awesome-security

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

GitHub

12k stars
509 watching
2k forks
last commit: 3 months ago
Linked from 21 awesome lists

awesome-listsecurity

Awesome Security / Network / Network architecture

Network-segmentation-cheat-sheet 3,275 7 months ago This project was created to publish the best practices for segmentation of the corporate network of any company. In general, the schemes in this project are suitable for any company

Awesome Security / Network / Scanning / Pentesting

OpenVAS OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution
Metasploit Framework 33,868 10 days ago A tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research
Kali Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs)
tsurugi heavily customized Linux distribution that designed to support DFIR investigations, malware analysis and OSINT activities. It is based on Ubuntu 20.04(64-bit with a 5.15.12 custom kernel)
pig 462 almost 4 years ago A Linux packet crafting tool
scapy 243 about 1 month ago Scapy: the python-based interactive packet manipulation program & library
Pompem 979 about 2 years ago Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day, Packetstorm Security
Nmap Nmap is a free and open source utility for network discovery and security auditing
Amass Amass performs DNS subdomain enumeration by scraping the largest number of disparate data sources, recursive brute forcing, crawling of web archives, permuting and altering names, reverse DNS sweeping and other techniques
Anevicon The most powerful UDP-based load generator, written in Rust
Finshir 31 over 5 years ago A coroutines-driven Low & Slow traffic generator, written in Rust
Legion 1,014 3 months ago Open source semi-automated discovery and reconnaissance network penetration testing framework
Sublist3r 9,713 2 months ago Fast subdomains enumeration tool for penetration testers
RustScan 14,349 4 days ago Faster Nmap scanning with Rust. Take a 17 minute Nmap scan down to 19 seconds
Boofuzz 2,025 5 days ago Fuzzing engine and fuzz testing framework
monsoon 458 2 months ago Very flexible and fast interactive HTTP enumeration/fuzzing
Netz 388 over 3 years ago Discover internet-wide misconfigurations, using zgrab2 and others
Deepfence ThreatMapper 4,781 12 days ago Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless
Deepfence SecretScanner 3,115 5 days ago Find secrets and passwords in container images and file systems
Cognito Scanner 98 8 months ago CLI tool to pentest Cognito AWS instance. It implements three attacks: unwanted account creation, account oracle and identity pool escalation

Awesome Security / Network / Monitoring / Logging

BoxyHQ 348 2 days ago Open source API for security and compliance audit logging
justniffer Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic
httpry httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications
ngrep ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop
passivedns 1,673 5 months ago A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics. PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without loosing the essens in the DNS answer
sagan Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)
ntopng Ntopng is a network traffic probe that shows the network usage, similar to what the popular top Unix command does
Fibratus 2,205 9 days ago Fibratus is a tool for exploration and tracing of the Windows kernel. It is able to capture the most of the Windows kernel activity - process/thread creation and termination, file system I/O, registry, network activity, DLL loading/unloading and much more. Fibratus has a very simple CLI which encapsulates the machinery to start the kernel event stream collector, set kernel event filters or run the lightweight Python modules called filaments
opensnitch 10,808 5 days ago OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
wazuh 10,509 12 days ago Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of monitoring file system changes, system calls and inventory changes
Matano 1,453 3 months ago : Open source serverless security lake platform on AWS that lets you ingest, store, and analyze petabytes of security data into an Apache Iceberg data lake and run realtime Python detections as code
Falco The cloud-native runtime security project and de facto Kubernetes threat detection engine now part of the CNCF
VAST 638 12 days ago Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation
Substation 321 15 days ago Substation is a cloud native data pipeline and transformation toolkit written in Go

Awesome Security / Network / IDS / IPS / Host IDS / Host IPS

Snort Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time"
Zeek Zeek is a powerful network analysis framework that is much different from the typical IDS you may know

Awesome Security / Network / IDS / IPS / Host IDS / Host IPS / Zeek

zeek2es 33 about 2 years ago An open source tool to convert Zeek logs to Elastic/OpenSearch. You can also output pure JSON from Zeek's TSV logs!

