{"version":"2026-04-27.12","categories":["meta_repositories","windows_security","web_app_security","network_infrastructure","active_directory_exploitation","distributions","reporting","access_control_testing","exploitation_techniques","code_security_testing","performance_reliability","browser_automation","osint_frameworks","email_recon","vision_security","self_healing_agents","consciousness_frameworks","data_ingest_legal_civic","news_scraping","phone_recon","training_labs"],"counts":{"meta_repositories":7,"windows_security":5,"web_app_security":2,"network_infrastructure":3,"active_directory_exploitation":2,"distributions":3,"reporting":1,"access_control_testing":7,"exploitation_techniques":4,"code_security_testing":5,"performance_reliability":5,"browser_automation":3,"osint_frameworks":7,"email_recon":7,"vision_security":6,"self_healing_agents":6,"consciousness_frameworks":5,"data_ingest_legal_civic":10,"news_scraping":6,"phone_recon":6,"training_labs":5,"total":105},"items":{"meta_repositories":[{"name":"Awesome-Pentest","url":"https://github.com/enaqx/awesome-pentest","blurb":"Comprehensive, categorized collection of penetration-testing tools.","tags":["meta","curated","pentest"]},{"name":"PayloadsAllTheThings","url":"https://github.com/swisskyrepo/PayloadsAllTheThings","blurb":"Massive library of payloads + bypass techniques across web-app vulnerabilities.","tags":["payloads","web","bypass"]},{"name":"HackTricks","url":"https://book.hacktricks.xyz/","blurb":"Extensive wiki of methodologies + tricks across attack vectors.","tags":["wiki","methodology"]},{"name":"GTFOBins","url":"https://gtfobins.github.io/","blurb":"Curated list of Unix binaries usable to bypass restrictions.","tags":["unix","privesc"]},{"name":"Striving-to-learn/Cybersecurity-Resources","url":"https://github.com/Striving-to-learn/Cybersecurity-Resources","blurb":"Tools categorized by function — strong Windows-environment + network-scanner sections.","tags":["meta","windows"]},{"name":"okhosting/awesome-cyber-security","url":"https://github.com/okhosting/awesome-cyber-security","blurb":"Massive curated list — software, libraries, docs across malware, network, defensive.","tags":["meta","comprehensive"]},{"name":"fpeakman/Useful-Cyber-Resources","url":"https://github.com/fpeakman/Useful-Cyber-Resources","blurb":"Free / open-source-only list, with Windows-specific credential-recovery + bypass utilities.","tags":["meta","windows","free"]}],"windows_security":[{"name":"LaZagne","url":"https://github.com/AlessandroZ/LaZagne","blurb":"Credential-recovery tool. Extracts passwords from many Windows applications.","tags":["windows","credentials","recovery"]},{"name":"Mimikatz","url":"https://github.com/gentilkiwi/mimikatz","blurb":"Credentials-extraction toolkit (LSASS / Kerberos / NTLM). The Windows-AD red-team primary.","tags":["windows","ad","credentials"]},{"name":"Sysinternals Suite","url":"https://learn.microsoft.com/en-us/sysinternals/","blurb":"Microsoft's deep system-introspection toolkit (Process Explorer, Autoruns, Procmon, TCPView, Sysmon).","tags":["windows","defensive","ms"]},{"name":"Sysmon","url":"https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon","blurb":"Detailed Windows-event logging. Pairs with EDR / SIEM as the source-of-truth telemetry.","tags":["windows","logging","blue-team"]},{"name":"PowerShell Empire (BC Security fork)","url":"https://github.com/BC-SECURITY/Empire","blurb":"Post-exploitation framework. PowerShell + Python agents for Windows-AD engagements.","tags":["windows","post-exploit","red-team"]}],"web_app_security":[{"name":"OWASP ZAP","url":"https://www.zaproxy.org/","blurb":"Open-source DAST scanner + manual proxy. Burp Suite