Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the ...

Go 29,231 3,498 Updated Jun 17, 2026

ihebski / DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Python 6,613 777 Updated May 29, 2026

public-api-lists / public-api-lists

A curated list of free public APIs across 48 categories — searchable, community-maintained, with a free JSON API.

14,785 1,550 Updated Jun 9, 2026

ShutdownRepo / smartbrute

Password spraying and bruteforcing tool for Active Directory Domain Services

Python 387 57 Updated Oct 27, 2024

public-apis / public-apis

A collective list of free APIs

Python 442,236 48,456 Updated Jun 13, 2026

Naategh / PyCk

A collection of useful Python hacking scripts for beginners

Python 615 100 Updated Jan 22, 2022

NARKOZ / hacker-scripts

Based on a true story

JavaScript 49,735 6,662 Updated Oct 23, 2023

CoreyMSchafer / code_snippets

Jupyter Notebook 10,586 17,230 Updated Aug 1, 2024

ThePotato456 / prntscrn-scraper

Python 2 2 Updated Sep 8, 2022

N1z0ku / AV_Evasion

A short paper on my experience with evading Defender with Powershell

7 3 Updated Oct 14, 2021

vxunderground / MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages.

Assembly 18,417 2,074 Updated May 30, 2026

byt3bl33d3r / CrackMapExec

A swiss army knife for pentesting networks

Python 9,141 1,687 Updated Dec 6, 2023

abhijithb200 / investigator

An online handy-recon tool

CSS 263 39 Updated Nov 12, 2023

swisskyrepo / DamnWebScanner

Another web vulnerabilities scanner, this extension works on Chrome and Opera

Python 470 157 Updated Sep 22, 2019

peass-ng / PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

C# 20,006 3,365 Updated Jun 15, 2026

swisskyrepo / PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Python 78,482 17,092 Updated Jun 6, 2026

danielmiessler / SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se...

PHP 71,616 25,027 Updated Jun 16, 2026

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

Ruby 9,637 1,337 Updated Jun 12, 2026

nvm-sh / nvm

Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions

Shell 93,839 10,226 Updated Jun 15, 2026

openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

C 13,274 2,505 Updated Jun 6, 2026

pentestmonkey / php-reverse-shell

PHP 2,809 1,891 Updated Aug 7, 2024

micahvandeusen / gMSADumper

Lists who can read any gMSA password blobs and parses them if the current user has access.

Python 376 65 Updated Feb 12, 2024

M41doror / FaceBook-Scan

An OSINT tool to easily generate Facebook url's to access publicly available information from Facebook profiles

Python 12 7 Updated Feb 22, 2017

sc0tfree / mentalist

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat...

Python 1,994 258 Updated Apr 14, 2026

Paradoxis / StegCracker

Steganography brute-force utility to uncover hidden data inside files

Python 598 106 Updated Dec 25, 2020

0xStarlight / ctf-katana

Forked from JohnHammond/ctf-katana

This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

3 2 Updated Apr 13, 2021