Awesome Security / Network / IDS / IPS / Host IDS / Host IPS

DrKeithJones.com A blog on cyber security and network security monitoring
OSSEC Comprehensive Open Source HIDS. Not for the faint of heart. Takes a bit to get your head around how it works. Performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. Plenty of reasonable documentation. Sweet spot is medium to large deployments
Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors
Security Onion Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Zeek, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
sshwatch 46 about 11 years ago IPS for SSH similar to DenyHosts written in Python. It also can gather information about attacker during the attack in a log
Stealth File integrity checker that leaves virtually no sediment. Controller runs from another machine, which makes it hard for an attacker to know that the file system is being checked at defined pseudo random intervals over SSH. Highly recommended for small to medium deployments
AIEngine AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others
Denyhosts Thwart SSH dictionary based attacks and brute force attacks
Fail2Ban Scans log files and takes action on IPs that show malicious behavior
SSHGuard A software to protect services in addition to SSH, written in C
Lynis an open source security auditing tool for Linux/Unix
CrowdSec 8,872 4 days ago CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on Fail2Ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected, you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IPs can be sent to CrowdSec for curation before being shared among all users to further strengthen the community
wazuh 10,509 12 days ago Wazuh is a free and open source XDR platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. Great tool foor all kind of deployments, it includes SIEM capabitilies (indexing + searching + WUI)

Awesome Security / Network / Honey Pot / Honey Net

awesome-honeypots 8,520 about 2 months ago The canonical awesome honeypot list
HoneyPy 459 7 months ago HoneyPy is a low to medium interaction honeypot. It is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations
Conpot ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants
Amun 59 5 months ago Amun Python-based low-interaction Honeypot
Glastopf Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application
Kippo 1,611 11 months ago Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker
Kojoney Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries
HonSSH 372 almost 3 years ago HonSSH is a high-interaction Honey Pot solution. HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them
Bifrozt Bifrozt is a NAT device with a DHCP server that is usually deployed with one NIC connected directly to the Internet and one NIC connected to the internal network. What differentiates Bifrozt from other standard NAT devices is its ability to work as a transparent SSHv2 proxy between an attacker and your honeypot. If you deployed an SSH server on Bifrozt’s internal network it would log all the interaction to a TTY file in plain text that could be viewed later and capture a copy of any files that were downloaded. You would not have to install any additional software, compile any kernel modules or use a specific version or type of operating system on the internal SSH server for this to work. It will limit outbound traffic to a set number of ports and will start to drop outbound packets on these ports when certain limits are exceeded
HoneyDrive HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot, Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients and more. Additionally it includes many useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, DionaeaFR, an ELK stack and much more. Lastly, almost 90 well-known malware analysis, forensics and network monitoring related tools are also present in the distribution
Cuckoo Sandbox Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment
T-Pot Honeypot Distro T-Pot is based on the network installer of Ubuntu Server 16/17.x LTS. The honeypot daemons as well as other support components being used have been containerized using docker. This allows us to run multiple honeypot daemons on the same network interface while maintaining a small footprint and constrain each honeypot within its own environment. Installation over vanilla Ubuntu - - This script will install T-Pot 16.04/17.10 on a fresh Ubuntu 16.04.x LTS (64bit). It is intended to be used on hosted servers, where an Ubuntu base image is given and there is no ability to install custom ISO images. Successfully tested on vanilla Ubuntu 16.04.3 in VMware

Awesome Security / Network / Full Packet Capture / Forensic

tcpflow 1,680 24 days ago tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored 'tcpdump' packet flows
Deepfence PacketStreamer 1,876 3 months ago High-performance remote packet capture and collection tool, distributed tcpdump for cloud native environments
Xplico The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT)
Moloch 6,286 19 days ago Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic
OpenFPC OpenFPC is a set of tools that combine to provide a lightweight full-packet network traffic recorder & buffering system. It's design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log management tools
Dshell 5,451 5 months ago Dshell is a network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures
stenographer 1,788 about 3 years ago Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets

Awesome Security / Network / Sniffer

wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options
netsniff-ng netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa
Live HTTP headers Live HTTP headers is a free firefox addon to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations

Awesome Security / Network / Security Information & Event Management

Prelude Prelude is a Universal "Security Information & Event Management" (SIEM) system. Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events; Prelude is "agentless"
OSSIM OSSIM provides all of the features that a security professional needs from a SIEM offering – event collection, normalization, and correlation
FIR 1,724 about 1 month ago Fast Incident Response, a cybersecurity incident management platform
LogESP 194 about 1 year ago Open Source SIEM (Security Information and Event Management system)
wazuh 10,509 12 days ago -Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. It works with tons of data supported by an OpenSearch fork and custom WUI
VAST 638 12 days ago Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation
Matano 1,453 3 months ago Open source serverless security lake platform on AWS that lets you ingest, store, and analyze petabytes of security data into an Apache Iceberg data lake and run realtime Python detections as code

Awesome Security / Network / VPN

OpenVPN OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange
Firezone 6,759 3 days ago Open-source VPN server and egress firewall for Linux built on WireGuard that makes it simple to manage secure remote access to your company’s private networks. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable

Awesome Security / Network / Fast Packet Processing

DPDK DPDK is a set of libraries and drivers for fast packet processing
PFQ 520 over 5 years ago PFQ is a functional networking framework designed for the Linux operating system that allows efficient packets capture/transmission (10G and beyond), in-kernel functional processing and packets steering across sockets/end-points
PF_RING PF_RING is a new type of network socket that dramatically improves the packet capture speed
PF_RING ZC (Zero Copy) PF_RING ZC (Zero Copy) is a flexible packet processing framework that allows you to achieve 1/10 Gbit line rate packet processing (both RX and TX) at any packet size. It implements zero copy operations including patterns for inter-process and inter-VM (KVM) communications
PACKET_MMAP/TPACKET/AF_PACKET It's fine to use PACKET_MMAP to improve the performance of the capture and transmission process in Linux
netmap netmap is a framework for high speed packet I/O. Together with its companion VALE software switch, it is implemented as a single kernel module and available for FreeBSD, Linux and now also Windows

Awesome Security / Network / Firewall

pfSense Firewall and Router FreeBSD distribution
OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources
fwknop Protects ports via Single Packet Authorization in your firewall

Awesome Security / Network / Anti-Spam

Spam Scanner Anti-Spam Scanning Service and Anti-Spam API by
rspamd 2,045 2 days ago Fast, free and open-source spam filtering system
SpamAssassin A powerful and popular email spam filter employing a variety of detection technique
Scammer-List A free open source AI based Scam and Spam Finder with a free API

Awesome Security / Network / Docker Images for Penetration Testing & Security

official Kali Linux
official OWASP ZAP 12,560 12 days ago -
official WPScan -
docker-metasploit -
Damn Vulnerable Web Application (DVWA) -
Vulnerable WordPress Installation -
Vulnerability as a service: Shellshock -
Vulnerability as a service: Heartbleed -
Security Ninjas -
Docker Bench for Security -
OWASP Security Shepherd -
OWASP WebGoat Project docker image -
OWASP NodeGoat 1,878 4 months ago -
OWASP Mutillidae II Web Pen-Test Practice Application -
OWASP Juice Shop -
OWASP WrongSecrets -
Cyware Threat Response Docker -
cicd-goat 1,925 3 months ago -

Awesome Security / Endpoint / Anti-Virus / Anti-Malware

Fastfinder 230 over 2 years ago Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashs, litteral/wildcard strings, regular expressions and YARA rules. Can easily be packed to be deployed on any windows / linux host
Linux Malware Detect A malware scanner for Linux designed around the threats faced in shared hosted environments
LOKI 3,364 7 months ago Simple Indicators of Compromise and Incident Response Scanner
rkhunter A Rootkit Hunter for Linux
ClamAv ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats

Awesome Security / Endpoint / Content Disarm & Reconstruct

DocBleach 147 about 1 year ago An open-source Content Disarm & Reconstruct software sanitizing Office, PDF and RTF Documents

Awesome Security / Endpoint / Configuration Management

Fleet device management 2,983 10 days ago Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems
Rudder Rudder is an easy to use, web-driven, role-based solution for IT Infrastructure Automation & Compliance. Automate common system administration tasks (installation, configuration); Enforce configuration over time (configuring once is good, ensuring that configuration is valid and automatically fixing it is better); Inventory of all managed nodes; Web interface to configure and manage nodes and their configuration; Compliance reporting, by configuration and/or by node

Awesome Security / Endpoint / Authentication

google-authenticator 5,196 about 4 years ago The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238
Stegcloak 3,286 12 months ago Securely assign Digital Authenticity to any written text

