A book-in-progress about the Linux kernel and its insides.

Oblivion Desktop - Unofficial Warp Client for Windows/Mac/Linux

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, a…

Documentation for the Mechanical Phish.

An AI graph workflow library for building dynamic LLM driven workflows

Official radare2 GUI

Erebus is a kernel-mode driver written using the official windows-drivers-rs crate. It exposes two IOCTL actions for user-mode programs, one to read process memory and the other to write to process…

Free and Open Source Reverse Engineering Platform powered by rizin

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Arsenal is just a quick inventory and launcher for hacking programs

.NET debugger and assembly editor

Six Degrees of Domain Admin

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Godot reverse engineering tools

This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

🐌

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A utility for automating the testing and re-signing of Express.js cookie secrets.

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

Hunt down social media accounts by username across social networks

The Ethereal Programming Language

Badges for your personal developer branding, profile, and projects.

The Intuitive Vue Framework.

Bitwarden client apps (web, browser extension, desktop, and cli).