Skip to content

mpapadopoullos/starred

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

874 Commits
.github/workflows
.github/workflows
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
topics.md
topics.md
 
 

Repository files navigation

Awesome Stars Awesome

A curated list of my GitHub stars! Generated by starred.

Contents

agent

  • vercel/eve - The Framework for Building Agents
  • bytedance/deer-flow - An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of ta
  • Repello-AI/Agent-Wiz - A CLI tool for threat modeling and visualizing AI agents built using popular frameworks like LangGraph, AutoGen, CrewAI, and more.
  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • OpenHands/OpenHands - 🙌 OpenHands: AI-Driven Development
  • camel-ai/camel - 🐫 CAMEL: The first and the best multi-agent framework. Finding the Scaling Law of Agents. https://www.camel-ai.org
  • cisco-ai-defense/skill-scanner - Security Scanner for Agent Skills
  • snyk/agent-scan - Security scanner for AI agents, MCP servers and agent skills.
  • google/adk-python - An open-source, code-first Python toolkit for building, evaluating, and deploying sophisticated AI agents with flexibility and control.
  • TauricResearch/TradingAgents - TradingAgents: Multi-Agents LLM Financial Trading Framework
  • dair-ai/Prompt-Engineering-Guide - 🐙 Guides, papers, lessons, notebooks and resources for prompt engineering, context engineering, RAG, and AI Agents.
  • langgenius/dify - Production-ready platform for agentic workflow development.
  • hoophq/hoop - One gateway in front of every protocol. Same policy across MCP, LLMs, databases and containers. Wire-level enforcement at under 5ms.

agent-skills

  • microsoft/skills - Skills, MCP servers, Custom Agents, Agents.md for SDKs to ground Coding Agents
  • cisco-ai-defense/skill-scanner - Security Scanner for Agent Skills
  • nexu-io/open-design - 🎨 Local-first, open-source Claude Design alternative. 🖥️ Native desktop app. ⚡ 259+ Skills · ✨ 142+ Design Systems 🖼️ Web · desktop · mobile prototypes · slides · images · videos · HyperFrames 📦 Sandb
  • agentskills/agentskills - Specification and documentation for Agent Skills
  • anthropics/skills - Public repository for Agent Skills
  • trailofbits/skills - Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows
  • VoltAgent/awesome-agent-skills - A curated collection of 1000+ agent skills from official dev teams and the community, compatible with Claude Code, Codex, Gemini CLI, Cursor, and more.
  • phuryn/pm-skills - PM Skills Marketplace: 100+ agentic skills, commands, and plugins — from discovery to strategy, execution, launch, and growth.
  • hesreallyhim/awesome-claude-code - A curated list of awesome skills, hooks, slash-commands, agent orchestrators, applications, and plugins for Claude Code by Anthropic
  • wshobson/agents - Multi-harness agentic plugin marketplace for Claude Code, Codex CLI, Cursor, OpenCode, GitHub Copilot, and Gemini CLI

agents

  • microsoft/agent-framework - A framework for building, orchestrating and deploying AI agents and multi-agent workflows with support for Python and .NET.
  • FlowiseAI/Flowise - Build AI Agents, Visually
  • rohitg00/agentmemory - #1 Persistent memory for AI coding agents based on real-world benchmarks
  • semgrep/skills - A collection of skills for AI coding agents from Semgrep
  • microsoft/skills - Skills, MCP servers, Custom Agents, Agents.md for SDKs to ground Coding Agents
  • dreadnode/capabilities - Public source of the Dreadnode capabilities in app.dreadnode.io — agents, tools, skills, MCP servers, and workers.
  • docker/docker-agent - AI Agent Builder and Runtime by Docker Engineering
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • Shubhamsaboo/awesome-llm-apps - 100+ AI Agent & RAG apps you can actually run — clone, customize, ship.
  • google/adk-python - An open-source, code-first Python toolkit for building, evaluating, and deploying sophisticated AI agents with flexibility and control.
  • crewAIInc/crewAI - Framework for orchestrating role-playing, autonomous AI agents. By fostering collaborative intelligence, CrewAI empowers agents to work together seamlessly, tackling complex tasks.
  • openagents-org/openagents - OpenAgents - AI Agent Networks for Open Collaboration
  • ruvnet/ruflo - 🌊 The leading agent meta-harness for Claude. Deploy intelligent multi-agent swarms, coordinate autonomous workflows, and build conversational AI systems. Features adaptive memory, self-learning swarm
  • klawsh/klaw.sh - kubectl for AI Agents
  • microsoft/autogen - A programming framework for agentic AI
  • dair-ai/Prompt-Engineering-Guide - 🐙 Guides, papers, lessons, notebooks and resources for prompt engineering, context engineering, RAG, and AI Agents.
  • langflow-ai/langflow - Langflow is a powerful tool for building and deploying AI-powered agents and workflows.
  • google/adk-samples - A collection of sample agents built with Agent Development Kit (ADK)
  • coder/coder - Secure environments for developers and their agents
  • langchain-ai/langchain - The agent engineering platform.
  • wshobson/agents - Multi-harness agentic plugin marketplace for Claude Code, Codex CLI, Cursor, OpenCode, GitHub Copilot, and Gemini CLI

ai

  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • Fission-AI/OpenSpec - Spec-driven development (SDD) for AI coding assistants.
  • google/oss-fuzz-gen - LLM powered fuzzing via OSS-Fuzz.
  • microsoft/agent-framework - A framework for building, orchestrating and deploying AI agents and multi-agent workflows with support for Python and .NET.
  • shanraisshan/claude-code-best-practice - from vibe coding to agentic engineering - practice makes claude perfect
  • bytedance/deer-flow - An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of ta
  • daytonaio/daytona - Daytona is a Secure and Elastic Infrastructure for Running AI-Generated Code
  • Repello-AI/Agent-Wiz - A CLI tool for threat modeling and visualizing AI agents built using popular frameworks like LangGraph, AutoGen, CrewAI, and more.
  • rohitg00/agentmemory - #1 Persistent memory for AI coding agents based on real-world benchmarks
  • Trusted-AI/adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
  • NousResearch/hermes-agent - The agent that grows with you
  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • konflux-ci/konflux-ci - Trusted builds made easy! A cloud-native software factory for building, testing, and releasing trusted software artifacts
  • opensandbox-group/OpenSandbox - Secure, Fast, and Extensible Sandbox runtime for AI agents.
  • aaif-goose/goose - an open source, extensible AI agent that goes beyond code suggestions - install, execute, edit, and test with any LLM
  • code-yeongyu/oh-my-openagent - omo/lazycodex: The coding agent for tokenmaxxers;the one and only agent harness for complex codebases. For your Codex, for your OpenCode
  • atlassian/atlassian-mcp-server - Official remote MCP server for Atlassian. Securely connect Jira, Confluence, Jira Service Management, Bitbucket, and Compass to Claude, ChatGPT, Cursor, VS Code, and other AI tools using OAuth 2.1 or
  • docker/docker-agent - AI Agent Builder and Runtime by Docker Engineering
  • microsoft/semantic-kernel - Integrate cutting-edge LLM technology quickly and easily into your apps
  • x1xhlol/system-prompts-and-models-of-ai-tools - FULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI, V
  • snyk/agent-scan - Security scanner for AI agents, MCP servers and agent skills.
  • OpenBB-finance/OpenBB - Financial data platform for analysts, quants and AI agents.
  • openclaw/openclaw - Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
  • LobsterTrap/lola - Lola is able to package AI Context Modules or skills into a distributed package to be supported across multiple AI assistants. Think of your skill as the RPM package and Lola as the YUM/DNF. Write you
  • carla-simulator/carla - Open-source simulator for autonomous driving research.
  • NVIDIA/garak - the LLM vulnerability scanner
  • google/adk-python - An open-source, code-first Python toolkit for building, evaluating, and deploying sophisticated AI agents with flexibility and control.
  • obra/superpowers - An agentic skills framework & software development methodology that works.
  • Trusera/ai-bom - AI Bill of Materials — discover every AI agent, model, and API in your infrastructure
  • crewAIInc/crewAI - Framework for orchestrating role-playing, autonomous AI agents. By fostering collaborative intelligence, CrewAI empowers agents to work together seamlessly, tackling complex tasks.
  • openagents-org/openagents - OpenAgents - AI Agent Networks for Open Collaboration
  • rasbt/LLMs-from-scratch - Implement a ChatGPT-like LLM in PyTorch from scratch, step by step
  • microsoft/generative-ai-for-beginners - 21 Lessons, Get Started Building with Generative AI
  • f/prompts.chat - f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.
  • Kong/kong - 🦍 The API and AI Gateway
  • ClickHouse/ClickHouse - ClickHouse® is a real-time analytics database management system
  • go-vgo/robotgo - RobotGo, Go Native cross-platform RPA, GUI automation, Auto test and Computer use @vcaesar
  • n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
  • microsoft/autogen - A programming framework for agentic AI
  • danielmiessler/Fabric - Fabric is an open-source framework for augmenting humans using AI. It provides a modular system for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
  • langgenius/dify - Production-ready platform for agentic workflow development.
  • langchain-ai/langchain - The agent engineering platform.
  • github/spec-kit - 💫 Toolkit to help you get started with Spec-Driven Development