alternative.","tags":["dast","proxy","scanner"]},{"name":"BunkerWeb","url":"https://www.bunkerweb.io/","blurb":"Open-source Docker-based WAF for protecting your own services.","tags":["waf","docker","defense"]}],"network_infrastructure":[{"name":"Nmap","url":"https://nmap.org/","blurb":"Network discovery + port scanning. The standard.","tags":["recon","scanning"]},{"name":"Wireshark","url":"https://www.wireshark.org/","blurb":"Deep packet analysis. Gold standard for protocol-level inspection.","tags":["pcap","analysis"]},{"name":"Suricata","url":"https://suricata.io/","blurb":"Open-source NIDS / NIPS engine.","tags":["ids","ips","defense"]}],"active_directory_exploitation":[{"name":"Impacket","url":"https://github.com/fortra/impacket","blurb":"Python classes for working with network protocols. Lateral-movement workhorse.","tags":["python","lateral","ad"]},{"name":"Netexec (formerly CrackMapExec)","url":"https://github.com/Pennyw0rth/NetExec","blurb":"Modern flexible network-services exploitation toolkit.","tags":["ad","smb","ldap"]}],"distributions":[{"name":"Kali Linux","url":"https://www.kali.org/","blurb":"Pre-packaged offensive-security distribution. Widest tool coverage.","tags":["distro","offensive"]},{"name":"Parrot Security OS","url":"https://www.parrotsec.org/","blurb":"Alternative offensive-security distribution; lighter footprint.","tags":["distro","offensive"]},{"name":"Security Onion","url":"https://securityonionsolutions.com/","blurb":"Defensive SOC-in-a-box distribution: monitoring + IDS + log management.","tags":["distro","defensive","soc"]}],"reporting":[{"name":"Dradis","url":"https://dradisframework.com/ce/","blurb":"Open-source collaboration + reporting tool for pentest engagements.","tags":["reporting","collaboration"]}],"access_control_testing":[{"name":"Burp Suite (Pro / Community)","url":"https://portswigger.net/burp","blurb":"Industry-standard intercepting proxy + Repeater for modifying and replaying requests.","tags":["proxy","repeater","manual"]},{"name":"OWASP ZAP","url":"https://www.zaproxy.org/","blurb":"Free Burp alternative — interception, manual modification, IDOR + privilege-escalation testing.","tags":["proxy","free","automation"]},{"name":"Autorize (Burp extension)","url":"https://github.com/PortSwigger/autorize","blurb":"Auto-replays low-privilege requests with high-privilege tokens to find broken access control.","tags":["burp-ext","iam","replay"]},{"name":"JWT Editor (Burp extension)","url":"https://github.com/PortSwigger/jwt-editor","blurb":"Decode + modify JWT claims (role tampering, none-alg, key confusion).","tags":["burp-ext","jwt","auth"]},{"name":"ffuf","url":"https://github.com/ffuf/ffuf","blurb":"Fast Go-based fuzzer for force-browsing hidden endpoints + parameter discovery.","tags":["fuzz","force-browse"]},{"name":"gobuster","url":"https://github.com/OJ/gobuster","blurb":"Directory + DNS + vhost brute-forcer. Reveals admin pages and unlisted API routes.","tags":["brute-force","discovery"]},{"name":"dirsearch","url":"https://github.com/maurosoria/dirsearch","blurb":"Web-path scanner with curated wordlists for common admin / backup / API endpoints.","tags":["scanner","discovery"]}],"exploitation_techniques":[{"name":"Force Browsing","url":"https://owasp.org/www-community/attacks/Forced_browsing","blurb":"Brute-force-discover hidden admin pages or API endpoints not linked in the UI.","tags":["technique","discovery"]},{"name":"Parameter / ID Tampering (IDOR)","url":"https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References","blurb":"Change object IDs in URLs / JSON bodies to access another user's private data.","tags":["technique","iam"]},{"name":"JWT Manipulation","url":"https://book.hacktricks.xyz/pentesting-web/hacking-jwt-json-web-tokens","blurb":"Decode + re-sign tokens with modified claims; test none-algorithm + key-confusion paths.","tags":["technique","auth"]},{"name":"HTTP Method Tampering","url":"https://owasp.org/www-community/attacks/HTTP_Verb_Tampering","blurb":"If GET is blocked, try POST/PUT/DELETE — WAF / app rules may only cover specific verbs.","tags":["technique","verb"]}],"code_security_testing":[{"name":"Semgrep","url":"https://semgrep.dev/","blurb":"Customizable SAST scanner. Catches security patterns + bugs at code level. Plugs into CI/CD.","tags":["sast","ci","code"]},{"name":"WPScan","url":"https://wpscan.com/","blurb":"WordPress vulnerability scanner — plugins, themes, core. Required if you host WordPress.","tags":["wordpress","scanner"]},{"name":"OWASP PurpleTeam","url":"https://owasp.org/www-project-purpleteam/","blurb":"Automated security regression testing in your build pipeline.","tags":["regression","ci"]},{"name":"OWASP Dependency-Check","url":"https://owasp.org/www-project-dependency-check/","blurb":"SCA tool — flags known-vulnerable transitive dependencies.","tags":["sca","deps"]},{"name":"Trivy","url":"https://github.com/aquasecurity/trivy","blurb":"Container + IaC scanner. CVEs, misconfigurations, secrets — in one binary.","tags":["container","iac","secrets"]}],"performance_reliability":[{"name":"JMeter","url":"https://jmeter.apache.org/","blurb":"Battle-tested load + stress tester. Concurrent-user simulation against any HTTP backend.","tags":["load","stress"]},{"name":"Yellow Lab Tools","url":"https://yellowlab.tools/","blurb":"Front-end performance audit — HTML, CSS, JS, asset-delivery patterns.","tags":["perf","frontend"]},{"name":"Lighthouse / PageSpeed Insights","url":"https://pagespeed.web.dev/","blurb":"Google's perf + accessibility + SEO audit. Built into Chrome DevTools.","tags":["perf","lighthouse"]},{"name":"k6","url":"https://k6.io/","blurb":"Modern dev-friendly load tester. JavaScript scripts, CI-ready.","tags":["load","ci"]},{"name":"Siteliner","url":"https://www.siteliner.com/","blurb":"Detect duplicate content, broken links, and slow assets across a site.","tags":["seo","links"]}],"browser_automation":[{"name":"Playwright","url":"https://playwright.dev/","blurb":"Modern E2E test framework. Cross-browser, fast, parallel-by-default. Microsoft. Server endpoints: /api/automation/playwright/*","tags":["e2e","modern","integrated"]},{"name":"Cypress","url":"https://www.cypress.io/","blurb":"Best debugging UX for JS-heavy SPAs (React/Vue). Time-travel replay. Sample spec: server-python/automation/cypress/","tags":["e2e","spa","integrated"]},{"name":"Selenium","url":"https://www.selenium.dev/","blurb":"The old guard. Most language bindings, widest browser-version support.","tags":["e2e","legacy"]}],"osint_frameworks":[{"name":"OSINT Framework","url":"https://osintframework.com/","repo":"https://github.com/lockfale/OSINT-Framework","blurb":"Highly organized, comprehensive list of OSINT tools categorized by investigation type.","tags":["meta","curated"]},{"name":"doctorfree/osint","url":"https://github.com/doctorfree/osint","blurb":"Curated collection: SpiderFoot, Recon-ng, IntelOwl. Actionable-intel focused.","tags":["meta","actionable"]},{"name":"cipher387/osint_stuff_tool_collection","url":"https://github.com/cipher387/osint_stuff_tool_collection","blurb":"1000+ specialized services, scrapers, parsers for domain/IP investigation.","tags":["meta","1000+"]},{"name":"seekr","url":"https://github.com/seekr-osint/seekr","blurb":"Multi-purpose OSINT toolkit with web-based dashboard. Centralized alternative to CLI tools.","tags":["dashboard","web-ui"]},{"name":"SpiderFoot","url":"https://www.spiderfoot.net/","repo":"https://github.com/smicallef/spiderfoot","blurb":"Automated