains some kind of balance, and then take it. Node.js
  • ryancdotorg/brainflayer - A proof-of-concept cracker for cryptocurrency brainwallets and other low entropy key alogrithms.

firefox

  • gildas-lormeau/SingleFile - Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
  • moonD4rk/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
  • kameleo-io/local-api-examples - Useful and easy to understand examples written in Node.js and .NET Core about web scraping and automated browsing with Kameleo Client
  • pyllyukko/user.js - user.js -- Firefox configuration hardening
  • allo-/firefox-profilemaker - Tool to create firefox profiles with good defaults.
  • arkenfox/user.js - Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
  • thdoan/autofill-firefox - Autofill is a small but powerful add-on for Mozilla Firefox that serves one purpose: fill form fields automatically on page load. It is for people who just want a straightforward form filler without a
  • ray-lothian/UserAgent-Switcher - A User-Agent spoofer browser extension that is highly configurable

flask

  • h33tlit/Jbin-website-secret-scraper - Jbin will gather all the URLs from the website and then it will try to expose the secret data from them such as API keys, API secrets, API tokens and many other juicy information.
  • jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino

framework

  • bellingcat/octosuite - Advanced Github OSINT Framework
  • D3Ext/WEF - Wi-Fi Exploitation Framework
  • PreferredAI/venom - Your preferred open source focused crawler for the deep web.
  • jaxBCD/Zeebsploit - web scanner - exploitation - information gathering
  • screetsec/Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
  • bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
  • sensepost/objection - 📱 objection - runtime mobile exploration
  • graniet/operative-framework - operative framework is a investigation OSINT framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or re

frameworks

frontend

git

  • WangYihang/GitHacker - 🕷️ A .git folder exploiting tool that is able to restore the entire Git repository, including stash, common branches, common tags.
  • Nhoya/gOSINT - OSINT Swiss Army Knife
  • zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑

github

github-api

  • bellingcat/octosuite - Advanced Github OSINT Framework
  • janeklb/gh-search - GitHub code search with full text regex filtering, from your cli.
  • deepdivesec/GitMAD - Monitor, Alert, and Discover sensitive info and data leakage on Github.
  • BishopFox/GitGot - Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
  • eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com

go

golang

  • hktalent/scan4all - Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
  • madneal/gshark - Scan for sensitive information easily and effectively.
  • R4yGM/dorkscout - DorkScout - Golang tool to automate google dork scan against the entiere internet or specific targets
  • haydenwoodhead/burner.kiwi - No bullshit temporary mail service written in Go
  • moonD4rk/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
  • dwisiswant0/go-stare - A fast & light web screenshot without headless browser but Chrome DevTools Protocol!
  • dwisiswant0/cf-check - CloudFlare Checker written in Go
  • Ne0nd0g/merlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
  • hueristiq/hqurlfind3r - A passive reconnaissance tool for known URLs discovery - it gathers a list of URLs passively using various online sources.
  • CyanCoding/Brute-Force-Password-Cracker - A brute force attacker with packages for development in Python 3, Kotlin, C#, Go, Vala, and C++.
  • alexandr-gnrk/Hash-cracker - Brute force program for SHA1, SHA256, SHA512 and MD5.
  • cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
  • M4DM0e/DirDar - DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it
  • Narasimha1997/fake-sms - A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy.
  • future-architect/vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
  • ngirot/BruteForce - A simple brute forcer written in GO for SHA1, SHA256, SHA512, MD5 and bcrypt
  • schollz/croc - Easily and securely send things from one computer to another 🐊 📦
  • terorie/od-database-crawler - OD-Database Go crawler
  • dwisiswant0/go-dork - The fastest dork scanner written in Go.
  • gocrawler/bingbot - A crawler that crawls search engine! 😎 Usable for collecting site with dorks and wildcards. Also provides output in web interface with more than 3 API endpoints!
  • hahwul/dalfox - 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
  • wtfutil/wtf - The personal information dashboard for your terminal
  • Nhoya/gOSINT - OSINT Swiss Army Knife
  • BaiqingL/AWSY - Are.We.Secure.Yet Framework aims to test the wifi security of a location, attempting to locate individual devices
  • zricethezav/gitleaks - Protect and discover secrets using Gitleaks 🔑
  • trandoshan-io/crawler - Go process used to crawl websites
  • gophish/gophish - Open-Source Phishing Toolkit
  • averagesecurityguy/scrape - Extensible paste site scraper written in Golang.
  • firefart/pastebin_scraper - golang program to parse Pastebin for keywords and send them per E-Mail
  • techjacker/repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
  • trufflesecurity/trufflehog - Find credentials all over the place
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
  • graniet/operative-framework - operative framework is a investigation OSINT framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or re
  • lorien/awesome-web-scraping - List of libraries, tools and APIs for web scraping and data processing.