Awesome Security / Endpoint / Mobile / Android / iOS

android-security-awesome 8,099 about 1 month ago A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps
SecMobi Wiki A collection of mobile security resources which including articles, blogs, books, groups, projects, tools and conferences. *
OWASP Mobile Security Testing Guide 11,678 1 day ago A comprehensive manual for mobile app security testing and reverse engineering
OSX Security Awesome 727 9 months ago A collection of OSX and iOS security resources
Themis 1,859 about 1 month ago High-level multi-platform cryptographic framework for protecting sensitive data: secure messaging with forward secrecy and secure data storage (AES256GCM), suits for building end-to-end encrypted applications
Mobile Security Wiki A collection of mobile security resources
Apktool 20,011 8 days ago A tool for reverse engineering Android apk files
jadx 41,156 13 days ago Command line and GUI tools for produce Java source code from Android Dex and Apk files
enjarify 921 almost 3 years ago A tool for translating Dalvik bytecode to equivalent Java bytecode
Android Storage Extractor 16 almost 6 years ago A tool to extract local data storage of an Android application in one click
Quark-Engine 1,306 1 day ago An Obfuscation-Neglect Android Malware Scoring System
dotPeek Free-of-charge standalone tool based on ReSharper's bundled decompiler
hardened_malloc 1,263 9 days ago Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time
AMExtractor 11 almost 9 years ago AMExtractor can dump out the physical content of your Android device even without kernel source code
frida 15,882 7 days ago Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers
UDcide 34 over 3 years ago Android Malware Behavior Editor
reFlutter 1,276 over 2 years ago Flutter Reverse Engineering Framework

Awesome Security / Endpoint / Forensics

grr 4,762 16 days ago GRR Rapid Response is an incident response framework focused on remote live forensics
Volatility 7,219 over 1 year ago Python based memory extraction and analysis framework
mig MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security
ir-rescue 462 over 3 years ago is a Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response
Logdissect 146 2 months ago CLI utility and Python API for analyzing log files and other data
Meerkat 434 8 days ago PowerShell-based Windows artifact collection for threat hunting and incident response
Rekall 1,918 almost 4 years ago The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems
LiME Linux Memory Extractor
Maigret 10,167 about 2 months ago Maigret collect a dossier on a person by username only, checking for accounts on a huge number of sites and gathering all the available information from web pages

Awesome Security / Threat Intelligence

abuse.ch ZeuS Tracker / SpyEye Tracker / Palevo Tracker / Feodo Tracker tracks Command&Control servers (hosts) around the world and provides you a domain- and an IP-blocklist
Cyware Threat Intelligence Feeds Cyware’s Threat Intelligence feeds brings to you the valuable threat data from a wide range of open and trusted sources to deliver a consolidated stream of valuable and actionable threat intelligence. Our threat intel feeds are fully compatible with STIX 1.x and 2.0, giving you the latest information on malicious malware hashes, IPs and domains uncovered across the globe in real-time
Emerging Threats - Open Source Emerging Threats began 10 years ago as an open source community for collecting Suricata and SNORT® rules, firewall rules, and other IDS rulesets. The open source community still plays an active role in Internet security, with more than 200,000 active users downloading the ruleset daily. The ETOpen Ruleset is open to any user or organization, as long as you follow some basic guidelines. Our ETOpen Ruleset is available for download any time
PhishTank PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge
SBL / XBL / PBL / DBL / DROP / ROKSO The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet's spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam and malware gangs worldwide, and to lobby governments for effective anti-spam legislation
Internet Storm Center The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers
AutoShun AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world
DNS-BH The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting
AlienVault Open Threat Exchange AlienVault Open Threat Exchange (OTX), to help you secure your networks from data loss, service disruption and system compromise caused by malicious IP addresses
Tor Bulk Exit List CollecTor, your friendly data-collecting service in the Tor network. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. If you're doing research on the Tor network, or if you're developing an application that uses Tor network data, this is your place to start. / /
leakedin.com The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com
FireEye OpenIOCs 463 over 5 years ago FireEye Publicly Shared Indicators of Compromise (IOCs)
OpenVAS NVT Feed The public feed of Network Vulnerability Tests (NVTs). It contains more than 35,000 NVTs (as of April 2014), growing on a daily basis. This feed is configured as the default for OpenVAS
Project Honey Pot Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it
virustotal VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners
IntelMQ 974 26 days ago IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
CIFv2 227 over 6 years ago CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route)
MISP - Open Source Threat Intelligence Platform MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries ( , ), an extensive data model to share new information using and default
PhishStats Phishing Statistics with search for IP, domain and website title
Threat Jammer REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources
Cyberowl 245 8 months ago A daily updated summary of the most frequent types of security incidents currently being reported from different sources

