Awesome Open Source
Awesome Open Source
  • 98% OSS
  • 1% free-as-in-beer closed source software and some notable payware
  • 1% in-browser tools & SaaS
  • Review the license for each tool, some are free for non-commercial use only
  • Please don't submit to Reddit, HN, or post this on Twitter. Share, but share with close friends!

Table of Contents


Tools by Category

  • X Asset Management
  • X AWS Tools and Learning Resources
  • X Azure Tools and Learning Resources
  • X Backups
  • X Cloud File Sync and Sharing
  • X Collaboration Tools
  • X Containers
  • X Data Visualization and Dashboards
  • X Diagram and Design Tools
  • X Distributed Systems Tools
  • X Enterprise Architecture
  • X Editors
  • X Git Tools
  • X Google Cloud Tools and Learning Resources
  • X Graphics Stuff
  • X High Availability Clustering Tools
  • X HPC Tools
  • X Infrastructure as Code Tools
  • X Kubernetes
  • X Live CD and USB Tools
  • X Logging
  • X Metrics and Time Series Data
  • X Microsoft 365 and Office 365 Tools
  • X Monitoring and Alerting
  • X Networking Tools
  • X Network Performance Analysis Tools
  • X Orchestration
  • X Package Patch and Repository Tools
  • X Performance Analysis Tools
  • X Provisioning Tools
  • X Python Tools and Resources
  • X Python Programming Tutorials
  • X RDBMS and SQL Tools
  • X RDBMS Performance Analysis Tools
  • X Regular Expressions
  • X Secrets Management
  • X Security Tools
  • X Shell Scripting and Tools
  • X Software Development Tools and Resources
  • X SSH Tools
  • X SSL Tools
  • X Storage Tools
  • X Storage Performance Analysis Tools
  • X Terminal Tools and SSH Clients
  • X Tracing and Profiling
  • X Two Factor Authentication
  • X Virtualization and SDN
  • X VMware Tools
  • X VPNs and Tunnels
  • X Web and HTTP Tools
  • X Web and HTTP Performance Analysis Tools
  • X Misc Tools of Note
  • X Learning Resources

Tech and Security News


Asset Management

  • CloudQuery - Extracts, transforms, and loads your cloud assets into normalized PostgreSQL tables. CloudQuery enables you to assess, audit, and monitor the configurations of your cloud assets -- Golang
  • Collins - Infrastructure source of truth, created by Tumblr -- Scala
  • iTop - IT Service Management (ITSM), asset tracking, and ITIL -- PHP
  • Fusion Inventory - Multi-lingual, can be paired with GLPI for a killer solution -- perl
  • Genesis - Hardware discovery, by Tumblr, can report to Collins -- Ruby
  • GestioIP - IP address management (IPAM), web based, supports discovery -- perl
  • GLPI - Also provides license management, software auditing, and ticketing -- PHP
  • ITDB (IT ITems DataBase) - Includes purchase order management, floor plans, and ISO20000-like features -- PHP
  • NetBox - IPAM and DCIM by Digital Ocean -- Python
  • Netdisco - Web-based network management and discovery tool, written in perl, uses SNMP -- perl
  • NIPAP - Next-generation IPAM -- Python
  • OCS-NG (OCS Inventory NG) - Automated inventory, deployment system, can sync with GLPI -- perl
  • openDCIM - Data center infrastructure management -- PHP
  • Open-AudIT - Track and report assets and configurations, supports Windows too -- PHP
  • phpIPAM - IPAM -- PHP
  • pynetbox - Python API client library for NetBox -- python pip
  • RackTables - Data center asset management, being updated again! -- PHP
  • racktables-contribs - RackTables user-contributed plugins -- PHP
  • Ralph - DCIM and CMDB, supports auto-discovery -- Python pip
  • Snipe-IT - Uses Bootstrap, web based, supports mobile -- PHP
  • Steampipe - Discover, inventory, and query cloud resources using a SQL syntax -- Golang

AWS Tools and Learning Resources

  • Action Hero - Uses an AWS SDK feature known as Client Side Monitoring to help you create least privilege IAM Policies for AWS -- Golang
  • Amazon Builder's Library - Amazon shares their learnings -- articles
  • Architectural Patterns to Build End-to-End Data Driven Applications on AWS - Both technical architecture and business use cases -- article
  • asecurecloud - A free library of 400+ customizable AWS security configurations and best practices (CF, Terraform, and AWS CLI) -- collection
  • AutoSpotting - A tool implementing an automated bidding algorithm against the Amazon AWS EC2 spot market -- Golang
  • awacs (Amazon Web Access Control Subsystem) - Allows for easier creation of AWS Access Policy Language JSON by writing Python code to describe the AWS policies -- Python pip
  • Awesome AWS Workshops - Dozens of free interactive AWS workshops covering almost every major service (unofficial) -- tutorial
  • Awesome Cloud Security - A list -- collection
  • aws-runas - A friendly way to do AWS STS AssumeRole operations so you can perform AWS API actions using a particular set of permissions -- Golang
  • aws-gate - Connect to instances by other means (e.g. DNS, IP, tag, instance name, autoscaling group) -- Python pip
  • aws-shell (formerly Supercharged AWS CLI (SAWS)) - The best CLI for interacting with AWS -- Python pip
  • aws-ssm-tree - Provides a tree visualization of the parameters hierarchy from AWS System Manager Parameter Store -- Python pip
  • aws-sso-tool - CLI to Smooth out the rough edges of AWS SSO -- Python pip
  • aws-vault - A vault for securely storing and accessing AWS credentials in development environments -- Golang
  • apilogs - Easy logging and debugging for Amazon API Gateway and AWS Lambda Serverless APIs -- Python pip
  • Awesome AWS Security - Name -- collection
  • AWSConsoleRecorder - Records actions made in the AWS Management Console and outputs the equivalent CLI/SDK commands and CloudFormation/Terraform templates -- Chrome JavaScript
  • AWSGoat - AWS infrastructure simulator that is purposefuly vulnerable and is used as an environment to simulate attacks and more -- various lang
  • awslogs - AWS CloudWatch logs for Humans, for easier parsing and readability and searching -- Python pip
  • awspec - rspec for AWS resources -- Ruby gem
  • AWSSupport-SetupIPMonitoringFromVPC - SSM Automation document that launches a Monitor Instance in the specified subnet. The Monitor Instance pushes subnet network telemetry data to CloudWatch Logs -- article
  • AWS Amplify - Front end JS suite that provides a templated foundation for cloud-centric apps including authn, analytics, API, push notifications, Graph QL, and more -- JavaScript
  • AWS Architecture Center - Reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more -- collection
  • AWS Breaking Changes - List of changes announced for AWS that may break existing code -- collection
  • AWS by Open Guides - Excellent summary of almost all services -- collection
  • AWS Case Studies - Excellent for understanding motivations and designs -- collection
  • AWS CDK Workshop - AWS CDK workshop, official -- tutorial
  • AWS CLI Cheat Sheet - See name -- tutorial
  • AWS CloudFormation Guard - Provides developers with a simple-to-use, yet powerful and expressive domain-specific language (DSL) to define policies and enables developers to validate JSON or YAML formatted structured data with those policies -- Rust
  • AWS Controllers for Kubernetes (ACK) - Lets you define and use AWS service resources directly from Kubernetes -- Golang
  • AWS Config Rules Repository - Community driven -- collection
  • AWS Connect Manager - Open-source Windows GUI tool to simplify connecting to Amazon AWS EC2 instances -- various lang
  • AWS Copilot - OSS CLI to build, release, and operate apps for ECS and Fargate -- Golang
  • AWS Courses - 100+, created by AWS experts -- collection
  • AWS Encryption CLI - CLI for KMS -- Python
  • AWS Extend Switch Roles - Extend your AWS IAM switching roles by Chrome extension or Firefox add-on -- JavaScript
  • AWS Hands-On Tutorials - From Amazon -- collection
  • AWS IAM Authenticator for Kubernetes - A tool for using AWS IAM credentials to authenticate to a Kubernetes cluster -- Golang
  • AWS in Bullet Points - Certification-centric -- collection
  • AWS Lambda Power Tuning - A state machine powered by AWS Step Functions that helps you optimize your Lambda functions for cost and/or performance in a data-driven way -- JavaScript
  • AWS Official Terraform Modules - A mix of official and community supported, the official'ist repo -- collection
  • AWS Perspective - Official tool for discovering and visualizing your AWS infra, turn off the Neptune DB when not in use in order to save money -- in-browser
  • AWS re:Post - Official site for AWS questions and answers, like StackOverflow -- neat
  • AWS Quick Start - Automated gold-standard deployments on AWS, by AWS -- various lang
  • AWS SaaS Tenant Isolation Strategies - By AWS -- article
  • AWS SAM Local - CLI tool for local development and testing of Lambda applications -- Golang
  • AWS Samples - Over 2k code samples for all AWS services -- collection
  • AWS Secrets Manager and Configuration Provider (ASCP) - Plugin for the industry-standard Kubernetes Secrets Store Container Storage Interface (CSI) Driver used for providing secrets to applications operating on EKS -- Golang
  • AWS Secure Environment Accelerator - Designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis -- various lang
  • AWS Security Maturity Roadmap - A series or actionable steps to improve the security of their AWS environments, updated annually -- collection
  • AWS Startup Security Baseline (AWS SSB) - Designed with early startups in mind, a set of controls that create a minimum foundation for businesses to build securely on AWS without decreasing their agility, a reference architecture for start-ups, by Amazon -- article
  • AWS Stash - A collection of AWS related videos, podcasts, code repositories, whitepapers, and feature releases, all in a single, easy to search interface -- collection
  • AWS Toolbox - AWS scripts, tools, and snippits -- collection
  • AWS Toolkit for Visual Studio Code - Give it a go -- various lang
  • AWS Tools for PowerShell - Use an automation language instead of a programming langue -- various lang
  • AWS Video Catalog - All official AWS videos cataloged and categorized (by topic, by year, etc) -- collection
  • AWS Well Architected Labs - Hands on training and labs -- collection
  • AWS Well Architected Tool - Analyzes your infrastructure, run it from the AWS console, free -- in-browser
  • AWS Workshops - The official list of 100+ free AWS workshops -- collection
  • boto3 - The AWS SDK for Python 3 -- Python
  • boto3_type_annotations - Adds code completion in IDEs such as PyCharm -- Python
  • botostubs - boto3 code assistance for any API in any IDE, always up to date -- Python
  • Brainboard - Visually build & manage cloud infrastructures, outputs Terraform code from the diagram, paid, worth it -- SaaS
  • CDK-dia - Automated diagrams for AWS CDK infrastructure -- various lang
  • Chalice - Microframework for writing and testing serverless apps in Python -- Python
  • Chamber - Parameter Store + IAM for secrets including at rest protection, audit trail, and access control policies, by Segment -- Golang
  • Chrome AWS SAML Token Expiry Reminder (CASTER) - Automatically re-logs into AWS via ADFS before credentials expire -- Chrome
  • CloudBerry Explorer - Windows client for accessing AWS S3 buckets -- closed source Windows
  • CloudCraft - Create professional AWS architecture diagrams -- in-browser
  • CloudFormation Checklist - A list of all elements you need to have / to test before launching your infra to production -- collection
  • CloudFormation Designer - GUI for creating CloudFormation templates, very slick -- in-browser
  • CloudFormation Roadmap - Official roadmap -- article
  • CloudFrontier - Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud -- Python
  • CloudGraph - GraphQL API and Cloud Security Posture Management (CSPM) tool for AWS, Azure, GCP, and K8s (inventory & compliance) -- various lang
  • CloudMapper - Generates network diagrams of Amazon Web Services (AWS) environments and displays them via your browser, by Duo Security -- Python
  • Cloudockit - Automatically generates diagrams and technical documentation, visualize and document your cloud and on-premises environments, in just a few clicks -- not free but very good
  • CloudSploit Scans - Scan AWS accounts for security risks -- JavaScript
  • CloudTracker - Find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies. -- Python
  • Cloud Comparison - AWS and Azure services to Google Cloud - Cheatsheet for all three clouds -- collection
  • Cloud Custodian - Rules engine for managing public cloud accounts and resources via policies, by Capital One -- various lang
  • Cloud Security Suite (cs-suite) - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure -- Python pip
  • Cloud Spanner Emulator - For Google Cloud / GCP, official -- various lang
  • Complete AWS IAM Reference - Unofficial but concise -- collection
  • Constellation - Wraps your K8s cluster into a single confidential context that is shielded from the underlying cloud infrastructure, everything inside is always encrypted, including at runtime in memory -- Golang
  • credstash - Secrets management using AWS KMS -- Python pip
  • deterministic-zip - Simple (almost drop-in) replacement for zip that produces deterministic zip files so it's easier to see what exactly changed each time, great for Lambda -- Golang
  • Disposible Cloud Environment (DCE) - Temporary, limited Amazon Web Services (AWS) accounts. Accounts can be “leased” for a period of time or up to a pre-determined budget amount. When the period of time is reached or the maximum budgeted amount is exceeded, the lease is expired -- Golang
  • eb_deploy - Elastic Beanstalk blue-green deployment automation -- Ruby gem
  • EB CLI - CLI for Elastic Beanstalk -- Python
  • ec2-price-check - Gives a quick price check for an instance type -- shell
  • ec2instances.info - Open source and up to date instance price comparison tool -- Python
  • ec2.shop - ec2 price checker, supports curl -- various lang
  • eksctl - CLI tool for creating and managing clusters on AWS EKS -- Golang
  • EKS Best Practices - By Amazon, contributions welcome -- collection
  • EKS Blueprints - For AWS CDK or Terraform, includes associated services (Prometheus, ArgoCD, etc), by Amazon -- various lang
  • EKS Boilerplate - IaC boilerplate in mostly Terraform -- various lang
  • EKS Distro - Use me for multi-cloud EKS -- various lang
  • Everything AWS - The best way to browse the 6k+ AWS git repos -- collection
  • Fargate - CLI for AWS Fargate, unofficial -- Golang
  • Force MFA - Allows users to manage their own passwords and MFA devices but nothing else unless they authenticate with MFA, also makes API calls require MFA -- policy
  • Former2 - Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources via self-hosted web GUI -- JavaScript
  • haproxy-autoscale - Wrapper for haproxy that handles auto-scaling EC2 instances -- Python
  • How to Approach Threat Modeling - By Amazon -- article
  • iamlive - Generate a basic IAM policy from AWS client-side monitoring (CSM) -- Golang
  • IAM Policy Simulator - Built-in tool where you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies (SCPs), and resource-based policies -- in-browser
  • imds-filterd - Pair of utilities which work together to intercept and filter requests to the EC2 Instance Metadata Service -- C
  • Iris - Automatically assigns labels to Google Cloud resources -- various lang
  • kappa - CLI tool that makes it easier to deploy, update, and test Lambda functions -- Python
  • kinesis-scaling-tools - Tools to make Kinesis shards scale like ASGs -- Java
  • Lambda Powertools - Suite of utilities for AWS Lambda functions to ease adopting best practices such as tracing, structured logging, custom metrics, and more, by Amazon -- Python pip
  • Lambda the Terraform Way - A tutorial to understand AWS Lambda in-depth using Terraform -- training
  • localstack - A fully functional local AWS cloud stack for offline dev and test -- Python
  • Microsoft Entra Permissions Management - Allows organizations to discover, remediate, and monitor permissions for all identities (both human and workloads) and resources across multicloud environments, formerly CloudKnown -- article
  • MITRE ATT&CK in AWS - A Defender's Cheat Sheet - A mind map for alert triage, investigations, and incident response -- article
  • Mitre ATT&CK Mappings for Amazon GuardDuty - For AWS -- various lang
  • Moto - Library that allows your Python tests to easily mock out the boto library -- Python pip
  • My Arsenal of AWS Security Tools - List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc -- collection
  • onelogin-python-aws-assume-role - Assume an AWS Role and get temporary credentials using Onelogin -- Python pip
  • Overview of Amazon Web Services - Amazon's official guide, a few paragraphs for each -- collection
  • ParallelCluster - AWS supported Open Source cluster management tool to deploy and manage HPC clusters in the AWS cloud -- Python
  • Plumber - Read and write messages to Kafka, Kinesis Streams, SNS, SQS, and many more -- Golang
  • PMapper - Models the different IAM Users and Roles in an account as a directed graph, which enables checks for privilege escalation and for alternate paths an attacker could take to gain access to a resource or action in AWS -- Python
  • Production Readiness Checklist - Excellent checklist for pre-go-live, AWS-centric but great general advice -- collection
  • Prowler - For AWS account security assessment and hardening, based on aws-cli commands -- shell
  • refunc - Run AWS Lambda on Kubernetes, a Lambda-compatable API -- Golang
  • s3cmd - Backup to AWS via the command line -- Python
  • s4cmd - s3cmd with additional features -- Python
  • SaaS Tenant Isolation Strategies - By AWS -- article
  • Security Incident Response Guide - Whitepaper by AWS -- article
  • Security Overview of AWS Lambda - From AWS -- article
  • Security Reference Architecture - Updated mid-2021 -- collection
  • Security Stack Mappings - Maps Azure and AWS product security controls to MITRE ATT&CK -- collection
  • Serverless (formerly JAWS) - Javascript + AWS stack, the entire backend is Lambda functions, server-free -- JavaScript
  • Serverless by Design - In-browser or self-hosted GUI for making flow charts for serverless apps -- various lang
  • Serverless Snippets Collection - AWS serverless code snippets including categories such as CloudWatch Logs Insights, tools for integrating with AWS services -- collection
  • Serverless Stack Toolkit (SST) - extension of AWS CDK that includes a live Lambda dev environment and more -- JavaScript
  • Session Manager Plugin for AWS CLI - Used to start and end sessions that connect you to your managed instances -- Python
  • SkyArk - Defensive tool to find admin accounts to mitigate the threat of cloud shadow admins -- PowerShell
  • Solutions Library - Includes reference architectures -- collection
  • Sneaker - Store secrets on S3 using Amazon KMS -- Golang
  • ssh2ec2 - SSH into EC2 instances by tag name and/or other metadata filters -- Python pip
  • SSM Helpers - Interactive shell with an instance via AWS Systems Manager Session Manager and more -- Golang
  • StackMaster - Provides a ton of info pre-CloudFormation run so that you know exactly what will change -- Ruby gem
  • StarCluster - Toolkit for using AWS for high performance computing (HPC), by MIT -- Python
  • StarWind V2V Converter / P2V Migrator - Excellent tool for P2C and C2C VM migrations -- closed source
  • Steampipe - Discover, inventory, and query cloud resources using a SQL syntax -- Golang
  • Steampipe Mod - AWS Compliance - Run individual configuration, compliance and security controls or full compliance benchmarks for AWS Foundational Security Best Practices, CIS, GDPR, HIPAA, NIST 800-53, NIST CSF, PCI DSS, RBI Cyber Security Framework across all your AWS accounts -- Golang
  • Steampipe Mod - AWS Insights - Create dashboards as code about your AWS resources -- Golang
  • Stout - Easy way to reliably upload a static website to S3, capable of configuring CloudFront and Route 53 -- Golang
  • Superwerker - Open-source solution that lets you quickly set up an AWS Cloud environment following best practices for security and efficiency, built by AWS Advanced Partners -- various lang
  • taskcat - Tool that tests AWS CloudFormation templates. It deploys your AWS CloudFormation template in multiple AWS Regions and generates a report with a pass/fail grade for each region, by AWS -- Python
  • Terraformer - Generate Terraform files from existing infrastructure (reverse Terraform), supports AWS, GCP, and Azure, by Google -- Golang
  • Terragrunt Reference Architecture (AWS) - Nice, looking forward to their GCP one -- various lang
  • This is my Architecture - Short videos where people quickly explain their architecture, so cool -- collection
  • troposphere - Python library to create CloudFormation descriptions -- Python pip
  • Weird Behaviors in S3 Bucket Policies - Documented weirdness of S3 buckets -- collection
  • Zappa - Build and deploy serverless, event-driven Python applications -- Python