google

  • indiancybertroops/DorKey - Dorkey is Dork generator For Sql Injection It includes Php Aspx And other extension Its Simple Fast And Lightweight Sqli Dork Generator
  • hhhrrrttt222111/Dorkify - Perform Google Dork search with Dorkify
  • 0xsha/CloudBrute - Awesome cloud enumerator
  • kevgk/OD-Search - Web-Extension that builds search queries to find files on the internet.
  • mxrch/GHunt - 🕵️‍♂️ Offensive Google framework.
  • cerebnismus/smtplib-bruteforce - bruteforcing gmail (TLS/SSL)
  • j3ers3/Searpy - 🥀 Search Engine Tookit,URL采集、Favicon哈希值查找真实IP、子域名查找
  • opsdisk/metagoofil - Search Google and download specific file types
  • RhinoSecurityLabs/ccat - Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
  • 1N3/Goohak - Automatically Launch Google Hacking Queries Against A Target Domain
  • blueudp/DorkMe - [WORKING IN V2, WITH PROXIES, CUSTOM USER AGENT... TO MUCH BETTER!]DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection
  • opsdisk/pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching

google-cloud

graphql

hackathon

hacking

  • GamehunterKaan/AutoPWN-Suite - AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
  • m3n0sd0n4ld/GooFuzz - GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced
  • pablosnt/rekono - Execute full pentesting processes combining multiple hacking tools automatically
  • doener2323/doenerium - Fully undetected grabber (grabs wallets, passwords, cookies, modifies discord client etc.)
  • The-Viper-One/Pentest-Everything - A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.
  • rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
  • jekil/awesome-hacking - Awesome hacking is an awesome collection of hacking tools.
  • D3Ext/WEF - Wi-Fi Exploitation Framework
  • capture0x/XSS-LOADER - Xss Payload Generator ~ Xss Scanner ~ Xss Dork Finder
  • indiancybertroops/DorKey - Dorkey is Dork generator For Sql Injection It includes Php Aspx And other extension Its Simple Fast And Lightweight Sqli Dork Generator
  • trickest/cve - Gather and update all available and newest CVEs with their PoC.
  • hacktoolspack/hack-tools - hack tools
  • cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
  • hhhrrrttt222111/Ethical-Hacking-Tools - Complete Listing and Usage of Tools used for Ethical Hacking
  • hhhrrrttt222111/Dorkify - Perform Google Dork search with Dorkify
  • averagesecurityguy/scripts - Scripts I use during pentest engagements.
  • moonD4rk/HackBrowserData - Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
  • v4d1/SpoofThatMail - Bash script to check if a domain or list of domains can be spoofed based in DMARC records
  • alpkeskin/mosint - An automated e-mail OSINT tool
  • pedrib/PoC - Advisories, proof of concept files and exploits that have been made public by @pedrib.
  • six2dez/pentest-book -
  • six2dez/OneListForAll - Rockyou for web fuzzing
  • LasCC/Hack-Tools - The all-in-one Red Team extension for Web Pentester 🛠
  • RhinoSecurityLabs/IPRotate_Burp_Extension - Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
  • 0xsha/CloudBrute - Awesome cloud enumerator
  • ShivamRai2003/Reconky-Automated_Bash_Script - Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
  • blacklanternsecurity/TREVORspray - TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
  • clu3bot/owt - Update Version 3.1 added free SMS messaging.
  • bee-san/pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️
  • ShutdownRepo/Exegol - Fully featured and community-driven hacking environment
  • EntySec/Shreder - Shreder is a powerful multi-threaded SSH protocol password brute-force tool.
  • EntySec/RomBuster - RomBuster is a router exploitation tool that allows to disclosure network router admin password.
  • Ramalingasamy012/admin-finder - This tool is used to find the admin login page of a website.
  • Sh4rk0-666/Spykeyboard - keylogger which sends us the data to our gmail.
  • Ciphey/Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
  • DavidMGilbert/btc-hack - An automated bitcoin wallet generator that brute forces random wallet addresses by checking their balance in real-time using an online API .
  • rm1984/IMAPLoginTester - A simple Python script that reads a text file with lots of e-mails and passwords, and tries to check if those credentials are valid by trying to login on IMAP servers.
  • Aron-Tn/Smtp-cracker - [NEW] : Simple Mail Transfer Protocol (SMTP) CHECKER - CRACKER Tool V2
  • Aron-Tn/Mega-Bot - [NEW] : Mega Bot ☣ Scanner & Auto Exploiter
  • x1mdev/ReconPi - ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
  • M4DM0e/DirDar - DirDar is a tool that searches for (403-Forbidden) directories to break it and get dir listing on it
  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • GONZOsint/WhatCMS - CMS Detection and Exploit Kit based on Whatcms.org API
  • TheSpeedX/SDorker - SuperDorker gives you a huge list of websites for 0day attacks from Google Dorks
  • ph09nix/APSoft-Web-Scanner-v2 - Powerful dork searcher and vulnerability scanner for windows platform
  • DotNetRussell/MinerInTheMiddle - This application was created as a POC for how to scan your local network traffic for HTTP requests and then inject various javascript cryptocurrency miners into the response payloads
  • petercunha/Knock - 🔑 Scan the entire internet for SSH and Telnet services. Then hack them.
  • yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
  • carlospolop/hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
  • TheSpeedX/PROXY-List - Get PROXY List that gets updated everyday
  • bettercap/bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
  • ngirot/BruteForce - A simple brute forcer written in GO for SHA1, SHA256, SHA512, MD5 and bcrypt
  • importCTF/Instagram-Hacker - This is an advanced script for Instagram bruteforce attacks. WARNING THIS IS A REAL TOOL!
  • jimywork/djangohunter - Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information.
  • Z4nzu/hackingtool - ALL IN ONE Hacking Tool For Hackers
  • jimywork/stretcher - Tool designed to help identify open Elasticsearch servers that are exposing sensitive information
