ahhh.md

Awesome Stars

A curated list of my GitHub stars! Generated by starred

Contents

• C

• C#

• C++

• CSS

• CoffeeScript

• Go

• HTML

• Hack

• Java

• JavaScript

• OCaml

• Others

• PHP

• Perl

• Perl6

• PowerShell

• [Propeller Spin](#propeller spin)

• Python

• Ruby

• Shell

• [Visual Basic](#visual basic)

C

• pentestkoala - Modified dropbear server which acts as a client and allows authless login

• memz - A Cleaner MEMZ

• DoubleAgent - Zero-Day Code Injection and Persistence Technique

• vlany - Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)

• public-pentesting-reports - Curated list of public penetration test reports released by several consulting firms and academic security groups

• patchkit - binary patching from Python

• mimikatz - A little tool to play with Windows security

• pafish - Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.

• netdata - Get control of your servers. Simple. Effective. Awesome. https://my-netdata.io/

• keychaindump - A proof-of-concept tool for reading OS X keychain passwords

• LiME - LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

• MacDBG - Simple easy to use C and python debugging framework for OSX

• the-sea-watcher - Implementation of the SMM rootkit "The Watcher"

• hostapd-mana - SensePost's patches to hostapd for rogue access points. First presented at Defcon 22

• Shellcodes -

• Kadimus - Kadimus is a tool to check sites to lfi vulnerability , and also exploit it...

• hashcat - World's fastest and most advanced password recovery utility

• hashcat-legacy - Advanced CPU-based password recovery utility

• icmptunnel - Transparently tunnel your IP traffic through ICMP echo and reply packets.

• pwnat - pwnat punches holes in firewalls and NATs allowing any numbers of clients behind NATs to directly connect to a server behind a different NAT using a newly developed technique with no 3rd party, port forwarding, DMZ or spoofing

• jellyfish - GPU rootkit PoC by Team Jellyfish

• Throwback - HTTP/S Beaconing Implant

• azazel - Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

C#

• PowerForensics - PowerForensics provides an all in one platform for live disk forensic analysis

• PSAttack - A portable console aimed at making pentesting with PowerShell a little easier.

• r2dr2-udp-drdos-tool - DRDoS UDP amplification tool

• Prefetch - Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.

• PSScriptAnalyzer - Download ScriptAnalyzer from PowerShellGallery

• QuasarRAT - Remote Administration Tool for Windows

C++

• GameHackingCode - Example code for the book http://www.nostarch.com/gamehacking . PLEASE READ THE README

• falco - Behavioral Activity Monitoring With Container Support

• SideStep - Yet another AV evasion tool

• LockyVaccine - Vaccines against Locky ransomware

• flare-wmi -

• wi-door - Wi-Fi Backdoors

CSS

• jack - Drag and Drop ClickJacking PoC development assistance tool.

CoffeeScript

• hubot-reactions -

Go

• url2img - HTTP server with API for capturing screenshots of websites

• go-mimikatz - A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.

• winrm-powershell - Run Powershell remotely from the CLI

• pam-ussh - uber's ssh certificate pam module

• EGESPLOIT - EGESPLOIT is a golang library for malware development

• ransomware - A windows crypto-ransomware (Academic)

• w32 - A wrapper of windows apis for the Go Programming Language.

• powershell-reverse-http - 😇 A Powershell exploit, windows native service with no virus signature that open a reverse http connection via meterpreter

• phishery - An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

• lonely-shell - minimal https reverse shell

• osxlockdown - [No longer maintained] Apple OS X tool to audit for, and remediate, security configuration settings.

• gobuster - GoBuster is a directory-enumeration tool written in Go.

• go-yara - Go bindings for YARA

• knox - Knox is a secret management service

• clair - Vulnerability Static Analysis for Containers

• Go_Shells - a collection of shells written with the go programming language, golang

HTML

• gophish - Open-Source Phishing Toolkit

• canarytokens - Canarytokens helps track activity and actions on your network.

• warberry - WarBerryPi - Tactical Exploitation

• memory-analysis - A Rekall interactive document for a Memory Analysis workshop/course.

• rekall-profiles - Public Profile Repository for Rekall Memory Forensic.

• streisand - Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.