ai-agents

  • affaan-m/ECC - The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • Ataraxy-Labs/sem - Semantic version control => entity-level diffs, blame, and impact analysis on top of git. 28 languages via tree-sitter. Built for coding agents.
  • shanraisshan/claude-code-best-practice - from vibe coding to agentic engineering - practice makes claude perfect
  • bytedance/deer-flow - An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of ta
  • daytonaio/daytona - Daytona is a Secure and Elastic Infrastructure for Running AI-Generated Code
  • Repello-AI/Agent-Wiz - A CLI tool for threat modeling and visualizing AI agents built using popular frameworks like LangGraph, AutoGen, CrewAI, and more.
  • onecli/onecli - Open-source credential gateway with a built-in vault. give your AI agents access to services without exposing keys.
  • dreadnode/capabilities - Public source of the Dreadnode capabilities in app.dreadnode.io — agents, tools, skills, MCP servers, and workers.
  • NousResearch/hermes-agent - The agent that grows with you
  • aaif-goose/goose - an open source, extensible AI agent that goes beyond code suggestions - install, execute, edit, and test with any LLM
  • code-yeongyu/oh-my-openagent - omo/lazycodex: The coding agent for tokenmaxxers;the one and only agent harness for complex codebases. For your Codex, for your OpenCode
  • atlassian/atlassian-mcp-server - Official remote MCP server for Atlassian. Securely connect Jira, Confluence, Jira Service Management, Bitbucket, and Compass to Claude, ChatGPT, Cursor, VS Code, and other AI tools using OAuth 2.1 or
  • nexu-io/open-design - 🎨 Local-first, open-source Claude Design alternative. 🖥️ Native desktop app. ⚡ 259+ Skills · ✨ 142+ Design Systems 🖼️ Web · desktop · mobile prototypes · slides · images · videos · HyperFrames 📦 Sandb
  • google/adk-python - An open-source, code-first Python toolkit for building, evaluating, and deploying sophisticated AI agents with flexibility and control.
  • crewAIInc/crewAI - Framework for orchestrating role-playing, autonomous AI agents. By fostering collaborative intelligence, CrewAI empowers agents to work together seamlessly, tackling complex tasks.
  • ruvnet/ruflo - 🌊 The leading agent meta-harness for Claude. Deploy intelligent multi-agent swarms, coordinate autonomous workflows, and build conversational AI systems. Features adaptive memory, self-learning swarm
  • vxcontrol/pentagi - Fully autonomous AI Agents system capable of performing complex penetration testing tasks
  • NVIDIA/NemoClaw - Run agents like Hermes and OpenClaw more securely inside NVIDIA OpenShell with managed inference
  • VoltAgent/awesome-agent-skills - A curated collection of 1000+ agent skills from official dev teams and the community, compatible with Claude Code, Codex, Gemini CLI, Cursor, and more.
  • RightNow-AI/openfang - Open-source Agent Operating System
  • klawsh/klaw.sh - kubectl for AI Agents
  • artnitolog/awesome-agent-learning - Guides, courses & reading lists for learning to build autonomous LLM agents
  • dair-ai/Prompt-Engineering-Guide - 🐙 Guides, papers, lessons, notebooks and resources for prompt engineering, context engineering, RAG, and AI Agents.
  • langchain-ai/langchain - The agent engineering platform.
  • wshobson/agents - Multi-harness agentic plugin marketplace for Claude Code, Codex CLI, Cursor, OpenCode, GitHub Copilot, and Gemini CLI

algorithm

algorithms

analytics

android

ansible

  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
  • trailofbits/algo - Set up a personal VPN in the cloud

api

artificial-intelligence

automation

  • openai/tart - macOS and Linux VMs on Apple Silicon to use in CI and other automations
  • go-vgo/robotgo - RobotGo, Go Native cross-platform RPA, GUI automation, Auto test and Computer use @vcaesar
  • n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
  • langgenius/dify - Production-ready platform for agentic workflow development.
  • wshobson/agents - Multi-harness agentic plugin marketplace for Claude Code, Codex CLI, Cursor, OpenCode, GitHub Copilot, and Gemini CLI
  • sottlmarek/DevSecOps - Ultimate DevSecOps library

awesome

awesome-list

  • secfigo/Awesome-Fuzzing - A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Developme
  • f/prompts.chat - f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
  • OffcierCia/DeFi-Developer-Road-Map - DeFi Developer roadmap is a curated Developer handbook which includes a list of the best tools for DApps development, resources and references!
  • bkrem/awesome-solidity - ⟠ A curated list of awesome Solidity resources, libraries, tools and more
  • VoltAgent/awesome-agent-skills - A curated collection of 1000+ agent skills from official dev teams and the community, compatible with Claude Code, Codex, Gemini CLI, Cursor, and more.
  • artnitolog/awesome-agent-learning - Guides, courses & reading lists for learning to build autonomous LLM agents
  • avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • hesreallyhim/awesome-claude-code - A curated list of awesome skills, hooks, slash-commands, agent orchestrators, applications, and plugins for Claude Code by Anthropic
  • decalage2/awesome-security-hardening - A collection of awesome security hardening guides, tools and other resources
  • open-policy-agent/awesome-opa - A curated list of OPA related tools, frameworks and articles
  • sottlmarek/DevSecOps - Ultimate DevSecOps library
  • analysis-tools-dev/static-analysis - ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
  • codecrafters-io/build-your-own-x - Master programming by recreating your favorite technologies from scratch.
  • arainho/awesome-api-security - A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

aws

  • awslabs/mcp - Open source MCP Servers for AWS
  • gruntwork-io/terragrunt - Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
  • tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
  • Hacking-the-Cloud/hackingthe.cloud - An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
  • 4ndersonLin/awesome-cloud-security - 🛡️ Awesome Cloud Security Resources ⚔️
  • aquasecurity/cloudsploit - Cloud Security Posture Management (CSPM)
  • cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  • opencost/opencost - Cost monitoring for Kubernetes workloads and cloud costs
  • nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
  • GoogleCloudPlatform/terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • infracost/infracost - Cloud cost intelligence for engineers, AI coding agents, and CI/CD 💰📉 Shift FinOps Left!
  • bridgecrewio/checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
  • prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
  • sottlmarek/DevSecOps - Ultimate DevSecOps library
  • ByteByteGoHq/system-design-101 - Explain complex systems using visuals and simple terms. Help you prepare for system design interviews.

azure

bash

beginner-project

bioinformatics

blockchain

bugbounty

  • OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
  • appsecco/vulnerable-mcp-servers-lab - A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
  • wallarm/gotestwaf - An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF

c

  • google/honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
  • go-vgo/robotgo - RobotGo, Go Native cross-platform RPA, GUI automation, Auto test and Computer use @vcaesar
  • semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

chatbot

  • FlowiseAI/Flowise - Build AI Agents, Visually
  • pathwaycom/llm-app - Ready-to-run cloud templates for RAG, AI pipelines, and enterprise search with live data. 🐳Docker-friendly.⚡Always in sync with Sharepoint, Google Drive, S3, Kafka, PostgreSQL, real-time data APIs, an

chatgpt

claude-code

  • affaan-m/ECC - The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
  • tirth8205/code-review-graph - Local-first code intelligence graph for MCP and CLI. Builds a persistent map of your codebase so AI coding tools read only what matters, with benchmarked context reductions on reviews and large-repo w
  • DeusData/codebase-memory-mcp - High-performance code intelligence MCP server. Indexes codebases into a persistent knowledge graph — average repo in milliseconds. 158 languages, sub-ms queries, 99% fewer tokens. Single static binary
  • shanraisshan/claude-code-best-practice - from vibe coding to agentic engineering - practice makes claude perfect
  • semgrep/skills - A collection of skills for AI coding agents from Semgrep
  • NousResearch/hermes-agent - The agent that grows with you
  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • anthropics/claude-plugins-official - Official, Anthropic-managed directory of high quality Claude Code Plugins.
  • Imbad0202/academic-research-skills - Academic Research Skills for Claude Code: research → write → review → revise → finalize
  • Storybloq/storybloq - Cross-session context for Claude Code. CLI + MCP server + /story skill that tracks tickets, issues, handovers, and roadmap in a .story/ directory.
  • mvanhorn/last30days-skill - AI agent skill that researches any topic across Reddit, X, YouTube, HN, Polymarket, and the web - then synthesizes a grounded summary
  • luongnv89/claude-howto - A visual, example-driven guide to Claude Code — from basic concepts to advanced agents, with copy-paste templates that bring immediate value.
  • ruvnet/ruflo - 🌊 The leading agent meta-harness for Claude. Deploy intelligent multi-agent swarms, coordinate autonomous workflows, and build conversational AI systems. Features adaptive memory, self-learning swarm
  • VoltAgent/awesome-agent-skills - A curated collection of 1000+ agent skills from official dev teams and the community, compatible with Claude Code, Codex, Gemini CLI, Cursor, and more.
  • rtk-ai/rtk - CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. Single Rust binary, zero dependencies
  • hesreallyhim/awesome-claude-code - A curated list of awesome skills, hooks, slash-commands, agent orchestrators, applications, and plugins for Claude Code by Anthropic
  • wshobson/agents - Multi-harness agentic plugin marketplace for Claude Code, Codex CLI, Cursor, OpenCode, GitHub Copilot, and Gemini CLI