  • AllPentesting/AllIntelligence - Proyecto Hackathon Cybercamp 2019 - AllIntelligence nos permitirá tener una visión general de posibles vectores de ataque de una organización.
  • jordanpotti/CloudScraper - CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
  • aydinnyunus/Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
  • aaaguirrep/offensive-docker - Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
  • lucasfrag/Kali-Linux-Tools-Interface - Graphical Web interface developed to facilitate the use of security information tools.
  • anouarbensaad/vulnx - vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collecti
  • m4ll0k/Atlas - Quick SQLMap Tamper Suggester
  • ron190/jsql-injection - jSQL Injection is a Java application for automatic SQL database injection.
  • Moham3dRiahi/XAttacker - X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
  • jaxBCD/Zeebsploit - web scanner - exploitation - information gathering
  • codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
  • codingo/Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
  • juice-shop/juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
  • Ullaakut/cameradar - Cameradar hacks its way into RTSP videosurveillance cameras
  • humblelad/Shodan-Dorks - Dorks for shodan.io. Some basic shodan dorks collected from publicly available data.
  • AngelSecurityTeam/Cam-Hackers - Hack Cameras CCTV FREE
  • hahwul/WebHackersWeapons - ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
  • hahwul/XSpear - Powerfull XSS Scanning and Parameter analysis tool&gem
  • ultrasecurity/webkiller - Tool Information Gathering Write By Python.
  • kavishgr/xmlrpc-bruteforcer - An XMLRPC brute forcer targeting Wordpress written in Python 3. (DISCONTINUED)
  • k4m4/dymerge - 🔓 A dynamic dictionary merger for successful dictionary based attacks.
  • blueudp/Deep-Explorer - Deep Explorer is a ( 1 day developed ) tool made in python which purpose is the search of hidden services in tor network, using Ahmia Browser and crawling the links obtained
  • OlivierLaflamme/Cheatsheet-God - Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
  • macmade/FileVaultCracker - macOS FileVault cracking tool
  • macmade/KeychainCracker - macOS keychain cracking tool
  • sundowndev/hacker-roadmap - A collection of hacking tools, resources and references to practice ethical hacking.
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • projectdiscovery/subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
  • carpedm20/awesome-hacking - A curated list of awesome Hacking tutorials, tools and resources
  • jakejarvis/awesome-shodan-queries - 🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻
  • SimplySecurity/SimplyEmail - Email recon made fast and easy, with a framework to build on
  • hakluke/hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
  • martinvigo/voicemailautomator - A tool that serves as a Proof of Concept for the research I presented at DEF CON 26, "Compromising online accounts by cracking voicemail systems"
  • yeahhub/Hacking-Security-Ebooks - Top 100 Hacking & Security E-Books (Free Download)
  • 1N3/BruteX - Automatically brute force all services running on a target.
  • 1N3/Goohak - Automatically Launch Google Hacking Queries Against A Target Domain
  • DedSecInside/TorBot - Dark Web OSINT Tool
  • abhisharma404/vault - swiss army knife for hackers
  • brutemap-dev/brutemap - Let's find someone's account
  • vitalysim/Awesome-Hacking-Resources - A collection of hacking / penetration testing resources to make you better!
  • nullsecuritynet/tools - Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.
  • techgaun/github-dorks - Find leaked secrets via github search
  • blueudp/DorkMe - [WORKING IN V2, WITH PROXIES, CUSTOM USER AGENT... TO MUCH BETTER!]DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection
  • nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters - A list of resources for those interested in getting started in bug bounties
  • SofianeHamlaoui/Lockdoor-Framework - 🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • screetsec/Dracnmap - Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and dif
  • screetsec/BruteSploit - BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and maybe can be used
  • infosecn1nja/Red-Teaming-Toolkit - This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
  • trimstray/sandmap - Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
  • brannondorsey/wifi-cracking - Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
  • wuseman/EMAGNET - Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password together from recent uploads from https://pastebin.com. Bruteforce support for spotify accounts, inst
  • D4Vinci/Cr3dOv3r - Know the dangers of credential reuse attacks.
  • bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
  • calebmadrigal/trackerjacker - Like nmap for mapping wifi networks you're not connected to, plus device tracking
  • jaykali/hackerpro - All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog
  • blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
  • r3vn/badKarma - network reconnaissance toolkit
  • martinvigo/email2phonenumber - A OSINT tool to obtain a target's phone number just by having his email address
  • toolswatch/blackhat-arsenal-tools - Official Black Hat Arsenal Security Tools Repository
  • jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
  • urbanadventurer/WhatWeb - Next generation web scanner
  • khast3x/h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
  • v3n0m-Scanner/V3n0M-Scanner - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
  • Viralmaniar/Powershell-RAT - Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen c
  • khast3x/Offensive-Dockerfiles - Offensive tools as Dockerfiles. Lightweight & Ready to go
  • k4m4/kickthemout - 💤 Kick devices off your network by performing an ARP Spoof attack.
  • screetsec/TheFatRat - Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then
  • W00t3k/Awesome-Cellular-Hacking - Awesome-Cellular-Hacking
  • smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
  • maurosoria/dirsearch - Web path scanner