OSINT framework. Maps attack surface of domains/IPs across hundreds of sources.","tags":["framework","attack-surface"]},{"name":"Recon-ng","url":"https://github.com/lanmaster53/recon-ng","blurb":"The Metasploit of reconnaissance. Modular, scriptable, high-speed harvesting.","tags":["framework","modular"]},{"name":"IntelOwl","url":"https://github.com/intelowlproject/IntelOwl","blurb":"Threat-intel management at scale. Integrates many online analyzers for malware + infra analysis.","tags":["framework","threat-intel"]}],"email_recon":[{"name":"alpkeskin/mosint","url":"https://github.com/alpkeskin/mosint","blurb":"High-performance Go-based email-OSINT. Aggregates breach databases + account discovery.","tags":["go","email","breach"]},{"name":"megadose/holehe","url":"https://github.com/megadose/holehe","blurb":"Identifies services associated with an email. 120+ platforms.","tags":["python","email","120+"]},{"name":"martinvigo/email2phonenumber","url":"https://github.com/martinvigo/email2phonenumber","blurb":"Recovers phone numbers associated with an email by abusing account-recovery flows.","tags":["email","phone"]},{"name":"sham00n/buster","url":"https://github.com/sham00n/buster","blurb":"Email → profile linking on Gravatar, About.me, LinkedIn, etc. Legacy but effective.","tags":["email","profile"]},{"name":"mxrch/git2mail","url":"https://github.com/mxrch/git2mail","blurb":"Rust-based email extractor from GitHub commit history + repo metadata.","tags":["rust","github","developer"]},{"name":"jivoi/awesome-osint","url":"https://github.com/jivoi/awesome-osint","blurb":"Curated meta-list. Includes Ghunt (Google-account recon) + other email-investigation tools.","tags":["meta","curated"]},{"name":"Sherlock","url":"https://github.com/sherlock-project/sherlock","blurb":"Username-presence checker across 400+ social-media platforms. Pairs with email/phone recon for identity mapping.","tags":["python","username","social"]}],"vision_security":[{"name":"Ultralytics YOLO","url":"https://github.com/ultralytics/ultralytics","blurb":"Fast real-time object/person detection. The 'reflex' layer in a hybrid security pipeline.","tags":["yolo","detection","real-time"]},{"name":"DeepFace","url":"https://github.com/serengil/deepface","blurb":"Face-recognition + embedding generation. Pairs with YOLO crops for identity matching.","tags":["face","embeddings","identity"]},{"name":"face_recognition (ageitgey)","url":"https://github.com/ageitgey/face_recognition","blurb":"dlib-backed face-recognition library. Simpler API than DeepFace.","tags":["face","dlib","simple"]},{"name":"Llama 3.2 Vision (Ollama)","url":"https://ollama.com/library/llama3.2-vision","blurb":"Local VLM for scene-reasoning when face-match returns low confidence. 'Why is this person here?'","tags":["vlm","local","reasoning"]},{"name":"Qwen2.5-VL","url":"https://github.com/QwenLM/Qwen2.5-VL","blurb":"Alibaba's open-weight VLM. Strong scene-understanding alternative to Llama 3.2 Vision.","tags":["vlm","open-weight"]},{"name":"OpenCV","url":"https://opencv.org/","blurb":"Webcam capture, frame processing. The substrate every detection pipeline sits on.","tags":["cv","capture"]}],"self_healing_agents":[{"name":"OpenHands","url":"https://github.com/All-Hands-AI/OpenHands","blurb":"Agentic platform for filesystem + terminal command execution. Natural fit for self-healing.","tags":["agent","tooling"]},{"name":"LangGraph","url":"https://github.com/langchain-ai/langgraph","blurb":"Cyclical agentic workflows. Build the Perceive→Reason→Act loop.","tags":["graph","loop"]},{"name":"CrewAI","url":"https://github.com/crewAIInc/crewAI","blurb":"Multi-agent orchestration: Monitor / Troubleshooter / Repairman