Awesome Security / Social Engineering

Gophish An Open-Source Phishing Framework

Awesome Security / Web / Organization

OWASP The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software
Portswigger PortSwigger offers tools for web application security, testing & scanning. Choose from a wide range of security tools & identify the very latest vulnerabilities

Awesome Security / Web / Web Application Firewall

ModSecurity ModSecurity is a toolkit for real-time web application monitoring, logging, and access control
BunkerWeb 6,273 4 days ago BunkerWeb is a full-featured open-source web server with ModeSecurity WAF, HTTPS with transparent Let's Encrypt renewal, automatic ban of strange behaviors based on HTTP codes, bot and bad IPs block, connection limits, state-of-the-art security presets, Web UI and much more
NAXSI 4,789 11 months ago NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX, NAXSI means Nginx Anti Xss & Sql Injection
sql_firewall 175 about 9 years ago SQL Firewall Extension for PostgreSQL
ironbee 305 almost 9 years ago IronBee is an open source project to build a universal web application security sensor. IronBee as a framework for developing a system for securing web applications - a framework for building a web application firewall (WAF)
Curiefense Curiefense adds a broad set of automated web security tools, including a WAF to Envoy Proxy
open-appsec 860 11 days ago open-appsec is an open source machine-learning security engine that preemptively and automatically prevents threats against Web Application & APIs

Awesome Security / Web / Scanning / Pentesting

Spyse Spyse is an OSINT search engine that provides fresh data about the entire web. All the data is stored in its own DB for instant access and interconnected with each other for flexible search. Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technologies, OS, AS, wide SSL/TLS DB and more
sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections
ZAP The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually
OWASP Testing Checklist v4 List of some controls to test during a web vulnerability assessment. Markdown version may be found
w3af w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities
Recon-ng 3,919 3 months ago Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework
PTF 5,110 20 days ago The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools
Infection Monkey 6,635 21 days ago A semi automatic pen testing tool for mapping/pen-testing networks. Simulates a human attacker
ACSTIS 302 almost 3 years ago ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability
padding-oracle-attacker 199 over 1 year ago padding-oracle-attacker is a CLI tool and library to execute padding oracle attacks (which decrypts data encrypted in CBC mode) easily, with support for concurrent network requests and an elegant UI
is-website-vulnerable 1,932 30 days ago finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
PhpSploit 2,207 5 months ago Full-featured C2 framework which silently persists on webserver via evil PHP oneliner. Built for stealth persistence, with many privilege-escalation & post-exploitation features
Keyscope 385 5 months ago Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust
Cyclops 112 3 months ago The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink
Scanmycode CE (Community Edition) 791 2 days ago Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report. Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks (total ca. 1000 checks)
recon 30 almost 2 years ago a fast Rust based CLI that uses SQL to query over files, code, or malware with content classification and processing for security experts
CakeFuzzer 93 10 months ago The ultimate web application security testing tool for CakePHP-based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points
Artemis 548 5 days ago A modular vulnerability scanner with automatic report generation capabilities

Awesome Security / Web / Runtime Application Self-Protection

Sqreen Sqreen is a Runtime Application Self-Protection (RASP) solution for software teams. An in-app agent instruments and monitors the app. Suspicious user activities are reported and attacks are blocked at runtime without code modification or traffic redirection
OpenRASP 2,776 4 months ago An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less than 3% performance reduction is observed under heavy server load