Azure Tools and Learning Resources

  • Active Roles - Restore deleted objects, track change history, automation, and more for your Active Directory, supports Azure, payware -- closed source
  • AIPAS (Azure IP Address Solution) - IPAM for Azure, used to support the deployment of Enterprise Scale Landing Zones and their VNETs -- PowerShell
  • App Service Acmebot - Application that automates the issuance and renewal of ACME SSL/TLS certificates for Azure App Services -- C Sharp
  • ARMClient - A simple command line tool to invoke the Azure Resource Manager API -- C Sharp
  • ARM Quickstart Templates - 1000+ ARM templates, community-driven -- collection
  • ARM Tools for Visual Studio Code - Language support, resource snippets, and resource auto-completion -- various lang
  • ARM Viewer for Visual Studio Code - Graphical preview of ARM templates -- various lang
  • Automatic Tuning in Azure SQL Database and Azure SQL Managed Instance - Built-in -- article
  • Awesome Azure Architecture - Hot -- collection
  • Awesome Azure Pentest - Includes both Azure and M365 / O365 -- collection
  • Awesome Azure Policy - Huge collection -- collection
  • Awesome Cloud Security - A list -- collection
  • Az Predictor - Intelligent command completion module for Azure Powershell, not just from your history -- neat
  • Azucar - Multi-threaded plugin-based tool to help you assess the security of your Azure Cloud environment -- PowerShell
  • AzCopy - CLI to copy data to and from containers and file shares in Azure Storage accounts -- Golang
  • AzGovViz - Azure Governance Visualizer PowerShell script that captures Azure Governance related information -- PowerShell
  • AZSentinel - Unofficial PowerShell module for Azure Sentinel because there is no documented API to configure Sentinel -- PowerShell
  • AzureHunter - Cloud forensics Powershell module to run threat hunting playbooks on data from Azure and O365 -- PowerShell
  • AzureServces.IO - A visual representation of Azure services. Services interconnections, reference to availability by regions and other quick references -- in-browser
  • Azure-PlantUML - PlantUML sprites, macros and stereotypes for creating PlantUML diagrams with Azure components -- collection
  • Azure Active Directory Best Practices - Covers all areas (roles, B2C, applications, and more) -- collection
  • Azure AD - Attack and Defense Playbook - Collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected -- collection
  • Azure AD App Gallery - Catalog of thousands of apps that make it easy to deploy and configure single sign-on (SSO) and automated user provisioning, official -- collection
  • Azure AD Connect Sync - Takes care of all the operations that are related to synchronize identity data between your on-premises environment and Azure AD, the successor of DirSync, Azure AD Sync, and Forefront Identity Manager -- closed source
  • Azure AD Password Protection for Windows Server Active Directory - Protect all password set and reset operations in Azure and Windows Server Active Directory by ensuring they do not contain weak or leaked password strings, official tool -- closed source
  • Azure AD Security Defaults - Easy to enable secure configuration -- article
  • Azure AD Workload Identity for Kubernetes - Replacement for Azure AD Pod Identity -- article
  • Azure and Microsoft 365 Scenarios - A summary of architectures and solutions that use Azure together with Microsoft 365 -- article
  • Azure App Service Extensions - Easily integrate your app with many 3rd party services and much much more -- tutorial
  • Azure Arc - Multi-cloud + on-prem control plane to centralize hybrid management, magical -- cloud
  • Azure Arc Jumpstart - Learn Azure Arc in no time -- tutorial
  • Azure Architecture Center - Guidance for architecting solutions on Azure using established patterns and practices -- collection
  • Azure Certification Materials - By John Savil -- collection
  • Azure Cloud Adoption Framework - Collection of documentation, implementation guidance, best practices, and tools that are proven guidance from Microsoft designed to accelerate your cloud adoption journey -- collection
  • Azure Cloud Adoption Framework - Enterprise-scale Architecture - An excellent reference pattern -- article
  • Azure Cloud Guardrails - Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives, by Salesforce -- Python pip
  • Azure Cloud Shell - Container image for Azure Cloud Shell (in-browser Azure CLI, Azure PowerShell, Ansible, Terraform, Chef, Puppet Bolt, kubectl, and many more) -- various lang
  • Azure Databricks Best Practices - By Microsoft, based off customer and technical SME feedback -- article
  • Azure Data Security - More topics in the left sidebar -- article
  • Azure Data Studio - Cross-platform database tool for data professionals who use on-premises and cloud data platforms on Windows, macOS, and Linux -- closed source
  • Azure DevOps Demo Generator - Auto-creates projects that you can use to demo Azure DevOps or to learn using Azure DevOps Labs -- in-browser
  • Azure DevOps Labs - Self-paced -- training
  • Azure DevOps: Recommended Practices for Secure Pipelines - Great collection -- collection
  • Azure DevTest Labs - Lab owners can create preconfigured VMs that have tools and software lab users need. Lab users can claim preconfigured VMs, or create and configure their own VMs and environments. Lab policies and other methods track and control lab usage and costs -- article
  • Azure Functions Core Tools - Develop and test your functions on your local computer from the command prompt or terminal -- various lang
  • Azure Functions Security - Repo with a collection of resources -- collection
  • Azure Functions University - Videos and hands-on -- tutorial
  • Azure Governance Visualizer - Granular insights on your technical Azure Governance implementation -- PowerShell
  • Azure Icon Collection - Various technical icons, glyphs, logos and other imagery all in SVG format -- collection
  • Azure in Bullet Points - Super fast way to learn Azure and prep for certifications at the same time -- collection
  • Azure Kubernetes Service (AKS) Baseline Cluster - Reference implementation demonstrates the recommended starting (baseline) infrastructure architecture for a general purpose AKS cluster, by Microsoft -- various lang
  • Azure Landing Zone - Pre-made environments that follow best practices, quick to spin up -- article
  • Azure Master Class - Hands on free training by John Savill -- training
  • Azure Mission-Critical - Official Microsoft project that provides a prescriptive architectural approach to building highly-reliable cloud-native applications on Microsoft Azure for mission-critical workloads -- collection
  • Azure Mobile App - Monitor and administer Azure from your phone, Android or iOS, official tools from Microsoft -- closed source
  • Azure Monitor Community - Contains log queries, workbooks, and alerts, shared to help Azure Monitor users make the most of it, official -- various lang
  • Azure Monitor Workbook Templates - Templates for Azure Monitor Workbooks, official -- collection
  • Azure Official Terraform Modules - By Microsoft -- collection
  • Azure Policy Samples - Samples of Azure Policies that can be used as reference for creating and assigning policies -- collection
  • Azure Portal Desktop App - Faster than a browser, full Cloud Shell, fast search -- various lang
  • Azure PowerShell Cheat Sheet - Examples, snippits, and explanations -- collection
  • Azure Readiness Checklist - Are you ready to go to prod on Azure? Use this checklist to find out -- collection
  • Azure Review Checklists - Official checklists for doing a design review -- collection
  • Azure Security Baseline - Applies guidance from the Azure Security Benchmark version 1.0, kinda old -- article
  • Azure Security Benchmark (ASB) - Azure security best practices by Microsoft, currently v3 -- collection
  • Azure Security Best Practices Checklist - A list of 100 items for Azure -- collection
  • Azure Security Technical Capabilities - An introduction to all important / core services of Azure -- article
  • Azure Storage Encryption for Data at Rest - Name -- article
  • Azure Terrafy - Bring existing Azure resources under Terraform control (eg: export current Azure config as HCL), official tool from Microsoft -- various lang
  • Azure Threat Research Matrix - TTPs for Azure like MITRE ATT&CK official by Microsoft -- article
  • Azure Tips and Tricks - 100s of tips from community and real world scenarios, please contribute -- collection
  • Azure VM Comparison - Find and compare Azure Virtual Machines specs and pricing on one page across different tiers, payment types, and regions -- in-browser
  • Azure Well-Architected Framework - Guiding tenets that can be used to improve the quality of a cloud workload -- article
  • Azurite - Enumeration and reconnaissance activities in the Microsoft Azure Cloud -- various lang
  • AzViz - Automatically generate Azure resource topology diagrams by just typing a PowerShell cmdlet and passing the name of one or more Azure Resource Group(s) -- PowerShell
  • Batch Explorer - Client tool to help create, debug and monitor Azure Batch Applications -- Typescript
  • Bicep - Declarative DSL to deploy Azure resources, transpiled into ARM -- article
  • BloodHound - Easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths -- various lang
  • blue-teaming-with-kql - Cheat sheets, code snippits, and more, very cool -- collection
  • Brainboard - Visually build & manage cloud infrastructures, outputs Terraform code from the diagram, paid, worth it -- SaaS
  • CIS for Azure - Title -- article
  • CloudFrontier - Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud -- Python
  • CloudGraph - GraphQL API and Cloud Security Posture Management (CSPM) tool for AWS, Azure, GCP, and K8s (inventory & compliance) -- various lang
  • CloudLAPS Community Edition - End-to-end local administrator password solution (LAPS) for cloud managed devices (Azure AD joined devices), includes a portal / GUI -- PowerShell Bicep
  • Cloudockit - Automatically generates diagrams and technical documentation, visualize and document your cloud and on-premises environments, in just a few clicks -- not free but very good
  • CloudSploit - Scans for risks, multi-cloud -- various lang
  • Cloud Comparison - AWS and Azure services to Google Cloud - Cheatsheet for all three clouds -- collection
  • Cloud Custodian - Rules engine for managing public cloud accounts and resources via policies, by Capital One -- various lang
  • Cloud Design Patterns - Useful for building reliable, scalable, secure applications in the cloud, Azure-centric, by Microsoft -- collection
  • Cloud Security Suite (cs-suite) - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure -- Python pip
  • Constellation - Wraps your K8s cluster into a single confidential context that is shielded from the underlying cloud infrastructure, everything inside is always encrypted, including at runtime in memory -- Golang
  • Container Apps - A fully managed serverless k8s-like service, compare to Google Cloud Run, now available! -- article
  • CrowdStrike Reporting Tool for Azure (CRT) - Quickly and easily review excessive permissions in their Azure AD environments to help determine configuration weaknesses and provide advice to mitigate this risk -- PowerShell
  • Get PIM Role Assignment Status - Correctly report PIM roles in Azure -- PowerShell
  • hibp-adfs - Gets the SHA1 hash of the submitted ADFS password and checks it against Have I Been Pwned -- JavaScript
  • How to Detect Azure Active Directory Backdoors: Identity Federation - For Azure AD -- article
  • Identity Management for Multitenant Applications in Microsoft Azure - By Microsoft -- article
  • Introduction to Azure Security - Name -- article
  • Key Vault Acmebot - Automates the issuance and renewal of ACME SSL/TLS certificates stored in Azure Key Vault -- various lang
  • KQL Cheat Sheet - Title -- article
  • KQL Quick Reference - By Microsoft -- article
  • KQL Tutorial Series - Videos by TeachJing -- tutorial
  • kubelogin - Client-go credential (exec) plugin implementing Azure authentication for kubectl, great for working with AKS -- Golang
  • Mandiant Azure AD Investigator - Module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity including domain federation, service principals, applications, and more -- PowerShell
  • MicroBurst - A PowerShell toolkit for attacking Azure -- Powershell
  • Microsoft Authenticator App - Passwordless and 2FA for Azure, iOS and Android -- closed source
  • Microsoft Cloud Workshop (MCW) - Customer-ready content to host workshops that foster cloud learning and adoption, by Microsoft -- training
  • Microsoft Entra Permissions Management - Allows organizations to discover, remediate, and monitor permissions for all identities (both human and workloads) and resources across multicloud environments, formerly CloudKnown -- article
  • Microsoft Learn - Includes many Azure courses -- collection
  • Microsoft Portals - Complete list of Microsoft web admin portals for Azure and M365 services -- hottt
  • Microsoft Purview Compliance Manager - Formerally known as Compliance Center -- in-browser
  • Microsoft Cybersecurity Reference Architectures (MCRA) - In PPT format WTF -- collection
  • Microsoft Sentinel and Microsoft 365 Defender Repository - Contains out of the box detections, exploration queries, hunting queries, workbooks, playbooks and much more to help you get ramped up -- collection
  • Microsoft Sentinel 4 SecOps - Microsoft Sentinel content including KQL queries for exploration, hunting, and other activities -- collection
  • Must Learn KQL - Contains the code, queries, and eBook included as part of the MustLearnKQL series -- article
  • Plumber - Read and write messages to Kafka, Azure Service Bus, Azure Event Hub, and many more -- Golang
  • PowerShell Gallery - The central repository for sharing and acquiring PowerShell code including PowerShell modules, scripts, and DSC resources -- collection
  • PowerShell Koans - Learn the PowerShell language through Pester unit testing -- PowerShell
  • PowerShell Language Support for Visual Studio Code - VSCode plugin, both write and test inside VSCode, highly recommended -- various lang
  • PowerShell Universal - Single pane of glass for managing and delegating access to your automation environment, similar to Rundeck, payware -- closed source
  • PowerZure - PowerShell framework to assess Azure security -- PowerShell
  • Promitor - Azure Monitor scraper which makes the metrics available through a scraping endpoint for Prometheus or push to a StatsD server -- C Sharp
  • Query Performance Insight - See long running queries and see which SQL queries are consuming the most resources, supports Azure -- closed source
  • Security Stack Mappings - Maps Azure and AWS product security controls to MITRE ATT&CK -- collection
  • Sentinel ATT&CK - Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK --various lang
  • Sentinel KQL - Examples, breakdowns, and code snippits -- collection
  • Service Authentication and Authorization Table - For reviewing service authentication and authorization security options in Azure – especially cross-service security -- collection
  • Service Bus Explorer - Interact with Azure Service Bus for testing, debugging, etc -- Windows
  • Service Operator - Helps you provision Azure resources and connect your applications to them from within Kubernetes and kubectl -- Golang
  • SkyArk - Defensive tool to find admin accounts to mitigate the threat of cloud shadow admins -- PowerShell
  • SQL Index Manager - Free GUI Tool for Index Maintenance on SQL Server and Azure -- various lang
  • SQL Monitor - Probably the best SQL Server monitoring platform, supports Azure, by Redgate, payware -- various lang
  • SQL Server Management Studio (SSMS) - Integrated environment to configure, monitor, and administer instances of SQL Server and databases including Azure -- closed source
  • SQL Server Profiler - Profile SQL Server queries, also supports Azure -- closed source
  • StarWind V2V Converter / P2V Migrator - Excellent tool for P2C and C2C VM migrations -- closed source
  • StigRepo - Automate and customize configurations that are compliant with Security Technical Implementation Guides (STIGs) owned and released by the Defense Information Systems Agency (DISA) -- PowerShell
  • Tenant Security (AzTS) - Used to obtain visibility to cloud subscriptions and resource configuration across multiple subscriptions in an enterprise environment, official tool by Microsoft -- various lang
  • Terraformer - Generate Terraform files from existing infrastructure (reverse Terraform), supports Azure, AWS, and GCP, by Google -- Golang
  • Service Map - Automatically discovers application components on Windows and Linux systems and maps the communication between service, uses Log Analytics and the Dependency agent -- in-browser
  • Steampipe - Discover, inventory, and query cloud resources using a SQL syntax -- Golang
  • Steampipe Mod - Azure Compliance - Run individual configuration, compliance and security controls or full CIS, HIPAA HITRUST and NIST compliance benchmarks across all your Azure subscriptions -- Golang
  • StormSpotter - Creates an “attack graph” of the resources in an Azure subscription. It enables red teams and pentesters to visualize the attack surface and pivot opportunities within a tenant -- Python
  • Understanding the Azure App Service File System - Aritcle -- article
  • Vajra - GUI with multiple techniques for attacking and enumerating in target's Azure environment -- various lang
  • Veeam Backup and Replication Community Edition - Great for lift/shift to Azure from any platform -- closed source
  • VSTeam - Unofficial PowerShell module to automate Azure DevOps -- PowerShell

Backups

  • Amanda - The classic -- C perl
  • Backupninja - Centralize way to configure and schedule many different backup utilities -- shell
  • BURP (BackUp and Restore Program) - Reduces network traffic and the amount of space required by using librsync -- C
  • BackupPC - Dedupe and a web GUI for restores -- perl
  • Backup - Gem for backup and restore, supports tons of platforms and notifiers (RDBMS, S3, Dropbox, rsync, Hipchat, Zabbix) -- Ruby gem
  • Bacula - Open source backup tool, lots of downloads so I guess it's good I don't know -- C
  • Back in Time - Similar to TimeMachine, simple GUI backup program -- Python
  • Bareos (Backup Archiving REcovery Open Sourced) - Fork of Bacula with additional features -- C
  • borgmatic - A simple wrapper script for the Borg backup software that creates and prunes backups-- Python
  • bup - Uses the git packfile format, supports global dedupe, can use "par2" redundancy -- Python
  • DAR (Disk ARchive) - Better than tar, focuses on disks instead of tapes -- C++
  • ddrecover - This should be the first data recovery tool you use -- C
  • Deja Dup - GUI for duplicity -- C
  • Duplicati - Supports encryption and dedupe -- Mono
  • Duplicity - Encrypted bandwidth-efficient backup using the rsync algorithm -- Python
  • Elkarbackup - Comes as a ready to use VM, supports Linux and Windows -- PHP
  • Fpart - Packs file systems into "partitions" so you can do multi-threaded or multi-node rsyncs -- C
  • FSArchiver - Save the contents of a file system to a compressed archive, if one of the checksums doesn't match the file is lost, not the whole backup -- C
  • Grsync - GUI for rsync -- Windows OS X C
  • imapsync - Supports almost every provider and platform, great for backups -- various lang
  • Mondo Rescue - Disaster recovery, supports tapes, disks, network and CD/DVD as backup media, multiple filesystems, LVM, software and hardware RAID -- C
  • rdiff-backup - Combines the best features of a mirror and an incremental backup in a bandwidth efficient manner -- Windows OS X Python
  • Redo Backup and Recovery - Simple bare metal backup and restore, live CD -- Windows
  • Relax and Recover (REAR) - BMR, simple, integrates with commercial backup solutions -- shell
  • rsnapshot - Uses rsync and hard links, can keep multiple full backups available while using very little disk space -- OS X perl shell
  • SafeKeep - Superb project, uses LVM snapshots -- Python
  • SnapRAID - Backup program that also stores RAID parity information -- C
  • Unison - Multi-OS file sync tool, syncs from both sides, no master -- OS X
  • UrBackup - Supports Windows, has a web interface -- Windows C++
  • User Profile Wizard (profwiz) - Migrate Windows user profiles to retain all settings, great for domain migrations including to Azure AD, worth it -- payware
  • Veeam Backup and Replication Community Edition - Great for P2V, V2V lift/shift to Azure, AWS, Google, Hyper-V and VMware -- closed source

Cloud File Sync and Sharing

  • Drive - Push or pull files to Google Drive via the command line -- Golang
  • git-annex Assistant - Sync folder(s) to any device (NAS, mobile, thumb, cloud, etc) via git -- C OS X mobile
  • lsyncd - Watches a local directory trees event monitor interface (inotify or fsevents) and kicks off an rsync when things change -- Lua
  • Mackup - Sync your Mac application settings to various cloud services or git -- Python OS X
  • Nextcloud - Fork of and replacement for OwnCloud, a self-hosted Dropbox -- various lang Windows OS X
  • Pydio - Formerly AjaXplorer, AGPL license -- PHP
  • rclone - Probably the best cloner, supports almost any source and dest -- Golang
  • Seafile - Also offers a paid professional edition with more features, supports most platforms -- C
  • SparkleShare - Uses git under the hood, neat -- Windows OS X
  • Syncany - Supports tons of different protocols for the transfer (SCP, FTP, Samba, S3, etc) -- Gradle
  • Syncthing - Uses an ID rather than an IP address, share your ID with friends and go -- Golang
  • Tahoe-LAFS - Free and open decentralized cloud storage system -- Python

Collaboration Tools

  • Awesome Screenshot - Screen record and capture via a Chrome extension, payware -- in-browser
  • CannedTXT - Canned response examples to speed up your business communication -- in-browser
  • Citadel - Messaging, collaboration tools, and groupware - an all-in-one package -- C
  • Codeshare - In-browser screenshare to teach coding, group code, or as an interview whiteboard -- in-browser
  • dev-setup - Automated setup scripts for laptop tools like Sublime Text, AWS, Spark, Android dev, and more -- collection
  • Etherpad - Enter, save, and share text/code in a web browser -- JavaScript
  • Fosscord - OSS self-hostable Discord compatible chat, voice and video platform -- various lang
  • FreeIPA - Identity, policy, and audit suite, think Active Directory for Linux (LDAP, CA, x509, DNS, Kerberos) -- various lang
  • FreeMind - OSS mind mapping software, great for brainstorming -- Java Windows OS X
  • gcalcli - CLI for Google Calendar -- Python pip
  • gmvault - Export/backup and restore your Gmail account -- Python
  • Got Your Back - Gmail backups over HTTPS -- Python
  • Haste / hastebin - Open source pastebin alternative for sharing code, can be installed locally / on-site -- JavaScript
  • Hubot - Chat bot that can do deploys, look up images, integrate with Google Maps, and tons of other stuff -- CoffeeScript
  • imapsync - Supports almost every provider and platform, great for migrations -- various lang
  • Isso - A commenting server similar to Disqus -- JavaScript
  • Jitsi - OSS Zoom alternative that allows you to create highly secure videoconferencing solutions, you can make it P2P as well - various lang
  • Kanboard - Simple Kanban board -- PHP
  • Kolab - Unified communication and collaboration system -- PHP
  • Mattermost - OSS Slack alternative -- Golang JavaScript
  • Mailtrain - Self hosted news letter e-mail app, similar to Mailchimp -- JavaScript
  • ONLYOFFICE - Self-hosted web-based Office lookalike and compatible productivity suite -- various lang
  • OpenProject - Web-based project management system built on Ruby on Rails -- Ruby
  • osTicket - Routes inquiries created via email, web-forms and phone calls into a web-based customer support platform -- PHP
  • OTRS - Open source help desk software -- perl
  • OwnTracks - Self-hosted location tracking you can share - use for diaries, work orders, etc -- various lang mobile
  • Pandoc - Convert files from one markup format to another, supports a ton of formats -- Haskell
  • Phabricator - Suite of web-based software dev collaboration tools, and all-in-one project management tool -- PHP
  • PrivateBin - Pastebin where the server has zero knowledge of pasted data, data is encrypted/decrypted in the browser using 256 bits AES -- various lang
  • QueryClips - Pastebin for Postgres or my mySQL SQL query sharing -- in-browser
  • RainLoop - Simple, modern & fast web-based email client -- PHP
  • Redmine - Project management webapp -- Ruby
  • Request Tracker - Bug tracking, help desk ticketing, customer service, workflow processes, change management and more -- perl
  • Review Board - Code review tool for multiple SCM systems -- Python
  • Rocket.Chat - OSS Slack clone built with Meteor.js -- JavaScript
  • Roundcube - Browser-based multilingual IMAP client -- PHP
  • Scribus - Open source desktop publishing (layout, typesetting, etc), Adobe InDesign alternative -- C++ Windows OS X
  • SOGo - Groupware that integrates with Microsoft, Android, and Apple products -- Objective-C OS X
  • Sovereign - Set of Ansible playbooks to deploy a suite of self-hosted apps (mail, colab, calendar, file sync, and more) -- Python
  • Synergy - Share a single keyboard and mouse with multiple physical computers, only the old version is free now -- closed source Windows OS X
  • Taiga - Project management web application with agile/ scrum in mind -- Python CoffeeScript
  • TermRecord - Record and playback terminal sessions, outputs self-contained HTML -- Python
  • TinkPilot - Use your Raspberry Pi as a browser-based KVM, OSS, over IP -- various lang
  • VisioCafe - The largest collection of free Visio stencils -- collection
  • WeKan - OSS Trello-like kanban board -- JavaScript
  • YOURLS (Your Own URL Shortener) - Lets you run your own URL shortener a'la TinyURL or bit.ly -- PHP
  • Zulip - Group chat with chat threads, by Dropbox -- various lang mobile Windows OS X

Containers

  • Alpine Linux - Super minimal BusyBox based Linux distro, perfect for hosting containers -- various lang
  • Anchore - A centralized service for inspection, analysis and certification of container images -- Golang
  • appscale - Open source implementation of Google App Engine -- Python
  • Buildah - A low-level interface to core-utils, build container images with the scripting language of your choice without using Dockerfiles, compare to Podman -- Golang
  • cadvisor - Analyzes resource usage and performance characteristics of running containers -- Golang
  • cert-manager - Automate the management and issuance of TLS certificates from various issuing sources -- Golang
  • Cilium - Transparently secure layer 7 services, communicate based on identity groups, load balancing, eBPF-level for performance and instrumentation & more -- Golang
  • Clear Linux - New name for Clear Containers, attempts combine the security advantages of VMs with the deployment advantages of containers -- various lang
  • crane - Docker orchestration, similar to Docker Compose -- Golang
  • ctop - ncurses top-like UI for containers -- Golang
  • dcp - Easily copy files from and list files in an image -- Rust
  • Dex - A federated OpenID Connect provider -- Golang
  • distroless - "Distroless" images contain only your application and its runtime dependencies and nothing else, by Google -- various lang
  • docker-debug - Attach a new "debug container" to existing namespaces so you don't have to include debug tools in the app containers -- Golang
  • docker-gc - Docker garbage collection of containers and images -- shell
  • DockerSlim - Uses static and dynamic analysis to create skinny image variants of your fat images -- Golang
  • dockerviz - Great tool for analyzing images -- Golang
  • Docker Bench - Checks for dozens of common best-practices around deploying Docker containers in production -- shell
  • docker buildx - The official, best, and easiest way to build multi-platform image-- article
  • Docker CE - Community Edition, use me to replace Docker Desktop, note thew new build procedure -- various lang
  • Docker Compose - Define and run multi-container apps with Docker, previously known as fig, official -- Python
  • Docker Compose Profiles - An easy way to switch between container configurations -- Python
  • Docker Desktop - Notable because it works without admin / root, Mac and Windows -- Golang
  • Docker Distribution - AKA Docker Registry 2.0 - pack, ship, store, and deliver containers -- Golang
  • Docker Hub - Official Docker images for many projects -- various lang
  • Docker Security Cheatsheet - By OWASP -- tutorial
  • Docker Toolbox - Docker Client, Machine, Compose, Kitematic, VirtualBox, and the boot2docker VM in a single package, official -- various lang
  • dockerfile-security - Open Policy Agent (OPA) rules for dockerfiles that can be integrated into your pipeline -- collection
  • Dockit - Jump into a container image of your choosing, taking all the files from the current directory with you -- shell
  • Dokku - Docker powered mini-Heroku (PaaS) in around 100 lines of bash -- shell
  • dumb-init - Minimal init system for containers, by Yelp -- C
  • Fedora CoreOS - The best of CoreOS + Fedora Atomic Host, upstream to RHEL CoreOS, successor to now sunset RHEL / Fedora Atomic & Container Linux -- various lang
  • Flatcar Container Linux - Immutable Linux distribution for containers, the modern choice -- various lang
  • gvisor - User-space kernel, can be used to sandbox containers, by Google -- Golang
  • img - Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder -- Golang
  • Jenkins Docker Slaves Plugin - Aka Dockins, execute a Jenkins job inside one or more containers, supports most job types -- Java
  • jib - Build container images for your Java applications, by Google -- Java
  • Kata Containers - A mix of Clear Containers / Clear Linux and Hyper's runV -- frankencontainers various lang
  • Kitematic - GUI Docker management on Mac & Windows (laptops), official -- JavaScript Windows OS X
  • Kraken P2P Docker registry capable of distributing TBs of data in seconds using a slightly modified BitTorrent protocol -- Golang
  • Lazydocker - Terminal UI for both docker and docker-compose -- Golang
  • LinuxKit - Toolkit for building custom minimal, immutable Linux distributions -- Golang
  • Logspout - Log router for Docker containers -- Golang
  • MicroShift - Repackages OpenShift and k8s core components into a single binary that weighs in at a relatively tiny 160MB executable, by Red Hat -- neat
  • Minishift - OpenShift 3.x in a VM for testing / learning -- Golang
  • ngnix-proxy - Nginx proxy for Docker containers using docker-gen, recommened -- Python
  • Nomad - Highly scalable application, process, and container orchestraction, multi-cloud support -- Golang
  • OCP4 Helper Node - Creates an all-in-one (AOI) bare metal OpenShift 4 node for demo and learning -- various lang
  • OKD - The open source upstream for Red Hat's OpenShift 3.x and 4.x, previously OpenShift Origin -- Golang
  • OpenShift 4 Bare Metal Install - User Provisioned Infrastructure (UPI) - For testing and learning, requires access to RedHat OpenShift Cluster Manager -- various lang
  • OpenShift All-in-One (AIO) - Ansible playbooks to install all OpenShift 4.x features onto a single bare metal UPI node, great for learning and demo, by Red Hat -- various lang
  • OpenShift Local - Official tool to spin up an OpenShift cluster on your laptop, formerly CodeReady Containers -- various lang
  • Panamax - Containerized app creator with an open-source app marketplace hosted in GitHub -- various lang
  • Permission Manager - Excellent solution for standalone or onprem isolated clusters -- Golang
  • pipework - SDN for Linux Containers -- various lang
  • Podman - An alternative to Docker -- Golang
  • Podman Desktop Companion - Desktop graphical interface for the free and open container manager - Podman -- various lang
  • podman-tui - Terminal UI for Podman -- various lang
  • Popeye - Scans the live cluster for dead or unused resources such as ports mismatches, metrics utilization, probes, container images, RBAC rules, naked resources, etc -- Golang
  • Portainer - Web interface for Docker aka us-for-docker -- JavaScript
  • pulumi - HOT create and deploy cloud programs that use containers, serverless functions, hosted services, and infrastructure, on any cloud, supports most languages -- various lang
  • Pulumi Cloud Framework - Multi-cloud support via a single API -- various lang
  • Rancher - Provides a complete platform for operating Docker in production -- various lang
  • Rancher Desktop - Replacement for Docker Desktop -- various lang
  • Registrator - Service registry bridge for Docker, supports Consul, etcd -- Golang
  • Visual Studio Code Remote - Containers - Lets you use a Docker container as a full-featured development environment. It allows you to open any folder inside (or mounted into) a container and take advantage of Visual Studio Code's full feature set -- neat
  • Watchtower - Monitors your running Docker containers and restart them when a new image is available -- Golang
  • Weave - Virtual network that connects Docker containers deployed across multiple hosts -- Golang

Dashboards and Data Visualization

  • Bigdesk - Live charts and statistics for Elasticsearch cluster -- JavaScript
  • Cachet - Create beautiful, responsive status pages -- PHP
  • Cacti - Web-based network monitoring and graphing tool designed as a front-end to RRDtool -- PHP
  • Dashkiosk - An excellent, simple dashboard that supports multiple screens -- JavaScript
  • Facette - Time series data visualization and graphing software -- Golang
  • Flame Graphs - Stack trace visualizer by Brendan Gregg -- perl
  • Gource - Software version control visualization tool -- C++
  • Graphene - Graphite dashboard in D3 and Backbone -- JavaScript
  • Hygieia - Visualize near real-time status of the entire delivery pipeline, by Capital One -- Java
  • ksar - Creates pretty graphs from sar output -- Java
  • logstalgia - Web site access log visualization tool, aka Apache Pong -- C++
  • Loki - Like Prometheus but for logs -- Golang
  • lsofgraph - lsof output into to Graphviz -- Lua
  • Grafana - Modern dashboard for Graphite -- JavaScript
  • grafana-statusmap - Grafana status panel -- JavaScript
  • Mozaik - Create beautiful dashboards using Node/React/D3 -- JavaScript
  • MRTG (Multi Router Traffic Grapher) - Still being updated -- perl
  • Nagdash - Dashboard / NOC screen for Nagios -- PHP
  • NagVis - Visualization suite for Nagios -- PHP
  • Nagiosgraph - Another visualization tool for Nagios data -- perl
  • Network Weathermap - Network visualization tool, create a "weather map" just like big ISPs use, not dead yet -- PHP
  • OpenSearch Dashboards - Derived from Kibana 7.10.2, for use with OpenSearch, by Amazon -- JavaScript
  • pdash - web dashboard for linux using data mainly served by psutil -- Python pip
  • PNP4Nagios - Analyzes performance data provided by plugins and stores them automatically into RRD-databases -- PHP
  • Power BI Visuals Reference - Quick visual cheat sheet of all report types -- collection
  • promviz - Visualize the traffic of your clusters in realtime from Prometheus data -- Golang
  • redash - Web application that allows to easily query an existing database, share the dataset and visualize it in different ways -- various lang
  • Seyren - Alerting dashboard for Graphite -- Java
  • Smashing - Successor to Dashing -- Ruby
  • Staytus - Complete solution for publishing the latest info about issues with your web applications, networks or services -- Ruby
  • Tessera - Graphite dashboard in Python -- Python pip
  • Thruk - Web interface for Nagios, Icinga, Shinken and Naemon, can create SLA reports, has a mobile client -- JavaScript
  • vnstati - Creates PNG images using vnStat data -- built-in