hacktoberfest

html

  • X-SLAYER/Website-Cloner - It allows you to download a website from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer.
  • PreferredAI/venom - Your preferred open source focused crawler for the deep web.

http

  • projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
  • encode/httpx - A next generation HTTP client for Python. 🦋
  • chenjj/Awesome-HTTPRequestSmuggling - A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻
  • mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • dstotijn/hetty - An HTTP toolkit for security research.
  • httptoolkit/httptoolkit - HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac 🎉 Open an issue here to give feedback or ask for help.
  • james-proxy/james - Web Debugging Proxy Application
  • Chaphasilor/odcrawler-frontend - A frontend for ODCrawler, an Open Directory search engine.
  • faiqsohail/ProxyChecker - An easy to use open-source, multithreaded Proxy Checker. Allows you to quickly check HTTP and SOCKS proxies in a user friendly GUI, for Windows, Mac OS, Linux.
  • TheSpeedX/PROXY-List - Get PROXY List that gets updated everyday
  • iw4p/proxy-scraper - scrape proxies from more than 5 different sources and check which ones are still alive
  • rofl0r/proxychains-ng - proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained prox
  • apache/couchdb - Seamless multi-master syncing database with an intuitive HTTP/JSON API, designed for reliability
  • apache/couchdb-pkg - Apache CouchDB Packaging support files
  • Shiva108/WAES - CPH:SEC WAES: Web Auto Enum & Scanner - Auto enums website(s) and dumps files as result
  • linkchecker/linkchecker - check links in web documents or full websites
  • KoalaBear84/OpenDirectoryDownloader - Indexes open directories
  • brutemap-dev/brutemap - Let's find someone's account
  • UBoat-Botnet/UBoat - HTTP Botnet