• lostpass - Pixel-perfect LastPass phishing

• misc - Little bit of this, little bit of that

• threat_note - DPS' Lightweight Investigation Notebook

Hack

• fbctf - Platform to host Capture the Flag competitions

• fbctf - Platform to host Capture the Flag competitions

Java

• bypasswaf - Add headers to all Burp requests to bypass some WAF products

• BurpSuiteLoggerPlusPlus - Burp Suite Logger++: Log activities of all the tools in Burp Suite

• JavaSerialKiller - Burp extension to perform Java Deserialization Attacks

• SerialKillerBypassGadgetCollection - Collection of bypass gadgets to extend and wrap ysoserial payloads

• firescape - MMORPG client and server in Java for personal research

JavaScript

• mailparser - Decode mime formatted e-mails

• browser-autofill-phishing - A simple demo of phishing by abusing the browser autofill feature

• CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

• AnonymousToFacebook - 使用 Node.js 與 FB API 架起來的匿名發文系統

• Minions - Collaborative Distributed Scanning Application (Uses modified DNmap on backend)

• cash - Cross-platform Linux commands in ES6

• OSXAuditor - OS X Auditor is a free Mac OS X computer forensics tool

• onedrive-api-docs - Official documentation for the OneDrive API

• jsnes - A JavaScript NES emulator.

OCaml

• Batsh - A language that compiles to Bash and Windows Batch

Others

• awesome-cyber-skills - A curated list of hacking environments where you can train your cyber skills legally and safely

• CCDC - Scripts related to CCDC

• sysmon-config - Sysmon configuration file template with default high-quality event tracing

• misp-book - User guide of MISP

• awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources

• iocs - FireEye Publicly Shared Indicators of Compromise (IOCs)

• awesome-incident-response - A curated list of tools for incident response

• awesome-sec-talks - A collected list of awesome security talks

• Malware - Course materials for Malware Analysis by RPISEC

• dear-github - 📨 An open letter to GitHub from the maintainers of open source projects

• CheatSheets - Cheat sheets for various projects.

• python-pentest-tools - Python tools for penetration testers

• List - webapp

• pwnableweb-scoreboard - Scoreboard for CTF Competitions

PHP

• FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

• sees - SEES aims to increase the success rate of phishing attacks by sending emails to company users as if they are coming from the very same company’s domain.

• MISP - MISP - Malware Information Sharing Platform & Threat Sharing

• Sn1per - Automated Pentest Recon Scanner

• DAws - Advanced Web Shell

• webshell - This is a webshell open source project

Perl

• psychoPATH - This little helper script attempts to generate all potential DOCUMENT_ROOT full paths for a given application.

• shelling - SHELLING - an offensive approach to the anatomy of improperly written OS command injection sanitisers

Perl6

• metasploit-vulnerability-emulator - Created by Jin Qian via the GitHub Connector

PowerShell

• PSKernel-Primitives - Exploit primitives for PowerShell

• Invoke-TheHash - PowerShell Pass The Hash Utils

• fathomless - A collection of different programs for network red teaming.

• PowerShell-Suite - My musings with PowerShell

• Misc-PowerShell-Stuff - random powershell goodness

• WMIOps - This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.

• PowerShell - Useful PowerShell scripts

• PowerTools - PowerTools is a collection of PowerShell projects with a focus on offensive operations.

• PowerMemory - Exploit the credentials present in files and memory

• CrackMapExec - A swiss army knife for pentesting networks

• PowerSCCM - PowerSCCM - PowerShell module to interact with SCCM deployments

• Tater - Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit from @breenmachine and @foxglovesec

• PoshRat - PowerShell Reverse HTTPs Shell

• AutoBot - Awesome little automater

• AutoBot-Scripts - Community PowerShell scripts for AutoBot, the awesome little automater

• PowerPath - PowerShell implementations of path-finding algorithms using graph theory

• Kansa - A Powershell incident response framework

• VirusTotalShell - A fork of David B Heise's VirusTotal Powershell Module

• Mal-Seine - Why hunt when you can seine?

• box-powershell-sdk-v2 - Windows PowerShell SDK for Box API v2.

• PowerSploit - PowerSploit - A PowerShell Post-Exploitation Framework

• WMI_Backdoor - A PoC WMI backdoor presented at Black Hat 2015

• PowerWorm - Analysis, detection, and removal of the "Power Worm" PowerShell-based malware

• Kautilya - Kautilya - Tool for easy use of Human Interface Devices for offensive security and penetration testing.

• nishang - Nishang - PowerShell for penetration testing and offensive security.

• PoshCode - PoshCode Modules for Packaging, Searching, Fetching

• PSReflect - Easily define in-memory enums, structs, and Win32 functions in PowerShell

• Empire - Empire is a PowerShell and Python post-exploitation agent.

• Wifi_Trojans - A collection of wireless based bind and reverse connect shells for penetration testers to use in demonstrating persistence to a network via rouge access points.