Diagram and Design Tools

  • Archimate - Open source cross platform tool for enterprise architects -- Java
  • AsBuiltReport - Report & dump configs from VMware, VxRail, Rubrik, Nutanix, NSX, Cisco UCS, Pure Storage, and many more -- PowerShell
  • AWS Architecture Icons - List by Amazon, includes a list of diagramming and design SaaS products -- collection
  • Azure Architecture Icons - Official SVG icons -- collection
  • Azure Logic Apps Workflow Designer - Official GUI for creating apps, single tenant only -- in-browser
  • Azure Resource Manager (ARM) Viewer for Visual Studio Code - Graphical preview of ARM templates -- various lang
  • Azure Resource Visualizer - View automated architecture diagrams of your resources groups in the Azure Portal -- in-browser
  • Azure Stencils for Visio - Extensive and updated -- collection
  • AzViz - Automatically generate Azure resource topology diagrams by just typing a PowerShell cmdlet and passing the name of one or more Azure Resource Group(s) -- PowerShell
  • blockdiag - Generate simple block/sequence/activity/network diagrams from text files -- Python pip
  • CDK-dia - Automated diagrams for AWS CDK infrastructure -- various lang
  • CloudCraft - Create professional AWS architecture diagrams -- in-browser
  • CloudFormation Designer - GUI for creating CloudFormation templates, very slick -- in-browser
  • CloudMapper - Generates network diagrams of Amazon Web Services (AWS) environments and displays them via your browser, by Duo Security -- Python
  • Cloudockit - Automatically generates diagrams and technical documentation, visualize and document your cloud and on-premises environments, in just a few clicks, SaaS -- not free but very good
  • CloudSkew - Simple and easy diagrams for almost every cloud provider and major SaaS service, SaaS -- in-browser
  • Diagrams - Diagrams lets you draw the cloud system architecture in Python code, it was born for prototyping a new system architecture without any design tools, diagram as code -- Python
  • draw.io - Free online flow chart maker / Visio alternative, can be self-hosted -- in-browser
  • draw.io Integration for Visual Studio Code - Edit and collaborate right in VSCode -- plug-in
  • drawio-desktop - draw.io in Electron -- JavaScript
  • Microsoft 365 Architecture Templates and Icons - By Microsoft -- collection
  • Google Cloud Architecture Icons Includes sample diagrams, official -- collection
  • Mermaid - A markdownish syntax for generating flowcharts, sequence diagrams, class diagrams, and more - the new PlantUML -- article
  • Mermaid Live Editor - Create Mermaid diagrams in your browser, check the GH repo for a Docker container you can self-host -- in-browser
  • Mermaid Preview - Mermaid diagram previewer for Visual Studio Code -- plugin
  • Origami - Interactive UI design prototyping without programming, by Facebook -- various lang
  • Pencil - Open source GUI prototyping and mockup tool, supports all platforms -- Windows OS X
  • PlantUML - Easily create beautiful UML Diagrams from simple textual description -- Java
  • Serverless by Design - In-browser or self-hosted GUI for making flow charts for serverless apps -- various lang
  • Service Map - Automatically discovers application components on Windows and Linux systems and maps the communication between service, uses Log Analytics and the Dependency agent -- in-browser
  • WWW SQL Designer - Designing RDBMS schemas features saving, exporting to XML, and SQL script creation, free SaaS version here -- JavaScript
  • yEd Graph Editor - Flowcharts and UML diagrams -- closed source

Distributed Systems Tools

  • Akkio - Data placement service that determines how and when to move information in order to optimize retrieval speed for people across the globe, using the minimum required number of copies -- various lang
  • Batch - Tools for event-driven architectures including observability, DR, data science, CI testing, load testing, data lake hydration, and more, payware -- SaaS
  • Avro - Data serialization system with backwards compatible schemas -- Java
  • Celery - Async task/job queue based on distributed message passing -- Python
  • Chaperone - End-to-end Kafka auditing (data loss, latency, message duplication, etc), by Uber -- Java
  • confd - Manage local application configuration files using templates and data from etcd or consul -- Golang
  • Crossplane - Multicloud control plane, manage 3rd party services as if they were K8s resources -- Golang
  • Cruise Control - Fully automate the dynamic workload rebalance and self-healing of a Kafka cluster, by Linkedin -- Java
  • Cruise Control UI - Also by Linkedin -- JavaScript
  • consul - Service discovery and configuration via DNS or HTTP, great for auto-scaling -- Golang
  • consul Tools - Official, includes consul-template and others -- various lang
  • Dapr - Serverless and event-driven runtime that makes it easy for developers to build resilient, stateless and stateful microservices that run on the cloud and edge in any language, think of it as as microservices framework -- various lang
  • DoctorKafka - Kafka cluster auto healing and workload auto-balancing -- Java
  • Dragonfly - A modern replacement for Redis and Memcached -- C++
  • etcd - Distributed, consistent key-value store for shared configuration and service discovery -- Golang
  • fabio - Zero-conf load balancing HTTP(S) router for deploying microservices managed by Consul, by eBay -- Golang
  • Flink - Next-generation true stream processing platform for real-time analytics -- Java
  • glb-director - Stateless Layer 4 load balancer servers capable of line rate packet processing in bare metal datacenter environments -- Golang
  • GraphQL - Alternative to REST, allows clients to define the structure of the data, subscribing to data flows, and more -- various lang
  • groupcache - A replacement for memcached by the same guy -- Golang
  • Hystrix - Circuit breaker library to stop cascading failures, by Netflix -- Java
  • Ignite - General-purpose in-memory platform for in-memory computing use cases -- Java
  • jespen - A framework for distributed systems verification, with fault injection -- Clojure
  • JVM Profiler - Distributed profiler to collect JVM performance and resource usage metrics and serve them for further analysis, by Uber -- Java
  • kafdrop - Web UI for viewing Kafka topics and browsing consumer groups -- Java
  • Kafka - Stream processing platform (logs, IoT metrics, anything) -- Java
  • kafkacat - Generic CLI producer and consumer -- C
  • katran - C++ library and eBPF program to build high-performance layer 4 load balancing forwarding plane, uses XDP from the kernel to provide an in-kernel facility for fast packet's processing -- C++
  • keto - OSS implementation of Zanzibar: Google's Consistent, Global Authorization System -- Golang
  • Kong - Microservice abstraction layer (aka API Gateway or Service Mesh), great for creating API endpoints -- Lua
  • LogDevice - A distributed data store for logs, by Facebook -- C++
  • Mantl - Complete microservices infrastructure built using OSS tools by Cisco -- various lang yowza
  • MaxScale - General purpose DB query proxy, router, and load balancer, by MariaDB -- C
  • mcrouter - memcached protocol router for scaling memcached, by Facebook -- C++
  • Mitogen - Python library for writing distributed self-replicating programs like magic -- Python
  • mrjob - Lets you write MapReduce and Spark jobs in Python 2.7/3.4+ and run them on several platforms (AWS, GCP) -- Python pip
  • NATS - Pub / sub -- Golang
  • ngx_http_auth_request_module - Client authorization based on the result of a subrequest, great for microservices -- C
  • nsq - Realtime distributed messaging platform / message queue -- Golang
  • OpenStack - Private cloud -- Python
  • Pinpoint - Application Performance Monitoring (APM) for distributed systems, based on Dapper -- Java
  • Plumber - Read and write messages to Kafka, RabbitMQ, Google Cloud PubSub, and many more -- Golang
  • redis-cell - Redis module that provides rate limiting in Redis as a single command using GCRA -- C
  • Redisson - Distributed and scalable Java data structures on top of Redis -- Java
  • Redpanda - Kafka compatible event streaming platform no Zookeeper, no JVM, and no code changes required -- C++
  • Riemann - Aggregates events from your servers and applications with a powerful stream processing language, for distributed systems, similar to Borgmon -- Clojure
  • Serf - Decentralized solution for service discovery and orchestration -- Golang
  • Spark - Near real-time analytics processing platform, succeeded by Flink (real streaming vs Spark's microbatches) -- various lang
  • Spring Cloud Config - Allows Java Spring to read config info from service discovery or similar source -- Java
  • twemproxy - Proxy for memcached and redis to reduce connections and allow for sharding -- C
  • uReplicator - Improved Kafka MirrorMaker by Uber -- Java
  • Zookeeper - Distributed configuration service, synchronization service, and naming registry -- Java

Editors

  • 010 Editor - Professional hex editor that supports binary templates for easy reading, scripting, and more -- closed source
  • activate-power-mode - Activate POWER MODE and write code in style, an Atom plugin -- CoffeeScript
  • Brackets - Modern editor that understands and focuses on web design, by Adobe -- JavaScript
  • LargeFile - vim plugin that automatically disables certain things so you can edit large (multi-gig) files faster -- vim
  • Light Table - Next-generation editor that gives you instant feedback -- Clojure
  • MacDown - Markdown editor and live preview for Mac -- Objective-C OS X
  • MacVim - Has far more features than the vim that's included with the OS -- C
  • Nuclide - Collection of packages for Atom to provide IDE-like functionality for a variety of programming languages and technologies, by Facebook -- JavaScript
  • Notepad++ - Killer GPL'ed text editor for Windows -- C++
  • PDF-XChange Editor - Much cheaper and almost feature-parity with Adobe DC Pro, payware -- Windows
  • percol - Interactive grep (search) tool -- Python
  • Powerline - Provides various statues on the bottom of your session, flexible -- Python
  • Textmate - GUI text editor for OS X -- C++
  • UltiSnips - The ultimate snippet solution for vim -- Python
  • vim-json - A better JSON plugin for vim -- vim
  • vim-snippets - snipMate & UltiSnip snippets -- vim
  • Vimium - Chrome extension that provides vi/vim style shortcuts for navigation and control -- CoffeeScript Chrome
  • Visual Studio Code - Open Source - Open source version of Microsoft's product -- JavaScript
  • Vundle - Popular plug-in manager for vim -- vim
  • wasavi - vim/vi controls in browser text areas -- JavaScript Firefox Chrome
  • wxHexEditor - Free hex editor, disk editor, and big file editor for Linux, Windows and Mac OS X -- C
  • YouCompleteMe - Fuzzy-search code completion engine for vim -- Python

Enterprise Architecture


Git Tools

  • BFG Repo-Cleaner - Scrub large blobs and sensitive data from git history -- Scala
  • blackbox - Safely store secrets in Git, by Stack Exchange -- shell
  • Completion - Shell tab completion for git branch names -- shell
  • Gerrit - Web based code review and repo management for Git -- Java
  • git-fat - Like git-media but without the Ruby dependencies -- Python
  • GitKraken - Probably the best multi-platform git GUI -- closed source Windows OS X Linux
  • GitHub Branch Source Plugin - Jenkins plugin that you should use instead of the GPRBP -- C
  • GitHub Pull Request Builder Plugin (gprbp) - Jenkins plugin that allows certain comment strings to kick off builds or take other actions -- Java
  • GitLab - Kinda like an open source GitHub, has both a community and paid version -- Ruby
  • GitLab CI - CI that integrates with GitLab -- Ruby
  • gitsome - Supercharged CLI with GitHub integration -- Python
  • GitUp - Maybe the best git GUI -- Objective-C
  • gitwatch - Automatically commit changes when specified files or directories are modified -- shell
  • Git Interfaces, Frontends, and Tools - Massive list on the official kernel.org wiki -- various lang
  • Gogs - Painless, self-hosted Git service written in -- Golang
  • hub - Official CLI for GitHub -- Golang
  • myrepos - Flexible tool for managing many repos -- perl
  • pre-commit Framework - A framework for managing and maintaining multi-language pre-commit hooks -- Python
  • ripgrep - Fastest search tool that recursively searches the current directory for a regex pattern and respects your gitignore -- Rust
  • Signing - Sign commits and/or tags using GPG keys to verify the identity of the commiter -- built-in

Google Cloud Tools and Learning Resources

  • A giant list of Google Cloud resources - From Google -- collection
  • Application Layer Transport Security - Use mutual TLS to secure RPC calls between entities, designed with containers and microservices in mind -- article
  • Architecture Center - Reference architectures, diagrams, design patterns, guidance, and best practices for building or migrating your workloads on Google Cloud -- collection
  • Awesome Cloud Security - A list -- collection
  • Best Practices for Enterprise Organizations - From Google themselves -- collection
  • BitTan - The best software for migrating O365 / M365 and Gsuite / Google Workspace mailboxes and documents effortlessly, payware -- SaaS
  • BitTitan MigrationWiz - An alternative to BitTan for migrating O365 / M365 and Gsuite / Google Worksapce mailboxes and documents, payware -- SaaS
  • CIS Benchmarks for Google Cloud - By CIS -- article
  • CloudFrontier - Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud -- Python
  • CloudGraph - GraphQL API and Cloud Security Posture Management (CSPM) tool for AWS, Azure, GCP, and K8s (inventory & compliance) -- various lang
  • Cloudimized - Google Cloud Platform (GCP) configuration scanning tool, dumps to YAML to allow alerting of changes in resources -- Python
  • Cloudockit - Automatically generates diagrams and technical documentation, visualize and document your cloud and on-premises environments, in just a few clicks -- not free but very good
  • Cloud Comparison - AWS and Azure services to Google Cloud - Cheatsheet for all three clouds -- collection
  • Cloud Custodian - Rules engine for managing public cloud accounts and resources via policies, by Capital One -- various lang
  • Cloud Security Suite (cs-suite) - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure -- Python pip
  • Constellation - Wraps your K8s cluster into a single confidential context that is shielded from the underlying cloud infrastructure, everything inside is always encrypted, including at runtime in memory -- Golang
  • Fabric FAST - The newest way to setup production-ready environments (landing zones) in GCP, successor to the Cloud Foundations Toolkit Terraform modules -- article
  • GCPinstances - Easy Google Compute instance comparison -- in-browser
  • gcpviz - Visualization tool that takes input from Cloud Asset Inventory -- Golang
  • GKE Autopilot - Think an opinionated version of GKE, somewhat similar to AWS Fargate -- neat
  • GKE Demo - Demonstration of complete, fully-featured CI/CD and cloud automation for microservices, done with GCP/GKE -- various lang
  • GKE Security Scenarios Demo - Demonstrates a series of best practices for improving the security of containerized applications deployed to Kubernetes Engine -- various lang
  • GAMADV-XTD3 - Unofficial CLI for Google Workspace (formerly G Suite / GSuite) administrators to manage domain and user settings quickly and easily, perfect for automation -- Python
  • Google Cloud Buildpacks - Simple predefined workflows to build containers for and run them on Cloud Run, GKE, Anthos, and Compute Engine running Container-Optimized OS. They are also used as the build system for App Engine and Cloud Functions -- Golang
  • Google Cloud Microservices Demo - Sample cloud-native application with 10 microservices showcasing Kubernetes / GKE, Istio, gRPC and OpenCensus -- various lang
  • Google Cloud Migration Made Easy - Blog entry by Google -- article
  • Google Cloud Official Terraform Modules - Included as part of the Cloud Foundation Toolkit -- various lang
  • Google Cloud Setup Checklist - Onboarding doc, by Google -- collection
  • Google Cloud Samples - Code snippits that are searchable by language and product, hot -- collection
  • imapsync - Supports almost every provider and platform, great for migrations -- various lang
  • Landing Zones - Pre-configured enterprise-ready environments -- article
  • Little Bigtable - Emulator for Google Bigtable w/ persistence in sqlite3 -- Golang
  • Microsoft Entra Permissions Management - Allows organizations to discover, remediate, and monitor permissions for all identities (both human and workloads) and resources across multicloud environments, formerly CloudKnown -- article
  • Migration to GCP - Getting Started - By Google -- article
  • MITRE ATT&CK in GCP - A Defender's Cheat Sheet - A mind map for alert triage, investigations, and incident response -- article
  • Plumber - Read and write messages to Kafka, Google Cloud PubSub, and many more -- Golang
  • Preparing a Google Kubernetes Engine (GKE) Environment for Production - The best GKE summary, covers everything -- collection
  • Security Best Practices Center - Specific, informed guidance on helping secure Google Cloud deployments and describe recommended configurations, architectures, suggested settings, and other operational advice -- collection
  • Security Foundations Guide - An opinionated guide, by Google -- article
  • StarWind V2V Converter / P2V Migrator - Excellent tool for P2C and C2C VM migrations -- closed source
  • Steampipe - Discover, inventory, and query cloud resources using a SQL syntax -- Golang
  • Steampipe Mod - GCP Compliance Mod - Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, Forseti Security and CFT Scorecard for all your GCP projects -- Golang
  • Terraformer - Generate Terraform files from existing infrastructure (reverse Terraform), supports GCP, Azure, and AWS, by Google -- Golang
  • Veeam Backup and Replication Community Edition - Great for lift/shift to Google Cloud from any platform -- closed source

Graphics Stuff

  • Affinity Photo - Excellent buy-it-once alternative to Photoshop, payware -- closed source
  • Avidemux - Simple, all-in-one, GUI video editor and converter -- C++ Windows OS X
  • Blender - 3D graphics software for animated films, visual effects, art, 3D printed models, and more -- C Python Windows OS X
  • Boltstream - Live video streaming website and backend, replacement for Youtube Live, Facebook Live, Twitch.tv, etc -- various lang
  • Darktable - Photography workflow application and RAW developer, Adobe Lightroom replacement -- C OS X
  • Flameshot - OSS screenshot software, very configurable -- Linux Windows
  • GlyphSearch - Search for icons from Font Awesome, Glyphicons, IcoMoon, Ionicons, and Octicons -- collection
  • GIMP (GNU Image Manipulation Program) - Open source Adobe Photoshop replacement -- C
  • Graphviz - Graph visualization and flow chart software -- wacky license
  • Greenshot - The best Windows screenshot tool -- C# Windows
  • Inkscape - Open source vector image editor, Adobe Illustrator replacement -- C C++ Windows Mac
  • LICEcap - Capture an area of your desktop and save it to a GIF -- C Windows OS X
  • mac2imgur - Auto-upload screenshots to Imgur -- Swift OS X
  • maim - The most powerful and flexible Linux desktop screenshot tool -- various lang
  • Media Player Classic - Home Cinema (MPC-HC) - Open source media player for Windows -- C++ Windows
  • MP4tools - Simple join and split -- Mac Windows Linux
  • OpenShot - Video editing software, 2.0 will support other additional platforms -- Python Windows OS X
  • Open Broadcast Studio (OBS) - Greenscreens and recording and all kinds of fun stuff -- various lang
  • Paint.NET - A gooder version of MS Paint -- Windows closed source
  • PhotoPea - Free, in-browser image editing and more -- in-browser
  • Pixelfed - Federated photo sharing -- PHP
  • ScreenToGif - Record a selected area of your screen, edit and save it as a GIF or video -- C++
  • ShareX - One of the best screenshot/screencast capture and sharing tools for -- Windows OS X
  • Skitch - Feature-rich screenshot editing, sharing, and annotation tool Mac/OS X -- closed source
  • Snagit - The best paid screencapture and annotation -- closed source
  • VLC Media Player - Media (music, video, etc) player and streaming server -- C Windows OS X

High Availability Clustering Tools

  • Corosync - HA framework and cluster engine -- C
  • csync2 - General purpose cluster file sync tool -- C
  • DRBD (Distributed Replicated Block Device) - Mirror block devices to a remote system aka replication -- C
  • Ganeti - Wrappers around existing tools to make it easy to create HA clusters, by Google -- Python
  • HAproxy - Open source software load balancer -- C
  • haproxyctl - Wrapper to talk to the HAProxy socket, as well as regular init (start stop restart) shit -- Ruby
  • keepalived - Load balancing and high availability -- C
  • huptime - Zero downtime restarts of unmodified programs -- C
  • Linux-HA - Building blocks for high availability systems -- wiki-and-collection
  • LVS (Linux Virtual Server) - Linux-based load balancer, also includes the IPVS kernel module -- C
  • Multibinder - Simple Ruby daemon that makes true zero downtime reloads simple, by Github -- Ruby
  • Pacemaker - HA resource manager -- C
  • rcron - cron redundancy and failover, ensures a job will only run on the "active" machine -- lost-to-the-internet C
  • rmanager - Resource group manager daemon for cluster services -- built-in
  • Seesaw - Load balancer based on Linux Virtual Server (LVS), by Google -- Golang
  • Traefik - Modern HTTP reverse proxy and load balancer, supports many backends -- Golang
  • UCARP - VIP management using the CARP protocol -- C

HPC Tools


Infrastructure as Code Tools

  • Ansible - CM and orchestration, also can do provisioning -- Python
  • ansible-hardening - For STIG compliance -- Python
  • ansible-runner - Provides a stable and consistent interface abstraction to Ansible so you can embed Ansible into other systems such as CI/CD, Jenkins, or other automated tooling -- Python pip
  • Ansible-Terraform Workspace - Dockerized development environment with Ansible, Terraform, and lots of other stuff installed, so that you don't need to do it yourself SO HOT 10 OUT OF 10 -- various lang
  • ansible-trace - Visualise where time is spent in your Ansible playbooks (what tasks and what hosts) -- Python
  • Ansible Galaxy - Community site for finding, reusing, and sharing Ansible content -- various lang
  • ara (ARA Records Ansible) - Provides reporting by saving detailed and granular results of ansible and ansible-playbook commands -- Python pip
  • AsBuiltReport - Report & dump configs from VMware, VxRail, Rubrik, Nutanix, NSX, Cisco UCS, Pure Storage, and many more -- PowerShell
  • Atlantis - A unified workflow for collaborating on Terraform through GitHub and GitLab, by Hootsuite -- Golang
  • Automatic Server Hardening - Linux hardening cookbooks/manifests/playbooks for Puppet, Chef, and Ansible -- various lang
  • AWS Official Terraform Modules - A mix of official and community supported, the official'ist repo -- collection
  • awx - Upstream to Ansible Tower - REST API, task engine, etc -- Python
  • Azure Official Terraform Modules - By Microsoft -- collection
  • Azure Resource Manager (ARM) Tools for Visual Studio Code - Language support, resource snippets, and resource auto-completion -- various lang
  • Azure Resource Manager (ARM) Viewer for Visual Studio Code - Graphical preview of ARM templates -- various lang
  • Azure Terrafy - Bring existing Azure resources under Terraform control (eg: export current Azure config as HCL), official tool from Microsoft -- various lang
  • Bicep - Declarative DSL to deploy Azure resources, transpiled into ARM -- article
  • Blueprint - Reverse engineer a server configuration -- Python pip
  • Boxen - Mac / OS X configuration management -- Ruby gem OS X
  • Cloud Custodian - Rules engine for managing public cloud accounts and resources via policies, by Capital One -- various lang
  • deterministic-zip - Simple (almost drop-in) replacement for zip that produces deterministic files so that only files that change show up as changed (and not re-do everything every time), useful for Lambda -- Golang
  • Former2 - Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources via self-hosted web GUI -- JavaScript
  • Gaia - Terraform UI for your Terraform modules, and self-service infrastructure -- JavaScript
  • GKE Demo - Demonstration of complete, fully-featured CI/CD and cloud automation for microservices, done with GCP/GKE -- various lang
  • Google Cloud Official Terraform Modules - Included as part of the Cloud Foundation Toolkit -- various lang
  • Goss - Quick and easy server configuration validation like serverspec -- Golang
  • Infracost - Shows cloud cost estimates for infrastructure-as-code projects such as Terraform -- Golang
  • Infracost-VSCode - VSCode plugin -- various lang
  • InSpec - Chef-centric IaC testing framework for compliance, security, and testing with a rspec-like syntax -- Ruby
  • Jenkins Ansible Tower Plugin - Run Ansible Tower jobs as a build step -- Java
  • KICS (Keeping Infrastructure as Code Secure) - Supports many many platforms, by Checkmarx -- Golang
  • kitchen-terraform - Test Kitchen plugins for testing Terraform configurations with InSpec -- Ruby gem
  • KOPS - Simple IaC system for for creating, managing, upgrading, and maintaining Kubernetes EC2-based clusters on AWS -- Golang
  • Microsoft365DSC (Desired State Configuration) - DSC & IaC for M365 / O365 tenants, official tool from Microsoft -- PowerShell
  • Microsoft Endpoint Manager - SCCM and InTune in one, official configuration management and more for Windows management, payware -- closed source
  • Molecule - Used for testing Ansible roles locally, supports Docker and/or Vagrant -- Python
  • Multi - Essentially a cloud-agnostic Terraform that uses HCL -- various lang
  • Office Deployment Tool - Used along with Office Customization Tool to download and deploy Microsoft 365 Apps to your client computers, gives you full control of they are deployed and maintained, official tool -- closed source
  • OpenGitOps - Set of open-source standards, best practices, and community-focused education to help organizations adopt a structured, standardized approach to implementing GitOps -- collection
  • Oxidized - RANCID replacement, supports many platforms (Cisco, Brocade, Juniper, Citrix, etc) -- Ruby gem
  • python-terraform - Python wrapper for Terraform -- Python pip
  • RANCID - (Really Awesome New Cisco confIg Differ) - Pulls and saves network device configs and saves them into a CVS, now supports git -- C
  • Reclass - External node classifier for most CM systems, allows for a tagging system that's a layer above the CM tool -- Python
  • Salt / Saltstack - Orchestration, server provisioning, and configuration management -- Python
  • Steampipe - Discover, inventory, and query cloud resources using a SQL syntax -- Golang
  • Steampipe Mod - AWS Compliance - Run individual configuration, compliance and security controls or full compliance benchmarks for AWS Foundational Security Best Practices, CIS, GDPR, HIPAA, NIST 800-53, NIST CSF, PCI DSS, RBI Cyber Security Framework across all your AWS accounts -- Golang
  • Steampipe Mod - AWS Compliance - Run individual configuration, compliance and security controls or full compliance benchmarks for AWS Foundational Security Best Practices, CIS, GDPR, HIPAA, NIST 800-53, NIST CSF, PCI DSS, RBI Cyber Security Framework across all your AWS accounts -- Golang
  • Steampipe Mod - Azure Compliance - Run individual configuration, compliance and security controls or full CIS, HIPAA HITRUST and NIST compliance benchmarks across all your Azure subscriptions -- Golang
  • Steampipe Mod - Kubernetes Compliance - Run individual controls or full compliance benchmarks for NSA and CISA Kubernetes Hardening Guidance across all of your Kubernetes clusters -- Golang
  • Steampipe Mod - GCP Compliance Mod - Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, Forseti Security and CFT Scorecard for all your GCP projects -- Golang
  • SweetOps - Similar to Gruntwork’s Terragrunt + subscription plan, the Terraspace framework, and BinBash’s Leverage, by CloudPosse -- opinionated
  • TerraCognita - Imports your current cloud infrastructure to Terraform configuration (HCL) or/and to a Terraform State -- various lang
  • Terraform - 1.0 released! - Infrastructure provisioning using existing tools, supports many providers (AWS, Azure, DO, OpenStack, etc) -- Golang Hashicorp
  • Terraform CDK - Use TypeScript or Python to generate Terraform config files -- Golang
  • Terraform Docs - Utility to generate documentation from Terraform modules in various output formats -- Golang
  • Terraform Landscape - Makes terraform plan easier to read -- Ruby
  • Terraform Modules by Cloud Posse - Well written, well maintained, recommended -- collection
  • Terraform pre-commit git Hooks - Format, validate, lint, and all kinds of good stuff -- various lang
  • Terraform Security Tool Comparison - Which Terraform code scanners provide the most comprehensive coverage - click to find out -- collection
  • terraform-exec - Go module for constructing and running Terraform CLI commands -- Golang
  • Terraformer - Generate Terraform files from existing infrastructure (reverse Terraform), supports GCP, Azure, and AWS, by Google -- Golang
  • Terragoat - Learning and training project that demonstrates how common configuration errors can find their way into production Terraform cloud environments -- various lang
  • Terragrunt - Tools for keeping your Terraform configurations DRY, working with multiple Terraform modules, and managing remote state -- Golang
  • Terragrunt Atlantis Config - Generate Atlantis Config for Terragrunt projects -- Golang
  • Terragrunt Reference Architecture (AWS) - Nice, looking forward to their GCP one -- various lang
  • Terratest - Makes it easier to write automated tests for your infrastructure code, provides a variety of helper functions and patterns for common infrastructure testing tasks -- Golang
  • tflint - Terraform linter for detecting errors that can not be detected by terraform plan -- Golang
  • tfwriter - Auto-generate Terraform code in a non-opinionated way, also great for seeing which parameters a resource provides -- in-browser
  • Virtual Machine Desired State Configuration - A fling for VMware VMs -- various lang

