A collection of awesome lists for normal secure work.
- Host Machine
- Source code Analysis
- Mobile(iOS and Android)
- Web Application
- Binary analysis
- Tools
- Others
| Repository | Description |
|---|---|
| vuls | Vulnerability scanner for Linux/FreeBSD, agentless, written in golang. |
| clair | Vulnerability Static Analysis for Containers |
| serverspec | RSpec tests for your servers configured by CFEngine, Puppet, Chef, Ansible, Itamae or anything else even by hand |
| Repository | Description |
|---|---|
| cobra | Source Code Security Audit |
| infer | A static analyzer for Java, C, C++, and Objective-C |
| libfuzzer-workshop | Modern fuzzing of C/C++ Projects workshop. |
| American fuzzy lop | American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary |
| GCC object size checking | GCC implements a limited buffer overflow protection mechanism that can prevent some buffer overflow attacks by determining the sizes of objects into which data is about to be written and preventing the writes when the size isn’t sufficient |
| Sanitizers | sanitizers for C++ or golang |
| FireLine |
| Repository | Description |
|---|---|
| Mobile-Security-Framework-MobSF | Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing. |
| secure-mobile-development | A Collection of Secure Mobile Development Best Practices |
| passionfruit | Simple iOS app blackbox assessment tool |
| awesome-frida | A curated list of awesome projects, libraries, and tools powered by Frida. |
| android-security-awesome | A collection of android security related resources |
| android_app_security_checklist | A checklist with security considerations for designing, testing, and releasing secure Android apps. |
| MobileApp-Pentest-Cheatsheet | high value information on specific mobile application penetration testing topics. |
| needle | The iOS Security Testing Framework |
| idb | idb is a tool to simplify some common tasks for iOS pentesting and research |
| drozer | The Leading Security Assessment Framework for Android |
| ios_sh | iOS Source Grepper |
| androguard | Reverse engineering, Malware and goodware analysis of Android applications |
| Brida | Brida is a Burp Suite Extension that, working as a bridge between Burp Suite and Frida, lets you use and manipulate applications’ own methods while tampering the traffic exchanged between the applications and their back-end services/servers. |
| Repository | Description |
|---|---|
| API-Security-Checklist | Checklist of the most important security countermeasures when designing, testing, and releasing your API |
| PayloadsAllTheThings | A list of useful payloads and bypass for Web Application Security and Pentest/CTF |
| arachni | Web Application Security Scanner Framework |
| security-guide-for-developers | Security Guide for Developers |
| imageXSS | exploit xss by image |
| XSStrike | XSStrike is an advanced XSS detection and exploitation suite. |
| SecLists | SecLists is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more. |
| awesome-web-security | A curated list of Web Security materials and resources. |
| Web-Security-Learning | 在学习Web安全的过程中整合的一些资料 |
| tbhm | The Bug Hunters Methodology |
| Repository | Description |
|---|---|
| PowerSploit | PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment |
| OSXAuditor | OS X Auditor is a free Mac OS X computer forensics tool |
| how2heap | A repository for learning various heap exploitation techniques. |
| radare2 | unix-like reverse engineering framework and commandline tools |
| Repository | Description |
|---|---|
| Scanners-Box | The toolbox of open source scanners |
| xunfeng | 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统 |
| CyberChef | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis |
| cve-search | cve-search - a tool to perform local searches for known vulnerabilities |
| safe-commit-hook | pre-commit hook for Git that checks for suspicious files. |
| gitrob | Reconnaissance tool for GitHub organizations |
| Scumblr | Web framework that allows performing periodic syncs of data sources and performing analysis on the identified results |
| bleah | A BLE scanner for "smart" devices hacking. |
| cilium | Linux Native, HTTP Aware Networking and Security for Containers |
| knock | Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist |
| hashview | A web front-end for password cracking and analytics |
| Repository | Description |
|---|---|
| Mind-Map | 各种安全相关思维导图整理收集 |
| papers | open papers |
| Awesome-Red-Teaming | List of Awesome Red Teaming Resources |
| awesome-pentest-cheat-sheets | Collection of the cheat sheets useful for pentesting |
| awesome-sec-talks | A collected list of awesome security talks |
| security-101-for-saas-startups | security tips for startups |
| Introspected tunnels to localhost | ngrok is a reverse proxy that creates a secure tunnel from a public endpoint to a locally running web service. |