ios

iot

java

javascript

jquery

js

  • X-SLAYER/Website-Cloner - It allows you to download a website from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer.
  • NaturalIntelligence/fast-xml-parser - Validate XML, Parse XML and Build XML rapidly without C/C++ based libraries and no callback.
  • RyuzakiH/CloudflareSolverRe - Cloudflare Javascript & reCaptcha challenge (I'm Under Attack Mode or IUAM) solving / bypass .NET Standard library.
  • greatis/Anti-WebMiner - Anti-WebMiner protects your PC against web cryptocurrency miners (JS scripts like Coinhive executed in the browser) by modifying Windows hosts file

json

koa

  • unixfox/pupflare - A webpage proxy that request through Chromium (puppeteer) - can be used to bypass Cloudflare anti bot / anti ddos on any application (like curl)

kotlin

kubernetes

laravel

  • kamerk22/AmazonGiftCode - Laravel package for Amazon Gift Codes On Demand (AGCOD). Integration for Amazon Incentive API 🎁

library

  • FreeRDP/FreeRDP - FreeRDP is a free remote desktop protocol library and clients
  • d-edge/Cardidy - A .net library to identify credit card number and cvv
  • RyuzakiH/CloudflareSolverRe - Cloudflare Javascript & reCaptcha challenge (I'm Under Attack Mode or IUAM) solving / bypass .NET Standard library.
  • hahwul/XSpear - Powerfull XSS Scanning and Parameter analysis tool&gem

linux

lua

machine-learning

  • x4nth055/pythoncode-tutorials - The Python Code Tutorials
  • donnemartin/awesome-aws - A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
  • ThoughtfulDev/EagleEye - Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.

macos

mobile

monero

mongodb

  • prozaqq/mongol - A MongoDB no authentication scanner and enumerator
  • stampery/mongoaudit - 🔥 A powerful MongoDB auditing and pentesting tool 🔥
  • citcheese/ODBParser - OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories that have the data you care about exposing
  • arunbandari/mongo-gui - A web-based MongoDB graphical user interface
  • codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.

monitoring

music

mysql

neural-network

  • AlexeyAB/darknet - YOLOv4 / Scaled-YOLOv4 / YOLO - Neural Networks for Object Detection (Windows and Linux version of Darknet )

node

  • thomasdondorf/puppeteer-cluster - Puppeteer Pool, run a cluster of instances in parallel
  • Michal2SAB/Hash-Dehasher - A program to find the real string for your hash. MD5, SHA256, any really. Works really fast, gets to the "aaaa" combo in about 1 second even on a bad and busy pc.
  • Michal2SAB/Bitcoin-Stealer - Generate random bitcoin wallets, private keys (seeds) and then check if they match a wallet that contains some kind of balance, and then take it. Node.js

nodejs

nosql

  • codingo/NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.

npm

  • apify/crawlee - Crawlee—A web scraping and browser automation library for Node.js that helps you build reliable crawlers. Fast.

objective-c

open-source

  • estebanpdl/telegram-api - It connects to Telegram's API. It generates JSON files containing channel's data, including channel's information and posts. You can search for a specific channel, or a set of channels provided in a t
  • TheHive-Project/TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
  • cugu/awesome-forensics - A curated list of awesome forensic analysis tools and resources

opencv

  • nomacs/nomacs - nomacs is a free image viewer for windows, linux, and mac systems.