Awesome Security / Web / Development

API Security in Action Book covering API security including secure development, token-based authentication, JSON Web Tokens, OAuth 2, and Macaroons. (early access, published continuously, final release summer 2020)
Secure by Design Book that identifies design patterns and coding styles that make lots of security vulnerabilities less likely. (early access, published continuously, final release fall 2017)
Understanding API Security Free eBook sampler that gives some context for how API security works in the real world by showing how APIs are put together and how the OAuth protocol can be used to protect them
OAuth 2 in Action Book that teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server
OWASP ZAP Node API 47 5 days ago Leverage the OWASP Zed Attack Proxy (ZAP) within your NodeJS applications with this official API
GuardRails A GitHub App that provides security feedback in Pull Requests
Bearer 1,966 5 days ago Scan code for security risks and vulnerabilities leading to sensitive data exposures
Checkov 7,016 12 days ago A static analysis tool for infrastucture as code (Terraform)
TFSec 6,676 9 days ago A static analysis tool for infrastucture as code (Terraform)
KICS 2,034 12 days ago Scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks
Insider CLI 511 over 2 years ago A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js)
Full Stack Python Security A comprehensive look at cybersecurity for Python developers
Making Sense of Cyber Security A jargon-free, practical guide to the key concepts, terminology, and technologies of cybersecurity perfect for anyone planning or implementing a security strategy. (early access, published continuously, final release early 2022)
Security Checklist by OWASP A checklist by OWASP for testing web applications based on assurance level. Covers multiple topics like Architecture, IAM, Sanitization, Cryptography and Secure Configuration

Awesome Security / Exploits & Payloads

PayloadsAllTheThings 60,304 26 days ago A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Awesome Security / Red Team Infrastructure Deployment

Redcloud 1,204 about 2 years ago A automated Red Team Infrastructure deployement using Docker
Axiom 4,004 12 days ago -Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security

Awesome Security / Blue Team Infrastructure Deployment

MutableSecurity 43 over 1 year ago CLI program for automating the setup, configuration, and use of cybersecurity solutions

Awesome Security / Usability

Usable Security Course Usable Security course at coursera. Quite good for those looking for how security and usability intersects

Awesome Security / Big Data

data_hacking 769 over 5 years ago Examples of using IPython, Pandas, and Scikit Learn to get the most out of your security data
hadoop-pcap 208 over 1 year ago Hadoop library to read packet capture (PCAP) files
Workbench A scalable python framework for security research and development teams
OpenSOC 572 over 4 years ago OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis
Apache Metron (incubating) 846 about 4 years ago Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis
Apache Spot (incubating) 347 over 1 year ago Apache Spot is open source software for leveraging insights from flow and packet analysis
binarypig 143 about 10 years ago Scalable Binary Data Extraction in Hadoop. Malware Processing and Analytics over Pig, Exploration through Django, Twitter Bootstrap, and Elasticsearch
Matano 1,453 3 months ago Open source serverless security lake platform on AWS that lets you ingest, store, and analyze petabytes of security data into an Apache Iceberg data lake and run realtime Python detections as code
VAST 638 12 days ago Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation

Awesome Security / DevOps

Securing DevOps A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure
ansible-os-hardening 3,969 4 days ago Ansible role for OS hardening
Trivy 23,086 9 days ago A simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for CI
Preflight 153 almost 2 years ago helps you verify scripts and executables to mitigate supply chain attacks in your CI and other systems
Teller 2,864 2 months ago a secrets management tool for devops and developers - manage secrets across multiple vaults and keystores from a single place
cve-ape 4 over 2 years ago A non-intrusive CVE scanner for embedding in test and CI environments that can scan package lists and individual packages for existing CVEs via locally stored CVE database. Can also be used as an offline CVE scanner for e.g. OT/ICS
Selefra 521 about 1 year ago An open-source policy-as-code software that provides analytics for multi-cloud and SaaS

Awesome Security / Terminal

shellfirm 816 10 months ago It is a handy utility to help avoid running dangerous commands with an extra approval step. You will immediately get a small prompt challenge that will double verify your action when risky patterns are detected
shellclear 218 over 1 year ago It helps you to Secure your shell history commands by finding sensitive commands in your all history commands and allowing you to clean them

Awesome Security / Operating Systems / Privacy & Security

Qubes OS Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing
Whonix Operating System designed for anonymity
Tails OS Tails is a portable operating system that protects against surveillance and censorship

Awesome Security / Operating Systems / Online resources

Security related Operating Systems @ Rawsec Complete list of security related operating systems
Best Linux Penetration Testing Distributions @ CyberPunk Description of main penetration testing distributions
Security @ Distrowatch Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
Hardening Windows 10 Guide for hardening Windows 10