Kubernetes

  • Nomad - Consdier Nomad as a lightweight alternative to Kubernetes, by Hashicorp -- Golang
  • Ambassador - Kubernetes-native API gateway built on Envoy proxy includes gRPC, auth, TLS, and more -- Python
  • Argo - Container-native workflow engine implemented as a Kubernetes CRD (Custom Resource Definition) -- Golang
  • Azure Service Operator - Helps you provision Azure resources and connect your applications to them from within Kubernetes and kubectl -- Golang
  • AWS Node Termination Handler - Ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as EC2 maintenance events, EC2 Spot interruptions, ASG Scale-In, ASG AZ Rebalance, and EC2 Instance Termination via the API or Console -- various lang
  • AWS Controllers for Kubernetes (ACK) - Lets you define and use AWS service resources directly from Kubernetes -- Golang
  • Banzai Cloud - Kubernetes based, open source, multi-cloud with all the good stuff baked in (Prometheus, CICD pipelines, and more) CHECK THIS -- various lang
  • CDK for Kubernetes (CDK8s) - Framework for defining Kubernetes applications and reusable abstractions using familiar programming languages -- various lang
  • ClusterCloner - Reads the Kubernetes clusters in one location (optionally filtering by labels) and clones them into another (or just outputs JSON as a dry run), to/from AWS, GCP, and Azure -- Golang
  • Constellation - Wraps your K8s cluster into a single confidential context that is shielded from the underlying cloud infrastructure, everything inside is always encrypted, including at runtime in memory -- Golang
  • Contour - Kubernetes ingress controller using Lyft's Envoy proxy -- Golang
  • Crossplane - Multicloud control plane, manage 3rd party services as if they were K8s resources -- Golang
  • DevSpace - Build, test and run code directly inside any Kubernetes cluster, no more waiting for rebuild + redeploy, run code instantly -- Golang
  • draft - Streamlined Kubernetes development with sandbox testing & deployment in seconds -- Golang
  • draino - Automatically drains Kubernetes nodes based on labels and node conditions, can be used for auto-remediation -- Golang
  • drone - CI platform built on Docker / containers, can also deploy to Kubernetes -- Golang
  • Envoy Proxy - Sidecar container for distributed applications or microservices, data plane service mesh / edge proxy -- C++
  • Escalator - Batch or job optimized horizontal autoscaler for Kubernetes -- Golang
  • external-auth-server - Allow various authentication schemes in a Kubernetes enviornment -- various lang
  • Flagger - Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments) -- Golang
  • Fluent Bit Kubernetes Daemonset - The best logger, super light weight -- Golang
  • Flux - Tool that automatically ensures that the state of a Kubernetes cluster matches the config in git via Kubernetes operators -- Golang
  • Flux v2 - Re-written and redesigned -- Golang
  • Flannel - Network fabric for containers via etcd, designed for Kubernetes -- Golang
  • Gangway - Enable authentication flows via OIDC (OpenID Connect Tokens) for a Kubernetes cluster -- Golang
  • Gatekeeper - Gatekeeper is a validating webhook that enforces CRD-based policies executed by Open Policy Agent -- Golang
  • GCP Config Connector - Kubernetes add-on that allows customers to manage GCP resources, such as Cloud Spanner or Cloud Storage, through your k8s cluster's API -- Golang
  • Gitkube - Build and deploy docker images to Kubernetes using git push -- various lang
  • Gloo - Gateway / abstraction layer between upstream services, based off of Envoy -- Golang
  • Goldilocks - Helps you identify a starting point for resource requests and limits -- Golang
  • gravity - Creates snapshots of a Kubernetes cluster that can be restored elsewhere (on-prem, DR situation, etc) -- Golang
  • Harvester - Open source hyperconverged infrastructure (HCI) software built on Kubernetes -- Golang
  • Helm - tool for managing Kubernetes charts (packages of pre-configured Kubernetes resources) -- Golang
  • Heptio Sonobuoy - Kubernetes end to end conformance testing and debugging tool -- Golang
  • Inspektor Gadget - Collection of tools (or gadgets) to debug and inspect Kubernetes resources and applications using eBPF -- C
  • Istio - Envoy + auth, policy enforcement, telemetry, traffic flow management etc control plane that runs on top of Mesos and Kubernetes, service mesh control plane -- various lang
  • Istio Operator - An operator that manages Istio deployments on Kubernetes, by Banzai Cloud -- Golang
  • Jenkins Kubernetes Plugin - Use a Kubernetes cluster to dynamically provision a Jenkins agent (using Kubernetes scheduling mechanisms to optimize the loads), run a single build, then tear-down that agent -- Java
  • Jenkins X - Another Kubernetes deployer -- various lang
  • k3s - Lighweight Kubernetes in a 40mb binary, built for the edge or laptop or Pi, by Rancher -- Golang
  • k8s-at-home - Helm charts for applications you run at home, a good foundation for standarized charts -- collection
  • k8s-pod-restart-info-collector - Controller that watches for Pods changes and collects K8s Pod restart reasons, logs, and events to Slack channel when a Pod restarts -- Golang
  • k8spacket - Traffic visualization for Kubernetes -- Golang
  • k8spurger - Delete unused resources in your cluster, default mode is dry run -- Python
  • k9s - Terminal based UI to interact with your Kubernetes clusters -- Golang
  • kaniko - Build container images from a Dockerfile, inside a container or Kubernetes cluster -- Golang
  • kaim - Integrate AWS IAM with Kubernetes, associate IAM roles with pods -- Golang
  • Keda - The best autoscaler for k8s -- Golang
  • Keel - Stateless, automated Kubernetes deployment updates -- Golang
  • Kiali - Service mesh management and GUI for Isito -- various lang
  • KICS (Keeping Infrastructure as Code Secure) - Supports many many platforms including k8s, by Checkmarx -- Golang
  • Kind - Run local Kubernetes clusters using Docker container “nodes", great for local development -- Golang
  • Knative - Run serverless containers on Kubernetes with ease Knative takes care of the details of networking, autoscaling (even to zero), and revision tracking, great for event-driven architectures -- Golang
  • kube-applier - service that enables continuous deployment of Kubernetes objects by applying declarative configuration files from a Git repository to a Kubernetes cluster -- Golang
  • kube-bench - Compliance checker for Kubernetes CIS benchmarks -- Golang
  • kube-hunter - Hunt for security weaknesses in Kubernetes clusters -- Python
  • kube-ns-suspender - Controller that scale up and down namespaces on demand with an embedded friendly UI and a Prometheus exporter -- Golang
  • kube-prometheus - Use Prometheus to monitor Kubernetes and applications running on Kubernetes -- Golang
  • kube-secrets-init - Kubernetes mutating webhook for secrets-init injection -- Golang
  • kube-state-metrics - It is not focused on the health of the individual Kubernetes components, but rather on the health of the various objects inside, such as deployments, nodes and pods -- Golang
  • kube2iam - Provide IAM credentials to containers running inside a kubernetes cluster based on annotations -- Golang
  • kube2pulumi - k8s yaml in, language of your choice out -- Python
  • Kubecost - Creates cost future and past models so you can see and predict your spend -- Golang
  • kubectl-debug - Debug your pod via a new container with every troubleshooting tools pre-installed -- Golang
  • kubectx - Easily switch between kubectl contexts and namespaces, also includes the kubens tool -- Ruby
  • kubed - Perform periodic cluster snapshots, provide temp storage for deleted objects, automatic event forwarding, deliver notifications via various channels for Kubernetes -- Golang
  • KubeEdge - CNCF project to run Kubernetes at edge -- Golang
  • KubeLinter - Supports k8s and Helm -- Golang
  • kubelogin - Client-go credential (exec) plugin implementing Azure authentication for kubectl, great for working with AKS -- Golang
  • kubeplus - Worth checking out for the "connections" option -- Golang
  • kubepug - Kubernetes PreUpGrade checker -- Golang
  • Kubernetes - Open source orchestration system for Docker containers, by Google -- Golang
  • kubernetes-cloudflare-sync - Run in your Kubernetes Cluster on GKE and sync DNS records on Cloudflare with your nodes IPs to avoid GCP LB fees -- Golang
  • kubernetes-deploy - tool that helps you ship changes to a Kubernetes namespace and understand the result, by Shopify -- Ruby
  • kubernetes-event-exporter - Exports missed events, there are tons you don't know about -- Golang
  • kubernetes-external-secrets - CRD to pull secrets from AWS Secrets Manager, AWS System Manager, Hashicorp Vault, Azure Key Vault, and Google Secret Manager -- Golang
  • Kubernetes Hardening Guide - By the NSA, updated -- tutorial
  • Kubernetes IN Docker (KinD) - Tool for running local Kubernetes clusters using Docker container "nodes" -- Golang
  • Kubernetes Job/CronJob Notifier - Puts a message into Slack -- Golang
  • Kubernetes Network Policy Recipes - Example recipes for Kubernetes Network Policies that you can just copy paste -- collection
  • Kubernetes Threat Matrix - By Microsoft, uses MITRE ATT&CK as a foundation -- article
  • kubescape - Test if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by the NSA and CISA -- Golang
  • kubesess - kubectl plugin for easily managing sessions -- Rust
  • kubeswitch - Single pane of glass for all of your kubeconfig files, caters to operators of large scale Kubernetes installations -- Golang
  • kubewatch - Kubernetes event watcher and handler (currently only publishes to Slack channels, integrations wanted!) -- Golang
  • Kube Forwarder - GUI Kubernetes port forwarding manager -- JavaScript
  • Kube No Trouble (kubent) - Easily check your clusters for use of deprecated APIs -- Golang
  • kustomize - The preferred templating tool, now built-in to kubectl, official -- Golang
  • Kyverno - It can validate, mutate, and generate configurations using admission controls and background scans. Kyverno policies are Kubernetes resources and do not require learning a new language -- Golang
  • Lens - An IDE for Kubernetes -- various lang
  • libvirt-k8s-provisioner - Ansible + Terraform, easy clusters -- various lang
  • linkerd2 - The project formerly known as Conduit has been merged into this, a simpler altnernative to Istio if you only need a service mesh -- Golang
  • Lokomotive - Kubernetes distribution with baked in multi-cloud and Terraform support, by Kinvolk -- various lang
  • MetalKube - Bare metal provisioning for Kubernetes, by Red Hat -- Golang
  • MetalLB - Load balancer for bare metal Kubernetes clusters, by Google -- Golang
  • Microk8s - Alternative to minikube, by Canonical -- shell
  • minikube - Kubernetes environments on your laptop -- Golang
  • missing-container-metrics - Exports container exit code, OOM kill status and number of restarts to Prometheus -- Golang
  • mizu - API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes -- Golang
  • MKIT (Managed Kubernetes Inspection Tool) - A quick way to assess several common misconfigurations in their Kubernetes environment (AKS, EKS, GKE) -- Dockerfile
  • Monokle - Your K8s best friend for creating, validating, debugging and managing manifests -- Golang
  • Octant - Web based representation of a Kubernetes cluster, by VMware -- various lang
  • OpenELB - Expose your LoadBalancer Services in bare-metal, edge, and virtualization environments -- Golang
  • OpenLens - A daily build of the k8s IDE Lens but one that doesn't require login and only contains the OSS parts, for self hosting -- Golang
  • Open Cluster Management - The upstream for Red Hat Advanced Cluster Management, OpenShift-centric, helps stop config drift -- various lang
  • Peirates - Kubernetes penetration tool -- Golang
  • Pixie - Instant visibility by giving access to metrics, events, traces and logs without changing code, continuous profiler can help you identify hard-to-replicate production issues caused by inefficient application code (DaemonSets + eBPF) -- Golang
  • Pluto - A cli tool to help discover deprecated apiVersions in Kubernetes -- Golang
  • Prometheus Operator - Creates/configures/manages Prometheus clusters atop Kubernetes -- Golang
  • pv-migrate - Tool for migrating PVCs -- Golang
  • Reloader - Reloader can watch changes in ConfigMap and Secret and do rolling upgrades on Pods -- Golang
  • Rook - Self managing, self healing storage orchestrator for Kubernetes via an operator plugin, see also EdgeFS -- Golang
  • run-job - The easiest way to run a simple one-shot job on Kubernetes -- Golang
  • Securing Kubernetes with Open Policy Agent - In 2022 -- article
  • shell-operator - Integration layer between Kubernetes cluster events and shell scripts by treating scripts as hooks triggered by events -- Golang
  • skaffold - Easy and repeatable Kubernetes development, test locally then push to a cluster, by Google -- Golang
  • Sloop - Monitors Kubernetes, recording histories of events and resource state changes and providing visualizations to aid in debugging past events, by Salesforce -- Golang
  • Stackrox - Performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment -- various lang
  • Starboard - k8s native security toolkit that integrates heterogeneous security tools by incorporating their outputs into Kubernetes CRDs (Custom Resource Definitions) and from there, making security reports accessible through the Kubernetes API -- Golang
  • Steampipe Mod - Kubernetes Compliance - Run individual controls or full compliance benchmarks for NSA and CISA Kubernetes Hardening Guidance across all of your Kubernetes clusters -- Golang
  • Stern - Allows you to tail multiple pods on Kubernetes and multiple containers within the pod. Each result is color coded for quicker debugging -- Golang
  • Squash - Debug applications from your terminal or IDE while they run in Kubernetes or OpenShift (locally or remotely) -- Golang
  • SuperGloo - Service mesh management and orchtestration -- Golang
  • Telepresense - Local development against a remote Kubernetes or OpenShift cluster -- Python
  • Teleport - Auditing bastion host & middleman, now supports the Kubernetes apifserver protocol -- Golang
  • Typhoon - Minimal and free Kubernetes distro, great for testing and learning on small systems -- various lang
  • Wormhole - CNI plugin for Kubernetes that uses WireGuard for creating a full mesh encrypted network between each host in the Kubernetes cluster. The Kubernetes API is used to coordinate key exchange and configuration -- Golang
  • Vault Secrets Operator - Kubernetes operator for Hashicorp Vault -- Golang
  • vcluster - Virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces -- Golang
  • Velero - Manage disaster recovery for your Kubernetes persistent volumes and cluster resources, formerly Heptio Ark -- Golang
  • version-checker - Check image versions running in the cluster vs the newest and then alert via Prometheus when newer ones are available for evaluation -- Golang
  • virtual-kublet - kublet implementation that masquerades as a kubelet for the purposes of connecting Kubernetes to other APIs (Fargate, ACI, IoT, Nomad, Azure, etc) -- Golang
  • Voyager - HAProxy backed secure L7 and L4 ingress controller for Kubernetes -- Golang

Live CD and USB Tools

  • BlackArch Linux - Penetration testing Linux distro, based off of Arch Linux -- various lang
  • CAINE (Computer Aided INvestigative Environment) - Computer forensics on a live CD -- various lang
  • DBAN (Darik's Boot and Nuke) - Spinning disk wiper -- various lang
  • Easy2Boot - Allows you to choose from multiple bootable ISOs from a single USB drive -- Windows
  • GParted Live - Small, bootable ISO that contains gparted - great for resizing a non-LVM root file system -- C
  • Hiren's Boot CD - Re-adding, updated after 6 long years -- closed source
  • Kali Linux - Penetration testing Linux distro -- various lang
  • Medicat - Bootable mini Windows environment that lets you do anything from browse the filesystem of a machine that isn't booting to reset credentials and everything in between, use v18.10 if you have to -- various lang
  • Network Security Toolkit (NST) - Live CD that includes most tools in insecure.org's top 125 tools list -- various lang
  • NirLauncher - USB live distro that contains all of the NirSoft utilities and more, essential for Windows -- closed source Windows
  • PALADIN - Easy to use Linux-based live CD for forensic analysis -- various lang
  • Rufus - Create bootable USB flash drives -- Windows
  • Security Onion - Linux distro for IDS, NSM, and log management -- various lang
  • Stresslinux - Hardware burn-in and stress testing -- various lang
  • System Rescue CD - System recovery CD that focuses on Linux system recovery -- various lang
  • Tails - Aims at preserving your privacy and anonymity via Tor -- various lang
  • Ultimate Boot CD (UBCD) - Tons of x86 diagnostic and stress test tools on a single CD -- closed source Windows
  • UNetbootin - Create custom, bootable USB Linux CDs -- Windows OS X
  • Ventoy - Create multiple bootable ISO/WIM/IMG/VHD(x)/UEFI & Secure Boot on a USB drive -- various lang
  • YUMI - Multiboot USB creator, Linux and -- Windows

Logging

  • Adiscon LogAnalyzer - Slick web interface for syslog messages -- PHP
  • Countly - Mobile and web analytics and marketing platform -- JavaScript
  • BareTail - Free real-time log monitoring tool with custom highlighting -- Windows closed source
  • Elastalert - Send alerts based on ElasticSearch logs (http 500 increase/spike, any custom string, etc) -- Python
  • ElasticDump - Import / export tools for Elasticsearch -- JavaScript
  • ElasticHQ - Does not yet support ES 5.x -- JavaScript
  • Elasticsearch Exporter - Script to import/export data from ElasticSearch to various other storage systems -- JavaScript
  • Errbit - Self-hosted error catcher, Airbrake API compliant -- Ruby
  • Filebeat - By Elastic, the next generation Logstash Forwarder -- Golang
  • fluentbit - Fast and lightweight log processor, part of the fluentd family -- C
  • Fluentd - Unified logging layer, often used with Kubernetes / OpenShift / containers -- Ruby gem
  • Flume - Distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data -- Java
  • FullEventLogView - Export, read EVTX files, local, remote, and combine logs in a single view -- Windows closed source
  • GoAccess - Real-time web log analyzer and interactive viewer that runs in a terminal and/or dashboard -- Windows OS X
  • Graylog2 - Log capture and analysis -- various lang
  • klogg - Log searcher, works very well for huge log files, multi-platform -- various lang
  • lnav - Advanced log file viewer for the small-scale, terminal/ncurses based -- C++
  • Log Courier - Enhanced fork of Logstash Forwarder -- Ruby
  • Logagent - Lightweight log shipper, like Filebeat and Logstash in one without the JVM footprint -- JavaScript
  • Logplex - Distributed syslog log router, uses Redis, by Heroku -- Erlang
  • logstash - Collect, parse, and store logs. A component of the popular ELK stack -- Ruby
  • Logster - Utility for reading log files and generating metrics to configurable outputs by Etsy -- Python
  • Logwatch - Monitor logs and send an e-mail when event(s) occur -- perl
  • Mamomo - Web analytics platform with a killer UI, formerly PIWIK -- PHP
  • multilog - Reads a sequence of lines from stdin and appends selected lines to any number of logs -- DJB
  • multitail - Monitor multiple log files in a single terminal window -- C
  • netconsole - Kernel module that sends kernel log messages (dmesg, etc) to a remote system without using syslog -- C
  • NXLOG - Universal log collector and forwarder, supports many formats/platforms/sources including Windows -- C Windows
  • OpenSearch - Derived from Elasticsearch 7.10.2, Apache 2.0 license, by Amazon -- Java
  • Open Distro for ElasticSearch - Distro of ElasticSearch with all of the enterprise-grade features added in -- Java
  • Open Web Analytics (OWA) - Track and analyze how people use your websites and applications -- PHP
  • Promtail - Log shipper for Loki users -- Golang
  • Sentry - Application exception logging -- Python
  • Snoopy Logger - Logs commands that are executed and saves the information to syslog -- C
  • Snowplow - Web, mobile and event analytics -- Scala
  • swatch - Simple log watcher -- built-in

Metrics and Time Series Data

  • collectd - Collects system performance statistics -- C
  • collectd Related Sites - Great tools that integrate with collectd -- collection
  • collectl - sar on steroids -- C
  • Cortex - Multitenant, horizontally scalable Prometheus as a Service -- Golang
  • Diamond - Python daemon that collects system metrics and publishes them to Graphite (or similar), has an API -- Python
  • dim_STAT - Collects almost everything and stores it in a MySQL database, produces reports too -- C
  • FastForward - Flexible system event and metric forwarding agent by Spotify -- Ruby gem
  • Ganglia - Focused on HPC / distributed clusters, uses RRD -- various lang
  • Graphite - Store numeric time-series data and render graphs of the data on demand -- Python
  • Graphite Tools - Tools that work with Graphite -- collection
  • Heka / hekad - Stream processing, can gather logs or performance metrics, by Mozilla, based on Borgmon -- Golang
  • InfluxDB - Distributed time series database with no external dependencies -- Golang
  • jmxtrans - Connector between speaking to a JVM via JMX and whatever stats / TSDB you use -- Java
  • KairosDB - Time series DB written on top of Cassandra -- Java
  • m3 - Distributed TSDB and query dngine, Prometheus sidecar and metrics platform by Uber -- Golang
  • Metricbeat - fetches a set of metrics on a predefined interval from OS & services and ships them to Elasticsearch or Logstash -- Golang
  • Metrics - Metrics and instrumentation at both the JVM and application level -- Java
  • Micrometer - Provides a simple facade (fake interface) over the instrumentation clients for the most popular monitoring systems, allowing you to instrument your JVM-based application code without vendor lock-in -- Java
  • mtail - Extract monitoring data from application logs for collection into a timeseries database, by Google -- Golang
  • OpenTSDB - Store and serve massive amounts of time series data without losing granularity -- Java
  • Prometheus - Metrics collection and storage, can trigger alerts when thresholds are breached, based on Borgmon -- Golang
  • prometheus-am-executor - HTTP server that receives alerts from the Prometheus Alertmanager and executes a given command with alert details set as environment variables -- Golang
  • Sensu Go - Open source monitoring framework, cloud-focused, dynamic, scalable - also does metrics collection -- Ruby
  • SNMPcollector - SNMP collector that saves into InfluxDB for easy visualization -- Golang JavaScript
  • SNMP MIB Archive - Massive archive of SMMP MIBs, please fork and contribute -- collection
  • StatsD - Network daemon that listens for stats/counters/metrics and sends them to backend services (TSDB, Graphite, etc), by Etsy -- JavaScript
  • Telegraf - Agent for collecting, processing, aggregating, and writing metrics -- Golang
  • Thanos - Highly available Prometheus setup with long term storage capabilities -- Golang
  • TimescaleDB - PostgreSQL extension for time series ingestion and queries via SQL -- C
  • Whisper - Store time series info in regular file system files, a modern RRD -- Python

Microsoft 365 and Office 365 Tools


Monitoring and Alerting

  • Adagios - Web based Nagios configuration interface -- HTML
  • Alerta - Distributed and de-coupled, requires MongoDB -- Python
  • Bosun - Monitoring and alerting system written by Stack Exchange, based on Borgmon -- Golang
  • Cabot - Self-hosted, easily-deployable monitoring and alerts service - like a lightweight PagerDuty -- Python
  • check_mk - New Open Monitoring Distro, extensions / plugins for Nagios -- C
  • Checkly - Simple checks with a generous free tier, SaaS -- JavaScript
  • Daemon Tools - Service monitoring and management tools -- DJB
  • FastForward (ffwd) - Flexible system event and metric forwarding agent by Spotify -- Ruby gem
  • health - An easy to use, extensible health check library for Go applications -- Golang
  • Icinga - Nagios fork, updated frequently -- various lang
  • Icinga2 - Complete re-write of Icinga by the same folks -- various lang
  • LibreNMS - GPL fork of Observium -- various lang
  • Monit - Includes tools to automatically take action when certain conditions are met (eg: restart a process when it dies) -- C
  • Monitorix - So lightweight that it can be used in mobile devices, aka Mikaku -- perl
  • Naemon - Modular Nagios fork -- various lang
  • Nagios - One of the most widely used OSS monitoring programs -- various lang
  • Nagios Exchange - Centralized repository of Nagios plugins, addons, extensions, etc -- collection
  • NetXMS - Monitoring for all types of devices across the entire data center (hosts + network devices) -- C
  • OpenNMS - Network monitoring, also supports configuration/asset management -- various lang
  • PA-Ping - Powerful and simple to use uptime and availability monitor based on the same software as PA Server Monitor, self-hosted, freeware -- various lang closed source
  • pmacct - IP and network traffic accounting / monitoring -- C
  • PHP Server Monitor - Simple monitoring package that can use built-in public SMS gateways for notifications -- PHP
  • PRTG - Commercial version of Nagios, AD integration, many plugins, excellent price, highly recommended -- C
  • Pynag - Interface with Nagios via Python -- Python pip
  • Sensu Go - Open source monitoring framework, cloud-focused, dynamic, scalable - also does metrics collection -- Ruby
  • Sensu Plugins - Official community site for Sensu plugins -- various lang
  • Shinken - Nagios-compatible monitoring, supports high availability -- Python
  • SigNoz - OSS alternative to New Relic and DataDog -- Golang
  • Statping - THE BEST simple all in one monitoring solution, with mobile app, great for home/small networks -- OMG
  • UptimeRobot - 50 monitors with 5 minute checks for free, SaaS -- in-browser
  • Uptime Kuma - Self-hosted monitoring tool like Uptime Robot or Statuspage -- various lang
  • Xymon - Fork of Big Brother -- C
  • Zabbix - Stores monitoring data in a DB, has agents for almost every OS, can be a virtual appliance -- various lang
  • Zenoss Core - Supports Nagios plug-in format, based on the Zope application server -- Python