cli

  • pypa/hatch - Modern, extensible Python project management
  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • HeadyZhang/agent-audit - Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis. 51 rules mapped to OWASP Agentic Top 10 (2026). Works with LangChain, CrewAI, AutoGen.
  • onecli/onecli - Open-source credential gateway with a built-in vault. give your AI agents access to services without exposing keys.
  • sheeki03/tirith - Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-to-shell, ANSI injection, obfuscated payloads, data exfiltration, and malicious AI skills/configs before they execute.
  • hermetoproject/hermeto - Hermeto is a CLI tool that prefetches project dependencies for hermetic container builds.
  • OpenHands/OpenHands - 🙌 OpenHands: AI-Driven Development
  • charmbracelet/glow - Render markdown on the CLI, with pizzazz! 💅🏻
  • Storybloq/storybloq - Cross-session context for Claude Code. CLI + MCP server + /story skill that tracks tickets, issues, handovers, and roadmap in a .story/ directory.
  • wagoodman/dive - A tool for exploring each layer in a docker image
  • rtk-ai/rtk - CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. Single Rust binary, zero dependencies
  • sherlock-project/sherlock - Hunt down social media accounts by username across social networks
  • n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
  • gruntwork-io/terragrunt - Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • Infisical/infisical - Infisical is the open-source platform for secrets, certificates, and privileged access management.
  • reviewdog/reviewdog - 🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

cloud

  • hashicorp/terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amo
  • Hacking-the-Cloud/hackingthe.cloud - An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
  • aquasecurity/cloudsploit - Cloud Security Posture Management (CSPM)
  • cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  • nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
  • GoogleCloudPlatform/terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • infracost/infracost - Cloud cost intelligence for engineers, AI coding agents, and CI/CD 💰📉 Shift FinOps Left!
  • prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
  • sottlmarek/DevSecOps - Ultimate DevSecOps library

code

  • OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
  • oracle/opengrok - OpenGrok is a fast and usable source code search and cross reference engine, written in Java

code-quality

  • reviewdog/reviewdog - 🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
  • SonarSource/sonarqube - Continuous Inspection
  • analysis-tools-dev/static-analysis - ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

code-review

  • tirth8205/code-review-graph - Local-first code intelligence graph for MCP and CLI. Builds a persistent map of your codebase so AI coding tools read only what matters, with benchmarked context reductions on reviews and large-repo w
  • reviewdog/reviewdog - 🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

coding

  • obra/superpowers - An agentic skills framework & software development methodology that works.
  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions

compiler

  • foundry-rs/foundry - Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
  • oracle/graal - GraalVM compiles applications into native executables that start instantly, scale fast, and use fewer compute resources 🚀

computer-science

computer-vision

continuous-integration

  • mercedes-benz/sechub - SecHub provides a central API to test software with different security tools.

cpp

crawler

  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • scrapy/scrapy - Scrapy, a fast high-level web crawling & scraping framework for Python.

cryptocurrency

csharp

  • microsoft/mcp-for-beginners - This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for

css

cybersecurity

dart

  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

data

  • faker-js/faker - Generate massive amounts of fake data in the browser and node.js

data-analysis

  • gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

data-science

data-structures

data-visualization

  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.

database

  • etcd-io/etcd - Distributed reliable key-value store for the most critical data of a distributed system
  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.
  • ClickHouse/ClickHouse - ClickHouse® is a real-time analytics database management system
  • manticoresoftware/manticoresearch - Easy to use open source fast database for search | Good alternative to Elasticsearch | Drop-in replacement for E in the ELK stack

deep-learning

deno

  • denoland/deno - A modern runtime for JavaScript and TypeScript.

design

developer-tools

  • koalaman/shellcheck - ShellCheck, a static analysis tool for shell scripts
  • affaan-m/ECC - The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
  • Ataraxy-Labs/sem - Semantic version control => entity-level diffs, blame, and impact analysis on top of git. 28 languages via tree-sitter. Built for coding agents.
  • DeusData/codebase-memory-mcp - High-performance code intelligence MCP server. Indexes codebases into a persistent knowledge graph — average repo in milliseconds. 158 languages, sub-ms queries, 99% fewer tokens. Single static binary
  • daytonaio/daytona - Daytona is a Secure and Elastic Infrastructure for Running AI-Generated Code
  • OpenHands/OpenHands - 🙌 OpenHands: AI-Driven Development
  • universal-ctags/ctags - A maintained ctags implementation
  • Storybloq/storybloq - Cross-session context for Claude Code. CLI + MCP server + /story skill that tracks tickets, issues, handovers, and roadmap in a .story/ directory.
  • atlassian/atlassian-mcp-server - Official remote MCP server for Atlassian. Securely connect Jira, Confluence, Jira Service Management, Bitbucket, and Compass to Claude, ChatGPT, Cursor, VS Code, and other AI tools using OAuth 2.1 or
  • rtk-ai/rtk - CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. Single Rust binary, zero dependencies
  • gruntwork-io/terragrunt - Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
  • wshobson/agents - Multi-harness agentic plugin marketplace for Claude Code, Codex CLI, Cursor, OpenCode, GitHub Copilot, and Gemini CLI

development

  • n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
  • github/spec-kit - 💫 Toolkit to help you get started with Spec-Driven Development
  • donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.

devops

  • nektos/act - Run your GitHub Actions locally 🚀
  • infobyte/faraday - Open Source Vulnerability Management Platform
  • gruntwork-io/pre-commit - A collection of pre-commit hooks used by Gruntwork tools
  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.
  • Kong/kong - 🦍 The API and AI Gateway
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • gruntwork-io/terragrunt - Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
  • tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
  • infracost/infracost - Cloud cost intelligence for engineers, AI coding agents, and CI/CD 💰📉 Shift FinOps Left!
  • bridgecrewio/checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
  • argoproj/argo-cd - Declarative Continuous Deployment for Kubernetes
  • sottlmarek/DevSecOps - Ultimate DevSecOps library

distributed-systems

  • etcd-io/etcd - Distributed reliable key-value store for the most critical data of a distributed system
  • ergo-services/ergo - An actor-based Framework with network transparency for creating event-driven architecture in Golang. Inspired by Erlang. Zero dependencies.

django

  • TypeError/secure - Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).
  • endoflife-date/endoflife.date - Informative site with EoL dates of everything
  • opencve/opencve - Vulnerability Intelligence Platform

docker

  • podman-container-tools/buildah - A tool that facilitates building OCI images.
  • GoogleContainerTools/jib - 🏗 Build container images for your Java applications.
  • podman-container-tools/podman - Podman: A tool for managing OCI containers and pods.
  • oras-project/oras - OCI registry client - managing content like artifacts, images, packages
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • google/gvisor - Application Kernel for Containers
  • traefik/traefik - The Cloud Native Application Proxy
  • wagoodman/dive - A tool for exploring each layer in a docker image
  • aquasecurity/tracee - Linux Runtime Security and Forensics using eBPF
  • goharbor/harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.
  • authelia/authelia - The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
  • slimtoolkit/slim - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
  • cdxgen/cdxgen - Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t
  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
  • argoproj/argo-cd - Declarative Continuous Deployment for Kubernetes
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • sottlmarek/DevSecOps - Ultimate DevSecOps library

documentation

dotnet

  • microsoft/agent-framework - A framework for building, orchestrating and deploying AI agents and multi-agent workflows with support for Python and .NET.

education

electron

  • toeverything/AFFiNE - There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable and r

elixir

  • ergo-services/ergo - An actor-based Framework with network transparency for creating event-driven architecture in Golang. Inspired by Erlang. Zero dependencies.

embedded

emoji

  • Textualize/rich - Rich is a Python library for rich text and beautiful formatting in the terminal.

ethereum

fastapi

  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • TypeError/secure - Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).
  • fastapi/fastapi - FastAPI framework, high performance, easy to learn, fast to code, ready for production

finance

  • OpenBB-finance/OpenBB - Financial data platform for analysts, quants and AI agents.
  • juspay/hyperswitch - Open source, composable payments platform | PCI compliant | SaaS and Self-host options | Enables connectivity to multiple payment, payout, fraud, vault and tokenization providers | Uplifts authorizati
  • TauricResearch/TradingAgents - TradingAgents: Multi-Agents LLM Financial Trading Framework

flask

  • TypeError/secure - Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).
  • dannymcc/bluehood - Monitor your local neighbourhood's bluetooth activity

flutter

  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

flutter-apps

  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

framework

  • vercel/eve - The Framework for Building Agents
  • squidfunk/mkdocs-material - Documentation that simply works
  • nestjs/nest - A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀
  • spring-projects/spring-framework - Spring Framework
  • spring-projects/spring-boot - Spring Boot helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss.
  • gin-gonic/gin - Gin is a high-performance HTTP web framework written in Go. It provides a Martini-like API but with significantly better performance—up to 40 times faster—thanks to httprouter. Gin is designed for bui
  • fastapi/fastapi - FastAPI framework, high performance, easy to learn, fast to code, ready for production
  • foundry-rs/foundry - Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
  • scrapy/scrapy - Scrapy, a fast high-level web crawling & scraping framework for Python.
  • ergo-services/ergo - An actor-based Framework with network transparency for creating event-driven architecture in Golang. Inspired by Erlang. Zero dependencies.
  • microsoft/autogen - A programming framework for agentic AI
  • langchain-ai/langchain - The agent engineering platform.

generative-ai

git

  • Ataraxy-Labs/sem - Semantic version control => entity-level diffs, blame, and impact analysis on top of git. 28 languages via tree-sitter. Built for coding agents.
  • gruntwork-io/pre-commit - A collection of pre-commit hooks used by Gruntwork tools
  • pre-commit/pre-commit-hooks - Some out-of-the-box hooks for pre-commit
  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • evilmartians/lefthook - Fast and powerful Git hooks manager for any type of projects.
  • pre-commit/pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.

github

go

  • cilium/ebpf - ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
  • golang/go - The Go programming language
  • onsi/ginkgo - A Modern Testing Framework for Go
  • golangci/golangci-lint - Fast linters runner for Go
  • konflux-ci/konflux-ci - Trusted builds made easy! A cloud-native software factory for building, testing, and releasing trusted software artifacts
  • trailofbits/gosentry - Security-oriented Go toolchain, focused on state-of-the-art fuzzing capabilities.
  • go-delve/delve - Delve is a debugger for the Go programming language.
  • go-python/gopy - gopy generates a CPython extension module from a go package.
  • fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
  • traefik/traefik - The Cloud Native Application Proxy
  • gin-gonic/gin - Gin is a high-performance HTTP web framework written in Go. It provides a Martini-like API but with significantly better performance—up to 40 times faster—thanks to httprouter. Gin is designed for bui
  • gravitational/teleport - The easiest, and most secure way to access and protect all of your infrastructure.
  • godoctor/godoctor - Go Doctor - The Golang Refactoring Engine
  • avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
  • etcd-io/etcd - Distributed reliable key-value store for the most critical data of a distributed system
  • kubernetes/kubernetes - Production-Grade Container Scheduling and Management
  • slimtoolkit/slim - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
  • ergo-services/ergo - An actor-based Framework with network transparency for creating event-driven architecture in Golang. Inspired by Erlang. Zero dependencies.
  • go-vgo/robotgo - RobotGo, Go Native cross-platform RPA, GUI automation, Auto test and Computer use @vcaesar
  • coder/coder - Secure environments for developers and their agents
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • evilmartians/lefthook - Fast and powerful Git hooks manager for any type of projects.
  • strongdm/comply - Compliance automation framework, focused on SOC2
  • Infisical/infisical - Infisical is the open-source platform for secrets, certificates, and privileged access management.
  • reviewdog/reviewdog - 🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
  • caddyserver/caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  • ethereum/go-ethereum - Go implementation of the Ethereum protocol

golang

  • cilium/ebpf - ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
  • nektos/act - Run your GitHub Actions locally 🚀
  • golang/go - The Go programming language
  • OWASP/Go-SCP - Golang Secure Coding Practices guide
  • onsi/ginkgo - A Modern Testing Framework for Go
  • golangci/golangci-lint - Fast linters runner for Go
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • go-delve/delve - Delve is a debugger for the Go programming language.
  • go-python/gopy - gopy generates a CPython extension module from a go package.
  • securego/gosec - Go security checker
  • traefik/traefik - The Cloud Native Application Proxy
  • vxcontrol/pentagi - Fully autonomous AI Agents system capable of performing complex penetration testing tasks
  • unionlabs/union - The trust-minimized, zero-knowledge bridging protocol, designed for censorship resistance, extremely high security, and usage in decentralized finance.
  • aquasecurity/tracee - Linux Runtime Security and Forensics using eBPF
  • gophish/gophish - Open-Source Phishing Toolkit
  • gravitational/teleport - The easiest, and most secure way to access and protect all of your infrastructure.
  • avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
  • authelia/authelia - The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
  • slimtoolkit/slim - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
  • ergo-services/ergo - An actor-based Framework with network transparency for creating event-driven architecture in Golang. Inspired by Erlang. Zero dependencies.
  • practical-tutorials/project-based-learning - Curated list of project-based tutorials
  • go-vgo/robotgo - RobotGo, Go Native cross-platform RPA, GUI automation, Auto test and Computer use @vcaesar
  • coder/coder - Secure environments for developers and their agents
  • GoogleCloudPlatform/terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • evilmartians/lefthook - Fast and powerful Git hooks manager for any type of projects.
  • strongdm/comply - Compliance automation framework, focused on SOC2
  • Infisical/infisical - Infisical is the open-source platform for secrets, certificates, and privileged access management.
  • caddyserver/caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

google

  • google/skills - Agent Skills for Google products and technologies
  • google/comprehensive-rust - This is the Rust course used by the Android team at Google. It provides you the material to quickly teach Rust.
  • infracost/infracost - Cloud cost intelligence for engineers, AI coding agents, and CI/CD 💰📉 Shift FinOps Left!

google-cloud

  • GoogleCloudPlatform/terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • priyankavergadia/GCPSketchnote - If you are looking to become a Google Cloud Engineer , then you are at the right place. GCPSketchnote is series where I share Google Cloud concepts in quick and easy to learn format.
  • mikeroyal/Google-Cloud-Guide - Google Cloud Platform (GCP) Guide. Learn all about Google Cloud Tools, Services, and Certifications.

gradle

graphql

  • vxcontrol/pentagi - Fully autonomous AI Agents system capable of performing complex penetration testing tasks

gui

hacking

hacktoberfest

  • rust-lang/rust-analyzer - A Rust compiler front-end for IDEs
  • Repello-AI/Agent-Wiz - A CLI tool for threat modeling and visualizing AI agents built using popular frameworks like LangGraph, AutoGen, CrewAI, and more.
  • giscus/giscus - A commenting system powered by GitHub Discussions. :octocat: 💬 💎
  • oras-project/oras - OCI registry client - managing content like artifacts, images, packages
  • OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
  • nestjs/nest - A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀
  • stackrox/kube-linter - KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
  • charmbracelet/glow - Render markdown on the CLI, with pizzazz! 💅🏻
  • Repello-AI/whistleblower - Whistleblower is a offensive security tool for testing against system prompt leakage and capability discovery of an AI application exposed through API. Built for AI engineers, security researchers and
  • spotbugs/spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
  • juspay/hyperswitch - Open source, composable payments platform | PCI compliant | SaaS and Self-host options | Enables connectivity to multiple payment, payout, fraud, vault and tokenization providers | Uplifts authorizati
  • apache/caldera - Automated Adversary Emulation Platform
  • kubearmor/KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (LSM-BPF, AppArmor).
  • argotorg/solidity - Solidity, the Smart Contract Programming Language
  • projectdiscovery/nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int
  • scrapy/scrapy - Scrapy, a fast high-level web crawling & scraping framework for Python.
  • TheAlgorithms/Java - All Algorithms implemented in Java
  • sherlock-project/sherlock - Hunt down social media accounts by username across social networks
  • axios/axios - Promise based HTTP client for the browser and node.js
  • avelino/awesome-go - A curated list of awesome Go frameworks, libraries and software
  • TheAlgorithms/Python - All Algorithms implemented in Python
  • jaegertracing/jaeger - CNCF Jaeger, a Distributed Tracing Platform
  • goharbor/harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
  • ClickHouse/ClickHouse - ClickHouse® is a real-time analytics database management system
  • slimtoolkit/slim - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
  • aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  • swisskyrepo/InternalAllTheThings - Active Directory and Internal Pentest Cheatsheets
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • evilmartians/lefthook - Fast and powerful Git hooks manager for any type of projects.
  • osquery/osquery - SQL powered operating system instrumentation, monitoring, and analytics.
  • bridgecrewio/checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
  • prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
  • falcosecurity/falco - Cloud Native Runtime Security
  • argoproj/argo-cd - Declarative Continuous Deployment for Kubernetes
  • endoflife-date/endoflife.date - Informative site with EoL dates of everything
  • DependencyTrack/dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • manticoresoftware/manticoresearch - Easy to use open source fast database for search | Good alternative to Elasticsearch | Drop-in replacement for E in the ELK stack
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • analysis-tools-dev/static-analysis - ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
  • zaproxy/zaproxy - The ZAP by Checkmarx Core project
  • dexidp/dex - OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
  • prometheus/alertmanager - Prometheus Alertmanager

haskell

html

http

  • mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • caddyserver/caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

https

  • caddyserver/caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

information-gathering

instagram

  • mvanhorn/last30days-skill - AI agent skill that researches any topic across Reddit, X, YouTube, HN, Polymarket, and the web - then synthesizes a grounded summary