Awesome Security / Datastores

databunker Databunker is an address book on steroids for storing personal data. GDPR and encryption are out of the box
acra 1,350 25 days ago Database security suite: proxy for data protection with transparent "on the fly" data encryption, data masking and tokenization, SQL firewall (SQL injections prevention), intrusion detection system
blackbox 6,683 17 days ago Safely store secrets in a VCS repo using GPG
confidant 1,841 16 days ago Stores secrets in AWS DynamoDB, encrypted at rest and integrates with IAM
dotgpg 162 over 6 years ago A tool for backing up and versioning your production secrets or shared passwords securely and easily
redoctober 1,396 21 days ago Server for two-man rule style file encryption and decryption
aws-vault 8,434 3 months ago Store AWS credentials in the OSX Keychain or an encrypted file
credstash 2,059 over 2 years ago Store secrets using AWS KMS and DynamoDB
chamber 2,467 5 days ago Store secrets using AWS KMS and SSM Parameter Store
Safe 414 8 months ago A Vault CLI that makes reading from and writing to the Vault easier to do
Sops 16,652 4 days ago An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP
passbolt The password manager your team was waiting for. Free, open source, extensible, based on OpenPGP
passpie 922 7 months ago Multiplatform command-line password manager
Vault An encrypted datastore secure enough to hold environment and application secrets
LunaSec 1,437 5 months ago Database for PII with automatic encryption/tokenization, sandboxed components for handling data, and centralized authorization controls

Awesome Security / Fraud prevention

FingerprintJS 21,934 10 days ago Identifies browser and hybrid mobile application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity
FingerprintJS Android 573 6 months ago Identifies Android application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity

Awesome Security / EBooks

Holistic Info-Sec for Web Developers Free and downloadable book series with very broad and deep coverage of what Web Developers and DevOps Engineers need to know in order to create robust, reliable, maintainable and secure software, networks and other, that are delivered continuously, on time, with no nasty surprises
Docker Security - Quick Reference: For DevOps Engineers A book on understanding the Docker security defaults, how to improve them (theory and practical), along with many tools and techniques
How to Hack Like a Pornstar A step by step process for breaking into a BANK, Sparc Flow, 2017
How to Hack Like a Legend A hacker’s tale breaking into a secretive offshore company, Sparc Flow, 2018
How to Investigate Like a Rockstar Live a real crisis to master the secrets of forensic analysis, Sparc Flow, 2017
Real World Cryptography This early-access book teaches you applied cryptographic techniques to understand and apply security at every level of your systems and applications
AWS Security This early-access book covers commong AWS security issues and best practices for access policies, data protection, auditing, continuous monitoring, and incident response
The Art of Network Penetration Testing Book that is a hands-on guide to running your own penetration test on an enterprise network. (early access, published continuously, final release December 2020)
Spring Boot in Practice Book that is a practical guide which presents dozens of relevant scenarios in a convenient problem-solution-discussion format.. (early access, published continuously, final release fall 2021)
Self-Sovereign Identity A book about how SSI empowers us to receive digitally-signed credentials, store them in private wallets, and securely prove our online identities. (early access, published continuously, final release fall 2021)
Data Privacy A book that teaches you to implement technical privacy solutions and tools at scale. (early access, published continuously, final release January 2022)
Cyber Security Career Guide Kickstart a career in cyber security by learning how to adapt your existing technical and non-technical skills. (early access, published continuously, final release Summer 2022)
Secret Key Cryptography A book about cryptographic techniques and Secret Key methods. (early access, published continuously, final release Summer 2022)
The Security Engineer Handbook A short read that discusses the dos and dont's of working in a security team, and the many tricks and tips that can help you in your day-to-day as a security engineer
Cyber Threat Hunting Practical guide to cyber threat hunting
Edge Computing Technology and Applications A book about the business and technical foundation you need to create your edge computing strategy
Spring Security in Action, Second Edition A book about designing and developing Spring applications that are secure right from the start
Azure Security A practical guide to the native security services of Microsoft Azure
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities Learn secure coding conventions in Node.js by executing command injection attacks on real-world npm packages and analyzing vulnerable code
Node.js Secure Coding: Prevention and Exploitation of Path Traversal Vulnerabilities Master secure coding in Node.js with real-world vulnerable dependencies and experience firsthand secure coding techniques against Path Traversal vulnerabilities
Grokking Web Application Security A book about building web apps that are ready for and resilient to any attack