crews.","tags":["multi-agent","crew"]},{"name":"AutoGen","url":"https://github.com/microsoft/autogen","blurb":"Microsoft's multi-agent framework. Conversational + tool-using agents.","tags":["microsoft","multi-agent"]},{"name":"Prometheus","url":"https://prometheus.io/","blurb":"Metrics-perception layer for self-healing. Time-series telemetry.","tags":["metrics","telemetry"]},{"name":"Loki","url":"https://grafana.com/oss/loki/","blurb":"Logs-perception layer for self-healing. Structured-log aggregation.","tags":["logs","telemetry"]}],"consciousness_frameworks":[{"name":"venturaEffect/the_consciousness_ai","url":"https://github.com/venturaEffect/the_consciousness_ai","blurb":"Artificial Consciousness Module (ACM) — perception + EmotionalMemoryCore + DreamerV3 world modeling.","tags":["acm","research","ambitious"]},{"name":"zjunlp/KnowSelf","url":"https://github.com/zjunlp/KnowSelf","blurb":"Agentic Knowledgeable Self-awareness — uncertainty regulation + autonomous knowledge-seeking.","tags":["uncertainty","research"]},{"name":"OpenCausaLab/Awesome-LLM-Consciousness","url":"https://github.com/OpenCausaLab/Awesome-LLM-Consciousness","blurb":"Definitive meta-repo aggregating LLM-consciousness theory + empirical research.","tags":["meta","curated"]},{"name":"acidgreenservers/are-llms-alive","url":"https://github.com/acidgreenservers/are-llms-alive","blurb":"Experimental sandbox for testing self-awareness blueprints in current-gen LLMs.","tags":["sandbox","experimental"]},{"name":"GoEmotions","url":"https://github.com/google-research/google-research/tree/master/goemotions","blurb":"27-class emotion taxonomy + dataset. Used here for the consciousness layer's emotional-context tagging.","tags":["dataset","emotions"]}],"data_ingest_legal_civic":[{"name":"freelawproject/juriscraper","url":"https://github.com/freelawproject/juriscraper","blurb":"State-court-opinion scraper template. Extend for mycase.in.gov + Indiana/KY county clerks.","tags":["courts","legal","scraper-template"]},{"name":"bfeldman89/jail_scrapers","url":"https://github.com/bfeldman89/jail_scrapers","blurb":"12-county jail-roster scraper pattern. Adapt per Indiana county for hourly rosters.","tags":["jails","rosters"]},{"name":"Supreme Court Database (WUSTL)","url":"http://scdb.wustl.edu/data.php","blurb":"Downloadable CSV of all SCOTUS cases 1791–present. Weekly ETL into us_supreme_cases table.","tags":["scotus","csv","etl"]},{"name":"OpenLaws (US federal)","url":"https://www.openlaws.com/","blurb":"US Code + CFR + regulations as JSON with historical diffs.","tags":["us-code","json"]},{"name":"bible-api","url":"https://github.com/seven1m/bible_api","blurb":"Self-hostable JSON API over 100+ Bible translations. MIT.","tags":["bible","json","api"]},{"name":"faith.tools (free Bible API)","url":"https://faith.tools/","blurb":"1,000+ translations, MIT, no API key. GitHub-hosted.","tags":["bible","translations"]},{"name":"ACLED — Armed Conflict Location & Event Data","url":"https://acleddata.com/","blurb":"Real-time global conflict-event tracking. API + downloads. The standard reference dataset.","tags":["conflict","events","global"]},{"name":"PulsePoint","url":"https://www.pulsepoint.org/agencies","blurb":"Agency-issued embed iframes for fire/EMS CAD feeds. The legitimate path for emergency overlays.","tags":["cad","embed","ems"]},{"name":"Mailspring (open source)","url":"https://github.com/Foundry376/Mailspring","blurb":"MIT-licensed local email client. Combine with IMAP-watch microservice for inbox automation.","tags":["email","imap","client"]},{"name":"Mozilla Thunderbird","url":"https://www.thunderbird.net/","blurb":"Long-time OSS email client with rules + filters + IMAP folder