ios

  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

iot

ipfs

java

  • GoogleContainerTools/jib - 🏗 Build container images for your Java applications.
  • spring-projects/spring-boot - Spring Boot helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss.
  • microsoft/mcp-for-beginners - This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for
  • oracle/opengrok - OpenGrok is a fast and usable source code search and cross reference engine, written in Java
  • oracle/graal - GraalVM compiles applications into native executables that start instantly, scale fast, and use fewer compute resources 🚀
  • TheAlgorithms/Java - All Algorithms implemented in Java
  • endoflife-date/endoflife.date - Informative site with EoL dates of everything
  • SonarSource/sonar-java - ☕ SonarSource Static Analyzer for Java Code Quality and Security
  • oracle/visualvm - VisualVM is an All-in-One Java Troubleshooting Tool
  • semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

javascript

json

  • fastapi/fastapi - FastAPI framework, high performance, easy to learn, fast to code, ready for production
  • manticoresoftware/manticoresearch - Easy to use open source fast database for search | Good alternative to Elasticsearch | Drop-in replacement for E in the ELK stack

kubernetes

  • tektoncd/pipelines-as-code - Pipelines-as-Code for Tekton
  • GoogleContainerTools/jib - 🏗 Build container images for your Java applications.
  • podman-container-tools/podman - Podman: A tool for managing OCI containers and pods.
  • notaryproject/notation - A CLI tool to sign and verify artifacts
  • octelium/octelium - A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA platform, API/AI/MCP gateway, a PaaS, an ngrok-alternative and a homelab infrastru
  • stackrox/kube-linter - KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
  • kubernetes-sigs/security-profiles-operator - The Kubernetes Security Profiles Operator
  • konflux-ci/konflux-ci - Trusted builds made easy! A cloud-native software factory for building, testing, and releasing trusted software artifacts
  • opensandbox-group/OpenSandbox - Secure, Fast, and Extensible Sandbox runtime for AI agents.
  • kagenti/kagenti - Main Kagenti repo - installer, UI and docs
  • google/gvisor - Application Kernel for Containers
  • traefik/traefik - The Cloud Native Application Proxy
  • kubearmor/KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (LSM-BPF, AppArmor).
  • kubernetes/enhancements - Enhancements tracking repo for Kubernetes
  • aquasecurity/tracee - Linux Runtime Security and Forensics using eBPF
  • gravitational/teleport - The easiest, and most secure way to access and protect all of your infrastructure.
  • goharbor/harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
  • etcd-io/etcd - Distributed reliable key-value store for the most critical data of a distributed system
  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.
  • kubernetes/kubernetes - Production-Grade Container Scheduling and Management
  • Kong/kong - 🦍 The API and AI Gateway
  • authelia/authelia - The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
  • walidshaari/Certified-Kubernetes-Security-Specialist - Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or maki
  • aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  • tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
  • cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  • opencost/opencost - Cost monitoring for Kubernetes workloads and cloud costs
  • GoogleCloudPlatform/terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • bridgecrewio/checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
  • cilium/cilium - eBPF-based Networking, Security, and Observability
  • falcosecurity/falco - Cloud Native Runtime Security
  • loft-sh/vcluster - vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it off
  • freach/kubernetes-security-best-practice - Kubernetes Security - Best Practice Guide
  • argoproj/argo-cd - Declarative Continuous Deployment for Kubernetes
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • sottlmarek/DevSecOps - Ultimate DevSecOps library
  • istio/istio - Connect, secure, control, and observe services.
  • openappsec/openappsec - open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
  • dexidp/dex - OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors

language

laravel

learning

linux

llm

  • affaan-m/ECC - The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • tirth8205/code-review-graph - Local-first code intelligence graph for MCP and CLI. Builds a persistent map of your codebase so AI coding tools read only what matters, with benchmarked context reductions on reviews and large-repo w
  • google/oss-fuzz-gen - LLM powered fuzzing via OSS-Fuzz.
  • bytedance/deer-flow - An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of ta
  • NousResearch/hermes-agent - The agent that grows with you
  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • OpenHands/OpenHands - 🙌 OpenHands: AI-Driven Development
  • atlassian/atlassian-mcp-server - Official remote MCP server for Atlassian. Securely connect Jira, Confluence, Jira Service Management, Bitbucket, and Compass to Claude, ChatGPT, Cursor, VS Code, and other AI tools using OAuth 2.1 or
  • microsoft/semantic-kernel - Integrate cutting-edge LLM technology quickly and easily into your apps
  • pathwaycom/llm-app - Ready-to-run cloud templates for RAG, AI pipelines, and enterprise search with live data. 🐳Docker-friendly.⚡Always in sync with Sharepoint, Google Drive, S3, Kafka, PostgreSQL, real-time data APIs, an
  • google/adk-python - An open-source, code-first Python toolkit for building, evaluating, and deploying sophisticated AI agents with flexibility and control.
  • Trusera/ai-bom - AI Bill of Materials — discover every AI agent, model, and API in your infrastructure
  • openagents-org/openagents - OpenAgents - AI Agent Networks for Open Collaboration
  • TauricResearch/TradingAgents - TradingAgents: Multi-Agents LLM Financial Trading Framework
  • rasbt/LLMs-from-scratch - Implement a ChatGPT-like LLM in PyTorch from scratch, step by step
  • f/prompts.chat - f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
  • RightNow-AI/openfang - Open-source Agent Operating System
  • rtk-ai/rtk - CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. Single Rust binary, zero dependencies
  • langgenius/dify - Production-ready platform for agentic workflow development.
  • langchain-ai/langchain - The agent engineering platform.
  • promptfoo/promptfoo - Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line
  • hoophq/hoop - One gateway in front of every protocol. Same policy across MCP, LLMs, databases and containers. Wire-level enforcement at under 5ms.
  • hesreallyhim/awesome-claude-code - A curated list of awesome skills, hooks, slash-commands, agent orchestrators, applications, and plugins for Claude Code by Anthropic
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • upstash/context7 - Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors

login

  • zitadel/zitadel - ZITADEL - Identity infrastructure, simplified for you.

low-code

  • FlowiseAI/Flowise - Build AI Agents, Visually
  • n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
  • langgenius/dify - Production-ready platform for agentic workflow development.

machine-learning

  • Trusted-AI/adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
  • OpenBB-finance/OpenBB - Financial data platform for analysts, quants and AI agents.
  • microsoft/ML-For-Beginners - 12 weeks, 26 lessons, 52 quizzes, classic Machine Learning for all
  • pathwaycom/llm-app - Ready-to-run cloud templates for RAG, AI pipelines, and enterprise search with live data. 🐳Docker-friendly.⚡Always in sync with Sharepoint, Google Drive, S3, Kafka, PostgreSQL, real-time data APIs, an
  • rasbt/LLMs-from-scratch - Implement a ChatGPT-like LLM in PyTorch from scratch, step by step
  • f/prompts.chat - f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.
  • nautechsystems/nautilus_trader - Production-grade Rust-native trading engine with deterministic event-driven architecture
  • Developer-Y/cs-video-courses - List of Computer Science courses with video lectures.

macos

  • openai/tart - macOS and Linux VMs on Apple Silicon to use in CI and other automations
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • Storybloq/storybloq - Cross-session context for Claude Code. CLI + MCP server + /story skill that tracks tickets, issues, handovers, and roadmap in a .story/ directory.
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • lima-vm/lima - Linux virtual machines, with a focus on running containers
  • GyulyVGC/sniffnet - Comfortably monitor your Internet traffic 🕵️‍♂️
  • usnistgov/macos_security - macOS Security Compliance Project
  • insidegui/VirtualBuddy - Virtualize macOS 12 and later on Apple Silicon, VirtualBuddy is a virtual machine GUI for macOS M1, M2, M3, M4

malware

markdown

  • vercel/eve - The Framework for Building Agents
  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • toeverything/AFFiNE - There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable and r
  • charmbracelet/glow - Render markdown on the CLI, with pizzazz! 💅🏻
  • Textualize/rich - Rich is a Python library for rich text and beautiful formatting in the terminal.