Awesome Security / Other Awesome Lists / Other Security Awesome Lists

Android Security Awesome 8,099 about 1 month ago A collection of android security related resources
Awesome ARM Exploitation 316 9 months ago A curated list of ARM exploitation resources
Awesome CTF 9,715 3 months ago A curated list of CTF frameworks, libraries, resources and software
Awesome Cyber Skills 3,616 3 months ago A curated list of hacking environments where you can train your cyber skills legally and safely
Awesome Personal Security 16,905 7 days ago A curated list of digital security and privacy tips, with links to further resources
Awesome Hacking 12,967 4 months ago A curated list of awesome Hacking tutorials, tools and resources
Awesome Honeypots 8,520 about 2 months ago An awesome list of honeypot resources
Awesome Malware Analysis 11,701 4 months ago A curated list of awesome malware analysis tools and resources
Awesome Security Newsletters 898 26 days ago A curated list of awesome newsletters to keep up to date on security news via e-mail
Awesome PCAP Tools 3,116 5 months ago A collection of tools developed by other researchers in the Computer Science area to process network traces
Awesome Pentest 21,566 about 23 hours ago A collection of awesome penetration testing resources, tools and other shiny things
Awesome Privacy 6,758 7 days ago A curated list of privacy-respecting software and services
Awesome Linux Containers 1,793 6 months ago A curated list of awesome Linux Containers frameworks, libraries and software
Awesome Incident Response 7,584 3 months ago A curated list of resources for incident response
Awesome Web Hacking 5,785 15 days ago This list is for anyone wishing to learn about web application security but do not have a starting point
Awesome Electron.js Hacking 573 3 months ago A curated list of awesome resources about Electron.js (in)security
Awesome Threat Intelligence 7,958 about 2 months ago A curated list of threat intelligence resources
Awesome Threat Modeling 120 4 months ago A curated list of Threat Modeling resources
Awesome Pentest Cheat Sheets 3,864 8 months ago Collection of the cheat sheets useful for pentesting
Awesome Industrial Control System Security 29 over 8 years ago A curated list of resources related to Industrial Control System (ICS) security
Awesome YARA 3,515 about 2 months ago A curated list of awesome YARA rules, tools, and people
Awesome Threat Detection and Hunting 3,644 3 months ago A curated list of awesome threat detection and hunting resources
Awesome Container Security 15 over 5 years ago A curated list of awesome resources related to container building and runtime security
Awesome Crypto Papers 1,773 20 days ago A curated list of cryptography papers, articles, tutorials and howtos
Awesome Shodan Search Queries 5,639 5 months ago A collection of interesting, funny, and depressing search queries to plug into Shodan.io
Awesome Censys Queries 909 5 days ago A collection of fascinating and bizarre Censys Search Queries
Awesome Anti Forensics 732 11 months ago A collection of awesome tools used to counter forensics activities
Awesome Security Talks & Videos 4,004 over 3 years ago A curated list of awesome security talks, organized by year and then conference
Awesome Bluetooth Security 508 10 months ago A curated list of Bluetooth security resources
Awesome WebSocket Security 249 almost 3 years ago A curated list of WebSocket security resources
Security Acronyms 23 about 2 months ago A curated list of security related acronyms and concepts
Awesome SOAR 800 about 2 months ago A curated Cyber "Security Orchestration, Automation and Response (SOAR)" resources list
Awesome Security Hardening 5,436 10 days ago A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources

Awesome Security / Other Awesome Lists / Other Common Awesome Lists

awesome-awesomeness 31,731 4 months ago awesome-* or *-awesome lists
lists 9,942 12 days ago The definitive list of (awesome) lists curated on GitHub
Movies For Hacker 10,561 2 months ago A curated list of movies every hacker & cyberpunk must watch
Awesome Self-Hosted 198,356 2 days ago
Awesome Analytics 3,919 5 months ago
Awesome Sysadmin 24,909 about 2 months ago

Backlinks from these awesome lists: