charlie-go's Stars
NextronSystems/APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
NetSPI/PowerUpSQL
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
microsoft/autogen
A programming framework for agentic AI 🤖
brendangregg/FlameGraph
Stack trace visualizer
parca-dev/parca
Continuous profiling for analysis of CPU and memory usage, down to the line number and throughout time. Saving infrastructure cost, improving performance, and increasing reliability.
DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
jeremylong/DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
globaldatanet/aws-firewall-factory
Enhance the security of your web applications effortlessly with AWS Firewall Factory. Safeguard your valuable assets through seamless WAF deployment, updates, and staging, all centrally managed with AWS Firewall Manager.
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
EnableSecurity/wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
slackhq/nebula
A scalable overlay networking tool with a focus on performance, simplicity and security
openwall/yescrypt
Password-based key derivation function and password hashing scheme building upon scrypt
filebrowser/filebrowser
📂 Web File Browser
the-useless-one/pywerview
A (partial) Python rewriting of PowerSploit's PowerView
Mr-Un1k0d3r/EDRs
CrowdStrike/VirtualGHOST
VirtualGHOST Detection Tool
sullo/nikto
Nikto web server scanner
davidprowe/BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
cisagov/ScubaGear
Automation to assess the state of your M365 tenant against CISA's baselines
prowler-cloud/prowler
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
nccgroup/ScoutSuite
Multi-Cloud Security Auditing Tool
fortra/impacket
Impacket is a collection of Python classes for working with network protocols.
lgandx/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
jordansissel/xdotool
fake keyboard/mouse input, window management, and more
ControlThings-io/ctui
ctui is a library similar to Python's cmd, but with curses-like user interface
tailscale/tailscale
The easiest, most secure way to use WireGuard and 2FA.
cowrie/cowrie
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
traefik/traefik
The Cloud Native Application Proxy
Security-Onion-Solutions/securityonion
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
munin-monitoring/munin
Main repository for munin master / node / plugins