2021-12-15

go

• anchore/syft CLI tool and library for generating a Software Bill of Materials from container images and filesystems
• vercel/turborepo The High-performance Build System for JavaScript & TypeScript Codebases
• hillu/local-log4j-vuln-scanner Simple local scanner for vulnerable log4j instances
• anchore/grype A vulnerability scanner for container images and filesystems
• projectdiscovery/interactsh An OOB interaction gathering server and client library
• juicedata/juicefs JuiceFS is a distributed POSIX file system built on top of Redis and S3.
• gorilla/mux A powerful HTTP router and URL matcher for building Go web servers with 🦍
• panjf2000/gnet 🚀 gnet is a high-performance, lightweight, non-blocking, event-driven networking framework written in pure Go./ gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。
• aquasecurity/trivy Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
• JanDeDobbeleer/oh-my-posh A prompt theme engine for any shell.
• windvalley/gossh Gossh is a high-performance and high-concurrency ssh tool. Issues and ⭐ are welcome:)
• rudderlabs/rudder-server Privacy and Security focused Segment-alternative, in Golang and React
• cri-o/cri-o Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
• projectdiscovery/nuclei Fast and customizable vulnerability scanner based on simple YAML based DSL.
• hashicorp/nomad Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
• google/cadvisor Analyzes resource usage and performance characteristics of running containers.
• inbug-team/InScan 边界打点后的自动化渗透工具
• cilium/cilium eBPF-based Networking, Security, and Observability
• armosec/kubescape Kubescape is the first open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®.
• mwarnerblu/Log4ShellScanner Scans and catches callbacks of systems that are impacted by Log4J Log4Shell vulnerability across specific headers.
• prometheus-operator/prometheus-operator Prometheus Operator creates/configures/manages Prometheus clusters atop Kubernetes
• Adikso/minecraft-log4j-honeypot Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
• HyNetwork/hysteria Hysteria is a feature-packed network utility optimized for networks of poor quality (e.g. satellite connections, congested public Wi-Fi, connecting from China to servers abroad)
• traefik/traefik The Cloud Native Application Proxy
• hashicorp/terraform-provider-azurerm Terraform provider for Azure Resource Manager

java

• huntresslabs/log4shell-tester
• christophetd/log4shell-vulnerable-app Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.
• whwlsfb/Log4j2Scan Log4j2 RCE Passive Scanner plugin for BurpSuite
• kozmer/log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability.
• corretto/hotpatch-for-apache-log4j2 An agent to hotpatch the log4j RCE from CVE-2021-44228.
• tangxiaofeng7/BurpLog4j2Scan Burpsuite extension for log4j2rce
• Cybereason/Logout4Shell Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
• Puliczek/CVE-2021-44228-PoC-log4j-bypass-words 🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches
• apache/logging-log4j2 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture.
• EmYiQing/LDAPKit 自用的LDAP测试工具，一键启动
• leonjza/log4jpwn log4j rce test environment and poc
• tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce Apache Log4j 远程代码执行
• f0ng/log4j2burpscanner CVE-2021-44228，log4j2 burp插件 Java版本，可自定义ceye.io，也可以自定义内网的dnslog平台及请求接口定位内网漏洞机器(log4j2 RCE Burp Suite Passive Scanner，can customize the ceye.io api or other apis，including internal networks)
• welk1n/JNDI-Injection-Exploit JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）
• NationalSecurityAgency/ghidra Ghidra is a software reverse engineering (SRE) framework
• mbechler/marshalsec
• jeremylong/DependencyCheck OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
• elastic/elasticsearch Free and Open, Distributed, RESTful Search Engine
• welk1n/JNDI-Injection-Bypass Some payloads of JNDI Injection in JDK 1.8.0_191+
• ilsubyeega/log4j2-exploits log4j2 remote code execution or IP leakage exploit (with examples)
• veracode-research/rogue-jndi A malicious LDAP server for JNDI injection attacks
• logpresso/CVE-2021-44228-Scanner Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
• niumoo/lab-notes 😍 有趣的想法 & 有意思灵感 & 小算法实验室，犄角旮旯乱七八糟代码杂货铺，新奇好玩都在这里。
• apache/log4j Mirror of Apache log4j
• openzipkin/zipkin Zipkin is a distributed tracing system