• PSSE - PowerShell Scripting Expert repository, contains template code for security and administrative scripting, largely derived through taking taking the SecurityTube PowerShell for Pentesters course

• Invoke-AltDSBackdoor -

Propeller Spin

• DEFCON22-BADGE - My custom code for the DEFCON22 Badge, all in good fun.

Python

• manticore - Dynamic binary analysis tool

• fancybear - Fancy Bear Source Code

• mimipenguin - A tool to dump the login password from the current linux user

• MS15-034-IIS-Active-DoS-Exploit-PoC - Proof of concept exploit script used to exploit the MS15-034 vulnerability in the Windows HTTP Protocol Stack (HTTP.sys)

• IIS_exploit - Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

• fame - FAME Automates Malware Evaluation

• gcp-audit - A tool for auditing security properties of GCP projects.

• YaraGenerator - Automatic Yara Rule Generation

• SSMA - SSMA - Simple Static Malware Analyzer

• streamalert - StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

• aws-lambda - AWS Lambda Code Samples

• sovereign - A set of Ansible playbooks to build and maintain your own private cloud: email, calendar, contacts, file sync, IRC bouncer, VPN, and more.

• eyephish - OpenCV based IDN option generator PoC

• honeybadger -

• autopwn - Specify targets and run sets of tools against them

• zarp - Network Attack Tool

• aws_pwn - A collection of AWS penetration testing junk

• pyshell - PyShell makes interacting with web-based command injection less painful, emulating the feel of an interactive shell as much as possible.

• EQGRP - Mirror

• PINCE - A reverse engineering tool that'll (hopefully) supply the place of Cheat Engine for linux

• splunk2resilient - splunk alert script to create resilient tickets

• yarAnalyzer - Yara Rule Analyzer and Statistics

• Loki - Loki - Simple IOC and Incident Response Scanner

• EmPyre - A post-exploitation OS X/Linux agent written in Python 2.7

• PhantomShodan - Shodan.io connector for Phantom Cyber Security Orchestration

• simuvex - A symbolic execution engine for the VEX IR

• simple -

• angr - The next-generation binary analysis platform from UC Santa Barbara's Seclab!

• angr-doc - Documentation for the angr suite

• detekt - Malware triaging tool

• Winpayloads - Undetectable Windows Payload Generation

• featherduster - An automated, modular cryptanalysis tool

• CVE-2016-3714 - ImaegMagick Code Execution (CVE-2016-3714)

• FIR - Fast Incident Response

• vivisect -

• deprecated-binaryninja-python - Deprecated Binary Ninja prototype written in Python

• ivre - Network recon framework.

• thug - Python low-interaction honeyclient

• vmcloak - Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.

• exploits -

• JSRat-Py - This is my implementation of JSRat.ps1 in Python so you can now run the attack server from any OS instead of being limited to a Windows OS with Powershell enabled.

• GAM - command line management for Google G Suite

• misp-modules - Modules for expansion services, import and export in MISP

• dfirtriage - Digital forensic acquisition tool for Windows based incident response.

• PenTestScripts - Scripts that are useful for me on pen tests

• salt - Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:

• Satori - Hunting system admins with Powershell/WMI

• HoneyPy - A low interaction honeypot.

• viper - Binary analysis and management framework

• urlquery_python_api - Python API for URL Query

• AlienVaultLabs - Alienvault Labs Projects Random Stuff

• python-deepviz - python-deepviz is a python wrapper for deepviz.com REST APIs

• CDQR - The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices

• DET - (extensible) Data Exfiltration Toolkit (DET)

• shells - collection of useful shells for penetration tests

• image-analogies - Generate image analogies using neural matching and blending.

• neural-doodle - Turn your two-bit doodles into fine artworks with deep neural networks, generate seamless textures from photos, transfer style from one image to another, perform example-based upscaling, but wait... there's more! (An implementation of Semantic Style Transfer.)

• enteletaor - Message Queue & Broker Injection tool

• dcept - A tool for deploying and detecting use of Active Directory honeytokens

• thefuck - Magnificent app which corrects your previous console command.

• botnet-lab - 🔒 An IRC based tool for testing the capabilities of a botnet.

• chainbreaker - Mac OS X Keychain Forensic Tool

• gladius - Automated Responder/secretsdump.py cracking

• pentestly - Python and Powershell internal penetration testing framework

• DAMM - Differential Analysis of Malware in Memory

• autoDANE - Auto Domain Admin and Network Exploitation.