opengl

osint

  • Kr0ff/Pasta - A PasteBin scrapper that doesnt rely on the PasteBin scrape API
  • estebanpdl/telegram-api - It connects to Telegram's API. It generates JSON files containing channel's data, including channel's information and posts. You can search for a specific channel, or a set of channels provided in a t
  • m3n0sd0n4ld/GooFuzz - GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced
  • projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. It is designed to maintain result reliability with an increased number of threads.
  • Ginsberg5150/Discord-and-Telegram-OSINT-references - Small repo for Telegram and Discord OSINT and research
  • loseys/Oblivion - Data leak checker & OSINT Tool
  • bellingcat/octosuite - Advanced Github OSINT Framework
  • gildas-lormeau/SingleFile - Web Extension for Firefox/Chrome/MS Edge and CLI tool to save a faithful copy of an entire web page in a single HTML file
  • JakeWnuk/SickNerd - CLI tool for Google Dorking with the ability to fetch and filter dorks from GHDB, save and load results, and search multiple domains.
  • R4yGM/dorkscout - DorkScout - Golang tool to automate google dork scan against the entiere internet or specific targets
  • cipher387/API-s-for-OSINT - List of API's for gathering information about phone numbers, addresses, domains etc
  • cipher387/osint_stuff_tool_collection - A collection of several hundred online tools for OSINT
  • hhhrrrttt222111/Dorkify - Perform Google Dork search with Dorkify
  • GONZOsint/geowifi - Search WiFi geolocation data by BSSID and SSID on different public databases.
  • rly0nheart/oxdork - Google dorking tool
  • rly0nheart/thedevilseye - The Devils Eye is an OSINT tool that extracts onion links and descriptions that match with the users query from the Darkweb, without requiring the use for Tor.
  • alpkeskin/mosint - An automated e-mail OSINT tool
  • Josue87/EmailFinder - Search emails from a domain through search engines
  • MikeMeliz/TorCrawl.py - Crawl and extract (regular or onion) webpages through TOR network
  • redhuntlabs/BurpSuite-Asset_Discover - Burp Suite extension to discover assets from HTTP response.
  • matamorphosis/Scrummage - The Ultimate OSINT and Threat Hunting Framework
  • ShivamRai2003/Reconky-Automated_Bash_Script - Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
  • kevgk/OD-Search - Web-Extension that builds search queries to find files on the internet.
  • pawlaczyk/sarenka - OSINT tool - gets data from services like shodan, censys etc. in one app
  • hueristiq/hqurlfind3r - A passive reconnaissance tool for known URLs discovery - it gathers a list of URLs passively using various online sources.
  • megadose/holehe - holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
  • Viralmaniar/BigBountyRecon - BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • A3h1nt/Grawler - Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file.
  • lapolis/ScavengingTheScavenger - Lazy way to gather dumped credentials.
  • rndinfosecguy/pastePasswordLists - Top password lists generated from leaks collected from different paste sites
  • itsmehacker/DarkScrape - OSINT Tool For Scraping Dark Websites
  • devanshbatham/ParamSpider - Mining parameters from dark corners of Web Archives
  • yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
  • mxrch/GHunt - 🕵️‍♂️ Offensive Google framework.
  • thewhiteh4t/pwnedOrNot - OSINT Tool for Finding Passwords of Compromised Email Addresses
  • powerexploit/Ashok - Ashok is a OSINT Recon Tool , a.k.a 😍 Swiss Army knife .
  • AllPentesting/AllIntelligence - Proyecto Hackathon Cybercamp 2019 - AllIntelligence nos permitirá tener una visión general de posibles vectores de ataque de una organización.
  • redhuntlabs/Awesome-Asset-Discovery - List of Awesome Asset Discovery Resources
  • citcheese/ODBParser - OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories that have the data you care about exposing
  • opsdisk/metagoofil - Search Google and download specific file types
  • equalitie/shodan_fingerprinter - Script fingerprinting systems based on shodan.io data
  • ivre/ivre - Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligenc
  • NullArray/DorkNet - Selenium powered Python script to automate searching for vulnerable web apps.
  • OWASP/Amass - In-depth Attack Surface Mapping and Asset Discovery
  • twintproject/twint - An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
  • InQuest/omnibus - The OSINT Omnibus (beta release)
  • InQuest/ThreatIngestor - Extract and aggregate threat intelligence.
  • christophetd/censys-subdomain-finder - ⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
  • s0md3v/Orbit - Blockchain Transactions Investigation Tool
  • nerrorsec/Google-Dorker - Automate dorking while doing bug bounty or other stuffs.
