Repos for Cybersecurity, Malware & Pentesting
Cybersecurity is nowadays of great relevance to many entities and individuals. As more and more things get connected, the threat of digital violence and abuse is very real. And it may a serious impact to the worlds normal. Thus learning cybersecurity is also relevant to many parties and individuals.
In the list below, we highlight 70+ interesting repositories, which address many topics in cybersecurity domain, including pentesting, malware, ethical hacking, honeypot,red team, blue team, OSINT etc.
1N3/BlackWidow | A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website. |
alexandreborges/malwoverview | Malwoverview is a first response tool used for downloading and screening malware samples, suspicious URLs, IP address, domains. Malwoverview offers threat hunting information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, ThreatCrowd, Valhalla and it is able to scan Android devices against VT and HA. |
androguard/androguard | Reverse engineering, Malware and goodware analysis of Android applications … and more (ninja !) |
bkimminich/juice-shop | OWASP Juice Shop: Probably the most modern and sophisticated insecure web application |
blaCCkHatHacEEkr/PENTESTING-BIBLE | This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources. |
BlueTeamLabs/sentinel-attack | Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework |
byt3bl33d3r/CrackMapExec | A swiss army knife for pentesting networks |
Cillian-Collins/dirscraper | OSINT scanning tool which discovers and maps directories found in javascript files hosted on a website. |
cowrie/cowrie | Cowrie SSH/Telnet Honeypot http://cowrie.readthedocs.io |
dafthack/CloudPentestCheatsheets | This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers. |
DedSecInside/TorBot | Dark Web OSINT Tool |
diego-treitos/linux-smart-enumeration | Linux enumeration tool for pentesting and CTFs with verbosity levels |
enaqx/awesome-pentest | A collection of awesome penetration testing resources, tools and other shiny things |
evilsocket/xray | XRay is a tool for recon, mapping and OSINT gathering from public networks. |
fireeye/commando-vm | Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com |
fireeye/ThreatPursuit-VM | Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly. |
G123N1NJ4/c2hack | C2Hack, sharing tips and tricks for pentesters |
gerryguy311/CyberProfDevelopmentCovidResources | An awesome list of FREE resources for training, conferences, speaking, labs, reading, etc that are free all the time or during COVID-19 that cybersecurity professionals with downtime can take advantage of to improve their skills and marketability to come out on the other side ready to rock. |
guardicore/monkey | Infection Monkey - An automated pentest tool |
gwen001/pentest-tools | Custom pentesting tools |
Hack-with-Github/Awesome-Hacking | A collection of various awesome lists for hackers, pentesters and security researchers |
harisqazi1/Cybersecurity | This is meant to assist people looking for entry level Cybersecurity jobs, as well as study up on skills that they can put on their resume. |
hash3liZer/WiFiBroot | A WiFi Pentest Cracking tool for WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication) |
hmaverickadams/Beginner-Network-Pentesting | Notes for Beginner Network Pentesting Course |
infosecn1nja/Red-Teaming-Toolkit | A collection of open source and commercial tools that aid in red team operations. |
IoT-PTv/IoT-PT | A Virtual environment to Pentest IoT Devices |
itsmehacker/DarkScrape | OSINT Tool For Scraping Dark Websites |
j3ssie/IPOsint | WARNING: This project now become part of https://github.com/j3ssie/Metabigor project |
jivoi/awesome-ml-for-cybersecurity | :octocat: Machine Learning for Cyber Security |
jivoi/awesome-osint | :scream: A curated list of amazingly awesome OSINT |
jofpin/trape | People tracker on the Internet: OSINT analysis and research tool by Jose Pino |
juliocesarfort/public-pentesting-reports | Curated list of public penetration test reports released by several consulting firms and academic security groups |
kgretzky/pwndrop | Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. |
khast3x/h8mail | :mailbox_with_no_mail::mag_right: Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email |
lightspin-tech/red-kube | Red Team KubeCTL Cheat Sheet |
M4cs/BabySploit | :baby: BabySploit Beginner Pentesting Toolkit/Framework Written in Python :snake: |
malwaredllc/byob | BYOB (Build Your Own Botnet) |
mike-goodwin/owasp-threat-dragon-desktop | An installable desktop variant of OWASP Threat Dragon |
MISP/MISP | MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform) |
MobSF/Mobile-Security-Framework-MobSF | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. |
nccgroup/demiguise | HTA encryption tool for RedTeams |
OpenRCE/Malware-Analysis-Training | Retired beginner/intermediate malware analysis training materials from @pedramamini and @erocarrera. |
OWASP/CheatSheetSeries | The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. |
OWASP/owasp-mstg | The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering. |
OWASP/wstg | The OWASP Web Security Testing Guide includes a “best practice” penetration testing framework which users can implement in their own organizations and a “low level” penetration testing guide that describes techniques for testing most common web application and web service security issues. |
PacktPublishing/Hands-On-Artificial-Intelligence-for-Cybersecurity | Hands-On Artificial Intelligence for Cybersecurity, publised by Packt |
PacktPublishing/Hands-on-Machine-Learning-for-Cyber-Security | Hands-On Machine Learning for Cybersecurity, published by Packt |
PacktPublishing/Machine-Learning-for-Cybersecurity-Cookbook | Machine Learning for Cybersecurity Cookbook, published by Packt |
paralax/awesome-honeypots | an awesome list of honeypot resources |
pikpikcu/Pentest-Tools-Framework | Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities |
pry0cc/axiom | A dynamic infrastructure toolkit for red teamers and bug bounty hunters! |
redcanaryco/atomic-red-team | Small and highly portable detection tests based on MITRE’s ATT&CK. |
rek7/fireELF | fireELF - Fileless Linux Malware Framework |
rshipp/awesome-malware-analysis | Defund the Police. |
s0md3v/Photon | Incredibly fast crawler designed for OSINT. |
sa7mon/miniprint | A medium interaction printer honeypot |
saeidshirazi/awesome-android-security | A curated list of Android Security materials and resources For Pentesters and Bug Hunters |
Shmakov/Honeypot | Low interaction honeypot that displays real time attacks |
smicallef/spiderfoot | SpiderFoot automates OSINT collection so that you can focus on analysis. |
stampery/mongoaudit | A powerful MongoDB auditing and pentesting tool |
StevenBlack/hosts | Extending and consolidating hosts files from several well-curated sources like adaway.org, mvps.org, malwaredomainlist.com, someonewhocares.org, and potentially others. You can optionally invoke extensions to block additional sites by category. |
sundowndev/hacker-roadmap | :pushpin: A guide for amateurs pen testers and a collection of hacking tools, resources and references to practice ethical hacking, pen testing and web security. |
sundowndev/PhoneInfoga | Advanced information gathering & OSINT tool for phone numbers |
swisskyrepo/PayloadsAllTheThings | A list of useful payloads and bypass for Web Application Security and Pentest/CTF |
The-Art-of-Hacking/h4cker | This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more. |
twintproject/twint | An advanced Twitter scraping & OSINT tool written in Python that doesn’t use Twitter’s API, allowing you to scrape a user’s followers, following, Tweets and more while evading most API limitations. |
Tylous/SniffAir | A framework for wireless pentesting. |
V33RU/IoTSecurity101 | From IoT Pentesting to IoT Security |
wtsxDev/Machine-Learning-for-Cyber-Security | Curated list of tools and resources related to the use of machine learning for cyber security |
xillwillx/skiptracer | OSINT python webscaping framework |
yeyintminthuhtut/Awesome-Red-Teaming | List of Awesome Red Teaming Resources |
ytisf/theZoo | A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public. |