An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Scapy: the Python-based interactive packet manipulation program & library.

Attack Surface Management Platform

🕵️‍♂️ All-in-one OSINT tool for analysing any website

Find, verify, and analyze leaked credentials

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

The Official Bash Bunny Payload Repository

Protect and discover secrets using Gitleaks 🔑

The Official USB Rubber Ducky Payload Repository

A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.

Daemon to ban hosts that cause multiple authentication errors

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

syzkaller is an unsupervised coverage-guided kernel fuzzer

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024