Networking Tools

  • 2ping - Simple bi-directional ping utility, helps determine where packet loss occurs -- Python
  • aria2 - CLI for downloading HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink -- C Windows OS X
  • ARIN WHOIS in JSON - Authoratative (official) info including CIDR and OriginAS, updated every 8h -- collection
  • arp-scan - Create and send ARP requests -- C
  • Awesome PCAP - Huge list of tools that work with PCAP captures -- collection
  • bbcp - Copies files using multiple TCP streams to greatly increase throughput -- C
  • BGP Looking Glass - A comprehensive list of BGP looking glass servers located in various geographic regions -- collection
  • BIRD Internet Routing Daemon (BIRD) - (Almost) fully functional IP routing daemon for Linux, supports tons of standard routing protocols -- C
  • BPF Tools - Extended BSD Packet Filter (eBPF) and pcap toolkit, by CloudFlare -- Python
  • CERT NetSA Security Suite - Network flow analysis tools -- various lang
  • CrushFTP - Info on how to use CrushFTP server as a transparent FTP & SFTP proxy server -- article
  • CurrPorts - Displays the list of all currently opened TCP/IP and UDP ports on your local computer -- Windows closed source
  • Cyberduck - GUI FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows -- itsaduck
  • Data Plane Development Kit (DPDK) - Data plane libraries and framework for fast packet processing -- C
  • dog - DNS CLI like dig but the new hotness -- Rust
  • dsniff - Great for level 2 analysis or service spoofing -- C
  • ElastiFlow - Netflow collection and visualization using the ELK stack -- various lang
  • ExaBGP - The BGP swiss army knife of networking -- Python pip
  • Fast Data Transfer (FDT) - For writing at disk speed over WANs -- Java
  • FBOSS (FaceBook Open Switching System) - FB's software stack for managing and controlling their internal switches -- various lang
  • FreeZTP (Zero Touch Provisioning) - A Zero-Touch Provisioning system built for Cisco IOS -- Python
  • FRRouting - Replacement for / fork of Quagga with more features -- C
  • ftptop - Monitor FTP connections in real time -- built-in
  • Gas Mask - Simple hosts file manager for Mac OS X, switch between host files easily -- Objective C
  • kcptun - Secure and fast tunnel based on KCP -- Golang
  • Impacket - Provides low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself, packets can be constructed from scratch -- Python pip
  • ipcalc - CLI tool to calculate subnets, netmasks, IP ranges, broadcast addresses, and more -- built-in
  • iptstate - A top-like display of IP Tables state table entries -- built-in
  • GridFTP - Supports parallel streams, optimized for WANs, part of the Globus Toolkit -- C
  • hosts - Consolidates several reputable hosts files and merges them into a unified hosts file with duplicates removed (ads, malware, gambling, porn, etc) -- collection
  • hping3 - Create custom TCP/IP packets, very flexible -- built-in
  • Internet Outages Map - By Thousand Eyes -- in-browser
  • IP-API - Geolocation API, free for non-commercial use, no API key required -- SaaS
  • joincap - Alternative to mergecap -- Golang
  • LDwin - CDP and LLDP discovery GUI for Windows -- Windows
  • lftp - Supports many protocols (FTPS, HTTPS, SFTP), scheduling, bandwidth throttling, scripting, and more - feature-rich -- C C++
  • lldpd - Daemon that can talk LLDP aka the open version of Cisco Discovery Protocol (CDP), handy for network + host mapping -- C
  • Manito Networks Flow Analyzer - ELK stack netflow analyzer -- Python
  • moloch - Large scale IPv4 full PCAP capturing, indexing and database system -- JavaScript
  • mrsync (multicast remote sync) - Transfers from a master to many remote machines using Unix multicast sockets -- C
  • mTCP - High-performance user-level TCP stack for multicore systems -- C
  • Multipath TCP Checker - Multipath TCP client tester -- in-browser
  • My Looking Glass (myLG) - All-in-one CLI network diagnostic tool -- Golang
  • NAPALM (Network Automation and Programmability Abstraction Layer with Multivendor support) -- Network automation and programmability abstraction layer, for both setting config and config validation -- Python pip
  • ncat - Improved netcat, written by the Nmap team -- C
  • Netconf - Web-based GUI for configuring API-less Cisco devices -- Python
  • NetSetMan - Create netwoking configuration profiles and switch between them in the systray -- Windows closed source
  • netshoot - Docker + Kubernetes network trouble-shooting swiss-army container -- various lang
  • netsniff-ng - High performance, zero-copy networking sniffer -- C
  • Networking Cheat Sheets - Protocols, devices, ports, physical connectors, and more, by PacketLife -- collection
  • NETworkManager - All in one network GUI (config, troubleshooting, etc), neat! -- Windows C Sharp
  • ngrep - Network grep -- C built-in
  • Nornir - Python automation framework without a DSL, alternative to managing network devices with Ansible -- Python
  • nping - Create custom network packets -- C
  • OpenBGPD - Free implementation of BGP v4 -- C
  • OpenBMP - BGP Monitoring Protocol collector with real-time monitoring, looking glass, analytics, etc -- various lang
  • OpenOnload - User-land network stack that requires no modifications to applications to use by intercepting calls -- C
  • OpenWISP - Open source network management, build on top of OpenWRT, IaC, and more -- hot
  • OpenWRT - Full Linux distro for consumer-grade routers, allows for tons of non-vendor customization -- various lang
  • paping - Ping but for TCP ports instead of ICMP -- Windows Linux
  • PeeringDB - Freely available, user-maintained, database of networks, and the go-to location for interconnection data -- collection
  • PFQ - Framework that allows efficient packets capture/transmission, in-kernel functional processing, and packets steering across sockets/end-points -- C
  • PingPlotter - Powerful tool for visualizing traceroutes, makes for easy network troubleshooting, payware -- Windows
  • Portmaster - GUI to monitor all network activity and connections as well as allows you to block connections -- Windows Linux
  • PowerAdmin - Simple Web UI for PowerDNS -- PHP
  • prettyping - Terminal-based ping hotspot plotter -- shell
  • Quagga - Routing software suite, supports most routing protocols -- C
  • SiLK (System for Internet-Level Knowledge) - Tool suite supports the efficient collection, storage, and analysis of network flow data, enabling network security analysts to rapidly query large historical traffic data sets -- C
  • snabb - Worth seeing -- various lang
  • socat - netcat on steroids, supports serial devices -- C
  • sslh - Protocol multiplexer, let multiple daemons listen on a single port -- C
  • tcpflow - TCP demultiplexer, each flow is stored in it's own file -- C++
  • tcpreplay - Capture, edit, and replay network traffic -- C
  • tracepath - Traceroute that doesn't require root -- C
  • vFlow - High-performance, scalable and reliable enterprise netflow collector with Kafka integration, by Verizon -- Golang
  • WakeMeOnLan - Scans your network for computers and you can then later press a button to WoL them -- Windows closed source
  • webterm appliance - Debian-based networking toolbox, runs in a Docker container + Firefox, by the GNS3 team -- neat
  • WireShark - The classic network analyzer -- C
  • WireShark Tools - Superb list of network tools from the WireShark wiki -- collection
  • Zenmap - Official GUI for Nmap -- C Windows OS X

Network Performance Analysis Tools

  • ARGUS (Audit Record Generation and Utilization System) - Generates network activity reports -- C
  • bmon - Console based network monitor -- C
  • clumsy - Simulate poor network conditions on Windows -- C Windows
  • Comcast - Simulate crappy network connections -- Golang OS X
  • DNSBench - GUI DNS benchmarking tool - Windows closed source
  • ESnet Fasterdata Knowledge Base - Provides proven, operationally sound methods for troubleshooting and solving performance issues -- collection hpcwisdom
  • EtherApe - Graphical network monitor, pretty output -- various lang
  • Flent - Python wrapper to run mutliple netperf/iperf3/ping in parallel, formerly netperf-wrapper -- Python
  • Flowgrind - Distributed TCP traffic generator -- C
  • iftop - top for network interfaces -- C
  • iperf3 - Supports tuning of various parameters related to timing, protocols, and buffers -- C
  • iptraf-ng - Updated fork of iptraf -- C
  • jnettop - Terminal / ncurses traffic visualizer -- C
  • mtr (my traceroute) - Combines ping and traceroute into a single program -- C
  • Muxy - Muck with your system and application context layers 4-7 -- Golang OS X
  • namebench - Hunts down the fastest DNS servers for your computer to use -- Python Windows OS X
  • netatop - Kernel module for atop to watch and report on network packets -- C
  • netem - Network emulator for testing variable delay, loss, duplication and re-ordering -- C
  • NetHogs - Displays per-process bandwidth usage -- C C++
  • Network Link Conditioner - Simulate bandwidth, latency, and packet loss, by Apple -- closed source OS X
  • nfdump - Captures network flows including sFlow, NetFlow, NetFlow v9, ipfix, etc -- perl
  • nicstat - vmstat for network interfaces -- C
  • nload - Console application that monitors network traffic and bandwidth usage in real time, neat ASCII graphs -- C++
  • ntopng / ntop-ng - New version of the popular ntop tool -- C
  • netperf - Network load generator, by HP -- C
  • Paris Traceroute - Shows proper network topology when load balancers and load-balanced routers are used -- C
  • Ruru - Real-time TCP latency monitoring, utilises Intel DPDK for high speed packet processing with a Node.JS frontend for visualizing the data -- various lang
  • SmokePing - Network latency visualizer, written by the MRTG and RRDtool guy -- perl
  • ss - Socket statistics, a modern netstat -- built-in
  • Stanford Linear Accelerator Center - Network Monitoring Tools - MASSIVE list of network monitoring tools -- collection
  • tc - Built-in Linux kernel traffic control -- built-in
  • tcping.exe - TCP ping for Windows -- various lang
  • TCP Throughput Calculator - See name -- in-browser
  • tcpdive - TCP performance analysis tool, implemented as SystemTap scripts -- C
  • tcplife - Watch the life of TCP connections, uses BCC -- C
  • tcptrack - Console based connection tracker -- built-in
  • trickle - Userspace bandwidth shaper -- built-in
  • vnStat - Console based traffic monitor, supports statistic collecting -- C
  • WinMTR - Windows GUI for MTR -- C++
  • Yconalyzer - Monitor and analyze TCP connections -- C++

Orchestration

  • Ansible - CM and orchestration, also can do provisioning -- Python
  • Batou - Define and perform automated service deployments -- Python pip
  • Capistrano - Use Ruby to run scripts/commands and push software via SSH, uses a Rake DSL -- Ruby gem
  • ClusterSHISH - Cluster SSH for Windows, works with PuTTY and OpenSSH for Windows -- closed source Windows
  • ClusterSSH - Make a change on many servers at the same time -- perl
  • csshX - Cluster SSH for OS X -- C
  • KeyBox - Web-based SSH console that executes commands on multiple shells simultaneously and supports terminal sharing -- Java
  • Mass Parallel SSH (mpssh) - Simple parallel SSH -- C
  • Multipass - Super light weight VM manager, easy way to get a fresh Ubuntu machine -- C++
  • OpenLMI (Open Linux Management Infrastructure) - Manage, monitor, and configure servers via API calls (instead of SSH), included in RHEL 7 -- various lang
  • orgalorg - Next generation parallel SSH tool because most other major ones are no longer maintined -- Golang
  • parallel - Execute jobs in parallel using one or more computers -- built-in
  • parallel-ssh (pssh) - Parallel version of OpenSSH tools - comes with prsync, pscp, pnuke, and pslurp too -- Python built-in
  • Parallel Distributed Shell (pdsh) - Kick off many SSH sessions in parallel -- C
  • PyDSH - Python Distributed Shell, parallel SSH -- Python
  • Rundeck - Job scheduler and runbook automation, enable self-service access to existing scripts and tools -- Groovy
  • Salt / Saltstack - Orchestration, server provisioning, and configuration management -- Python
  • Spacewalk - Remote commands/orchestration, patch management, and more - the upstream for Red Hat Satellite 5.x and earlier -- various lang
  • Teleport - Front-end for teams, includes session capture and replay, auditing, 2FA, session sharing, and more -- Golang
  • tmux-cssh - Cluster SSH via tmux -- shell
  • xCAT (Extreme Cloud Administration Toolkit) - Complete all in one management solution (provisioning, orchestration, management, etc) supports almost every UNIX and next generation platform, by IBM -- legit

Package Patch and Repository Tools

  • Advanced Installer - Simple, powerful and feature-rich Windows package authoring tool, supports more than MSI, payware -- Windows
  • apt-dater - Simple ncurses frontend for package management via SSH, also supports yum -- C
  • aptly - Swiss army knife for Debian repository management, has the ability to take snapshots for easy rollback -- C
  • AutoPkg - Packaging and distribution for OS X, great for managing many laptops -- Python OS X
  • CentOS Errata for Spacewalk (CEFS) - Import errata information from CentOS-announce into Spacewalk -- useit
  • CentOS Repositories - Large list of both official and unofficial CentOS software repositories -- collection
  • CentOS Software Collections (SCL) - Use multiple versions of software on a system without disturbing the system default version -- C
  • CMPackager - Create applications in SCCM, it takes care of downloading, packaging, distributing and deploying the applications described in XML "recipe" files -- PowerShell
  • Copr - Automatic build system providing a package repository as its output, by Fedora -- C
  • cowbuilder - Package builder that uses copy-on-write (COW) to speed up the build process -- C
  • Dell Command Update - Simplifies the BIOS, firmware, driver, and application update experience for Dell commercial client hardware, easily scriptable -- closed source
  • DNF aka Dandified yum - yum v4 packaging system, added to upcoming Fedora/RHEL/CentOS 8 releases -- article
  • ELRepo - Repo that focuses on hardware related packages, supports RHEL and CentOS -- repo
  • Extra Packages for Enterprise Linux (EPEL) - Supports CentOS, RHEL, Scientific Linux, and Oracle Linux -- repo
  • Extra Packaging Guidelines and Policies for EPEL - Packaging guidelines, great even if not creating EPEL stuff -- readit
  • Fedora Packaging Guidelines - Excellent information that can be applied to CentOS & RHEL -- readit
  • fnt - apt for fonts, Mac and Linux -- various lang
  • fpm (Fucking Package Management) - Build packages for multiple platforms (deb, rpm, etc) with great ease and sanity -- Ruby gem
  • fpm-cookery - Tool for building software packages with FPM -- Ruby gem
  • Habitat - Creates platform-independent build artifacts and provides built-in deployment and management capabilities -- Golang
  • Homebrew (aka brew) - Tons of packages for Mac -- Ruby OS X
  • InstEd - User friendly MSI editor with the most options -- Windows closed source
  • Koji - Software that builds packages for Fedora, can be used for other stuff too, uses mock -- C
  • Mock - Build packages in a simple chroot so you don't blow up your system -- C
  • mrepo - RPM repository management tool supporting ftp/http/sftp/rsync/rhn/you, formerly Yam -- Python
  • Munki - Managed software installation for OS X, great for managing laptops -- Python OS X
  • Orca.exe - Official MSI / Windows Installer parameter editor, edit or add any parameter -- closed source Windows
  • OStree - Tool for managing bootable, immutable, versioned filesystem trees (not really a package manager but...) -- thefuture C
  • pkgr - Made deb or RPM packages out of any Ruby, NodeJS, or Go app -- Ruby
  • Pulp - Next generation repository management, a component of Red Hat Satellite 6 -- Python
  • Red Hat Software Collections (SCL) - Use multiple versions of software on a system without disturbing the system default version, use this to get the newest / latest versions of things -- repo
  • reposync - Synchronize yum repositories to a local directory -- built-in
  • Revo Uninstaller - The best cleaner for Windows, includes far more than just packages -- closed source
  • rpm-ostree - Hybrid image/package system with atomic upgrades and package layering -- C thefuture
  • RPM Fusion - Provides software that the Fedora Project or Red Hat doesn't ship -- repo
  • schroot - Allow non-root users to create chroot environments, great for package testing -- built-in
  • Scoop - Windows package manager that focuses on portable apps (apps installed in user directories) -- Windows
  • Spacewalk - Patch management, remote commands, and more - the upstream for Red Hat Satellite -- various lang
  • Tito - Tool for managing RPM based projects using git for their source code repository -- Python
  • Uyuni - Forked and up to date version of Spacewalk, uses Salt and containers -- various lang
  • winget - Client interface to the Windows Package Manager service, think apt or yum, official tool from Microsoft -- Windows
  • yum-presto - yum plugin that provides support for downloading package deltas -- article
  • yum-security - Plugin to only install security updates -- built-in

Performance Analysis Tools

  • atop - Supports both real-time and historical performance monitoring -- C
  • bashtop - Real time resource monitor -- Python
  • below - Interactive tool to view and record historical system data, by Facebook -- Rust
  • bottom - Inspired by gtop, gotop, and htop -- various lang
  • btop++ - Resource monitor that shows usage and stats for processor, memory, disks, network and processes -- C++
  • Conky - Lightweight system monitor for X windows -- C++
  • Glances - Real-time performance monitoring, written in curses and Python -- Python
  • hazelnut - Python lib to parse /proc/meminfo -- Python pip
  • htop - top replacement, has a few additional features -- C
  • Linux Performance Observability Tools - Awesome graphic that shows you which tool to use, by Brendan Gregg -- yells at drives
  • mem_logger.sh - Monitor a processes' memory usage over time -- shell
  • Munin - Historical performance monitoring to help determine when you server became "slow" -- perl
  • NetData - Real time performance visualization and dashboards -- C
  • nmon - Provides both real-time and historical performance metrics -- C
  • NumaTOP - top for NUMA systems, shows hotspots, call chains, etc -- C
  • PerfKit Benchmarker - Open effort to define a canonical set of benchmarks to measure and compare cloud offerings (disk, network, CPU, etc) -- various lang
  • Phoronix Test Suite - Benchmarking and profiling suite, very feature-rich and versatile -- PHP
  • pidstat - vmstat type output for CPU, disk I/O, page faults, and more on a per-process basis -- built-in
  • pmap - Shell scripts for tracking memory usage using "pmap" -- shell
  • PowerTOP - Real-time power consumption on a per-process & per-thread basis, by Intel -- C++
  • Process Hacker - Task Manager on steroids, can also be used for security and software development -- Windows
  • ps_mem - Accurately reports core memory usage for a process -- Python
  • ptop - top/ntop-like task monitor written in Python -- Python pip
  • recap - Collects info from various standard utilities (free, sar, vmstat, etc) at specified intervals, by Rackspace -- various lang
  • saidar - ncurses based program for viewing system statistics -- built-in
  • smem - Reports memory usage based on proportional set size (PSS) instead of the usual resident set size (RSS) -- C
  • sysdig - Linux system exploration and troubleshooting tool with first class support for containers -- C++
  • VMtouch - File system cache diagnostics and control -- C

Provisioning Tools

  • Box-Cutter - Hashicorp's community repo for Packer & Vagrant templates -- Ruby
  • Clonezilla - Disk image/cloning tool, supports most file system types -- perl shell
  • cloud-init - Configures settings the first time a system spins up (SSH keys, hostname, variables, etc), note NoCloud -- C
  • cookiecutter - Creates projects from cookiecutters (project templates), many cookiecutters to choose from -- Python pip
  • Fog - Computer / OS cloning tool, also has remote client management capabilities -- C++
  • Foreman - Provisioning and life cycle management -- Ruby Windows OS X
  • iPXE - GPL'ed version of PXE, official replacement for gPXE -- C
  • Kickstart - The classic Red Hat tool -- various lang
  • netboot.xyz - Simple iPXE menu and installer -- shell
  • Packer - Automates VM creation for multiple platforms (VMware, AWS, etc) -- Golang
  • Vagrant - Quickly spin up environments for local testing and development -- Ruby
  • Vagrant Azure - Official -- Ruby
  • Vagrant Plugins - A list of Vagrant plugins on the official Hashicorp wiki -- collection
  • Vagrant Manager - GUI to manage Vagrant boxes -- Windows OS X
  • vagrant-cachier - Cache BLOB downloads to reduce network usage -- Ruby
  • vagrant-host-shell - Simple plugin to run commands on the VM when it boots (think cloud-init) -- Ruby
  • vagrant-hostsupdater - Plugin to add your own /etc/hosts to the VM -- Ruby
  • vagrant-vbguest - Auto-install the latest VirtualBox tools at boot time (if necessary) -- Ruby
  • Salt / Saltstack - Orchestration, server provisioning, and configuration management -- Python

Python Tools and Resources

  • argparse - Parser for command-line options, arguments and sub-commands -- Python
  • atexit - Exit handlers -- Python
  • Awesome Python - Very large list of Python resources -- collection
  • bpython - Killer interface for the Python interpreter -- Python
  • ciscoconfparse - Parse, audit, query, build, and modify Cisco IOS-style configurations -- Python pip
  • exscript - Write less code using than either pure paramiko or netmiko -- Python
  • Fabric - Uses paramiko to implement a higher-level API for performing commands over SSH, particularly for deployment sysadmin tasks -- Python pip
  • Faker - Generate fake data easily -- Python pip
  • Fire - Turn any Python module, class, object, function, etc into a CLI -- Python
  • functools - Higher-order functions and operations on callable objects -- Python
  • getpass - Enter a password without echoing what they type to the console -- Python
  • import-tracker - Python utility for tracking third party dependencies within a library, by IBM -- Python
  • inspect - Inspect live objects -- Python
  • IPython - Interactive Python shell and the kernel for Jupyter -- Python
  • Itertools - Functions creating iterators for efficient looping, iterator building blocks -- Python
  • Jinja2 - Templating language for Python -- Python pip
  • Jupyter - The language-agnostic parts of IPython -- Python
  • Logging - Flexible event logging system for applications and libraries for all modules and more -- Python
  • Mailer - The best e-mail module -- Python
  • more-itertools - More routines for operating on iterables, beyond itertools -- Python pip
  • netaddr - A network address manipulation library for Python -- Python
  • netmiko - Multi-vendor library to simplify Paramiko SSH connections to network devices -- Python
  • netminko_tools - Command line tools built on Netmiko to simplify information gathering -- Python
  • os - Interact with the OS -- Python
  • paramiko - SSH2 protocol library for Python, provides both client and server -- Python pip
  • pdb - Python debugger -- Python
  • pexpect - Expect-like module -- Python
  • pycsco - Python modules to simplify the use of working with Cisco Nexus switches -- Python
  • PyEnv - Simple Python version management that keeps everything within your home directory, virtualenv alternative -- shell
  • PyPI (Python Package Index) - Software repo for Python packages, like Ruby gems or a RPM repo -- collection
  • PyPy - Python alternative with advance features (JIT compiles, sandboxing, etc) -- Python
  • python-prompt-toolkit - Library for building interactive command lines -- Python pip
  • Python Style Guide - Google's Python style guide -- article
  • RadSSH - Paramiko-based parallel SSH -- Python pip
  • Requests - The best HTTP library -- Python pip
  • scapy - Interactive packet manipulation for Python -- Python pip
  • selenium - Browser automation -- Python
  • sh - Library that allows you to call any program (shell command) as if it were a function -- Python pip
  • Subprocess - Spawn subprocesse and collect their output -- Python
  • sys - System-specific parameters and functions -- Python
  • tempfile - Generate temporary files and directories -- Python
  • TextFSM - Create a pool of templates to parse text, then use TextFSM to parse useful information from a variety of sources -- Python
  • xlwings - Replace your Excel VBA code with Python -- Python pip

Python Programming Tutorials


RDBMS and SQL Tools

  • Adminer - GUI for database management in a single PHP, formerally phpMyAdmin -- PHP
  • Babelfish for PostgreSQL - Layer that lets PostgreSQL understand queries from applications written for Microsoft SQL Server including T-SQL and TDS, by Amazon -- various lang
  • CockroachDB - Open source version of Google's Spanner storage system -- thefuture Golang
  • DBeaver - OSS multi-platform GUI that supports almost every DB, can generate SQL for you -- Eclipse
  • DB Browser for SQLite - GUI database browser for SQLite instances -- C++
  • Flyway - Version control for DB schemas, supports most DBs -- Java
  • gh-ost - Online schema migrations for MySQL, by GitHub -- Golang
  • HeidiSQL - GUI SQL DB browser and editor -- Windows OS X
  • Liquibase - Tracking, managing, and applying database schema changes, SVN for DBs -- Java
  • MaxScale - General purpose DB query proxy, router, and load balancer by MariaDB -- C
  • mycli - CLI for MySQL and derivates with auto-completion and syntax highlighting -- Python
  • mydumper (MySQL Data Dumper) - Much better than mysqldump, works in parallel -- perl
  • MyRocks - RocksDB with a MySQL front-end / interface -- C++
  • MySQL sys schema - Collection of views, functions and procedures to help MySQL administrators get insight into MySQL usage -- SQL
  • MySQL Workbench - The official MySQL GUI for admins, devs, DBAs, and architects -- various lang
  • Oracle TPT Scripts - Tanel Poder's Troubleshooting & Performance Tools for Oracle Databases -- SQL
  • orchestrator - MySQL replication topology management and visualization tool, GUI -- Golang
  • Percona Toolkit for MySQL - Percona's special toolkit -- various lang
  • pgcli - Postgres CLI with autocomplete and syntax highlighting -- Python
  • pgloader - Fast data loader and swiss army knife for PostgreSQL -- Lisp
  • pgweb - Web-based PostgreSQL DB browser -- Golang
  • pg_repack - Remove bloat from tables and indexes without using an exclusive lock -- C
  • Phinx - Database migrations in SQL or PHP -- PHP
  • Postgres-XL - Scale-out version of PostgresSQL -- C
  • Postgres.app - All-in-one version of Postgres for local testing on a laptop -- C
  • PostgREST - Create a REST API for any Postgres DB -- Haskell
  • PostgreSQL GUI Tools - A huge list on the official wiki -- collection
  • Presto - Distributed SQL query engine for big data, by Facebook -- Java
  • Sequel Pro - MySQL management GUI for Mac -- OS X
  • shift - Schema migrations for MySQL, by Square -- Ruby
  • SQLite - Self-contained, serverless, zero-configuration, transactional SQL database engine, great for testing -- C
  • SQLTools - Database management for VSCode, supports Azure, Redshift, and more -- various lang
  • SQL Fiddle - Write and test SQL -- in-browser
  • SQL Index Manager - Free GUI Tool for Index Maintenance on SQL Server and Azure -- various lang
  • SQL Monitor - Probably the best SQL Server monitoring platform, supports Azure, by Redgate, payware -- various lang
  • SQL Server Management Studio (SSMS) - Integrated environment to configure, monitor, and administer instances of SQL Server and databases including Azure -- closed source
  • SQL Toolbelt - 13 industry-standard products for SQL Server development, backup, and monitoring, payware -- various lang
  • SQL Window Functions Cheat Sheet - Oh bby -- collection
  • Vitess - Lets you horizontally scale a mysql database at the database level and not the application level -- various lang
  • wal-e - Simple continuous archiving for PostgreSQL -- Python
  • wal-g - Simple continuous archiving for PostgreSQL, successor to wal-e -- Python
  • WWW SQL Designer - Designing RDBMS schemas features saving, exporting to XML, and SQL script creation, free SaaS version here -- JavaScript

RDBMS Performance Analysis Tools


Regular Expressions

  • Debuggex - Online regex debugger -- in-browser
  • ExtendsClass - Online visual regex tester -- in-browser
  • perlretut - perl-focused but very useful for all regex -- article
  • Refiddle - Online, supports JavaScript, Ruby, and .NET only -- in-browser
  • regex101 - Online regex tester and debugger, supports multiple languages -- in-browser
  • RegexOne - Learn regular expressions with simple, interactive examples -- tutorial
  • regexper - Regex visualizer using railroad diagrams, great for debugging -- in-browser
  • RegExr - Another online regex tool that includes cheat sheets, examples, and community-contributed expressions -- collection
  • RegularExpressions.info - THE BEST regex site -- collection
  • Regular Expressions - A Gentle User Guide and Tutorial - The easy way -- tutorial
  • RexV.2 - Online Regex evaluator, supports multiple languages -- in-browser
  • Rubular - Online Ruby-only regex evaluator -- in-browser
  • txt2re - Regex generator, recommended -- in-browser
  • txt2regex - Converts human sentences to regex, written in bash -- shell