• net-creds - Sniffs sensitive data from interface or pcap

• osxcollector_output_filters - Filters that process and transform the output of osxcollector

• DylibHijack - python utilities related to dylib hijacking on OS X

• GitHarvester -

• autoresp - Runs Responder, uploads hashes for cracking, alerts when cracked

• autoresponder - Quick python script to automatically load NTLM hashes from Responder logs and fires up Hashcat to crack them

• SPartan - Frontpage and Sharepoint fingerprinting and attack tool.

• HQLmap - (Deprecated) HQLmap, Automatic tool to exploit HQL injections

• CSRFT - A lightweight CSRF Toolkit for easy Proof of concept

• twittor - A fully featured backdoor that uses Twitter as a C&C server

• python_backdoor - 过360主动防御360杀毒以前99%杀软的python后门

• WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack

• ptf - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

• ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services

• Opy - Obfuscator for Python

• peel - PEEL is a Python library for being a Windows binary wizard. Literally. You will literally become the Gandalf of PE files.

• rekall - Rekall Memory Forensic Framework

• pwntools - CTF framework and exploit development library

• SNMP-Brute - Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script.

• Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

• sparta - Network Infrastructure Penetration Testing Tool

• xss2shell - Tool for abusing XSS vulnerabilities on Wordpress and Joomla! installations

• simple-salesforce - A very simple Salesforce.com REST API client for Python

• macOS-Security-and-Privacy-Guide - A practical guide to securing macOS.

• EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

• scripts - Scripts I use during pentest engagements.

• data_hacking - Click Security Data Hacking Project

• fisticuffs - A growing implementation of a cloned game with simple game logic. There's a Trello board if you want to see what parts I'm working to advance.

• pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

• crawler.py - async web crawler

• get_proxy - Py class that returns fastest http proxy

• search-bing - Search bing with python

• search-google - Scrape google search results

• email2file - script to download and save all email messages and attachments to file

• SPSE - Collection of scripts created while taking the SecurityTube Python Scripting Expert course

• shellme - simple shellcode generator

• smbmap - SMBMap is a handy SMB enumeration tool

• libShell - Library for creating modular shells.

• NTP_Trojan - Reverse NTP remote access trojan in python, for penetration testers

• kerberoast -

• Reverse_SSH_Shell - A reverse ssh shell written in python, intended for penetration testers to use as a covert channel on windows

• Reverse_HTTPS_Bot - A python based https remote access trojan for penetration testing

• osxcollector - A forensic evidence collection & analysis toolkit for OS X

• Scout2 - Security auditing tool for AWS environments

• Scripts -

• InsurgentFramework - A framework for creating modular bots/backdoors

• XMPP_Shell_Bot - A shell / chat bot for XMPP and cloud services

• Stego_Dropper - A python based dropper, that uses steganography and an image over http to transfer a file

• LoginScan - Scanner for document roots/URLs.

• analysis-tools - Miscellaneous analysis tools

• Reverse_DNS_Shell - A python reverse shell that uses DNS as the c2 channel

• Responder - Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Ruby

• keyjacker - Keyjacker enumerates Mac keychains and displays plain text passwords.

• IntData - IntData is a forensic tool for fast research in the memory of your iPhone, iPad or iPod

• go-derper - Memcache hacking tool.

• test-kitchen - Test Kitchen is an integration tool for developing and testing infrastructure code and software on isolated target platforms.

• bettercap-proxy-modules - This repository contains some bettercap transparent proxy example modules.

• bettercap - A complete, modular, portable and easily extensible MITM framework.

• bassethound - Check the validity of email addresses

• ocra - One-Click Ruby Application Builder

Shell

• unfetter - Main Build directory

• yodo - Local Privilege Escalation

• sof-elk - Configuration files for the SOF-ELK VM, used in SANS FOR572

• 2016-security-scripts - Scripts built from our 2016 Guide to User Data Security

• epictreasure - radare, angr, pwndbg, binjitsu, ect in a box ready for pwning

• Linux-RDP - Linux RDP Scanner and Bruteforcer Scripts

• brootkit - Lightweight rootkit implemented by bash shell scripts v0.10

• afdns - Ad free DNS server. A docker container with a DNS server configured to block advertisement hosts.

• random - Scripts that aren't PowerShell

• htshells - Self contained htaccess shells and attacks

• n4p - Offensives network security framework for Wireless and MiTM style hacking

Visual Basic

• PlasmaRAT - Remote Access Trojan(RAT), Miner, DDoS

• BetterRAT - Better Remote Access Trojan

License

To the extent possible under law, ahhh has waived all copyright and related or neighboring rights to this work.