  • MandConsultingGroup/Scylla - The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
  • evilsocket/xray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
  • 0x0FB0/pulsar - Network footprint scanner platform. Discover domains and run your custom checks periodically.
  • P3GLEG/PwnBack - Burp Extender plugin that generates a sitemap of a website using Wayback Machine
  • deepdivesec/GitMAD - Monitor, Alert, and Discover sensitive info and data leakage on Github.
  • blueudp/Deep-Explorer - Deep Explorer is a ( 1 day developed ) tool made in python which purpose is the search of hidden services in tor network, using Ahmia Browser and crawling the links obtained
  • iojw/socialscan - Python library and CLI for accurately querying username and email usage on online platforms
  • m3n0sd0n4ld/uDork - uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications,
  • projectdiscovery/subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
  • kpcyrd/sn0int - Semi-automatic OSINT framework and package manager
  • Nhoya/gOSINT - OSINT Swiss Army Knife
  • hakluke/hakrawler - Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
  • 1N3/BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
  • 1N3/Goohak - Automatically Launch Google Hacking Queries Against A Target Domain
  • DedSecInside/TorBot - Dark Web OSINT Tool
  • sherlock-project/sherlock - 🔎 Hunt down social media accounts by username across social networks
  • abhisharma404/vault - swiss army knife for hackers
  • sc1341/InstagramOSINT - An Instagram Open Source Intelligence Tool
  • BishopFox/GitGot - Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
  • laramies/theHarvester - E-mails, subdomains and names Harvester - OSINT
  • shogunlab/Gitformant - OSINT tool for discovering confidential data leaked on Github.
  • averagesecurityguy/scrape - Extensible paste site scraper written in Golang.
  • sham00n/waybulk - Search a list of domains on the wayback machine
  • Viralmaniar/I-See-You - ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary re
  • tillson/git-hound - Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
  • saeeddhqan/Maryam - Maryam: Open-source Intelligence(OSINT) Framework
  • blueudp/DorkMe - [WORKING IN V2, WITH PROXIES, CUSTOM USER AGENT... TO MUCH BETTER!]DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection
  • hisxo/gitGraber - gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
  • m4ll0k/Infoga - Infoga - Email OSINT
  • j3ssie/osmedeus - A Workflow Engine for Offensive Security
  • needmorecowbell/sniff-paste - Pastebin OSINT Harvester
  • notdodo/pastego - Scrape/Parse Pastebin using GO and expression grammar (PEG)
  • sham00n/buster - An advanced tool for email reconnaissance
  • j3ssie/metabigor - Intelligence tool but without API key
  • bhavsec/reconspider - 🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
  • blaCCkHatHacEEkr/PENTESTING-BIBLE - Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
  • martinvigo/email2phonenumber - A OSINT tool to obtain a target's phone number just by having his email address
  • eth0izzle/shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
  • superhedgy/AttackSurfaceMapper - AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
  • itsmehacker/CardPwn - OSINT Tool to find Breached Credit Cards Information
  • Ekultek/WhatBreach - OSINT tool to find breached emails, databases, pastes, and relevant information
  • jofpin/trape - People tracker on the Internet: OSINT analysis and research tool by Jose Pino
  • Acceis/leakScraper - LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering
  • khast3x/h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
  • alephdata/aleph - Search and browse documents and data; find the people and companies you look for.
  • initstring/cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
  • graniet/operative-framework - operative framework is a investigation OSINT framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or re
  • ninoseki/mitaka - A browser extension for OSINT search
  • khast3x/Offensive-Dockerfiles - Offensive tools as Dockerfiles. Lightweight & Ready to go
  • s0md3v/Photon - Incredibly fast crawler designed for OSINT.
  • rndinfosecguy/Scavenger - Crawler (Bot) searching for credential leaks on paste sites.
  • sundowndev/phoneinfoga - Information gathering & OSINT framework for phone numbers
  • instaloader/instaloader - Download pictures (or videos) along with their captions and other metadata from Instagram.
  • smicallef/spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
  • opsdisk/pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
  • leebaird/discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
  • lockfale/OSINT-Framework - OSINT Framework