Secrets Management

  • Bitwarden - The new hotness in password management -- various lang
  • blackbox - Safely store secrets in Git, by Stack Exchange -- shell
  • Diceware - Neat IRL passphrase generator -- doitirl
  • encpass - Lightweight solution for using encrypted passwords in shell scripts -- shell
  • gpg4win - For Windows, comes with an Outlook plugin -- various lang
  • GPG (GNU Privacy Guard) - The original! Store em in text files and encrypt -- C pro
  • GPG Suite - Integrates seamlessly into Mac services such as Keychain, Mail, file encryption, signatures, and more -- Mac various lang
  • GRC Password Generator - Generates 63 bit passwords -- in-browser
  • Kee - Auto-fill website logins using KeePass as a source, like LastPass -- C# Firefox
  • Keybase - Upload your public key and find other people's public key via their social media user name(s) -- in-browser
  • KeePass - Lightweight, easy to use, GUI password manager, runs on most platforms -- C# Windows
  • Keepass2Android - Compatible with KeePass 2.x -- Android
  • KeePassDroid - Open source version of KeePass 1.x for Android -- Android
  • KeePassXC - Supports YubiKey and TOTP, forked becasue KeePassX is no longer being updated -- C++
  • KeeWeb - Cross-platform password manager compatible with KeePass, well made -- JavaScript
  • Keywhiz - A system for distributing and managing secrets (API keys, certificates, etc), by Square -- Java
  • Keystore Explorer - Create and navigate Java KeyStores, GUI replacement for the Java command-line utilities keytool and jarsigner -- Java
  • kpcli - Command line interface / CLI for KeePass -- perl
  • kp2bw - KeePass 2.x database to Bitwarden converter -- Python pip
  • lastpass-cli - CLI for LastPass -- C
  • MacPass - A free, open-source, KeePass-compatible password manager for macOS -- Objective-C
  • msktutil - Keytab client for a Microsoft Active Directory environment -- built-in
  • One-Time Secret - Create links that self-destruct after a single viewing, great for sharing passwords -- Ruby
  • pass (passwordstore) - Uses GPG at it's core, supports tracking password changes in git -- shell
  • passff - Addon for interacting with the a pass aka passwordstore repository -- Firefox
  • Password Pusher - Links to passwords expire after a certain number of views and/or time has passed, RoR app -- Ruby
  • Password Safe - Designed by Bruce Schneier himself -- bam
  • pwd.sh - Script to manage passwords in an encrypted file using GPG -- shell
  • pwgen - Password generated, included in most Linux distros -- built-in
  • Secrets OPerationS (SOPS) - Secrets management, by Mozilla -- Python
  • TeamPass - Collaborative password management using the LAMP stack -- PHP
  • Vault - Tool for storing secrets (API keys, passwords, certs, etc) by Hashicorp -- Golang
  • vaultwarden Unofficial Bitwarden compatible server written in Rust -- Rust

Security Tools

  • A Threat Modeling Field Guide - The BEST all-in-one document on threat modeling -- article
  • Active Directory Kill Chain Attack & Defense - Tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise Active Directory, a checklist -- collection
  • Active Roles - Restore deleted objects, track change history, automation, and more for your Active Directory, supports Azure, payware -- closed source
  • ADSecurity.org - An excellent resource -- article
  • Advanced IP Scanner - For Windows, recommended -- closed source
  • AD Info - The best Active Directory reporting tool, great for SOC 2 and similar audit -- Windows closed source
  • AD Permissions Reporter - Windows GUI to report on security permissons on your Active Directory objects -- Windows closed source
  • afl-fuzz (American Fuzzy Lop) - One of the best fuzzers -- C
  • AIDE (Advanced Intrusion Detection Environment) - File integrity checker, alternative to Tripwire -- various lang
  • Amass - Automatically obtains subdomain names in a variety of ways and uses that info to build maps of the target network, by OWASP -- Golang
  • API Security Maturity Model - By Curity -- article
  • Armitage - GUI for Metasploit -- Java
  • ATA Secure Erase - Send a signal to an ATA drive to perform a hardware-based erase, the ONLY way to wipe a SSD properly -- article
  • Atomic Red Team - Library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments -- Ruby
  • Attack Surface Analyzer 2.0 - See exactly what changed post-OS install or post-software install, by Microsoft -- Windows
  • Attack Surface Framework - ASF will discover assets/subdomains, enumerate their ports and services, track deltas and serve as a continuous and flexible attacking and alerting framework -- various lang
  • auditd-attack - A Linux auditd rule set mapped to MITRE's Attack Framework -- collection
  • AuditScripts.com Critical Security Controls - Excellent tools and spreadsheets including their Master Mappings -- article
  • authconv - Web app authorization coverage scanning -- JavaScript
  • Autopsy - Great for grabbing artifacts for DIFR -- closed source
  • Awesome Honeypots - Curated collection of honepots and honeypot resources -- collection
  • Awesome OPA (Open Policy Agent) - Policy as code for modern infrastructures -- collection
  • Batfish - Feed your configs in and it finds errors and guarantees the correctness of planned or current network configurations and you can run analyses like which flows are/not permitted and shadowed rules -- Java
  • Best Practices for Securing Active Directory - Official guide by Microsoft -- article
  • bettercap - Swiss Army knife for 802.11, BlueTooth, and Ethernet networks reconnaissance and attacks -- Golang
  • Brida - Bridge between Burp Suite & Frida, lets you use and manipulate applications own methods while tampering the traffic exchanged between the applications and their back-end services/servers -- various lang
  • bro - Framework for network analysis and security monitoring -- C++
  • Building Security In Maturity Model (BSIMM) - A BSIMM assessment empowers you to analyze and benchmark your software security program against 100+ organizations across several industry verticals. It’s an objective, data-driven analysis from which to base decisions of resources, time, budget, and priorities as you seek to improve your security posture -- article
  • Burp Suite Community Edition - Free version of the web sec tool -- various lang
  • CALDERA - Automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks -- Python
  • Checkov - Scans cloud infrastructure provisioned using Terraform, Cloudformation or Kubernetes and detects security and compliance misconfigurations, similar to a sub-component of Twistlock, Policy as Code -- Golang
  • cherrytree - Hierarchical note taking application, excellent for red team / pentest notes -- Python
  • chkrootkit - Rootkit checker, best used from a live CD -- C
  • CIS Linux Benchmarks - Linux OS hardening guides, superb! -- collection
  • CIS Policy Template Guide for NIST CSF - For the NIST Cybersecurity Framework -- collection
  • CISA Supply Chain Risk Management Template - Template / checklist -- article
  • CISO Mindmap - A collection of the categories and topics that CISOs need to be concerned about, updated annually -- article
  • CloudFrontier - Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud -- Python
  • CloudSploit - Designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub -- JavaScript
  • CloudSploit Security Remediation Guides - Best practices and checklists, covers AWS, Azure, Google Cloud / GCP, GitHub, and Oracle Cloud -- article
  • Cloud Controls Matrix (CCM) v4 - Cybersecurity control framework for cloud computing aligned to the CSA best practices, considered the de-facto standard for cloud security and privacy -- article
  • Cloud Native Security Whitepaper (CNSWP) - By the CNCF -- article
  • Cloud Security Kanban - Certify your strategy is involved in various relevant areas of compliance (GLBA, SOC II, information security models and risk assessments, IT audits, vendor management, data breach, and incident management) -- collection
  • Cloud Security Orinteering - How to rapidly understand and secure a cloud environment -- article
  • Cloud Threat Modeling - By the CSA -- article
  • Common Vulnerability Scoring System Calculator - Version three -- collection
  • ConfigServer Security and Firewall (CSF) - Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers -- various lang
  • Conftest - Write tests against structured configuration data (Kuberetes, Terraform, Serverless, etc) -- Golang
  • CSP Evaluator - Check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks, by Google -- in-browser
  • cuckoo - Feed in malware URL, it fires up VM, and provides a report about the actions the malware took -- in-browser
  • CVE Details - Browsable web interface for CVE vulnerability data -- in-browser
  • CyberChef - A web app for encryption, encoding, compression and data analysis -- in-browser JavaScript
  • Cyber Security Book of Knowledge (CyBOK) - Aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts -- collection
  • Cyber Security Evaluation Tool (CSET) - Desktop application that guides asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology, by the CISA -- various lang
  • Cyber Security Mind Map - A list of most areas & domains of cybersecurity -- article
  • Cyber Exercise Playbook - Blue team exercises, by MITRE -- collection
  • CIS Controls Self Assessment Tool (CIS CSAT) - Enables organizations to assess and track their implementation of the CIS Critical Security Controls for Versions 8 and 7.1, free -- closed source
  • Cybersecurity Capability Maturity Model (C2M2) - RRefreshed in 2022, focused on the energy sector, by the USA DoE -- article
  • Cyber Security Transformation Chef - CyberChef as a Burp Suite extension -- Java
  • dcfldd - Enhanced dd with security and forensics features -- C
  • DevSecOps - Ultimate DevSecOps tools library -- collection
  • DevSecOps Maturity Model - Provides opportunities to harden DevOps strategies and shows how these can be prioritized, by OWASP -- tutorial
  • Digital Forensics and Incident Response (DIFR) Cheat Sheet - Covers everything, it's like a billion pages and completely detailed -- collection
  • dirtypipe-ebpf_detection - eBPF module to detect attempts at Dirty Pipe exploitation -- C
  • Dradis CE (Community Edition) - Reporting framework for generating one-click reports (vuln scanning, pentest, etc) -- Ruby
  • Dshell - Network forensic analysis framework, written by the US Army -- Python
  • EDRs - Information about (evading) EDRs that can be useful during red team exercise -- collection
  • EncFS - Encrypted file system in user space via FUSE -- C++
  • Essential Eight - Eight essential mitigation strategies and a maturity model to greatly reduce the risk of compromise, by the Australian Cyber Security Centre -- collection
  • fail2ban - Watches log files to ban IPs based on rules (too many failed logins, exploit attempts, brute force attacks, etc) -- Python
  • Falco - CNCF incubated, multi-cloud security rule language to monitor for suspicious activity in clouds and k8s -- neat
  • FFIEC CAT (Federal Financial Institutions Examination Council Cybersecurity Assessment Tool) - Overview for Chief Executive Officers and Boards of Directors for cybersecurity posture assessment and maturity grading, an excellent template & tool -- article
  • ffuf - Fast web fuzzer written in Go -- Golang
  • Forefront Identity Manager - State-based multi-platform identity management, by Microsoft -- closed source
  • Forensics Acquisition of Websites (FAW) - Download and save social media sites, paid version has more features -- closed source Windows
  • Forensics Wiki - Digital forensics wiki, tons of tools and information -- wiki
  • Free Cybersecurity Services and Tools - A collection by CISA -- collection
  • FTimes - System baselining and evidence collection tool -- C
  • fwknop (FireWall KNock OPerator) - Single Packet Authorization (SPA), authoriation packet from you opens firewall rules so only you can get in -- various lang
  • GGCR - GRC, by Google -- Python
  • GitHub Actions Security Best Practices - Article -- article
  • Google Safe Browsing Site Status - Use Google for site/URL malware analysis -- in-browser
  • Grant - OAuth proxy that supports >200 providers -- various lang
  • GRR Rapid Response - Live forensics for incident response via a Python agent, dump memory, isolate host, snoop syscalls etc -- Python
  • Hacking the Cloud - Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use, covers Azure, GCP, and AWS -- collection
  • hashcat - World's fastest CPU password cracker / password recovery -- C
  • HIPAA Security Risk Assessment Tool - Helps healthcare providers conduct a security risk assessment, results of the assessment are displayed in a report which can be used to determine risks in policies, processes and systems and methods to mitigate weaknesses -- Windows
  • HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (CSF) - Title -- article
  • HSTS (HTTP Strict Transport Secuirity) - Forces browsers to interact with a site by only using HTTPS -- article
  • Hybrid Analysis - Dree malware analysis service that detects and analyzes unknown threats using a unique Hybrid Analysis -- in-browser
  • icebreaker - Automates internal network attacks against Active Directory to deliver you plaintext credentials -- various lang
  • Impacket - Provides low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself, packets can be constructed from scratch -- Python pip
  • Information Security Cheat Sheets and Checklists - An assortment of IS checklists and cheat sheets, -- collection
  • IPv6 Attack Toolkit - Title -- collection
  • JXplorer - Cross platform LDAP browser and editor -- Java
  • Jenkins Pentesting - Title, please contribute -- various lang
  • geoiplookup - Uses the GeoIP DB and library to determine which physical country an IP or host originates in, includes PAM library -- built-in
  • hackingtool - All in one tool, neat -- various lang
  • Hindsight - Internet history forensics for Google Chrome/Chromium -- Python
  • Incident Response Cycle - For cheat sheet for security incidents, by SANS -- article
  • Information Security Manual (ISM) - By the Australian Cyber Security Centre (ACSC) -- collection
  • ISO 27002 Explorer - Use it to search through the ISO 27002 security controls and filter on different attributes -- in-browser
  • Jailkit - chroot toolkit -- C
  • Joe's Sandbox (Cloud Basic) - Deep automated malware analysis -- in-browser
  • Kali NetHunter Linux Root Toolkit (LRT) - Collection of bash scripts that setup and install Kali Linux NetHunter from a Linux/OSX environment onto a NetHunter supported device -- shell
  • Keeping Your Domain Name Secure - Checklist by the UK gov -- article
  • KillDisk - Supports almost every software erasing standard (NIST, DoD, ISO, and more), payware -- closed source
  • LDAP Account Manager (LAM) - Full featured LDAP management GUI, can manage almost anything -- PHP
  • LDAP Administrator by Softerrra - Works great with Okta, payware -- Windows
  • LDAP Password Hunter - Wraps features of getTGT.py (Impacket) and ldapsearch in order to look up for password stored in LDAP database -- shell
  • LinEnum - Enumerate a local Linux environment -- shell
  • Lynis - Auditing and hardening tool (CIS, PCI-DSS, etc), supports most Unix-like operating systems -- shell
  • macOS Security Compliance Project - By NIST -- guide
  • Malcom - Easily deployable network analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs -- various lang
  • Malware Traffic Analysis - A source for packet capture (pcap) files and malware samples since 2013 -- collection
  • Map of Cybersecurity Domains - Image that shows all areas of cybersecurity, version 3.0 -- collection
  • Mapping PCI DSS to NIST Cybersecurity Framework 1.1 - Blog entry by PCI -- article
  • Mappings Relevant to the SOC Suite of Services - 2017 TSC Mappings to ISO, NIST, COBIT, and GDPR -- article
  • Massscan - Scans in parallel and async for the fastest scans around -- C
  • Metasploit - Classic exploit framework -- various lang
  • Microsoft Threat Modeling Tool - Free, Windows 10+ -- closed source
  • MITRE ATT&CK - Knowledge base of adversary tactics and techniques based on real-world observations, used for threat modeling -- collection
  • Mobile Threat Catalog - Describes, identifies, and structures the threats posed to mobile information systems, by NIST -- article
  • MobSF (Mobile Security Framework) - Automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis -- various lang
  • National Checklist Program - U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications -- collection
  • National Cybersecurity Assessments and Technical Services (NCATS) - Free vuln scans, phishing campaigns, architecture reviews, pen tests, and more by the CISA -- service
  • National Software Reference Library (NSRL) - Large collection of diskprints from various software and malware -- collection
  • National Vulnerability Database - Gotta catch em all -- collection
  • NetworkMiner - Network Forensic Analysis Tool (NFAT) for parsing PCAP files, paid version is worth it -- open and closed source
  • Network Infrastructure Security Guidance - Best practices for overall network security that will prevent cybercriminals from exploiting a network, by the NSA -- article
  • Nikto2 - Web & app server vulnerability scanner -- perl
  • NIAP Approved Protection Profiles - Can be used to evaluate hardware or software you are considering purchasing -- article
  • NIST 800-53 Controls to ATT&CK Mappings - Handy -- article
  • NIST Cybersecurity Framework (CSF) - Use me when creating a cyber program for common terms, shared vocabulary, functions, and more -- article
  • NIST Guidelines for Media Sanitation - SP 800-88 -- article
  • nmap - Classic port scanner -- various lang
  • nmap_vulners - Emumerate and list vulnerabilities during an nmap scan similar to Nessus -- collection
  • nmap Scripting Engine (NSE) - Tons of scripts for nmap -- various lang
  • oauth2_proxy - A reverse proxy that provides authentication with Google, Github or other provider -- Golang
  • OCEG - The ultimate resource for GRC -- organization
  • oclHashcat - World's fastest CPU + GPU password cracker / recovery software -- C
  • OpenCTI (Cyber Threat Intelligence) - OSS platform allowing organizations to manage and visualize their cyber threat intelligence knowledge and observables -- JavaScript
  • OpenCVE - Self-hosted open source CVE tracking -- various lang
  • OpenSAMM (Software Assurance Maturity Model) - Open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, by OWASP -- article
  • OpenSCAP - NIST Certified SCAP 1.2 toolkit -- C
  • OpenVAS - Vulnerability scanner, forked from the now closed-source Nessus scanner -- C
  • Open FAIR - Blog article about Open FAIR, the cybersecurity risk management quantitative methodology -- article
  • Open Source GRC - A free library of GRC templates and mappings, contribitors wanted -- collection
  • Open-Policy Administration Layer (OPAL) - OPAL is an administration layer for Open Policy Agent (OPA), detecting changes to both policy and policy data in realtime and pushing live updates to your agents. OPAL brings open-policy up to the speed needed by live applications -- Python
  • Open Policy Agent - Unifies policy enforcement in the cloud, the new standard -- Golang
  • Open Security Architecture - A collection of security architecture patterns, invaluable -- collection
  • Open Source Security Events Metadata (OSSEM) - Community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems -- article
  • Open Source Intelligence Techniques - By the folks who wrote Buscador Investigative Operating System -- book
  • Open Source Security Testing Methodology Manual (OSSTMM) - A complete methodology for the testing, analysis and measurement of operational security towards building the best possible security defenses -- collection
  • Open Web Application Security Project (OWASP) - Focus on web application security -- organization
  • Oracle Database Attacking Tool (ODAT) - Open source penetration testing tool that tests the security of Oracle databases remotely -- Python
  • OS X Auditor - Forensics tool for Mac -- OS X JavaScript
  • OSCAL Tools - OSCAL provides standardized formats for exchanging control, control implementation, and control assessment information in XML, JSON, and YAML. These formats allow this information to be exchanged between tools and for individual tools to process exchanged data, supporting analytics, user interaction, and increased automation -- various lang
  • OSINT Framework - Focuses on gathering information from free tools or resources. The intention is to help people find free OSINT resources -- collection
  • OSSEC - Host based intrusion detection system (HIDS), supports most Unix-like OSes -- C Windows OS X
  • OWASP Cheat Sheet Series - Contribute on GitHub, new v2 -- collection
  • OWASP Secure Coding Practices - Quick Reference Guide -- Great cheat sheet, language-agnostic -- collection
  • p0f - Utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way -- C
  • PALADIN - Easy to use Linux-based live CD for forensic analysis -- various lang
  • Penetration Testers Framework - Script to pull down all the latest greatest tools -- Python
  • Penetration Testing Execution Standard (PTES) - A wealth of information -- wow
  • Penetration Testing Methodologies - A concise list with references, by OWASP -- collection
  • PersistenceSniper - Hunt persistence implanted in Windows sytems, better than Autoruns -- PowerShell
  • pfsense - The best firewall software, supports appliances and live CDs -- C
  • PingCastle - Detect and fix Active Directory low hanging fruit, beautiful reports -- Windows
  • Policy Enforcer - Easily create complex OPA authorization policy. Supports RBAC, ABAC and resource filtering based on them -- Golang
  • preeny - Some helpful preload libraries for pwning stuff -- C
  • Prey - Open source anti-theft software for almost all platforms -- shell Java mobile
  • ProcDOT - All in one visual malware analysis and visualization, by CERN -- closed source various lang
  • Project Paranoid - Checks for well known weaknesses on cryptographic artifacts such as public keys, digital signatures and general pseudorandom numbers, by Google - Python
  • Purple Team ATT&CK Automation - Metasploit automation of MITRE ATT&CK TTPs -- Ruby
  • Qubes OS - A reasonably secure operating system -- various lang
  • Red October - Go server for two-man rule style file encryption and decryption -- way cool
  • Red Teaming Toolkit - Collection of open source and commercial tools that aid in red team operations -- collection
  • Regshot - Snapshot and compare the Windows Registry for before/after analysis -- C
  • Reproducible Builds - A set of software development practices that create an independently-verifiable path from source to binary code -- article
  • Resource Hacker - Resource editor for 32bit and 64bit Windows applications, decompiler -- Windows closed source
  • Rootkit Hunter - Compares hashes of important files with known good hashes that are stored in online databases -- perl shell
  • SalSA (Salvaging Static Analysis) - Windows PE file parsing in-browser, can be locally hosted, by the DoD -- Python
  • Samhain - HIDS, file integrity checker, rootkit detection, log file monitoring, and more -- C
  • SANS Posters and Cheat Sheets - Official collection -- collection
  • SANS Tools - OSS tools and toolkits from SANS instructors -- collection
  • SBOM (Software Bill of Materials) Tool - By Microsoft -- C Sharp
  • Scout Suite - Multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas -- various lang
  • scrub - Supports many disk-wiping standards including military / government grade wipes -- built-in
  • scrypt - More secure against hardware brute-force attacks than alternatives such as PBKDF2 or bcrypt, key stretching -- C
  • searchsploit - CLI to search Exploit DB -- shell
  • SecLists - Collection of multiple types of lists used during security assessments collected in one place -- collection
  • Secure Controls Framework (SCF) - Allows you to map between security frameworks using common controls -- article
  • Secure Software Development Framework (SSDF) - By NIST, released Feb 2022 -- collection
  • Security 101 for SaaS Startups - Excellent checklist and guide in easy to understand terms for non-infrastructure people -- collection
  • Security Onion - Linux distro for IDS, NSM, and log management -- various lang
  • Security Policy Templates - From SANS so you know it's good -- collection
  • Security Stack Mappings - Maps Azure and AWS product security controls to MITRE ATT&CK -- collection
  • Security Technical Implementation Guide (STIG) - Guides to securing almost every application, by the US military -- collection
  • Selecting and Hardening Remote Access VPN Solutions - By the NSA 2021 -- article
  • SELKS - Debian based based IDS/IPS with ELK stack, installable or live CD -- various lang
  • Server Name Indication (SNI) - Think vhosts for SSL (one cert for many sites), see also ESNI - article
  • Service Credentials Manager - Scan any number of servers to automatically find all Windows services and scheduled tasks and see who they are running as, also great for fast large scale password changes -- Windows
  • Shodan - The security search engine -- oh yeah
  • SIFT Workstation - Collection of free and open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings, by SANS -- various lang
  • Signal - Private communications -- various lang
  • simplewall - Simple app to configure Windows Filtering Platform (WFP), VERY powerful -- Windows
  • Snort - The classic network intrusion prevention system (NIPS) -- C
  • SOC-CMM - Model for measuring capability maturity in security operations centers -- article
  • SPARTA - GUI to simplify the scanning and enumeration phases -- Python
  • Spiderfoot - Automate the process of gathering intelligence about a given target -- Python
  • Splunk Detections - A jillion searches, official repository -- collection
  • sqlmap - Detect and exploit SQL injection flaws, pen testing tool -- Python
  • SubBrute - Subdomain enumeration tool for penetration testers -- Python
  • sudosh2 - Records all keystrokes and output and can play back the session as just like a VCR -- C
  • SuperTokens - OSS alternative to Auth0, Firebase Auth and AWS Cognito -- Java
  • Suricata - IDS + IPS + NSM + PCAP processing all in one -- various lang
  • SWORD Dropbox -- $15 OpenWRT + Pi based DIY disposable pen-test tool -- various lang
  • symon-config - Sysmon configuration file template with default high-quality event tracing -- XML!!!! Windows
  • SysmonForLinux - Uses eBPF, can be used for SIEM or troubleshooting / debugging -- C
  • tcpbin - A simple TCP dumping server/host for pentesting -- Python
  • Ten Strategies of a World-Class Cybersecurity Operations Center - Best practices by MITRE -- article
  • Threat Dragon - Modeling tool used to create threat model diagrams as part of a secure development lifecycle, by OWASP -- various lang
  • terraform-compliance - BDD for Terraform, security and compliance-focused -- Python pip
  • Tetragon - Realtime, eBPF-based security observability and runtime enforcement -- various lang
  • tfsec - Static code analysis for Terraform -- Golang
  • theZoo - These are real and they are smarter than you, do not fuck around -- collection
  • The Early Security Engineer’s First 100 Days Checklist - Aims to help security engineers and CISOs in early stage companies to prioritize their efforts in the first months of their new job -- list
  • The Profile by Cyber Risk Institute - Consolidates 2,300+ regulations into 277 diagnostic statements and gives financial institutions one simple framework to rely on, based on ISO and NIST -- article
  • Threat Hunter Playbook - Community-driven -- article
  • tink - Smiple, small, secure crypto library by Google -- C++
  • Tomb - zsh wrapper script for cryptsetup + gpg + LUKS volumes -- shell
  • Trike - OSS threat modeling tool that has a goal to automate the repetitive parts of threat modeling, so that all an analyst has to do is analyze the system, i.e. think -- various lang
  • Tripwire - File integrity checker and monitor, replacement for the now closed-source Tripwire -- C
  • Tron - Scan, clean, and disinfect Windows machines with a single tool, a glorified collection of batch files that automates the process, must download from the Reddit link -- various lang
  • Ultimate List of SANS Cheat Sheets - Need help cutting through the cybersecurity noise? -- collection
  • URLquery - Free service to scan a URL for web-based malware -- in-browser
  • URL Canary - Create canary URLs so you know if someone is inspecting the source code of your applications -- in browser
  • urlscan.io - Similar to URLquery -- in-browser
  • usbkill - Kill switch that takes action when a USB device is connected -- Python
  • VeraCrypt - OSS successor to and fork of TrueCrypt, supports Linux, Windows, and Mac -- C C++
  • VirusTotal - Allows you to upload a file and have it scanned by tons of virus scanners -- in-browser
  • Volatility - Open source memory forensics -- Python
  • VulnHub - ISOs and more for hands-on security practice -- collection
  • w3af - Web application attack and audit framework, OSS vun scanner -- Python
  • Wazuh - Host-based open source security platform -- various lang
  • Wigle - All the WiFi networks -- collection
  • Wireless Network Watcher - Shows what's connected to your network in real time -- Windows
  • wtfis - OSINT CLI tool to check domains and outputs in human-readable format -- Python
  • Xplico - Useful for looking at pcaps of web sessions -- C
  • Zed Attack Proxy (ZAP) - Pen testing too that focues on web applications -- Java
  • Zeek-Intelligence-Feeds - Zeek-formatted intelligence feeds, based on Public Threat Feeds -- collection
  • ZMap - Scanner designed for large address spaces -- in-browser
  • Zero Trust Reference Architecture - By the DISA and NSA, Mar 2021 -- collection
  • zxcvbn - Password strength estimator, written by Dropbox, operates in a browser window -- CoffeeScript in-browser
  • zzuf - Transparent application input fuzzer that works by intercepting file and network operations and changing random bits in the program's input -- C