javascript

• rolling-scopes-school/tasks
• micro-zoe/micro-app A lightweight, efficient and powerful micro front-end framework. 一款轻量、高效、功能强大的微前端框架
• glixzzy/blooket-hack Multiple game hacks to use so the game becomes easier to play!
• HashLips/hashlips_art_engine HashLips Art Engine is a tool used to create multiple different instances of artworks based on provided layers.
• vercel/next.js The React Framework
• medusajs/medusa The open-source Shopify alternative ⚡️
• thunlp/WantWords An open-source online reverse dictionary.
• circleci/circleci-docs Documentation for CircleCI.
• facebook/create-react-app Set up a modern web app by running one command.
• facebook/react-native A framework for building native applications using React
• ToolJet/ToolJet Open-source low-code framework for building React-based web applications and internal tools 🚀
• lerna/lerna 🐉 A tool for managing JavaScript projects with multiple packages.
• openspug/spug 开源运维平台：面向中小型企业设计的轻量级无Agent的自动化运维平台，整合了主机管理、主机批量执行、主机在线终端、文件在线上传下载、应用发布部署、在线任务计划、配置中心、监控、报警等一系列功能。
• photonstorm/phaser Phaser is a fun, free and fast 2D game framework for making HTML5 games for desktop and mobile web browsers, supporting Canvas and WebGL rendering.
• odoo/odoo Odoo. Open Source Apps To Grow Your Business.
• alvarotrigo/fullPage.js fullPage plugin by Alvaro Trigo. Create full screen pages fast and simple
• goldbergyoni/nodebestpractices ✅ The Node.js best practices list (December 2021)
• MikeMcl/bignumber.js A JavaScript library for arbitrary-precision decimal and non-decimal arithmetic
• floating-ui/floating-ui 🍿 JavaScript positioning library for tooltips, popovers, dropdowns, and more
• OpenZeppelin/openzeppelin-contracts OpenZeppelin Contracts is a library for secure smart contract development.
• iioter/iotgateway A cross-platform IoT gateway based on .net5. Through visual configuration, you can easily connect to any of your devices and systems (such as PLC, barcode scanner, CNC, database, serial device, host computer, OPC Server, OPC UA Server, Mqtt Server, etc.), so as to interact with Thingsboard, IoTSharp or Your own IoT platform for two-way data comm…
• meabhisingh/mernProjectEcommerce This is MERN Stack Ecommerce Project Made to Teach MERN Stack on YouTube
• RocketChat/Rocket.Chat The communications platform that puts data protection first.
• ai/nanoid A tiny (108 bytes), secure, URL-friendly, unique string ID generator for JavaScript
• iamadamdev/bypass-paywalls-chrome Bypass Paywalls web browser extension for Chrome and Firefox.