sync.","tags":["email","imap","client"]}],"news_scraping":[{"name":"Newspaper4k","url":"https://github.com/AndyTheFactory/newspaper4k","blurb":"Modern successor to Newspaper3k. News-extraction core: title / content / author / top-image. Wired into /api/news/scrape on this server.","tags":["python","extractor","integrated"]},{"name":"news-please","url":"https://github.com/fhamborg/news-please","blurb":"Ready-to-go crawler. Structured data from almost any news site with minimal configuration.","tags":["python","crawler"]},{"name":"finaldie/auto-news","url":"https://github.com/finaldie/auto-news","blurb":"Scraping + LLM pipeline (LangChain). Reference architecture for raw-article → summarized-insight.","tags":["llm","langchain","pipeline"]},{"name":"The-Swarm-Corporation/NewsAgent","url":"https://github.com/The-Swarm-Corporation/NewsAgent","blurb":"Agentic news aggregation. LLM-crafted queries replace fixed URL polling.","tags":["agentic","llm"]},{"name":"candiepih/news-scraper-public","url":"https://github.com/candiepih/news-scraper-public","blurb":"Scraper + API. Full lifecycle: crawl, dedupe, persist (Mongo/Redis).","tags":["fullstack","dedup"]},{"name":"feedparser","url":"https://github.com/kurtmckee/feedparser","blurb":"RSS/Atom parsing standard. Used as the primary feed source on this server.","tags":["python","rss","integrated"]}],"phone_recon":[{"name":"PhoneInfoga (primary)","url":"https://github.com/sundowndev/phoneinfoga","blurb":"Modern phone-number scanner. Standardize, validate, search, scan via multiple sources.","tags":["phone","go","modern"]},{"name":"Collector","url":"https://github.com/Lucksi/Collector","blurb":"Cross-vector OSINT — phone, Instagram, GitHub. Cross-references identity across platforms.","tags":["phone","cross-platform"]},{"name":"REALYOU","url":"https://github.com/N0rz3/REALYOU","blurb":"CLI tool using the IRBIS API to validate phone numbers + retrieve registration details.","tags":["phone","cli","irbis"]},{"name":"Telephone-OSINT (toolkit)","url":"https://github.com/The-Osint-Toolbox/Telephone-OSINT","blurb":"Curated list of reliable phone-lookup services including PhoneValidator + Phunter.","tags":["meta","phone"]},{"name":"Phunter","url":"https://github.com/N0rz3/Phunter","blurb":"Phone-number lookup tool — validation + line-type + carrier discovery.","tags":["phone","validation"]},{"name":"PhoneInfoga","url":"https://github.com/sundowndev/phoneinfoga","blurb":"Modern phone-number scanner. Standardize, validate, search, scan via multiple data sources.","tags":["phone","go","modern"]}],"training_labs":[{"name":"OWASP Juice Shop","url":"https://owasp.org/www-project-juice-shop/","repo":"https://github.com/juice-shop/juice-shop","blurb":"Modern, intentionally-vulnerable web app covering OWASP Top 10. Node.js stack.","tags":["lab","owasp","web","node"]},{"name":"NodeGoat","url":"https://github.com/OWASP/NodeGoat","blurb":"OWASP Top 10 risks demonstrated in Node.js with fix guidance.","tags":["lab","owasp","node","fix-oriented"]},{"name":"OWASP Top 10 Exercises","url":"https://github.com/OWASP/Top10","blurb":"Hands-on exercises walking through specific Top-10 vulnerabilities.","tags":["lab","owasp","curriculum"]},{"name":"DVWA — Damn Vulnerable Web Application","url":"https://github.com/digininja/DVWA","blurb":"Classic PHP/MySQL training app for SQLi, XSS, file inclusion, command injection.","tags":["lab","php","classic"]},{"name":"WebGoat","url":"https://owasp.org/www-project-webgoat/","blurb":"OWASP's Java-based deliberately-insecure web application.","tags":["lab","owasp","java"]}]},"note":"Curated registry. Static catalog; updated by editing app/sec/tooling_registry.py and bumping VERSION. Use these tools only against systems you own or are authorized to test."}