material-design

maven

mcp

  • affaan-m/ECC - The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
  • BrowserMCP/mcp - Browser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • tirth8205/code-review-graph - Local-first code intelligence graph for MCP and CLI. Builds a persistent map of your codebase so AI coding tools read only what matters, with benchmarked context reductions on reviews and large-repo w
  • DeusData/codebase-memory-mcp - High-performance code intelligence MCP server. Indexes codebases into a persistent knowledge graph — average repo in milliseconds. 158 languages, sub-ms queries, 99% fewer tokens. Single static binary
  • NevaMind-AI/memU - Workspace memory: Turn colab file system into agent memory and cut your token cost up to 95%
  • HeadyZhang/agent-audit - Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis. 51 rules mapped to OWASP Agentic Top 10 (2026). Works with LangChain, CrewAI, AutoGen.
  • onecli/onecli - Open-source credential gateway with a built-in vault. give your AI agents access to services without exposing keys.
  • microsoft/skills - Skills, MCP servers, Custom Agents, Agents.md for SDKs to ground Coding Agents
  • dreadnode/capabilities - Public source of the Dreadnode capabilities in app.dreadnode.io — agents, tools, skills, MCP servers, and workers.
  • github/github-mcp-server - GitHub's official MCP Server
  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • appsecco/vulnerable-mcp-servers-lab - A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
  • anthropics/claude-plugins-official - Official, Anthropic-managed directory of high quality Claude Code Plugins.
  • aaif-goose/goose - an open source, extensible AI agent that goes beyond code suggestions - install, execute, edit, and test with any LLM
  • Storybloq/storybloq - Cross-session context for Claude Code. CLI + MCP server + /story skill that tracks tickets, issues, handovers, and roadmap in a .story/ directory.
  • atlassian/atlassian-mcp-server - Official remote MCP server for Atlassian. Securely connect Jira, Confluence, Jira Service Management, Bitbucket, and Compass to Claude, ChatGPT, Cursor, VS Code, and other AI tools using OAuth 2.1 or
  • awslabs/mcp - Open source MCP Servers for AWS
  • snyk/agent-scan - Security scanner for AI agents, MCP servers and agent skills.
  • microsoft/mcp-for-beginners - This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for
  • RightNow-AI/openfang - Open-source Agent Operating System
  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.
  • Kong/kong - 🦍 The API and AI Gateway
  • n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
  • langgenius/dify - Production-ready platform for agentic workflow development.
  • hoophq/hoop - One gateway in front of every protocol. Same policy across MCP, LLMs, databases and containers. Wire-level enforcement at under 5ms.
  • wshobson/agents - Multi-harness agentic plugin marketplace for Claude Code, Codex CLI, Cursor, OpenCode, GitHub Copilot, and Gemini CLI
  • upstash/context7 - Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors

microservices

  • GoogleContainerTools/jib - 🏗 Build container images for your Java applications.
  • nestjs/nest - A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀
  • Kong/kong - 🦍 The API and AI Gateway
  • istio/istio - Connect, secure, control, and observe services.

mongodb

  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.

monitoring

mysql

  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.
  • manticoresoftware/manticoresearch - Easy to use open source fast database for search | Good alternative to Elasticsearch | Drop-in replacement for E in the ELK stack

natural-language-processing

nestjs

  • nestjs/nest - A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀

nextjs

  • giscus/giscus - A commenting system powered by GitHub Discussions. :octocat: 💬 💎
  • f/prompts.chat - f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
  • smartcontractkit/full-blockchain-solidity-course-js - Learn Blockchain, Solidity, and Full Stack Web3 Development with Javascript
  • langgenius/dify - Production-ready platform for agentic workflow development.

no-code

  • FlowiseAI/Flowise - Build AI Agents, Visually
  • nexu-io/open-design - 🎨 Local-first, open-source Claude Design alternative. 🖥️ Native desktop app. ⚡ 259+ Skills · ✨ 142+ Design Systems 🖼️ Web · desktop · mobile prototypes · slides · images · videos · HyperFrames 📦 Sandb
  • n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
  • langgenius/dify - Production-ready platform for agentic workflow development.

node

  • nestjs/nest - A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀

nodejs

  • bytedance/deer-flow - An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of ta
  • onecli/onecli - Open-source credential gateway with a built-in vault. give your AI agents access to services without exposing keys.
  • nestjs/nest - A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀
  • faker-js/faker - Generate massive amounts of fake data in the browser and node.js
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • axios/axios - Promise based HTTP client for the browser and node.js
  • freeCodeCamp/freeCodeCamp - freeCodeCamp.org's open-source codebase and curriculum. Learn math, programming, and computer science for free.

npm

  • ruvnet/ruflo - 🌊 The leading agent meta-harness for Claude. Deploy intelligent multi-agent swarms, coordinate autonomous workflows, and build conversational AI systems. Features adaptive memory, self-learning swarm
  • renovatebot/renovate - Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io

open-source

  • EpicGames/lore - Lore is a next-generation, open source version control system
  • x1xhlol/system-prompts-and-models-of-ai-tools - FULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI, V
  • firecracker-microvm/firecracker - Secure and fast microVMs for serverless computing.
  • juspay/hyperswitch - Open source, composable payments platform | PCI compliant | SaaS and Self-host options | Enables connectivity to multiple payment, payout, fraud, vault and tokenization providers | Uplifts authorizati
  • f/prompts.chat - f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
  • vxcontrol/pentagi - Fully autonomous AI Agents system capable of performing complex penetration testing tasks
  • RightNow-AI/openfang - Open-source Agent Operating System
  • SAP/risk-explorer-for-software-supply-chains - A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can
  • rtk-ai/rtk - CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. Single Rust binary, zero dependencies
  • langchain-ai/langchain - The agent engineering platform.
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • Infisical/infisical - Infisical is the open-source platform for secrets, certificates, and privileged access management.

openai

opencv

  • go-vgo/robotgo - RobotGo, Go Native cross-platform RPA, GUI automation, Auto test and Computer use @vcaesar

operating-system

osint

others

p2p

  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
  • ethereum/go-ethereum - Go implementation of the Ethereum protocol

package-manager

  • LobsterTrap/lola - Lola is able to package AI Context Modules or skills into a distributed package to be supported across multiple AI assistants. Think of your skill as the RPM package and Lola as the YUM/DNF. Write you

parsing

  • gchq/CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

penetration-testing

  • trickest/cve - Gather and update all available and newest CVEs with their PoC.
  • OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
  • infobyte/faraday - Open Source Vulnerability Management Platform
  • vxcontrol/pentagi - Fully autonomous AI Agents system capable of performing complex penetration testing tasks
  • KeygraphHQ/shannon - Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they
  • Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
  • Hacking-the-Cloud/hackingthe.cloud - An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF

pentesting

  • trickest/cve - Gather and update all available and newest CVEs with their PoC.
  • OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
  • appsecco/vulnerable-mcp-servers-lab - A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
  • infobyte/faraday - Open Source Vulnerability Management Platform
  • KeygraphHQ/shannon - Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they
  • sherlock-project/sherlock - Hunt down social media accounts by username across social networks
  • promptfoo/promptfoo - Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line
  • botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study - Burp Suite Certified Practitioner Exam Study

php

postgresql

  • netdata/netdata - The fastest path to AI-powered full stack observability, even for lean teams.

privacy

productivity

  • affaan-m/ECC - The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
  • rtk-ai/rtk - CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. Single Rust binary, zero dependencies

programming

programming-language

project-management

  • Storybloq/storybloq - Cross-session context for Claude Code. CLI + MCP server + /story skill that tracks tickets, issues, handovers, and roadmap in a .story/ directory.

prompt-engineering

  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • Imbad0202/academic-research-skills - Academic Research Skills for Claude Code: research → write → review → revise → finalize
  • Repello-AI/whistleblower - Whistleblower is a offensive security tool for testing against system prompt leakage and capability discovery of an AI application exposed through API. Built for AI engineers, security researchers and
  • microsoft/generative-ai-for-beginners - 21 Lessons, Get Started Building with Generative AI
  • f/prompts.chat - f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
  • dair-ai/Prompt-Engineering-Guide - 🐙 Guides, papers, lessons, notebooks and resources for prompt engineering, context engineering, RAG, and AI Agents.
  • promptfoo/promptfoo - Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line
  • wshobson/agents - Multi-harness agentic plugin marketplace for Claude Code, Codex CLI, Cursor, OpenCode, GitHub Copilot, and Gemini CLI

python

  • pypa/hatch - Modern, extensible Python project management
  • pypa/pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
  • tirth8205/code-review-graph - Local-first code intelligence graph for MCP and CLI. Builds a persistent map of your codebase so AI coding tools read only what matters, with benchmarked context reductions on reviews and large-repo w
  • HypothesisWorks/hypothesis - The property-based testing library for Python
  • microsoft/agent-framework - A framework for building, orchestrating and deploying AI agents and multi-agent workflows with support for Python and .NET.
  • bytedance/deer-flow - An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of ta
  • HeadyZhang/agent-audit - Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis. 51 rules mapped to OWASP Agentic Top 10 (2026). Works with LangChain, CrewAI, AutoGen.
  • superlinear-ai/substrate - 🌱 Substrate is a modern Copier template for scaffolding Python packages and apps
  • Trusted-AI/adversarial-robustness-toolbox - Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • go-python/gopy - gopy generates a CPython extension module from a go package.
  • kovidgoyal/calibre - The official source code repository for the calibre ebook manager
  • TypeError/secure - Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).
  • Shubhamsaboo/awesome-llm-apps - 100+ AI Agent & RAG apps you can actually run — clone, customize, ship.
  • Textualize/rich - Rich is a Python library for rich text and beautiful formatting in the terminal.
  • OpenBB-finance/OpenBB - Financial data platform for analysts, quants and AI agents.
  • astral-sh/uv - An extremely fast Python package and project manager, written in Rust.
  • microsoft/ML-For-Beginners - 12 weeks, 26 lessons, 52 quizzes, classic Machine Learning for all
  • vinta/awesome-python - An opinionated list of Python frameworks, libraries, tools, and resources
  • python/mypy - Optional static typing for Python
  • python-trio/trustme - #1 quality TLS certs while you wait, for the discerning tester
  • fastapi/fastapi - FastAPI framework, high performance, easy to learn, fast to code, ready for production
  • ranaroussi/yfinance - Download market data from Yahoo! Finance's API
  • rasbt/LLMs-from-scratch - Implement a ChatGPT-like LLM in PyTorch from scratch, step by step
  • microsoft/mcp-for-beginners - This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for
  • dannymcc/bluehood - Monitor your local neighbourhood's bluetooth activity
  • scrapy/scrapy - Scrapy, a fast high-level web crawling & scraping framework for Python.
  • sherlock-project/sherlock - Hunt down social media accounts by username across social networks
  • TheAlgorithms/Python - All Algorithms implemented in Python
  • nautechsystems/nautilus_trader - Production-grade Rust-native trading engine with deterministic event-driven architecture
  • practical-tutorials/project-based-learning - Curated list of project-based tutorials
  • Pylons/pyramid - Pyramid - A Python web framework
  • langgenius/dify - Production-ready platform for agentic workflow development.
  • langchain-ai/langchain - The agent engineering platform.
  • pre-commit/pre-commit-hooks - Some out-of-the-box hooks for pre-commit
  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
  • pre-commit/pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
  • prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
  • mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • endoflife-date/endoflife.date - Informative site with EoL dates of everything
  • opencve/opencve - Vulnerability Intelligence Platform
  • mercedes-benz/odxtools - odxtools is a collection of utilities to interact with the diagnostic functionality of automotive electronic control units using python
  • semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  • donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.

