November 22, 2020

1197 words 6 mins read

Repos for Cybersecurity, Malware & Pentesting

Repos for Cybersecurity, Malware & Pentesting

Cybersecurity is nowadays of great relevance to many entities and individuals. As more and more things get connected, the threat of digital violence and abuse is very real. And it may a serious impact to the worlds normal. Thus learning cybersecurity is also relevant to many parties and individuals.

In the list below, we highlight 70+ interesting repositories, which address many topics in cybersecurity domain, including pentesting, malware, ethical hacking, honeypot,red team, blue team, OSINT etc.

1N3/BlackWidow A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
alexandreborges/malwoverview Malwoverview is a first response tool used for downloading and screening malware samples, suspicious URLs, IP address, domains. Malwoverview offers threat hunting information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, ThreatCrowd, Valhalla and it is able to scan Android devices against VT and HA.
androguard/androguard Reverse engineering, Malware and goodware analysis of Android applications … and more (ninja !)
bkimminich/juice-shop OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
blaCCkHatHacEEkr/PENTESTING-BIBLE This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
BlueTeamLabs/sentinel-attack Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework
byt3bl33d3r/CrackMapExec A swiss army knife for pentesting networks
Cillian-Collins/dirscraper OSINT scanning tool which discovers and maps directories found in javascript files hosted on a website.
cowrie/cowrie Cowrie SSH/Telnet Honeypot
dafthack/CloudPentestCheatsheets This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
DedSecInside/TorBot Dark Web OSINT Tool
diego-treitos/linux-smart-enumeration Linux enumeration tool for pentesting and CTFs with verbosity levels
enaqx/awesome-pentest A collection of awesome penetration testing resources, tools and other shiny things
evilsocket/xray XRay is a tool for recon, mapping and OSINT gathering from public networks.
fireeye/commando-vm Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution.
fireeye/ThreatPursuit-VM Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
G123N1NJ4/c2hack C2Hack, sharing tips and tricks for pentesters
gerryguy311/CyberProfDevelopmentCovidResources An awesome list of FREE resources for training, conferences, speaking, labs, reading, etc that are free all the time or during COVID-19 that cybersecurity professionals with downtime can take advantage of to improve their skills and marketability to come out on the other side ready to rock.
guardicore/monkey Infection Monkey - An automated pentest tool
gwen001/pentest-tools Custom pentesting tools
Hack-with-Github/Awesome-Hacking A collection of various awesome lists for hackers, pentesters and security researchers
harisqazi1/Cybersecurity This is meant to assist people looking for entry level Cybersecurity jobs, as well as study up on skills that they can put on their resume.
hash3liZer/WiFiBroot A WiFi Pentest Cracking tool for WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication)
hmaverickadams/Beginner-Network-Pentesting Notes for Beginner Network Pentesting Course
infosecn1nja/Red-Teaming-Toolkit A collection of open source and commercial tools that aid in red team operations.
IoT-PTv/IoT-PT A Virtual environment to Pentest IoT Devices
itsmehacker/DarkScrape OSINT Tool For Scraping Dark Websites
j3ssie/IPOsint WARNING: This project now become part of project
jivoi/awesome-ml-for-cybersecurity :octocat: Machine Learning for Cyber Security
jivoi/awesome-osint :scream: A curated list of amazingly awesome OSINT
jofpin/trape People tracker on the Internet: OSINT analysis and research tool by Jose Pino
juliocesarfort/public-pentesting-reports Curated list of public penetration test reports released by several consulting firms and academic security groups
kgretzky/pwndrop Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
khast3x/h8mail :mailbox_with_no_mail::mag_right: Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
lightspin-tech/red-kube Red Team KubeCTL Cheat Sheet
M4cs/BabySploit :baby: BabySploit Beginner Pentesting Toolkit/Framework Written in Python :snake:
malwaredllc/byob BYOB (Build Your Own Botnet)
mike-goodwin/owasp-threat-dragon-desktop An installable desktop variant of OWASP Threat Dragon
MISP/MISP MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
MobSF/Mobile-Security-Framework-MobSF Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
nccgroup/demiguise HTA encryption tool for RedTeams
OpenRCE/Malware-Analysis-Training Retired beginner/intermediate malware analysis training materials from @pedramamini and @erocarrera.
OWASP/CheatSheetSeries The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
OWASP/owasp-mstg The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.
OWASP/wstg The OWASP Web Security Testing Guide includes a “best practice” penetration testing framework which users can implement in their own organizations and a “low level” penetration testing guide that describes techniques for testing most common web application and web service security issues.
PacktPublishing/Hands-On-Artificial-Intelligence-for-Cybersecurity Hands-On Artificial Intelligence for Cybersecurity, publised by Packt
PacktPublishing/Hands-on-Machine-Learning-for-Cyber-Security Hands-On Machine Learning for Cybersecurity, published by Packt
PacktPublishing/Machine-Learning-for-Cybersecurity-Cookbook Machine Learning for Cybersecurity Cookbook, published by Packt
paralax/awesome-honeypots an awesome list of honeypot resources
pikpikcu/Pentest-Tools-Framework Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities
pry0cc/axiom A dynamic infrastructure toolkit for red teamers and bug bounty hunters!
redcanaryco/atomic-red-team Small and highly portable detection tests based on MITRE’s ATT&CK.
rek7/fireELF fireELF - Fileless Linux Malware Framework
rshipp/awesome-malware-analysis Defund the Police.
s0md3v/Photon Incredibly fast crawler designed for OSINT.
sa7mon/miniprint A medium interaction printer honeypot
saeidshirazi/awesome-android-security A curated list of Android Security materials and resources For Pentesters and Bug Hunters
Shmakov/Honeypot Low interaction honeypot that displays real time attacks
smicallef/spiderfoot SpiderFoot automates OSINT collection so that you can focus on analysis.
stampery/mongoaudit A powerful MongoDB auditing and pentesting tool
StevenBlack/hosts Extending and consolidating hosts files from several well-curated sources like,,,, and potentially others. You can optionally invoke extensions to block additional sites by category.
sundowndev/hacker-roadmap :pushpin: A guide for amateurs pen testers and a collection of hacking tools, resources and references to practice ethical hacking, pen testing and web security.
sundowndev/PhoneInfoga Advanced information gathering & OSINT tool for phone numbers
swisskyrepo/PayloadsAllTheThings A list of useful payloads and bypass for Web Application Security and Pentest/CTF
The-Art-of-Hacking/h4cker This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
twintproject/twint An advanced Twitter scraping & OSINT tool written in Python that doesn’t use Twitter’s API, allowing you to scrape a user’s followers, following, Tweets and more while evading most API limitations.
Tylous/SniffAir A framework for wireless pentesting.
V33RU/IoTSecurity101 From IoT Pentesting to IoT Security
wtsxDev/Machine-Learning-for-Cyber-Security Curated list of tools and resources related to the use of machine learning for cyber security
xillwillx/skiptracer OSINT python webscaping framework
yeyintminthuhtut/Awesome-Red-Teaming List of Awesome Red Teaming Resources
ytisf/theZoo A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
comments powered by Disqus