others

p2p

  • SecOps-Institute/Tor-IP-Addresses - Hourly checked and updated list of IP Addresses of Tor and Tor Exit Nodes
  • bongochong/CombinedPrivacyBlockLists - Ad-blocking hosts files, IP block lists, PAC filters, and ABP / uBO subscriptions, all merged from multiple reputable sources, combined with my own research. Also, script-based utilities to help you c

package-manager

parsing

  • gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

perl

php

  • kristuff/abuseipdb-cli - A CLI tool to check ✔️, report 🚩 IP addresses, download blacklist 🚫 with AbuseIPDB API v2
  • Aron-Tn/Mega-Bot - [NEW] : Mega Bot ☣ Scanner & Auto Exploiter
  • A3h1nt/Grawler - Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file.
  • vitaminarts/Telegram-scraper-api - An easy-to-use PHP api for Getting contents of Telegram's public channels and groups Messages without needing to join them.
  • binarymaster/3WiFi - 3WiFi Wireless Database
  • lorien/awesome-web-scraping - List of libraries, tools and APIs for web scraping and data processing.

postgresql

  • haydenwoodhead/burner.kiwi - No bullshit temporary mail service written in Go
  • screetsec/Vegile - This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will

powershell

python

python3

qt

raspberry-pi

  • x1mdev/ReconPi - ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.

react

  • pawlaczyk/sarenka - OSINT tool - gets data from services like shodan, censys etc. in one app

reactjs

  • pawlaczyk/sarenka - OSINT tool - gets data from services like shodan, censys etc. in one app

reverse-engineering

ruby

rust

scala

security

server

  • mail-in-a-box/mailinabox - Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
  • whatwebgui/WhatWebGUI - WhatWebGUI is a cross-platform compatible Java-based application for Windows 10, Mac OSX and Linux which implements the front end of the popular web scanning tool WhatWeb, the next generation web scan
  • AlisamTechnology/ATSCAN - Advanced dork Search & Mass Exploit Scanner

serverless

  • donnemartin/awesome-aws - A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.

shell

  • denisidoro/navi - An interactive cheatsheet tool for the command-line
  • onceupon/Bash-Oneliner - A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.
  • clu3bot/owt - Update Version 3.1 added free SMS messaging.
  • x1mdev/ReconPi - ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
  • Winetricks/winetricks - Winetricks is an easy way to work around problems in Wine
  • AlisamTechnology/ATSCAN - Advanced dork Search & Mass Exploit Scanner
  • jakewmeyer/Geo - 🌎 A Bash utility for easy wan, lan, router, dns, mac address, and geolocation output, with clean stdout for piping
  • hamvocke/dotfiles - A collection of my personal dotfiles
  • n1nj4sec/pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
  • herrbischoff/awesome-macos-command-line - Use your macOS terminal shell to do awesome things.

spring-boot

sql

swift

telegram

terminal

testing

twitter

  • jonbakerfish/TweetScraper - TweetScraper is a simple crawler/spider for Twitter Search without using API
  • bisguzar/twitter-scraper - Scrape the Twitter Frontend API without authentication.
  • megadose/holehe - holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
  • twintproject/twint - An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
  • 5h4d0wb0y/socialbrute - It attempts to crack social networks using a brute force dictionary attack.
  • tweepy/tweepy - Twitter for Python!
  • miranda-ng/miranda-ng - Miranda NG: Next Generation of Miranda IM
  • ScriptSmith/reaper - Social media scraping / data collection tool for the Facebook, Twitter, Reddit, YouTube, Pinterest, and Tumblr APIs

typescript

  • WorldBrain/Memex - Browser extension to curate, annotate, and discuss the most valuable content and ideas on the web. As individuals, teams and communities.

ubuntu

vim

vue

web

  • pablosnt/rekono - Execute full pentesting processes combining multiple hacking tools automatically
  • hhhrrrttt222111/Dorkify - Perform Google Dork search with Dorkify
  • niespodd/browser-fingerprinting - Analysis of Bot Protection systems with available countermeasures 🚿. How to defeat anti-bot system 👻 and get around browser fingerprinting scripts 🕵️‍♂️ when scraping the web?
  • google/tamperchrome - Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).
  • PreferredAI/venom - Your preferred open source focused crawler for the deep web.
  • ffuf/ffuf - Fast web fuzzer written in Go
  • 1UC1F3R616/fastProxy - MultiThreaded Application to Scrape Working Web Proxies
  • pikpikcu/Pentest-Tools-Framework - Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabili
  • linkchecker/linkchecker - check links in web documents or full websites
  • OJ/gobuster - Directory/File, DNS and VHost busting tool written in Go
  • 3xploit-db/Pentest-Tools-Framework - Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabili
  • 1N3/BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
  • urbanadventurer/WhatWeb - Next generation web scanner

webapp

website

windows

wordpress

xml

License

CC0

To the extent possible under law, Astrogeorgeonethree has waived all copyright and related or neighboring rights to this work.