SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Automate the creation of a lab environment complete with security tooling and logging best practices

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

Security automation content in SCAP, Bash, Ansible, and other formats

iOS/macOS/Linux Remote Administration Tool

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Hardening Ubuntu. Systemd edition.

API Security Project aims to present unique attack & defense methods in API Security field

AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project

Subdomain enumeration and information gathering tool

🎯 XML External Entity (XXE) Injection Payload List

My curated list of awesome links, resources and tools on infosec related topics

Most usable tools for iOS penetration testing

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

A repository for using osquery for incident detection and response

Automatic SSTI detection tool with interactive interface