python

• Neo23x0/log4shell-detector Detector for Log4Shell exploitation attempts
• TencentARC/GFPGAN GFPGAN aims at developing Practical Algorithms for Real-world Face Restoration.
• WazeHell/sam-the-admin Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
• blakeblackshear/frigate NVR with realtime local object detection for IP cameras
• sxyu/svox2 Plenoxels: Radiance Fields without Neural Networks, Code release WIP
• CorentinJ/Real-Time-Voice-Cloning Clone a voice in 5 seconds to generate arbitrary speech in real-time
• NorthwaveSecurity/log4jcheck A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers.
• google-research/scenic Scenic: A Jax Library for Computer Vision Research and Beyond
• takito1812/log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
• rwightman/pytorch-image-models PyTorch image models, scripts, pretrained weights -- ResNet, ResNeXT, EfficientNet, EfficientNetV2, NFNet, Vision Transformer, MixNet, MobileNet-V3/V2, RegNet, DPN, CSPNet, and more
• jina-ai/jina Cloud-native neural search framework for 𝙖𝙣𝙮 kind of data
• medvm/widevine_keys This repo created for bypassing Widevine L3 DRM and obtaining keys.
• alexandre-lavoie/python-log4rce An All-In-One Pure Python PoC for CVE-2021-44228
• DA-southampton/NLP_ability 总结梳理自然语言处理工程师(NLP)需要积累的各方面知识，包括面试题，各种基础知识，工程能力等等，提升核心竞争力
• mlflow/mlflow Open source platform for the machine learning lifecycle
• jessevig/bertviz Tool for visualizing attention in the Transformer model (BERT, GPT-2, Albert, XLNet, RoBERTa, CTRL, etc.)
• wpeebles/gangealing Official PyTorch Implementation of GAN-Supervised Dense Visual Alignment
• aeon0/botty D2R Pixel Bot
• FederatedAI/FATE An Industrial Grade Federated Learning Framework
• EssayKillerBrain/EssayKiller_V2 基于开源GPT2.0的初代创作型人工智能 | 可扩展、可进化
• JDAI-CV/fast-reid SOTA Re-identification Methods and Toolbox
• elastic/detection-rules Rules for Elastic Security's detection engine
• SinaKhalili/Folders.py Implementation of the Folders📂 esoteric programming language, a language with no code and just folders.
• libratbag/piper GTK application to configure gaming devices
• vishnubob/wait-for-it Pure bash script to test and wait on the availability of a TCP host and port

rust

• meilisearch/MeiliSearch Powerful, fast, and an easy to use search engine
• fishfight/FishFight Fish Fight is a tactical 2D shooter. Made with Rust-lang and Macroquad 🦀🌶
• Schniz/fnm 🚀 Fast and simple Node.js version manager, built in Rust
• SergioBenitez/Rocket A web framework for Rust.
• AppFlowy-IO/appflowy AppFlowy is an open-source alternative to Notion. You are in charge of your data and customizations. Built with Flutter and Rust.
• yewstack/yew Rust / Wasm framework for building client web apps
• dani-garcia/vaultwarden Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
• libp2p/rust-libp2p The Rust Implementation of the libp2p networking stack.
• shadowsocks/shadowsocks-rust A Rust port of shadowsocks
• cube-js/cube.js 📊 Cube — Open-Source Analytics API for Building Data Apps
• ogham/exa A modern replacement for ‘ls’.
• MCHPR/MCHPRS A multithreaded Minecraft server built for redstone.
• spikecodes/libreddit Private front-end for Reddit
• rust-unofficial/awesome-rust A curated list of Rust code and resources.
• tauri-apps/tauri Build smaller, faster, and more secure desktop applications with a web frontend.
• sharkdp/fd A simple, fast and user-friendly alternative to 'find'
• async-rs/async-std Async version of the Rust standard library
• pingcap/talent-plan open source training courses about distributed database and distributed systemes
• cloudflare/quiche 🥧 Savoury implementation of the QUIC transport protocol and HTTP/3
• DataDog/glommio Glommio is a thread-per-core framework that aims to make the task of writing highly parallel asynchronous applications in a thread-per-core architecture easier for rustaceans.
• samuelvanderwaal/metaboss The Metaplex NFT-standard Swiss Army Knife tool.
• tomusdrw/rust-web3 Ethereum JSON-RPC multi-transport client. Rust implementation of web3 library.
• volta-cli/volta Volta: JS Toolchains as Code. ⚡
• hyperium/tonic A native gRPC client & server implementation with async/await support.
• kitao/pyxel A retro game engine for Python

2021-12-16

2021-12-14