python3

pytorch

quantitative-finance

r

rag

  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • FlowiseAI/Flowise - Build AI Agents, Visually
  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • Shubhamsaboo/awesome-llm-apps - 100+ AI Agent & RAG apps you can actually run — clone, customize, ship.
  • pathwaycom/llm-app - Ready-to-run cloud templates for RAG, AI pipelines, and enterprise search with live data. 🐳Docker-friendly.⚡Always in sync with Sharepoint, Google Drive, S3, Kafka, PostgreSQL, real-time data APIs, an
  • dair-ai/Prompt-Engineering-Guide - 🐙 Guides, papers, lessons, notebooks and resources for prompt engineering, context engineering, RAG, and AI Agents.
  • langgenius/dify - Production-ready platform for agentic workflow development.
  • langchain-ai/langchain - The agent engineering platform.
  • promptfoo/promptfoo - Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line

raspberry-pi

react

reactjs

redteam

reinforcement-learning

reverse-engineering

  • rizinorg/rizin - UNIX-like reverse engineering framework and command-line toolset.
  • mandiant/capa - The FLARE team's open-source tool to identify capabilities in executable files.
  • Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
  • j4k0xb/webcrack - Deobfuscate obfuscator.io, unminify and unpack bundled javascript

robotics

ruby

  • semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

rust

  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • rust-lang/rust-analyzer - A Rust compiler front-end for IDEs
  • onecli/onecli - Open-source credential gateway with a built-in vault. give your AI agents access to services without exposing keys.
  • sheeki03/tirith - Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-to-shell, ANSI injection, obfuscated payloads, data exfiltration, and malicious AI skills/configs before they execute.
  • toeverything/AFFiNE - There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable and r
  • tauri-apps/tauri - Build smaller, faster, and more secure desktop and mobile applications with a web frontend.
  • rustdesk/rustdesk - An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
  • smol-machines/smolvm - Tool to build & run portable, lightweight, self-contained virtual machines.
  • denoland/deno - A modern runtime for JavaScript and TypeScript.
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • firecracker-microvm/firecracker - Secure and fast microVMs for serverless computing.
  • juspay/hyperswitch - Open source, composable payments platform | PCI compliant | SaaS and Self-host options | Enables connectivity to multiple payment, payout, fraud, vault and tokenization providers | Uplifts authorizati
  • foundry-rs/foundry - Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
  • unionlabs/union - The trust-minimized, zero-knowledge bridging protocol, designed for censorship resistance, extremely high security, and usage in decentralized finance.
  • microsoft/mcp-for-beginners - This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for
  • kanidm/kanidm - Kanidm: A simple, secure, and fast identity management platform
  • RightNow-AI/openfang - Open-source Agent Operating System
  • Cyfrin/aderyn - Solidity Static Analyzer that easily integrates into your editor
  • GyulyVGC/sniffnet - Comfortably monitor your Internet traffic 🕵️‍♂️
  • rtk-ai/rtk - CLI proxy that reduces LLM token consumption by 60-90% on common dev commands. Single Rust binary, zero dependencies
  • ClickHouse/ClickHouse - ClickHouse® is a real-time analytics database management system
  • google/comprehensive-rust - This is the Rust course used by the Android team at Google. It provides you the material to quickly teach Rust.
  • nautechsystems/nautilus_trader - Production-grade Rust-native trading engine with deterministic event-driven architecture
  • joaoviictorti/RustRedOps - Repository for advanced Red Team techniques focused on Rust

scikit-learn

security

  • pypa/pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
  • google/honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
  • google/syzkaller - syzkaller is an unsupervised coverage-guided kernel fuzzer
  • AFLplusplus/AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
  • google/oss-fuzz-gen - LLM powered fuzzing via OSS-Fuzz.
  • google/oss-fuzz - OSS-Fuzz - continuous fuzzing for open source software.
  • veeral-patel/how-to-secure-anything - How to systematically secure anything: a repository about security engineering
  • HeadyZhang/agent-audit - Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis. 51 rules mapped to OWASP Agentic Top 10 (2026). Works with LangChain, CrewAI, AutoGen.
  • onecli/onecli - Open-source credential gateway with a built-in vault. give your AI agents access to services without exposing keys.
  • semgrep/skills - A collection of skills for AI coding agents from Semgrep
  • xairy/linux-kernel-exploitation - A collection of links related to Linux kernel security and exploitation
  • trickest/cve - Gather and update all available and newest CVEs with their PoC.
  • mindersec/minder - Software Supply Chain Security Platform
  • sheeki03/tirith - Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-to-shell, ANSI injection, obfuscated payloads, data exfiltration, and malicious AI skills/configs before they execute.
  • dreadnode/capabilities - Public source of the Dreadnode capabilities in app.dreadnode.io — agents, tools, skills, MCP servers, and workers.
  • OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
  • chaitin/SafeLine - SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
  • zizmorcore/zizmor - Static analysis for GitHub Actions
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • google/nsjail - A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
  • rizinorg/rizin - UNIX-like reverse engineering framework and command-line toolset.
  • cisco-ai-defense/skill-scanner - Security Scanner for Agent Skills
  • snyk/agent-scan - Security scanner for AI agents, MCP servers and agent skills.
  • TypeError/secure - Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).
  • securego/gosec - Go security checker
  • semgrep/semgrep-rules - Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.
  • Trusera/ai-bom - AI Bill of Materials — discover every AI agent, model, and API in your infrastructure
  • infobyte/faraday - Open Source Vulnerability Management Platform
  • kubearmor/KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (LSM-BPF, AppArmor).
  • ConsenSysDiligence/mythril - Mythril is a symbolic-execution-based securty analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum and other EVM-compatible blockchains.
  • Cyfrin/security-and-auditing-full-course-s23 - The ultimate, most advanced, security, DeFi, assembly, web3 auditor course ever created.
  • kanidm/kanidm - Kanidm: A simple, secure, and fast identity management platform
  • OWASP/CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
  • dannymcc/bluehood - Monitor your local neighbourhood's bluetooth activity
  • SAP/risk-explorer-for-software-supply-chains - A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can
  • aquasecurity/tracee - Linux Runtime Security and Forensics using eBPF
  • gophish/gophish - Open-Source Phishing Toolkit
  • gravitational/teleport - The easiest, and most secure way to access and protect all of your infrastructure.
  • projectdiscovery/nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int
  • OpenZeppelin/openzeppelin-contracts - OpenZeppelin Contracts is a library for secure smart contract development.
  • GyulyVGC/sniffnet - Comfortably monitor your Internet traffic 🕵️‍♂️
  • trufflesecurity/trufflehog - Find, verify, and analyze leaked credentials
  • authelia/authelia - The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
  • Hack-with-Github/Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
  • trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
  • walidshaari/Certified-Kubernetes-Security-Specialist - Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or maki
  • slimtoolkit/slim - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
  • roddhjav/apparmor.d - Full set of AppArmor policies
  • drduh/YubiKey-Guide - Community guide to using YubiKey for GnuPG and SSH - protect secrets with hardware crypto.
  • imthenachoman/How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
  • wallarm/gotestwaf - An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
  • tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • Checkmarx/2ms - Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git
  • coreruleset/coreruleset - OWASP CRS (Official Repository)
  • SigmaHQ/sigma - Main Sigma Rule Repository
  • TecharoHQ/anubis - Weighs the soul of incoming HTTP requests to stop AI crawlers
  • hoophq/hoop - One gateway in front of every protocol. Same policy across MCP, LLMs, databases and containers. Wire-level enforcement at under 5ms.
  • swisskyrepo/InternalAllTheThings - Active Directory and Internal Pentest Cheatsheets
  • 4ndersonLin/awesome-cloud-security - 🛡️ Awesome Cloud Security Resources ⚔️
  • aquasecurity/cloudsploit - Cloud Security Posture Management (CSPM)
  • nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • decalage2/awesome-security-hardening - A collection of awesome security hardening guides, tools and other resources
  • Infisical/infisical - Infisical is the open-source platform for secrets, certificates, and privileged access management.
  • osquery/osquery - SQL powered operating system instrumentation, monitoring, and analytics.
  • Decurity/semgrep-smart-contracts - Semgrep rules for smart contracts based on DeFi exploits
  • prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
  • step-security/github-actions-goat - GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
  • cilium/cilium - eBPF-based Networking, Security, and Observability
  • falcosecurity/falco - Cloud Native Runtime Security
  • freach/kubernetes-security-best-practice - Kubernetes Security - Best Practice Guide
  • trailofbits/algo - Set up a personal VPN in the cloud
  • mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • caddyserver/caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
  • DependencyTrack/dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • trimstray/the-practical-linux-hardening-guide - This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
  • open-policy-agent/awesome-opa - A curated list of OPA related tools, frameworks and articles
  • sottlmarek/DevSecOps - Ultimate DevSecOps library
  • swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • Developer-Y/cs-video-courses - List of Computer Science courses with video lectures.
  • zaproxy/zaproxy - The ZAP by Checkmarx Core project
  • mercedes-benz/sechub - SecHub provides a central API to test software with different security tools.
  • arainho/awesome-api-security - A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