Shell Scripting and Tools

  • Advanced Bash-Scripting Guide - By the Linux Documentation Project (LDP) -- tutorial
  • awk Tutorial - Easy to understand awk tutorial -- tutorial
  • Awesome dotfiles - All kinds of . files -- collection
  • autojump - Small database of directories that you visited in the past, used to quickly navigate complex directory structures -- Python
  • autoenv - Autoruns a .env file in a directory when you cd into the directory -- Python
  • Awesome Shell - Massive collection of shell tools -- collection
  • Babun - Pre-configured Cygwin with many more features and a better design -- various lang
  • Bash-it - bash version of the oh-my-zsh shell environment -- various lang
  • BashGuide - Targeted at beginners -- wiki
  • Bash Hackers Wiki - Human-readable bash documentation so you don't have to dig through the man page -- wiki
  • Bash Pitfalls - Common errors that bash programmers make -- wiki
  • cheat - create and view interactive cheatsheets on the command-line -- Python
  • comm - Display lines that two files have in common (eg: the opposite of diff) -- built-in
  • CommandlineFu - Killer code snippets -- collection
  • CRUSH (Custom Reporting Utilities for SHell) - Killer toolset for working on delimited data, by Google -- C
  • Cygwin - GNU shell and tools for Windows -- C Windows
  • dotfiles by Paul Miller - Beautiful and flexible Mac terminal configuration files and utilities, ZSH-based -- shell OS X hawt
  • dotfiles - Unofficial guide to dotfiles on GitHub -- collection
  • Environment Modules - Dynamic modification of your shell environment using modules -- Tcl Windows
  • Explain Shell - Enter a command-line to see the help text that matches each argument -- in-browser
  • fzf - Command line fuzzy finder, supports tmux/bash/zsh -- Golang
  • icdiff - diff tool that highlights the differences -- Python OS X
  • moreutils - "Collection of the unix tools that nobody thought to write long ago when unix was young" -- neat
  • notify - Send a notification from your Linux system to an Android app on your phone, good for long running shell commands -- JavaScript Android
  • pigz - Parallel gzip for multi-processor/core systems -- C
  • pv - Shows the progress of data as it flows through a pipe -- built-in
  • ShellCheck - Checks shell scripts for common mistakes, essentially a linter / static analysis -- in-browser
  • Shell Style Guide - By Google -- collection
  • tldr - Simplified and community-driven man pages, cuts out a lot of cruft -- collection
  • Unix Toolbox - A collection of Unix/Linux/BSD commands and tasks for advanced users -- collection

Software Development Tools and Resources

  • 4+1 architectural view model - Model used for describing the architecture of software-intensive systems, based on the use of multiple, concurrent views (logical, physical, development, process) -- article
  • 30 Seconds of Code - Code snippets for tons of languages -- collection
  • ack2 - grep-like tool designed to search source code -- perl
  • afl-unicorn - Fuzz any piece of binary that can be emulated by Unicorn Engine -- C
  • ag (aka The Silver Searcher) - Source code searching tool, a better grep -- C
  • API design guide - By Google, maybe the best -- article
  • arc42 Documentation - Pragmatic, open source way to construct, communicate and document your software architecture -- tutorial
  • Bazel - Google's build system -- Java
  • Binary Optimization and Layout Tool (BOLT) - A linux command-line utility used for optimizing performance of binaries, by Facebook -- various lang
  • Buildbot - CI framework -- Python
  • C4 Model - A modern approach for visualising software architecture -- article
  • Conventional Commits - Specification that provides an easy set of rules for creating an explicit commit history; which makes it easier to write automated tools on top of -- article
  • Create React App - Create React apps with no build configuration, webpack and Babel are handled behind the scenes, by Facebook -- various lang
  • cwrap - Wrappers for creating test scenarios and faking behavior/ stubbing, mostly network focused, by the Samba guys -- C
  • Design Patterns - Wonderful collection of software development design patterns with examples, includes anti-patterns and refactoring guidelines -- collection
  • dev-setup - Automated setup scripts for laptop tools like Sublime Text, AWS, Spark, Android dev, and more -- collection
  • DevDocs - Documentation browser for almost every API -- collection
  • Devhints - Rico's dev & ops cheat sheets, nice little collection -- collection
  • dotPeek - Free .NET Decompiler and Assembly browser from Jetbrains -- Windows closed source
  • drone - CI platform built on Docker / containers, can also deploy to Kubernetes -- Golang
  • dropwizard - Simple library for building production-ready RESTful web services -- various lang
  • Fossil - Simple all-in-one SCM -- various lang
  • fswatch - Cross-platform for watching files and taking action when they change -- C++
  • gdb TUI - Curses / menu-based interface for GDB, much easier than REPL mode -- C
  • GoCI - Go continuous delivery platform by ThoughtWorks -- Java
  • Guard - Flexible framework to take action on file system change event -- Ruby gem
  • Gulp - Built system / toolkit that helps you automate time-consuming tasks in your development workflow -- JavaScript
  • How to Sign git Commits with a SSH Key - Much smoother than GPG signaures -- article
  • HTTP API Design Guide - A good, consistent, well-documented way to design APIs, not necessarily the only/ideal way -- book
  • Ionic Framework - Mobile UI kit that allows you to write multi-platform mobile apps in JS, Angular, Vue, or React - no Swift or Android knowledge needed -- various lang
  • Ionic Themes - Mobile app starter template that includes auth, Capacitor, maps, social sharing, video, and more -- payware
  • Jenkins - The most popular CI orchestration tool, supports a billion plugins -- various lang
  • jenkins-job-dsl (Jenkins Job DSL Plugin) - Groovy-based DSL for writing Jenkins jobs -- Groovy
  • Jenkins job-config-history Plugin - Tracks changes to system and job configurations -- Java
  • Jenkins Job Builder - Takes simple descriptions of Jenkins jobs in YAML or JSON format and uses them to configure Jenkins -- Python pip
  • Jenkins Log Recorder - Helps you group relevant logs together while filtering out the noise -- Java
  • Jenkins Pipeline Mutlibranch Plugin - Automatically creates a new Jenkins job whenever a new branch is pushed to a source code repository -- Java
  • Jenkins ThinBackup - Jenkins plugin that backups configurations (not workspaces or archives) -- Java
  • JSON Server - Full fake REST API for quickly prototyping and mocking in 30 seconds -- JavaScript
  • Meld - Diff tool, recommended -- Python
  • Microsoft REST API Guidelines - By Google. haha -- article
  • Midas - Use GDB + Record and Replay (rr) in VSCode -- plugin
  • Mockoon - Create mock APIs in seconds, runs locally -- JavaScript Electron
  • MockServer - Web server to remotely or locally mock HTTP/HTTPS and similar -- Java
  • mountebank - Stub downstream resources for testing, supports HTTP HTTPS SMTP TCP -- JavaScript Windows OS X
  • Ninja - Small build system with a focus on speed -- Python
  • OverAPI - Large collection of cheat sheets for almost anything -- collection
  • Pact - HTTP contract tests and without contract testing, the only way to ensure that applications will work correctly together is by using expensive and brittle integration tests -- various lang
  • PatchELF - Simple utility for modifying existing ELF executables and libraries -- C
  • PEview - Easily and quickly view the structure and content of Windows EXE DDL LIB Portable Executable (PE) files -- closed source
  • PoolMon - Memory Pool Monitor, useful outside of driver development too -- Windows closed source
  • PRoot - chroot, mount --bind, and binfmt_misc without privilege/setup -- C
  • Proxygen - Modern C++ HTTP library, by Facebook -- C++
  • Record and Replay (rr) - Record the failure once, then debug the recording deterministically, supports C and C++, by Mozilla -- C C++
  • REST-assured - Java DSL for testing of REST services -- Java
  • RocksDB - Library that provides an embeddable, persistent key-value store for fast storage - by Facebook -- C++
  • Rosetta Code - Wiki with implementations of common algorithms and solutions to various programming problems in many different programming languages -- article
  • SDLC Phases Catalog - A more detailed and concise SDLC, by IF4IT -- tutorial
  • SSH Commit Verification - Sign commits with your SSH key instead of GPG, much easier -- article
  • Simple Standard Service Endpoints (SE4) - A specification is to provide a standard convention for access to server status, configuration and live health via HTTP, great for microservice versions and status -- article
  • Software Architecture Patterns - A deep dive into several common software architecture patterns -- collection
  • SonarQube - Platform and dashboard for managing code quality -- Ruby Java
  • Sonatype Nexus - Software / binary artifact storage -- Java
  • SourceGraph - Perhaps the best code search and navigation engine -- Golang
  • SymbolHound - Search engine that doesn't ignore special characters, great for programming questions -- try it
  • Twelve-Factor App - Language-independent rules for codebase, dependencies, build/release/run, dev and prod, logs, etc for a cloud/web-centric app -- article
  • Visual Studio Code Remote - Containers - Lets you use a Docker container as a full-featured development environment. It allows you to open any folder inside (or mounted into) a container and take advantage of Visual Studio Code's full feature set -- neat
  • watchman - Watch files and take action when they change (eg: kick off the CI system), by Facebook -- C
  • WireMock - Flexible stubbing and mocking services -- Java

SSH Tools

  • autossh - Automatically restart SSH sessions that stop passing traffic -- C
  • Corkscrew - Tunnel SSH through HTTP proxies -- C
  • Dropbear - Small / minimal SSH client and server, often used in IoT and embedded devices -- C
  • Keychain - Manage SSH and GPG keys, acts as a frontend to ssh-agent, only enter passphrase once per reboot -- shell
  • Match - Creates a conditional block, great for controlling actions on a per-user and/or per-host basis in sshd_config -- built-in
  • Mosh (Mobile Shell) - Remote shell that supports roaming (client IP address changes) and intermittent connectivity, by MIT -- C++
  • Shuttle - A simple SSH shortcut menu for macOS -- Objective-C
  • ssh-chat Instead of a shell you get a chat prompt -- Golang
  • ssh-ldap-helper - Store public keys in LDAP -- built-in
  • SSHFS - Mount remote file systems using a SSH tunnel -- built-in
  • sshmuxd - SSH jumphost style proxy -- Golang
  • sshttp - Port multiplexer that hides a SSH daesmon behind HTTP, HTTPS, or SMTP on a single port -- C
  • SSH Guard - Think fail2ban for SSH -- C
  • SSH Power Tool (sshpt) - Execute commands and upload files to many servers simultaneously via SSH without using pre-shared keys -- Python pip
  • storm - CLI and GUI tool to manage your SSH connections (add, delete, list, search) -- OS X

SSL Tools

  • BadSSL.com - Test various clients (browsers, etc) against bad SSL configs -- in-browser
  • BoringSSL - Google's fork of OpenSSL, does not guarantee API and ABI compatibility -- C
  • Certificate Ripper - CLI tool to extract server certificates including root certs -- Java
  • cfssl - PKI/TLS swiss army knife, has CLI and a HTTP API server for signing, verifying, and bundling TLS certificates -- Golang
  • cipherscan - Find out which SSL ciphersuites are supported by a target -- Python
  • Dogtag Certificate System - PKI component of FreeIPA, by Fedora -- C
  • Fizz - C++14 implementation of the TLS-1.3 standard, by Facebook -- C++
  • HSTS Preload Submission - Submit your site to be preloaded in major browsers -- security
  • IIS Crypto - Free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012, 2016 and 2019 -- Windows
  • Let's Encrypt - Free SSL certs from a real CA -- in-browser
  • Mozilla Server Side TLS - Mozilla's extensive server side TLS configuration guide -- wiki
  • Mozilla SSL Configuration Generator - Generate SSL configs for Apache, Nginx, ELB, HAproxy and more -- in-browser
  • nogotofail - Spot and fix weak TLS/SSL connections and sensitive cleartext traffic, by Google -- Python
  • Qualys SSL Server Test - Evaluates and provides recommendations for the SSL settings of any web site -- in-browser
  • s2n - Amazon's implementation of the TLS/SSL protocols in C99 (simple, small, fast, secure) -- C
  • sslconfig - CloudFlare's Internet facing SSL cipher configuration, patches for Nginx and OpenSSL -- C
  • ssldump - The de-facto repo -- C
  • SSLsplit - Transparent and scalable SSL/TLS interception -- C
  • sslyze - Fast and full-featured SSL scanner, written in Python -- Python OS X
  • stunnel - Create simple TLS tunnels for existing services (eg: telnet, nc, etc) -- C
  • testssl.sh - CLI tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more -- various lang

Storage Tools

  • BeeGFS - Parallel cluster file system, worth examining -- C++
  • CrystalDiskInfo - SMART GUI tool for Windows -- closed source Windows
  • FlashCache - General purpose, write-back block cache -- C
  • fs-cache - Modern NFS client-side caching -- built-in
  • GSmartControl - GUI for smartctl so you can query and control SMART easily, multi-platform -- various lang
  • Linux-IO Target (LIO) - Create and share iSCSI, Fibre Channel, FC over Ethernet, and other storage targets from Linux VMs -- built-in
  • lsblk - List block devices -- built-in
  • ncdu - ncurses version of "du" -- built-in
  • Parted Magic - Resize, grow, shrink, clone, recovery, wiping, benchmarking, and more. Supports Linux and Windows file systems -- Windows
  • pNFS - Parallel NFS, an optional extension of the NFS v4.1 standard, allows compute clients to read and write directly to the storage, eliminating filer head bottlenecks and allowing single file system capacity and performance to scale linearly -- article
  • snapper - CLI tool to manage Btrfs snapshots, snapshot timelines, and more -- various lang
  • System Storage Manager (SSM) - Generic CLI for managing all types of storage (DM, LVM, multipath), added in RHEL 7 -- built-in

Storage Performance Analysis Tools

  • Bonnie++ - The classic, still updated -- built-in
  • Connectathon Test Suite - NFS stress testing and benchmarking tools -- various lang
  • CrystalDiskMark - Simple disk benchmarking for Windows -- Windows closed source
  • fio - Supports 19 different I/O engines (sync, mmap, libaio, posixaio, etc), very powerful -- C
  • Fnotifystat - Dumps the file system activity in a given period of time -- C
  • ioping - Monitor I/O latency in real time -- C
  • iorate - Originally written by EMC, now open source -- C
  • iotop - top for I/O requests, displays information on a per-process basis -- Python
  • IOzone - Supports NFS, still being updated! -- C
  • Threaded I/O Tester (tiobench) - Threaded I/O tester, tiotest and tiobench -- C

Terminal Tools and SSH Clients

  • Bitvise SSH Client - Feature-rich SSH & SFTP client for Windows, free for individual use -- closed source Windows
  • Byobu - An enhanced version of the "screen" utility -- shell OS X
  • ChromaTerm-- - Pipe stdin to this program which highlights based on user defined regexs in .conf file -- C
  • Chrome Remote Desktop - Securely access your computer whenever you're away, using your phone, tablet, or another computer, supports screen sharing, official tool from Google -- in-browser
  • ConnectBot - Open source SSH client for Android -- Java Android
  • Guacamole - Clientless (in-browser) remote desktop gateway, supports VNC and RDP -- various lang
  • i2cssh - csshX like ssh tool for iTerm2 -- Ruby
  • iTerm2 - Killer terminal replacement for Mac -- OS X -- Objective-C
  • KiTTY - PuTTY fork with additional features -- Windows
  • MobaXterm - Tabbed SSH, VNC, and RDP client for Windows, free for personal use -- closed source Windows
  • mRemoteNG - Open source, tabbed, multi-protocol, remote connections manager -- Windows
  • MTPuTTY (Multi-Tabbed PuTTY) - Multiple PuTTY sessions in a single window -- Windows
  • NoVNC - Client-less VNC in a web browser, uses HTML5 and WebSockets -- in-browser
  • PuTTY - The classic SSH client -- Windows
  • PuTTYtray - PuTTY in the systray + additional features -- C
  • reptyr - Reparent a running program to a new terminal -- C
  • RPort - Bastion-like server that helps you to manage your remote servers without the hassle of VPNs, chained SSH connections, jump-hosts, or the use of commercial tools like TeamViewer, on-demand or perm tunnels, 2FA support, super hot -- various lang
  • Remmina - Remote desktop client with RDP, SSH, SPICE, VNC, and X2Go protocol support, new hotness -- various lang
  • screen - Detatch and re-attach to shell sessions while they continue to run in the background -- C
  • SuperPutty - Allows the PuTTY SSH client to be opened in tabs -- Windows
  • tmate - Instant terminal sharing, a tmux fork -- OS X
  • tmux - Alternative to GNU screen, also used for terminal sharing -- C
  • tmux Resurrect - Persists tmux environment across system restarts -- shell
  • Warp - Securely share your terminal, like handing a co-worker your keyboard -- Golang
  • WinSCP - The well-known SCP client -- C Windows
  • x2go - One of the best remote-desktop-over-SSH clients and application streaming -- Windows OS X
  • Xshell - SSH client for Windows, free for personal use -- closed source Windows

Tracing and Profiling

  • bcc - Next generation, Linux 4.x kernel tracing tool suite, uses eBPF (Extended Berkeley Packet Filters) -- C
  • eBPF - DTrace + SystemTap, requires 4.x kernel, mostly uses bcc -- various lang
  • kdump - Linux kernel dump facility (where to save it, what to save, etc) -- C
  • Linux Trace Toolkit - Next Generation (LLTng) - Linux kernel tracer and profiler, lower overhead than System Tap -- C
  • lttng-analyses - Official collection of LLTNG scripts and snippets -- collection
  • Mastif Visualizer - Visualizer for the Valgrind's Mastiff utility -- C++
  • magic-trace - Collects and displays high-resolution traces of what a process is doing, for x86 bare metal systems Broadwell or newer -- various lang
  • OpenSnoop - Continually monitor for file opens -- shell
  • OProfile - System-wide statistical profiling tool -- C
  • perf - User-land performance analysis tool, a sampling profiler -- C
  • perf-tools - Uses perf and ftrace, includes iosnoop -- Brendan Gregg
  • strace - System call tracer for user space processes -- built-in
  • SystemTap (stap) - Linux kernel tracing and performance analysis tool -- C C++
  • SysmonForLinux - Uses eBPF, can be used for SIEM or troubleshooting / debugging -- C
  • Valgrind - Tool suite that includes cache profilers, heap profiles, thread race condition checkers, and more - a CPU-level emulator -- C

Two Factor Authentication

  • Authelia - 2FA and SSO for your apps via Docker on Kubernetes, supports Yubikey, Google Authenticator, and e-mail based password reset -- Golang
  • CentOS 7 2FA VPN - VPN with CentOS 7 + FreeRADIUS + FreeIPA + Google Authenticator -- tutorial
  • FreeOTP - Open source fork of Google Authenticator, by Red Hat -- C mobile
  • Google Authenticator - Official project, supports Android, iOS, and has a PAM module for SSH 2FA -- C
  • Nitrokey - Open source thumb drive for authentication -- various lang
  • One Time Password - PAM module allowing single-use passwords to login to a system -- C
  • pam-u2f - PAM module for auth via U2F compatible devices, by YubiKey -- C
  • privacyIDEA - All in one solution for two-factor authentication across all your organization's devices such as OTP tokens, SMS, VPNs, SSH keys, Windows, keyfob, etc -- various lang
  • Titan Security Key - Physical key for FIDO 2FA, unphishable (really) -- physical
  • W3C's Web Authentication - Standards driven, supports various tokens and OTP generators -- specification
  • yubico-pam - PAM module for use with YubiKey devices -- C
  • yubikey-full-disk-encryption - Encrypt storage on a LUKS partition using a Yubikey -- Shell
  • YubiKey GPG & SSH Guide - Guide to using YubiKey as a SmartCard for GPG and SSH -- tutorial

Virtualization and SDN

  • BlueStacks - Android emulator that you can run on Windows, run apps from the Play store, etc -- various lang
  • Boxedwine - WINE that uses Emscripten (wasm and asm.js) to run in a browser -- various lang
  • BusyBox - Bootable Linux with tiny versions of many common UNIX utilities in a single small executable -- C
  • Calico - L3 fabric that runs a vRouter on each node, supports containers -- Python
  • DOSbox - Open source DOS emulator, great for running old games or utilities -- C C++
  • Firecracker - Micro-VM for serverless computing, by Amazon -- Rust
  • FreeNAS - BSD-based NAS, supports ZFS -- C
  • GitHub Load Balancer Director - Layer 4 load balancer -- C
  • GNS3 - Cisco and other network simulator that runs in VirtualBox or Qemu/KVM -- Python
  • HAproxy - Open source software load balancer -- C
  • haproxyctl - Wrapper to talk to the HAProxy socket, as well as regular init (start stop restart) shit -- Ruby gem
  • Katran - A high performance layer 4 load balancer library, by Facebook -- C++
  • KVM (Kernel Virtual Machine) - The one, the only -- C
  • kvm-tools - CLI tools for managing qemu-kvm domains -- C
  • KVM Management Tools - Great list of KVM management tools on the KVM wiki, updated frequently -- collection
  • libvirt - Open source API, daemon and management tool, used with many virtualization solutions -- C
  • Linux-IO Target (LIO) - Create and share iSCSI, Fibre Channel, FC over Ethernet, and other storage targets from Linux VMs -- built-in
  • LVS (Linux Virtual Server) - Linux-based load balancer, also includes the IPVS kernel module -- C
  • Mininet - Easily setup networks for testing on your laptop with VirutalBox -- various lang
  • Minio - An open source object storage server compatible with Amazon S3 APIs -- Golang
  • ns-3 - Network simulator, mostly focuses on wireless IP such as Wi-Fi, WiMAX, or LTE and routing protocols such as OLSR and AODV -- C
  • Open vSwitch (OVS) - Production quality software switch -- C
  • OpenFiler - Linux-based NAS, supports most protocols and storage types -- C
  • OpenZiti - Bring Zero Trust to any application (overlay network, tunneling apps, SDKs) -- Golang
  • Oracle VM VirtualBox - Easy, simple virtualization -- C C++ Windows OS X
  • oVirt - Virtualization management platform, the upstream for Red Hat Enterprise Virtualization (RHEV) -- Java
  • Packet Tracer - Cisco network simulator, by Cisco -- closed source Windows OS-X
  • pfsense - The best firewall software, supports appliances and live CDs -- C
  • phpVirtualBox - Web front-end for VirtualBox -- PHP
  • QEMU (Quick EMUlator) - Also supports hardware emulation (SPARC, RISC, etc) -- C
  • Seesaw - Load balancer based on Linux Virtual Server (LVS), by Google -- Golang
  • Shadow - Network simulator that runs real applications like Tor and distributed systems of thousands of nodes on a single machine -- C
  • Squid - Reverse proxy, caching server, web traffic filter, and more -- C++
  • Traefik - Modern HTTP reverse proxy and load balancer, supports many backends -- Golang
  • Unicorn Engine - CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86) via QEMU -- various lang
  • UTM - Full featured system emulator and virtual machine host for iOS and macOS based off QEMU -- various lang
  • virt-manager - KVM / Xen / LXC GUI -- Python
  • WANem (Wide Area Network Emulator) - WAN emulator -- C
  • WINE - Compatibility layer for running Windows apps on POSIX-compliant OSes -- C OS X
  • Xen - It's a hypervisor! -- C
  • XenServer - Successor to Xen Cloud Platform (XCP) -- C
  • xhyve - Lightweight OS X virtualization based on bhyve -- C OS X
  • ZeroTier - Cloud / provider-agnostic private network backplanes, network virtualization, super easy SDWAN/LAN software -- C++ all platforms

VMware Tools

  • Compliance Checker for vSphere - Provides detailed compliance checks against vSphere hardening guidelines, official tool -- closed source
  • FastSCP - Super fast SCP client for Windows for moving stuff around in a VMware environment (ISOs, VMDKs between data stores, etc) -- closed source
  • Flings - Tons of very useful apps written by VMware engineers, worth exploring A++++ -- closed source? various lang
  • Onyx - Do something in vSphere and it will create a PowerCLI script to do that thing that you just did -- closed source PowerShell Windows
  • open-vm-tools - OSS alternative to VMware Guest Tools -- C
  • PowerCLI - VMware's CLI -- closed source
  • pyrvtools - Extract useful information from an RVTools ESX inventory file -- Python pip
  • RVtools - Killer GUI for viewing information about your VMware environment, exports to Excel -- closed source .NET Windows
  • RVtools Export - Wrapper script to save daily snapshots of your environment using RVtools -- PowerShell
  • Sexigraph - Graphite-based visualization appliance for Sexilog -- various lang
  • Sexilog - ELK stack virtual appliance designed for vSphere / VMware ESXi logs -- various lang
  • vCheck - Get an overview of a new environment or check the health of an existing one -- PowerShell
  • vDisk Informer - Check vDisks alignment and see if they have wasted space -- closed source Windows
  • vGhetto Script Repository - Various scripts from virtuallyGhetto -- various lang
  • Virtual Machine Desired State Configuration - A fling for VMware VMs -- various lang
  • VMware Community PowerPack - A variety of scripts from Virtu-al.net and now other blogs such as ict-freak.nl and ntpro.nl -- lost-to-the-internet PowerShell
  • VMware on Github - VMware's Github repos -- various lang
  • VMware Sample Exchange - Code samples & scripts by both VMware and the community -- various lang
  • vSphere Health Check Report - Reports a massive amount of information, run it on a schedule -- closed source perl
  • vSphere Mobile Watchlist - Monitor VMs on your phone -- closed source mobile

VPNs and Tunnels

  • Algo VPN - IKEv2 Ubuntu-based strongSwan VPN server deployed to any cloud via Ansible -- Python
  • AutoVPN - Spin up and autoconfigure OpenVPN instances in AWS -- Python
  • Awesome Tunneling - List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting -- collection
  • BrowserLeaks - See if info is leaking from your browser (your real IP when you're behind a VPN, etc) -- in-browser
  • CentOS 7 2FA VPN - VPN with CentOS 7 + FreeRADIUS + SSSD + Google Authenticator -- stepbystep
  • Corkscrew - Tunnel SSH through HTTP proxies -- C
  • DNS Leak Test - See if DNS queries are leaking outside of your VPN / secured network -- in-browser
  • dnscrypt-proxy - DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2 -- Golang
  • dnscrypt-wrapper - Add dnscrypt support to any resolver, server-side dnscrypt proxy -- C
  • fwknop (FireWall KNock OPerator) - Single Packet Authorization (SPA), authoriation packet from you opens firewall rules so only you can get in -- various lang
  • IP Leak - Test to see if your browser is leaking information -- in-browser
  • kcptun - Secure and fast tunnel based on KCP, can increase throughput -- Golang
  • localtunnel - Share a HTTP/web service on your local development machine without messing with DNS and firewall settings -- JavaScript Windows OS X
  • MACsec aka 802.1AE - Use me for confidentiality and integrity at layer 2, useful for WAN links -- standard
  • Magic Wormhole - Safely and simply send arbitrary-sized files and directories (or short pieces of text) from one computer to another -- Python
  • n2n - L2 over L3 VPN that uses a peer-to-peer architecture -- C
  • ngrok - Reverse proxy that creates a secure tunnel from a public endpoint to a locally running web service and captures & analyzes all traffic over the tunnel for later inspection and replay -- rocks Golang
  • nipe - A script to make Tor Network your default gateway -- perl BOOYA
  • OpenConnect - Supports Cisco's AnyConnect SSL VPN -- C
  • OpenVPN - The one and only -- C
  • Pritunl - Distributed enterprise VPN server built using the OpenVPN protocol, supports Google sign-in -- Python
  • Project V - A set of network tools that helps you to build your own computer network. It secures your network connections and thus protects your privacy, a newer Shadowsocks -- Golang
  • Shadowsocks - A secure socks5 proxy, designed to protect your Internet traffic -- various lang most platforms
  • SoftEther - Perhaps the best VPN software out there -- C
  • spiped - Create encrypted pipes between socket addresses using pre-shared keys (PSKs), similar to ssh -L -- C
  • sshttp - Port multiplexer that hides a SSH daemon behind HTTP, HTTPS, or SMTP on a single port -- C
  • sshuttle - Transparent proxy server / VPN, doesn't need admin, forwards over SSH, supports DNS tunneling -- Python OS X
  • SSH Through or Over Proxy - How to create a HTTP(s) tunnel for your SSH traffic -- article
  • Streisand - Set up a server running a wide variety of privacy software, so easy that grandma can use it, Ansible-based -- Python
  • strongSwan - IPsec-based -- C
  • stunnel - Create simple TLS tunnels for existing services (eg: telnet, nc, etc) -- C
  • tinc - Simple, multi-platform VPN -- C
  • WARP - MacOS one-click script. Add an IPv4, IPv6 or dual-stack CloudFlare WARP network interface and Socks5 proxy for VPS -- various lang
  • WireGuard - Performant in-kernel VPN server with DJB Crypto and very modern primitives -- C
  • wireproxy - A userspace wireguard client that exposes itself as a socks5 proxy or tunnels -- Golang
  • Ubuntu IKEv2 VPN Setup - Simple script that sets up a IKEv2 VPN with strongSwan on Ubuntu -- shell
  • Vytal - Spoof your timezone, locale, geolocation and user agent, Chrome only -- add-on

Web and HTTP Tools

  • API Blueprint - Supports bindings/plugins for many APIs -- various lang
  • Caddy - Web server with automatic TLS and more -- Golang
  • Fiddler Classic - Free version of the HTTP/HTTPS debugging proxy for any browser, system or platform -- closed source
  • gRPC - High performance RPC via HTTP/2, by Google -- C
  • gRPC-Gateway - gRPC to JSON proxy generator following the gRPC HTTP spec -- Golang
  • gRCPCurl - curl for gRPC servers -- Golang
  • h2i - Go's interactive HTTP/2 console debugger, send raw frames, etc -- Golang
  • Hamms - Simulate/create connection failures, malformed response data, slow servers, fat headers, and more! -- Python
  • htaccess Snippits - Huge collection of common and useful .htaccess snippets, please contribute -- collection
  • http-traceroute - Shows the entire route including cookies, redirects, and response codes -- Ruby
  • httpdiff - Perform the same reuqest against two HTTP servers and diff the results -- Golang
  • httpie - curl replacement with many new features -- Python
  • httptoolkit - Open-source HTTP(S) debugging proxy, analyzer & client -- Typescript
  • htty - A console application for interacting with web servers -- Ruby gem
  • Huginn - Build agents that perform automated tasks/workflows for you online or locally, like IFTTT -- Ruby
  • Insomnia REST Client - An alternative to POSTman, additional features -- Electron Windows OS X Linux
  • Ionic Framework - Mobile UI kit that allows you to write multi-platform mobile apps in JS, Angular, Vue, or React - no Swift or Android knowledge needed -- various lang
  • JSON Server - Full fake REST API for quickly prototyping and mocking in 30 seconds -- JavaScript
  • jq - Command line JSON processor and manipulator -- C
  • localtunnel - Share a HTTP/web service on your local development machine without messing with DNS and firewall settings -- JavaScript Windows OS X
  • mitmproxy - Intercept, modify, replay and save HTTP/S traffic - even edit flows on the fly -- Python pip
  • mountebank - Stub downstream resources for testing, supports HTTP HTTPS SMTP TCP -- JavaScript Windows OS X
  • Newman - CLI companion for Postman -- JavaScript
  • nghttp - CLI HTTP/2 client, similar to curl/wget and more -- C
  • nginxconfig - Web-based nginx config generator -- in-browser
  • NGINX Modern Reference Architectures - Ingress controller reference architectures, official -- collection
  • NGINX Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful GUI -- various lang
  • OpenResty - Turn nginx into a non-blocking API server -- C
  • PageKite - Makes HTTP servers or SSH publicly available on any server -- Python
  • POSTman - Create and share API and HTTP requests, great for testing and sharing -- Chrome
  • Puppeteer - Provides a high-level API to control headless Chrome over the DevTools Protocol -- JavaScript
  • Pushpin - Proxy server that adds WebSockets to existing request-response APIs -- C++
  • react-admin - Add an React admin GUI to any RESTful API -- JavaScript
  • Redirect Detective - See the complete path a redirected URL goes through -- in-browser
  • Repose - REST proxy, solutions to API tasks such as auth, rate limiting, API validation, HTTP logging, and much more -- Java
  • Resty - CLI REST client you can use in shell/bash/zsh pipes -- shell
  • SecurityHeaders.io - Scan your web site's HTTP headers -- in-browser
  • Simple Standard Service Endpoints (SE4) - A specification is to provide a standard convention for access to server status, configuration and live health via HTTP, great for microservice versions and status -- article
  • Swagger - Popular API development library, now the OpenAPI standard -- various lang
  • tengine - A distribution of Nginx with some advanced features, by Alibaba -- C
  • tortilla - Easily wrap web APIs -- Python pip
  • Tyk - API gateway -- Golang
  • urlscan.io - Displays tons of stats and info about any given URL -- in-browser
  • Varnish - Caching HTTP accelerator -- C
  • vcr - Record and play back HTTP sessions -- Ruby gem
  • webhook - Super simple webhook server -- Golang
  • wuzz - Interactive cli tool for HTTP inspection (menu-based) -- Golang

Web and HTTP Performance Analysis Tools

  • Awesome Web Performance Optimization - Collection of web performance optimization (WPO) tools, articles, and more -- collection
  • Betwixt - Web debugging proxy with a Chrome DevTools look -- JavaScript
  • Brotli - Modern alternative to gzip, better packing, performs well with HTTP/2, HTTPS only -- zoooooom
  • django-debug-toolbar - Panels that display profiling information about the current request/response -- Python pip
  • Chrome DevTools - Many built-in tools for performance analysis -- mostly OSS
  • Gatling - HTTP, JMS, and WebSocket load generator -- Scala
  • Google Web Tracer - Helps you identify and fix performance problems in your web applications, by Google -- Chrome
  • Firefox Developer Tools - A full list of built-in Firefox developer tools including performance tools -- various lang
  • h2load - HTTP/2 and SPDY load generation tool, part of the nghttp2 suite -- C
  • HAR Analyzer - HTTP Archive analyzier for troubleshooting from a browser perspective, by Google -- in-browser
  • High Performance Browser Networking - What every web developer needs to know about the various types of networks (WiFi, 3G/4G), transport protocols (UDP, TCP, and TLS), application protocols (HTTP/1.1, HTTP/2), and APIs available in the browser (XHR, WebSocket, WebRTC, and more) -- book
  • httping - Simple program that "pings" a URL and shows response time -- C
  • Jaeger - OpenTelemetry compatible distributed tracing system, works well with Istio and Envoy, by Uber -- Golang
  • JMeter - Designed to load test functional behavior and measure performance, written in Java -- Java
  • Locust - Load generation tool written in Python that allows you to define user behavior -- Python
  • ngxtop - Real time top for nginx -- Python
  • OpenTelemetry - Vendor-neutral distributed tracing, a merger of OpenTracing and OpenCensus -- various lang
  • OpenZipkin - Distributed tracing systems for SaaS and webapps, by Twitter, based on Google's Dapper -- Scala
  • Packetbeat - Distributed packet monitoring system that can be used for application performance management -- Golang
  • PageSpeed Insights - Analyzes the content of a web page, then generates suggestions to make that page faster, by Google -- in-browser
  • PageSpeed Module - Open-source server modules that optimize your site automatically (nginx and Apache), by Google -- various lang
  • peep - Heap inspector for live memcached instances -- Ruby
  • redis-faina - Query analyzer that parses Redis' MONITOR command for counter/timing stats about query patterns, by Facebook -- Python
  • Tempo - Cost-efficient, requiring only object storage to operate, and is deeply integrated with Grafana, Prometheus, and Loki and OpenTelemetry -- various lang
  • Tsung - Distributed stress tester, also supports stress testing DBs -- Erlang
  • Web Page Test - Free website speed test from multiple locations around the globe using real browsers (IE and Chrome) and at real consumer connection speeds -- in-browser
  • wrk - Multi-threaded CLI-based HTTP load generation tool -- C
  • wrk2 - Fork of wrk that fixes the "coordinated omissions problem" -- C
  • UpTrends Uptime Checker - Check a URL's response time from ~30 different sites around the globe -- in-browser
  • Varnish Dashboard - Realtime dashboard for Varnish cache servers -- JavaScript

Misc Tools of Note

  • 802.11bf - Using WiFi devices and their transmissions to perform motion and presense detection another article by El Reg -- the next big thing
  • Adblock Radio - An adblocker for live radio streams and podcasts -- various lang
  • Active Directory Recycle Bin - On-prem only -- article
  • AirMessage - iMessage on Android, requires the AirMessage server app (a relay) running on a Mac 24/7 -- various lang
  • Alma Linux - A replacement for CentOS which was discontinued in Dec 2020 by IBM in favor of CentOS Stream -- operating system
  • Animated Knots - For business or pleasure -- collection
  • Anti-Ablock Killer - Keep your ad-blocker active when pages take anti-blocking measures, requires Greasemonkey or similar -- JavaScript
  • Annie - Fast and simple video download library and CLI tool written in Go -- Golang
  • AppLock - Lock individual apps on Android -- Java
  • Architecture Decision Record - Document that captures an important architectural decision made along with its context and consequences -- template
  • Archive.org aka The Internet Archive aka The Wayback Machine - Yo donate, this is beyond important -- the biggest collection
  • Asahi Linux - Aims to bring you a polished Linux experience on Apple Silicon Macs, getting close -- various lang
  • AutoHotKey - Automate input (desktop and web forms, data entry, keybinds, etc) -- C++ Windows
  • Awesome AutoHotKey - A collection of AutoHotKey scripts and libraries -- various lang
  • Autoruns - All-in-one tool to show everything that's configured to start at boot time -- Windows
  • AutoIT - Scriptable GUI input for Windows (think AutoHotKey) but with a BASIC-like syntax -- closed source
  • Backstage - Unifies all your infrastructure tooling, services, and documentation with a single, consistent UI so developers can easily provision and view their resources -- various lang
  • Barrier - OSS KVM software, for Mac, Windows, and Linux. Lets you share one set of peripherals across multiple machines with different OSs on the same network. Connection is encrypted -- various lang
  • Belvedere - Rriendly interface to create advanced rules to move, copy, delete, rename, or open files based on their name, extension, size, creation date, on file creation, and more, similar to Watch 4 Folder -- Windows closed source
  • BlockTube - Filter and block unwanted content from YouTube -- Chrome Firefox
  • Bulk Rename Utility - GUI based, feature rich -- Windows closed source
  • Bypass Paywalls - Shhh -- Firefox Chrome
  • Bypass Paywalls - Better maintained but Chrome only -- Chrome
  • c4builder - Lightweight nodejs cli tool for building, maintaining and sharing a software architecture project using only text, combines PlantUML C4Model, Markdown, and more -- various lang
  • chasing_your_tail - Pi-based tool for using nearby wireless signals to help determine if you're being followed. -- Python
  • CheapCharts - Historic price trends for digital movies and TV on iTunes, Vudu, Amazon Prime, and similar -- collection
  • cherrytree - Simple quick hierarchical note taking application -- Python
  • CityMapper - View Uber and Lyft rates among other things, in-browser or mobile app -- neat
  • Clone Wars - Open-source clones of popular sites like Airbnb, Amazon, Instagram, Netflix, Tiktok, Spotify, Trello, Whatsapp, Youtube, etc -- various lang
  • conserver - Virtual console server with many features (multi-user, console log history, etc) -- C
  • Container Proxy - Set up proxies and then assign proxy to a container. Each request comming from any tab in the container will use this proxy -- Firefox
  • Container Tabs Sidebar - Show tabs in a sidebar grouped by privacy containers -- Firefox
  • Cookie Autodelete - Browser add-on that's essentially a cookie whitelist / grey list -- Firefox Chrome
  • Cost Plus Drugs - The lowest priced source for prescription drugs -- collection
  • CRIU (Checkpoint Restore in Userspace) - Freeze a process, save it to disk, then resume it later -- insane
  • crumbs - Simple mind maps with asterisks - great for brain dumping with little transcription overhead -- Golang
  • Dashkiosk - Manage dashboards on multiple screens, simple and effective -- JavaScript
  • DevOps Conferences - Add and remove via PR, please contribute -- collection
  • Discount for Student Dev - Programming and DevOps related discounts for .edu addresses, updated frequently, please contribute -- collection
  • Downtify - Open source Spotify downloader -- various lang
  • EasyJob - Keep and execute your PowerShell and BAT scripts from one interface -- C Sharp
  • EarTrumpet - Volume control for Windows, very feature-rich -- C Sharp
  • Etcher - SD card writing software, easy -- various lang
  • Exploit Database - Collection of current and past exploits -- collection
  • f.lux - Changes your screen from blue light to yellow light when the sun sets to tell your brain it's night time -- closed source OS X Windows
  • fast-data-dev - Docker image for Kafka developement that includes a boatload of related tools -- various lang
  • FigmaToCode - Outputs Figma objects to Tailwind, Flutter, or SwiftUI code -- JavaScript
  • Firefox Multi-Account Containers - Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously -- Firefox
  • Fossor - Automate on-call investigation steps, by LinkedIn -- Python pip
  • free-for.dev - Massive list of services with free tiers -- collection
  • Geocities-izer - Make any HTML web page look like a Geocities page -- sweeeeeeet
  • GlossaryTech - Browser addon to learn tech terms with easy to understand defintions -- JavaScript
  • googler - Google search, news, and site search from the terminal, slick -- Python
  • Google Advanced Operators for Web Search - Search modifiers for more accurate results, by Google -- collection
  • GoodRX - Coupons for prescriptions, vaccines, and more, can be used pre-deductible, USA-centric -- ez savings
  • Google Search Verbatim Mode - Searches for exactly what you want, no "intelligence" added -- article
  • gosu - Simple Go-based setuid+setgid+setgroups+exec for stepping down privs, use me to avoid weird su and sudo TTY bugs -- Golang
  • Highlight This - Multi-highlight, regex, all data local, tons of features -- Chrome
  • Homomorphic Encryption - Allows data to be encrypted and out-sourced to 3rd parties for processing, all while encrypted (or remove HIPAA barriers) -- article
  • Hoopla - Digital movies, music and ebooks for USA public library members -- explore yours today
  • HTML5 Up - HTML5 website templates all free and under a CC license -- collection
  • Huginn - Build agents that perform automated tasks/workflows for you online or locally, like IFTTT -- Ruby
  • ICANN Domain Lookup - Use this when searching for a domain to buy because they cannot use your searches to jack up the price -- in-browser
  • InControl - Control non-optional Windows upgrades -- Windows closed source
  • inxi - "a full featured system information script" (hardware info, etc) -- shell
  • IPTV - Collection of 8000+ publicly available IPTV channels from all over the world -- screw off Bundesliga -- collection
  • Jellyfin - OSS alternative to Plex -- various lang
  • JustWatch - Search for movies and TV across dozens of streaming services, it shows you which services it is available on, and you can click to watch, app and in-browser -- collection
  • Kanopy - Streaming movies for USA public library members -- explore yours today
  • Kodi - Open source home theater, run me on a Pi, think open source Fire Stick / Roku / Apple TV / TV app store / etc -- various lang
  • L3AF - Complete lifecycle management of eBPF programs in the kernel, by Wal-Mart -- various lang
  • Libby - App for ebooks and audio books for USA public library members, from OverDrive -- explore yours today Android iOS Windows 10
  • Library Extension - Browser extension that shows you which Amazon books are available free at your local libraries, please donate -- closed source
  • LockHunter - Delete files blocked by something you do not know. LockHunter is useful for fighting against malware, and other programs that are blocking files without a reason -- Windows
  • Magic Jelly Bean - Extract Windows & Mac product keys, saved Wi-Fi passwords and more -- Windows closed source
  • Mail Tester - Test the spammyness of your e-mails -- in-browser
  • Matter (protocol standard) - Aims to reduce fragmentation across different vendors, and achieve interoperability among smart home devices and Internet of things (IoT) platforms from different providers, by Google, Amazon, Apple, Comcast, and the Zigbee Alliance -- article
  • maybe - Allows a dry run of almost any Linux binary, see the files it will modify, calls made, etc -- Python pip
  • Maza - Like Pi-hole but local and using your operating system -- shell
  • Mega Collection of PowerShell Scripts - 250+, Windows-centric -- collection
  • Microsoft PowerToys - Set of utilities for power users to tune and streamline their Windows experience for greater productivity -- Windows closed source
  • Mjolnir - Automation for OS X via Lua, think AutoHotKey for Mac -- C OS X
  • Mouse without Borders - Control up to 4 Windows computers from a single keyboard & mouse, official tool by Microsoft -- closed source
  • MuteMe - Physical mute button that shows everyone when your mic is live -- hardware
  • MultiRBL - SMTP blackhole lookup tools -- in-browser
  • MX Toolbox - SMTP blacklist lookup, header analysis, and more -- in-browser
  • myNoise - Background sounds to help you focus or sleep -- in-browser
  • Network UPS Tools (NUT) - Manage power devices from over 100 manufacturers using a single web interface -- C Windows
  • NoRoot Firewall - Android app that logs connections to show overly chatty background apps and more -- closed source
  • NoScript - JavaScript, XSS, tracker, Flash blockers and more - your condom for the Internet -- Firefox
  • Obsidian - Powerful knowledge base & note taking on top of a local folder of plain text Markdown files, mobile app too -- various platforms
  • OISD Domain Block List - The only Pi-Hole and domain blocklist you'll need -- collection
  • Omni Calculator - 1500+ free calculators -- collection
  • oomd - Userspace OOM killer, highly configurable and much improved over the kernel's built in OOM killer -- C++
  • Open19 - Open data center hardware for standard size racks -- neat
  • OpenBMC - Framework to build a complete Linux image for a Board Management Controller (BMC), by Facebook -- C
  • OpenBoard - Open source keyboard for Android that respects your privacy -- Android
  • OpenHaystack - Framework for tracking personal Bluetooth devices via Apple's massive Find My network, build your own Airtags -- various lang
  • OverDrive - Ebooks and audio books for USA public library members -- explore yours today
  • parsedmarc - Python package and CLI for parsing aggregate and forensic DMARC reports, works with Elasticsearch and Kibana (or Splunk) -- various lang
  • PeerTube - P2P version of YouTube, don't let your videos get taken down, now supports live streaming -- free as in freedom
  • PerigeeCopy - Fixes known annoyances with Windows Explorer copy and delete operations -- Windows various lang
  • Pi-Hole - Ad and tracking blackhole that covers your entire network with a single device -- hardware
  • PimEyes - Facial recognition search engine, reverse image serach for faces -- in-browser
  • PineTime - An open source smartwatch -- hardware
  • Popcorn Time - Multi-platform, free software BitTorrent client that includes an integrated media player -- various lang
  • Power Automate - Low-code platform that enables home and business users to optimize their workflows and automate repetitive and time-consuming tasks, think AutoHotKey, official Microsoft tool, Windows 10+ -- various lang
  • priceMedic - Compare procedures and services at hospitals near you, currently in beta -- collection
  • privacy.sexy - Open-source tool to enforce privacy & security best-practices on Windows and macOS, removes crap -- various lang
  • Privacy Badger - The best in-browser privacy and anti-tracking tool, by the EFF (donate) -- Chrome Firefox
  • PrivacyGuides.org - Community maintained -- collection
  • PrivacyTools.io - All in one collection, web site source is on GitHub -- collection
  • Process Explorer - Shows you information about which handles and DLLs processes have opened or loaded, open files -- Windows
  • Production Readiness Checklist - A checklist used internally to make microservices production-ready, by Mercari -- article
  • PsTools - Magical suite of remote and local admin tools for Windows by Mark Russinovich -- Windows
  • Puffer - Re-transmits free over-the-air broadcast television signals received by an antenna located on the campus of Stanford University, USA geo-locked, by Stanford Platform Lab and many others -- in-browser Android
  • Pulover's Macro Creator - GUI for AutoHotKey script creation, minimize coding -- various lang
  • Quick Assist - Enables a person to share their device with another person over a remote connection, helper must have a Microsoft account, works over the Internet, builtin to Windows 10+ -- closed source
  • reclaimWindows10 - Turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things, updated frequently -- PowerShell
  • Redfish - An industry standard protocol providing a RESTful interface for the management of servers, storage, networking, and converged infrastructure -- article
  • repl.it - In-browser REPLs for a ton of languages -- in-browser
  • RISC-V - The open source CPU that can run at >5Ghz while using 1/100th the power of a Xeon E7 -- hardware
  • Rocky Linux - A replacement for CentOS which was discontinued in Dec 2020 by IBM in favor of CentOS Stream -- operating system
  • RSS-Bridge - Generate RSS and Atom feeds for websites that don't have one -- PHP
  • RSS Reader - By Substack, via the web or the Substack mobile app -- multiple languages
  • runwhen - Utilities for running commands at particular times, cron on steroids -- C
  • Say What - Using speech-to-text to fully check out during conference calls -- Python
  • scrcpy - Remote display and control of Android devices connected on USB or TCP/IP -- C
  • Secure Messaging Apps - True comparison of the technical features and merits of various apps, which are TRULY secure? -- collection
  • SessionBox - Use websites with multiple accounts at the same time made easy -- Chrome
  • Shifty - A macOS menu bar app that gives you more control over Night Shift -- Swift
  • Spectacle - Control desktop windows via keyboard shortcuts -- Objective C
  • SponsorBlock - Skip sponsorships, subscription begging and more on YouTube videos. Report sponsors on videos you watch to save others' time -- Chrome
  • StackStorm - IFTTT for Ops, auto-remediation -- Python
  • Stack on a Budget - Collection of services with great free tiers for developers on a budget, excellent for learning -- collection
  • Steps Recorder (aka Problem Steps Recorder) - Windows 7+, user records themselves reproducing a problem, they send video to you, you playback -- closed source
  • SymbolHound - Search engine that doesn't ignore special characters, great for programming questions -- try it
  • Temporary Containers for Firefox - Open tabs, websites, and links in automatically managed disposable containers which isolate the data websites store (cookies, storage, and more) from each other, enhancing your privacy and security while you browse -- addon
  • TeraCopy - Superb tool for large file transfers / copies / migrations, has a free and paid version -- Windows closed source
  • TextBlaze - Give snippets slash command shortcuts (/foo /reply /ty etc), tiny templating for blazing fast browser input, SaaS -- in-browser
  • Total Commander - File manager on steroids for Windows, feature-rich -- shareware
  • Transwiz - The simplest way to transfer documents and settings to a new computer -- Windows closed source
  • Twilight - F.lux for Android -- closed source
  • Two Factor Auth (2FA) - Web sites that do and don't support 2FA, organized by category, submit PRs for changes -- collection
  • uBlock Origin - Ad blocker, only use Origin, do not use another uBlock -- Firefox Chrome
  • Ultimate Brain for Notion - Your 2nd brain, a life organizer, payware -- in-browser
  • Universal Control - Control 3 total Mac or iPads with a single keyboard and mouse, requires each system have WiFi, Bluetooth, and Handoff (iCloud sign-in) enabled -- article
  • unPaywall - When you view a paywalled scholarly article, Unpaywall automatically checks its open database of 28 million legal, open-access articles and tells you if you can get it elsewhere for free -- JavaScript
  • User Profile Wizard (profwiz) - Migrate Windows user profiles to retain all settings, great for domain migrations including Azure AD, worth it -- payware
  • voidtools aka Everything Indexer - Much better than the built-in Windows file & directory search -- Windows closed source
  • Watch 4 Folder - Folder monitoring and automation utility that can monitor up to 4 different folders simultaneously for 12 kinds of events and react for each event with different kind of actions -- Windows
  • WhosHere - Monitor an area for WiFi and Bluetooth probe requests to see when people (devices) come and go, with web UI and IFTTT webhook integraiton for Slack/SMS pushes -- PHP
  • WinDirStat - Windows disk space usage GUI, the best choice for large numbers of files or large file systems -- Windows closed source
  • Windows Repair - Resets more >25 Windows components and more -- closed source
  • Windows Services for Linux 2 (WSL2) - The official and best way to run Linux tools and full distros on Windows -- closed source
  • WinMerge - Data comparison and merging, includes file & directory comparison, feature rich -- Windows various lang
  • WizTree - Disk analyzer that reads the MFT directly, blazing fast -- Windows closed source
  • WorldCat - The world's largest online library catalog, works with thousands of libraries -- in-browser
  • yt-dlp - A youtube-dl fork with additional features and fixes -- various lang
  • Zstandard aka zstd - A better gzip, by Facebook -- article

Learning Resources

Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Docker (98,217
Amazon Web Services (38,666
Aws (38,663
Cloud (29,146
Kubernetes (25,210
K8s (25,210
Azure (17,886
Backup (12,126
Google Cloud Platform (5,507
Gcp (5,464
Google Cloud (2,493
Cybersecurity (2,077
Infrastructure As Code (722
Devsecops (496
Iac (415
Cloud Security (141
Microsoft Azure (117
Aws Security (103
O365 (33
Azure Security (22
M365 (20
Gcp Security (16