Awesome Stars

A curated list of my GitHub stars! Generated by starred.

Contents

• C++
• CSS
• Dockerfile
• Go
• HTML
• Java
• JavaScript
• Markdown
• OCaml
• Others
• Python
• Ruby
• Rust
• Solidity
• Swift
• TypeScript
• YAML

C++

• fireblocks/mpc-lib -
• osquery/osquery - SQL powered operating system instrumentation, monitoring, and analytics.
• falcosecurity/falco - Cloud Native Runtime Security
• manticoresoftware/manticoresearch - Easy to use open source fast database for search | Good alternative to Elasticsearch now | Drop-in replacement for E in the ELK stack
• zero2504/Early-Cryo-Bird-Injections - Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
• openappsec/openappsec - open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

CSS

• carlyrichmond/webdevcon-grounding-rag-applications-workshop - Grounding RAG Applications with JavaScript, Langchain and Elasticsearch @ Webdevcon NL

Dockerfile

• Hacking-the-Cloud/hackingthe.cloud - An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

Go

• gruntwork-io/terragrunt - Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
• coder/coder - Secure environments for developers and their agents
• wallarm/gotestwaf - An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
• aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
• tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
• danielmiessler/Fabric - Fabric is an open-source framework for augmenting humans using AI. It provides a modular system for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.
• hashicorp/terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amo
• Checkmarx/2ms - Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git
• opentofu/opentofu - OpenTofu lets you declaratively manage your cloud infrastructure.
• TecharoHQ/anubis - Weighs the soul of incoming HTTP requests to stop AI crawlers
• hoophq/hoop - The only access proxy that blocks dangerous linux commands and scrubs sensitive database outputs
• opencost/opencost - Cost monitoring for Kubernetes workloads and cloud costs
• GoogleCloudPlatform/terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
• infracost/infracost - Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!
• gitleaks/gitleaks - Find secrets with Gitleaks 🔑
• evilmartians/lefthook - Fast and powerful Git hooks manager for any type of projects.
• strongdm/comply - Compliance automation framework, focused on SOC2
• reviewdog/reviewdog - 🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
• mikeroyal/Google-Cloud-Guide - Google Cloud Platform (GCP) Guide. Learn all about Google Cloud Tools, Services, and Certifications.
• cilium/cilium - eBPF-based Networking, Security, and Observability
• loft-sh/vcluster - vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it off
• argoproj/argo-cd - Declarative Continuous Deployment for Kubernetes
• caddyserver/caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
• aquasecurity/trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
• istio/istio - Connect, secure, control, and observe services.
• google/osv-scanner - Vulnerability scanner written in Go which uses the data provided by https://osv.dev
• ethereum/go-ethereum - Go implementation of the Ethereum protocol
• dexidp/dex - OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
• prometheus/alertmanager - Prometheus Alertmanager

HTML

• swisskyrepo/InternalAllTheThings - Active Directory and Internal Pentest Cheatsheets
• 18F/guides - 18F’s guides equip 18F teams, our partners, other practitioners, lawmakers, and the public with tools and practices to improve public services. They affirm experiences, build confidence, and empower e

Java

• SonarSource/orchestrator - Java library for running SonarQube in tests
• DependencyTrack/dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
• tronprotocol/java-tron - Java implementation of the Tron whitepaper
• SonarSource/sonar-java - ☕ SonarSource Static Analyzer for Java Code Quality and Security
• SonarSource/sonarqube - Continuous Inspection
• SonarSource/sonar-scanner-java-library - Common Java library used by many SonarScanners
• oracle/visualvm - VisualVM is an All-in-One Java Troubleshooting Tool
• SonarSource/sonar-custom-rules-examples - Shows how to bootstrap a project to write custom rules for PHP, Python, Cobol, RPG
• zaproxy/zaproxy - The ZAP by Checkmarx Core project
• mercedes-benz/sechub - SecHub provides a central API to test software with different security tools.

JavaScript

• cdxgen/cdxgen - Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission t
• httptoolkit/frida-interception-and-unpinning - Frida scripts to rewrite mobile applications at runtime to directly MitM all HTTPS traffic
• aquasecurity/cloudsploit - Cloud Security Posture Management (CSPM)
• step-security/github-actions-goat - GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
• microsoft/Web-Dev-For-Beginners - 24 Lessons, 12 Weeks, Get Started as a Web Developer

Markdown

• codecrafters-io/build-your-own-x - Master programming by recreating your favorite technologies from scratch.

OCaml

• semgrep/semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Others

• 4ndersonLin/awesome-cloud-security - 🛡️ Awesome Cloud Security Resources ⚔️
• decalage2/awesome-security-hardening - A collection of awesome security hardening guides, tools and other resources
• 11notes/RTFM -
• pushsecurity/saas-attacks - Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
• priyankavergadia/GCPSketchnote - If you are looking to become a Google Cloud Engineer , then you are at the right place. GCPSketchnote is series where I share Google Cloud concepts in quick and easy to learn format.
• cider-security-research/top-10-cicd-security-risks -
• freach/kubernetes-security-best-practice - Kubernetes Security - Best Practice Guide
• Littlehack3r/awesome-gcp-pentesting - Tools and blogs I use to perform GCP red teams
• trimstray/the-practical-linux-hardening-guide - This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
• open-policy-agent/awesome-opa - A curated list of OPA related tools, frameworks and articles
• sottlmarek/DevSecOps - Ultimate DevSecOps library
• m3y54m/Embedded-Engineering-Roadmap - Comprehensive roadmap for aspiring Embedded Systems Engineers, featuring a curated list of learning resources
• Developer-Y/cs-video-courses - List of Computer Science courses with video lectures.
• ByteByteGoHq/system-design-101 - Explain complex systems using visuals and simple terms. Help you prepare for system design interviews.
• kelseyhightower/kubernetes-the-hard-way - Bootstrap Kubernetes the hard way. No scripts.
• BjarneStroustrup/profiles - site for discussing profiles design
• jwasham/coding-interview-university - A complete computer science study plan to become a software engineer.
• arainho/awesome-api-security - A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
• its-a-feature/offensive_macos - Tracking of offensive macOS tooling, blogs, and related helpful information

Python

• Pylons/pyramid - Pyramid - A Python web framework
• langchain-ai/langchain - 🦜🔗 The platform for reliable agents.
• coreruleset/coreruleset - OWASP CRS (Official Repository)
• pre-commit/pre-commit-hooks - Some out-of-the-box hooks for pre-commit
• GoogleCloudPlatform/professional-services - Common solutions and tools developed by Google Cloud's Professional Services team. This repository and its contents are not an officially supported Google product.
• SigmaHQ/sigma - Main Sigma Rule Repository
• github/spec-kit - 💫 Toolkit to help you get started with Spec-Driven Development
• bregman-arie/devops-exercises - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
• hesreallyhim/awesome-claude-code - A curated list of awesome commands, files, and workflows for Claude Code
• anthropics/claude-code-security-review - An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities.
• cloud-custodian/cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
• nccgroup/ScoutSuite - Multi-Cloud Security Auditing Tool
• wshobson/agents - Intelligent automation and multi-agent orchestration for Claude Code
• pre-commit/pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
• open-telemetry/community - OpenTelemetry community content
• bridgecrewio/checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
• prowler-cloud/prowler - Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
• trailofbits/algo - Set up a personal VPN in the cloud
• mitmproxy/mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
• opencve/opencve - Vulnerability Intelligence Platform
• FirmWire/FirmWire - FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
• swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• mercedes-benz/odxtools - odxtools is a collection of utilities to interact with the diagnostic functionality of automotive electronic control units using python
• donnemartin/system-design-primer - Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
• Yelp/fuzz-lightyear - A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
• Yelp/detect-secrets - An enterprise friendly way of detecting and preventing secrets in code.
• botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study - Burp Suite Certified Practitioner Exam Study

Ruby

• endoflife-date/endoflife.date - Informative site with EoL dates of everything

Rust

• analysis-tools-dev/static-analysis - ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
• joaoviictorti/RustRedOps - RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust 🦀

Solidity

• Decurity/semgrep-smart-contracts - Semgrep rules for smart contracts based on DeFi exploits

Swift

• insidegui/VirtualBuddy - Virtualize macOS 12 and later on Apple Silicon, VirtualBuddy is a virtual machine GUI for macOS M1, M2, M3, M4

TypeScript

• langgenius/dify - Production-ready platform for agentic workflow development.
• promptfoo/promptfoo - Test your prompts, agents, and RAGs. AI Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with comma
• sourcebot-dev/sourcebot - Sourcebot is a self-hosted tool that helps you understand your codebase.
• j4k0xb/webcrack - Deobfuscate obfuscator.io, unminify and unpack bundled javascript
• upstash/context7 - Context7 MCP Server -- Up-to-date code documentation for LLMs and AI code editors
• Infisical/infisical - Infisical is the open-source platform for secrets, certificates, and privileged access management.
• kamranahmedse/developer-roadmap - Interactive roadmaps, guides and other educational content to help developers grow in their careers.
• renovatebot/renovate - Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
• freeCodeCamp/freeCodeCamp - freeCodeCamp.org's open-source codebase and curriculum. Learn math, programming, and computer science for free.

YAML

• usnistgov/macos_security - macOS Security Compliance Project

License

To the extent possible under law, lib0xidium has waived all copyright and related or neighboring rights to this work.