security-tools

  • google/syzkaller - syzkaller is an unsupervised coverage-guided kernel fuzzer
  • Repello-AI/Agent-Wiz - A CLI tool for threat modeling and visualizing AI agents built using popular frameworks like LangGraph, AutoGen, CrewAI, and more.
  • onecli/onecli - Open-source credential gateway with a built-in vault. give your AI agents access to services without exposing keys.
  • trickest/cve - Gather and update all available and newest CVEs with their PoC.
  • bomctl/bomctl - Format agnostic SBOM tooling
  • zizmorcore/zizmor - Static analysis for GitHub Actions
  • securego/gosec - Go security checker
  • vxcontrol/pentagi - Fully autonomous AI Agents system capable of performing complex penetration testing tasks
  • KeygraphHQ/shannon - Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they
  • trufflesecurity/trufflehog - Find, verify, and analyze leaked credentials
  • wallarm/gotestwaf - An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
  • tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • gitleaks/gitleaks - Find secrets with Gitleaks 🔑
  • decalage2/awesome-security-hardening - A collection of awesome security hardening guides, tools and other resources
  • Infisical/infisical - Infisical is the open-source platform for secrets, certificates, and privileged access management.
  • prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
  • aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  • opencve/opencve - Vulnerability Intelligence Platform
  • openappsec/openappsec - open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
  • mercedes-benz/sechub - SecHub provides a central API to test software with different security tools.
  • google/osv-scanner - Vulnerability scanner written in Go which uses the data provided by https://osv.dev

self-hosted

  • 0xMassi/webclaw - Fast, local-first web content extraction for LLMs. Scrape, crawl, extract structured data — all from Rust. CLI, REST API, and MCP server.
  • chaitin/SafeLine - SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • vxcontrol/pentagi - Fully autonomous AI Agents system capable of performing complex penetration testing tasks
  • ClickHouse/ClickHouse - ClickHouse® is a real-time analytics database management system
  • n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.

server

  • gin-gonic/gin - Gin is a high-performance HTTP web framework written in Go. It provides a Martini-like API but with significantly better performance—up to 40 times faster—thanks to httprouter. Gin is designed for bui
  • imthenachoman/How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
  • mercedes-benz/sechub - SecHub provides a central API to test software with different security tools.

serverless

shell

  • koalaman/shellcheck - ShellCheck, a static analysis tool for shell scripts
  • sheeki03/tirith - Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-to-shell, ANSI injection, obfuscated payloads, data exfiltration, and malicious AI skills/configs before they execute.

solidity

spring

spring-boot

  • spring-projects/spring-boot - Spring Boot helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss.

sql

  • ClickHouse/ClickHouse - ClickHouse® is a real-time analytics database management system
  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
  • osquery/osquery - SQL powered operating system instrumentation, monitoring, and analytics.
  • manticoresoftware/manticoresearch - Easy to use open source fast database for search | Good alternative to Elasticsearch | Drop-in replacement for E in the ELK stack

sqlite

  • DeusData/codebase-memory-mcp - High-performance code intelligence MCP server. Indexes codebases into a persistent knowledge graph — average repo in milliseconds. 158 languages, sub-ms queries, 99% fewer tokens. Single static binary

svelte

  • unionlabs/union - The trust-minimized, zero-knowledge bridging protocol, designed for censorship resistance, extremely high security, and usage in decentralized finance.

symfony

terminal

  • sheeki03/tirith - Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-to-shell, ANSI injection, obfuscated payloads, data exfiltration, and malicious AI skills/configs before they execute.
  • Textualize/rich - Rich is a Python library for rich text and beautiful formatting in the terminal.

terraform

  • gruntwork-io/terragrunt - Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
  • coder/coder - Secure environments for developers and their agents
  • tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • hashicorp/terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amo
  • bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
  • cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  • GoogleCloudPlatform/terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
  • infracost/infracost - Cloud cost intelligence for engineers, AI coding agents, and CI/CD 💰📉 Shift FinOps Left!
  • bridgecrewio/checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

testing

  • google/syzkaller - syzkaller is an unsupervised coverage-guided kernel fuzzer
  • AFLplusplus/AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
  • HypothesisWorks/hypothesis - The property-based testing library for Python
  • onsi/ginkgo - A Modern Testing Framework for Go
  • python-trio/trustme - #1 quality TLS certs while you wait, for the discerning tester
  • foundry-rs/foundry - Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
  • promptfoo/promptfoo - Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line

trading

tui

  • code-yeongyu/oh-my-openagent - omo/lazycodex: The coding agent for tokenmaxxers;the one and only agent harness for complex codebases. For your Codex, for your OpenCode
  • Textualize/rich - Rich is a Python library for rich text and beautiful formatting in the terminal.
  • wagoodman/dive - A tool for exploring each layer in a docker image

twitter

  • mvanhorn/last30days-skill - AI agent skill that researches any topic across Reddit, X, YouTube, HN, Polymarket, and the web - then synthesizes a grounded summary

typescript

  • vercel/eve - The Framework for Building Agents
  • Ataraxy-Labs/sem - Semantic version control => entity-level diffs, blame, and impact analysis on top of git. 28 languages via tree-sitter. Built for coding agents.
  • FlowiseAI/Flowise - Build AI Agents, Visually
  • bytedance/deer-flow - An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of ta
  • headroomlabs-ai/headroom - Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
  • nestjs/nest - A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀
  • faker-js/faker - Generate massive amounts of fake data in the browser and node.js
  • code-yeongyu/oh-my-openagent - omo/lazycodex: The coding agent for tokenmaxxers;the one and only agent harness for complex codebases. For your Codex, for your OpenCode
  • denoland/deno - A modern runtime for JavaScript and TypeScript.
  • Storybloq/storybloq - Cross-session context for Claude Code. CLI + MCP server + /story skill that tracks tickets, issues, handovers, and roadmap in a .story/ directory.
  • superradcompany/microsandbox - 🧱 easy, fast and local-first microVM runtime
  • ruvnet/ruflo - 🌊 The leading agent meta-harness for Claude. Deploy intelligent multi-agent swarms, coordinate autonomous workflows, and build conversational AI systems. Features adaptive memory, self-learning swarm
  • f/prompts.chat - f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
  • NVIDIA/NemoClaw - Run agents like Hermes and OpenClaw more securely inside NVIDIA OpenShell with managed inference
  • smartcontractkit/full-blockchain-solidity-course-js - Learn Blockchain, Solidity, and Full Stack Web3 Development with Javascript
  • NomicFoundation/hardhat - Hardhat is a development environment to compile, deploy, test, and debug your Ethereum software.
  • unionlabs/union - The trust-minimized, zero-knowledge bridging protocol, designed for censorship resistance, extremely high security, and usage in decentralized finance.
  • microsoft/mcp-for-beginners - This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for
  • ant-design/ant-design - An enterprise-class UI design language and React UI library
  • n8n-io/n8n - Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
  • langchain-ai/langchain - The agent engineering platform.
  • Infisical/infisical - Infisical is the open-source platform for secrets, certificates, and privileged access management.
  • semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

ubuntu

ui

vpn

  • octelium/octelium - A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA platform, API/AI/MCP gateway, a PaaS, an ngrok-alternative and a homelab infrastru
  • trailofbits/algo - Set up a personal VPN in the cloud

web

  • fastapi/fastapi - FastAPI framework, high performance, easy to learn, fast to code, ready for production
  • donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.

web-development

web3

webapp

webpack

  • j4k0xb/webcrack - Deobfuscate obfuscator.io, unminify and unpack bundled javascript

windows

youtube

  • mvanhorn/last30days-skill - AI agent skill that researches any topic across Reddit, X, YouTube, HN, Polymarket, and the web - then synthesizes a grounded summary

zsh

License

CC0

To the extent possible under law, mpapadopoullos has waived all copyright and related or neighboring rights to this work.

About

My starred repos

Resources

Readme

License

CC0-1.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors