Github projects to follow

As I’ve been cleaning up my digital workspace and organizing my notes, I stumbled upon a growing collection of interesting GitHub projects I’ve been following. Some of these I actively use in my work, while others I’m simply observing out of professional curiosity.

Why Share This List?
I believe in the power of knowledge sharing within the tech community. These projects have caught my attention for various reasons – be it their innovative approach, practical applications, or potential for future use.

Current State of the List
At the moment, the list is intentionally unordered – it’s a raw collection of projects that I find valuable or intriguing. But in the future, I plan to:

• Organize them into meaningful categories
• Add them to Not The Hidden Wiki‘ Github repo
• Provide more context for each project
• Share my experiences with the ones I’ve implemented

Important Note

This is very much a “work in progress” collection. As I continue to explore and experiment with different tools and frameworks, I’ll be updating and refining this list. Some projects might be well-established, others might be emerging stars in their respective domains.

For now, consider this a peek into my professional bookmarks – a curated, albeit unstructured, collection of GitHub projects worth keeping an eye on.

Stay tuned for updates as I continue to organize and categorize these resources!

1. Not The Hidden Wiki – the largest repository of links related to cybersecurity. We believe that knowledge should be free! So we collected many valuable links from various specialists in their fields and created this wiki. Regardless of whether you are just starting your adventure with cybersecurity or you have been in this world for a long time, you will definitely find something for yourself on this wiki – https://github.com/notthehiddenwiki/nthw
2. Security lists for SOC/DFIR detections – Awesome Security lists for SOC/CERT/CTI – https://github.com/mthcht/awesome-lists
3. ParaMutator is an API fuzzer that bombards entry points with unexpected inputs to cause anomalies, signifying potential security vulnerabilities – GitHub – vuusale/ParaMutator: API fuzzer that exposes security flaws by sending malformed inputs
4. Saas attacks. The repository is a collection of SaaS-specific attack techniques. It is intended to be a resource for security researchers, red/blue teams, and penetration testers to learn about and share SaaS attack techniques – GitHub – pushsecurity/saas-attacks: Offensive security drives defensive security. We’re sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
5. WinTuner – GitHub – svrooij/WinTuner: Package any app from Winget to Intune – WinTuner
6. eJPT-CheatSheets – usefull info and commands for eJPT cert exam – GitHub – bpmcircuits/eJPTCert_CheatSheets
7. Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers – https://github.com/theowni/Damn-Vulnerable-Restaurant-API-Game
8. OSINTUI – Open Source Intelligence Terminal User Interface – GitHub – wssheldon/osintui: OSINT from your favorite services in a friendly terminal user interface – integrations for Virustotal, Shodan, and Censys
9. A collection of materials related to JohnSavill’s certification videos hosted on Youtube (Microsoft exams) – https://github.com/johnthebrit/CertificationMaterials
10. Study guide that maps the Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals – GitHub – RickKotlarz/SC-900: Study guide for the SC-900: Microsoft Security, Compliance, and Identity
11. Sysops life scripts (by Michał Machniak) – GitHub – mimachniak/sysopslife-scripts
12. PhoneNumber-OSINT – An OSINT tool for gathering information about phone numbers created by Spider Anongreyhat (Anonspidey) – GitHub – spider863644/PhoneNumber-OSINT: An OSINT tool for gathering information about phone numbers
13. Personal Security Checklist – the ultimate list of tips to secure your digital life – GitHub – Lissy93/personal-security-checklist: 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
14. Advanced Threat Hunting: Ransomware Groups & Affiliates – this repository is dedicated to documenting the arsenals, exploited CVEs, and their associated TTPs (Tactics, Techniques, and Procedures) used by ransomware groups and their affiliates, particularly those that are not widely documented – GitHub – CTI-Driven/Advanced-Threat-Hunting-Ransomware-Groups-Affiliates: Advanced Threat Hunting: Ransomware Group
15. Autopilot Branding – this repository contains a sample PowerShell script that can be packaged into an Intune Win32 app to customize Windows 10 devices via Windows Autopilot (although there’s no reason it can’t be used with other deployment processes, e.g. MDT or ConfigMgr) – GitHub – mtniehaus/AutopilotBranding
16. KQL Cheat Sheet for Real Time Intelligence – a comprehensive, community-driven reference for Kusto Query Language (KQL) specifically tailored for Real Time Intelligence scenarios. This repository provides practical examples, best practices, and quick references for working with telemetry data, application insights, and real-time analytics – GitHub – kustonaut/kql-cheat-sheet: Kustonaut’s KQL Cheat Sheet
17. KQL queries by Sergio Albea – GitHub – Sergio-Albea-Git/Threat-Hunting-KQL-Queries
18. Sample KQL queries for Advanced hunting in Microsoft 365 Defender – GitHub – microsoft/Microsoft-365-Defender-Hunting-Queries: Sample queries for Advanced hunting in Microsoft 365 Defender
19. Must Learn KQL – the blog series, the completion certificate, the book, the video channel, the merch store, the workshop, and much more – https://github.com/rod-trent/MustLearnKQL
20. Hunting Queries Detection Rules – KQL queries for Microsoft Defender, Microsoft Sentinel – https://github.com/SlimKQL/Hunting-Queries-Detection-Rules/
21. Just another Kusto hacker (“JAKH”) contest – https://github.com/microsoft/just-another-kusto-hacker
22. KQLIntel – a browser-based tool that uses LLMs to convert threat intelligence reports into actionable Kusto Query Language (KQL) queries by extracting IOCs from URLs or raw text – https://github.com/Var5h1l/KQLIntel
23. sKaleQL – an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Log Analytics Workspaces – https://github.com/mthcht/awesome-lists
24. 𝗦𝗹𝗶𝗺𝗞𝗤𝗟 – GitHub – SlimKQL/Hunting-Queries-Detection-Rules: KQL Queries. Microsoft Defender, Microsoft Sentinel
25. Secrets Patterns Database – GitHub – mazen160/secrets-patterns-db: Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
26. Chef InSpec – an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements – GitHub – inspec/inspec: InSpec: Auditing and Testing Framework
27. SOC-RESSOURCES – GitHub – DXC-0/SOC-Ressources: Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring.
28. OSGINT – Retrieve informations about a github username/email – GitHub – hippiiee/osgint: OSINT tool to find informations about a github user (email2username, username2email, creation date …)
29. Azure samples – Azure Samples · GitHub
30. Microsoft Sentinel and Microsoft 365 Defender repository – GitHub – Azure/Azure-Sentinel: Cloud-native SIEM for intelligent security analytics for your entire enterprise.
31. Azure Network Security – GitHub – Azure/Azure-Network-Security: Resources for improving Customer Experience with Azure Network Security
32. Checkpoint Harmony EDR – this Microsoft Sentinel Workbook is designed to visualize key metrics from Checkpoint Harmony Endpoint Detection and Response (EDR). The workbook leverages Common Event Format (CEF) events forwarded from the EDR to provide a comprehensive overview of your cybersecurity posture directly within Microsoft Sentinel – GitHub – chihebchebbi/CheckpointHarmonyEDR-Workbook
33. Microsoft Defender for Cloud (formerly known as Azure Security Center) community repository – GitHub – Azure/Microsoft-Defender-for-Cloud: Welcome to the Microsoft Defender for Cloud community repository
34. Microsoft Azure training for researchers – GitHub – MSRConnections/Azure-training-course
35. Study guide that maps the Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals to the Microsoft Skills Measured PDF by Rick Kotlarz – https://github.com/RickKotlarz/SC-900
36. Azure Cost Anomaly Alert Manager – a Python-based command-line tool for managing Azure Cost Management anomaly alerts across multiple subscriptions. This tool helps you automatically detect and create cost anomaly alerts for Azure subscriptions, ensuring you stay informed about unexpected cost spikes – GitHub – p4pryk/CostAnomalyCreator
37. Azure MCP Server – implements the MCP specification to create a seamless connection between AI agents and Azure services. Azure MCP Server can be used alone or with the GitHub Copilot for Azure extension in VS Code. This project is in Public Preview and implementation may significantly change prior to our General Availability – https://github.com/Azure/azure-mcp
38. Azure Vulnerability Report Generator – this application connects to Azure using the Microsoft Graph API to detect and report security vulnerabilities across your Azure resources. It provides a modern, user-friendly interface for selecting subscriptions, fetching vulnerability data, and generating detailed report in HTML – https://github.com/p4pryk/AzureVulnerabilityReport/
39. Defender Yara – extracted Yara rules from Windows Defender mpavbase and mpasbase – https://github.com/roadwy/DefenderYara/
40. Intune – Microsoft Intune scripts – https://github.com/MSEndpointMgr/Intune/
41. MS-Attack-Range – Microsoft Sentinel Attack Range is a tool that allows security teams to create a small lab environment to simulate attacks and generate data in Microsoft Sentinel for detection testing and validation – https://github.com/oloruntolaallbert/MS-Attack-Range/
42. EntraGoat – a deliberately vulnerable Microsoft Entra ID infrastructure designed to simulate real-world identity security misconfigurations and attack vectors. EntraGoat introduces intentional vulnerabilities in your environment to provide a realistic learning platform for security professionals. It features multiple privilege escalation paths and focuses on black-box attack methodologies. EntraGoat uses PowerShell scripts and Microsoft Graph APIs to deploy vulnerable configurations in your Entra ID tenant. This gives users complete control over the learning environment while maintaining isolation from production systems – https://github.com/Semperis/EntraGoat
43. Get-IntuneManagementExtensionDiagnostics – this script analyzes Intune IME logs and shows events in Timeline – https://github.com/petripaavola/Get-IntuneManagementExtensionDiagnostics/
44. IntuneBrew – a PowerShell-based tool that simplifies the process of uploading and managing macOS applications in Microsoft Intune. It automates the entire workflow—from downloading apps to uploading them to Intune with proper metadata and icons – https://github.com/ugurkocde/IntuneBrew/
45. Azure Security Benchmark Report (MSBReport) – a Streamlit-based web application for analyzing and visualizing security recommendations for Azure resources based on Microsoft Security Benchmark standards. The tool helps security professionals and administrators identify vulnerabilities and maintain compliance with best practices – https://github.com/p4pryk/MSBReport/
46. ScubaGear – an assessment tool that verifies that a Microsoft 365 (M365) tenant’s configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Secure Configuration Baseline documents – https://github.com/cisagov/ScubaGear/
47. remote-mcp-apim-functions-python – Azure API Management as AI Gateway to Remote MCP servers – https://github.com/Azure-Samples/remote-mcp-apim-functions-python
48. Security Copilot – Microsoft Security Copilot is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale, while remaining compliant to responsible AI principles – https://github.com/Azure/Security-Copilot/
49. Generative AI for beginners – 21 Lessons teaching everything you need to know to start building Generative AI applications – GitHub – microsoft/generative-ai-for-beginners: 21 Lessons, Get Started Building with Generative AI
50. Workout – Test framework for Azure Bicep with dedicated DSL – GitHub – TheCloudTheory/Workout: Test framework for Azure Bicep
51. Blackbird – a powerful OSINT tool that combines fast username and email searches across more than 600 platforms with free AI-powered profiling. By leveraging community-driven projects like WhatsMyName, it ensures low false positive rates and high-quality results. Features include smart filters, polished PDF/CSV exports, and fully automated analysis — all from a single CLI – GitHub – p1ngul1n0/blackbird: An OSINT tool to search for accounts by username and email in social networks.
52. Facad1ng – an open-source URL masking tool designed to help you Hide Phishing URLs and make them look legit using social engineering techniques – GitHub – spyboy-productions/Facad1ng: The Ultimate URL Masking Tool – An open-source URL masking tool designed to help you Hide Phishing URLs and make them look legit using social engineering techniques.
53. Sigma – Generic Signature Format for SIEM Systems – GitHub – SigmaHQ/sigma: Main Sigma Rule Repository
54. ThePilot-Scramble-retro-game-by-AI – GitHub – MariuszFerdyn/ThePilot-Scramble-retro-game-by-AI: Game generated by AI based on:
55. Bitcache is a solution that allows you to backup your Bitlocker recovery keys from Entra ID (aka Azure AD) to a local database – GitHub – pawellakomski/bitcache
56. Wordpot – a WordPress honeypot which detects probes for plugins, themes, timthumb and other common files used to fingerprint a wordpress installation – GitHub – gbrindisi/wordpot: A WordPress Honeypot
57. Awesome Honeypots – a curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects – GitHub – paralax/awesome-honeypots: an awesome list of honeypot resources
58. TruffleHog – secret scanner – GitHub – trufflesecurity/trufflehog: Find, verify, and analyze leaked credentials
59. CVE Program – the mission of the CVE™ Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities – CVE Program · GitHub
60. Organizer – this project helps you plan different events, create tasks that you have to complete and manage your budget (set goals). Thanks to safe accounts system, you have access to your data in any device. Written in NextJS using MongoDB, JWT tokens, SCSS modules – GitHub – KamilSajdera/organizer: Plan, save and view your events and expenses.
61. kotaemon – an open-source clean & customizable RAG UI for chatting with your documents. Built with both end users and developers in mind – GitHub – Cinnamon/kotaemon: An open-source RAG-based tool for chatting with your documents.
62. AutoGen – a framework for creating multi-agent AI applications that can act autonomously or work alongside humans – GitHub – microsoft/autogen: A programming framework for agentic AI 🤖 PyPi: autogen-agentchat Discord: https://aka.ms/autogen-discord Office Hour: https://aka.ms/autogen-officehour
63. Semgrep – a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows – https://github.com/semgrep/semgrep
64. GLIGEN – a novel way to specify the precise location of objects in text-to-image models. I present here an intuitive GUI that makes it significantly easier to use GLIGEN with ComfyUI – GitHub – mut-ex/gligen-gui: An intuitive GUI for GLIGEN that uses ComfyUI in the backend
65. Azure OpenAI in a day workshop – GitHub – microsoft/azure-openai-in-a-day-workshop
66. Analysis Tools – this repository lists static analysis tools for all programming languages, build tools, config files and more. The focus is on tools which improve code quality such as linters and formatters. The official website, analysis-tools.dev is based on this repository and adds rankings, user comments, and additional resources like videos for each tool – GitHub – analysis-tools-dev/static-analysis: ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
67. Awesome Guidelines – a set of guidelines for a specific programming language that provides recommendations on programming style, best practices, and methods for various aspects of writing programs in that language – GitHub – Kristories/awesome-guidelines: A curated list of high quality coding style conventions and standards.
68. Container Security Checklist: From the image to the workload – GitHub – krol3/container-security-checklist: Checklist for container security – devsecops practices
69. Tools – curated list of security tools – https://github.com/rmkanda/tools
70. Secure Coding Practices Checklist – GitHub – RedHatInsights/secure-coding-checklist: Secure Coding Checklist for Developers
71. Mixeway – an OpenSource software that is meant to simplify the process of security assurance of projects which are implemented using CICD procedures – https://github.com/Mixeway/MixewayHub
72. Cyber-Security-Blog-and-Linkedin-Agent (plus much more) – an Ai agent that takes a simple prompt, then uses a series of agents to conduct research and and can produce blog posts, linkedin posts or technical guides using a friendly web UI – https://github.com/Dave-gilmore-aus/Cyber-Security-Blog-and-Linkedin-Agent
73. SiteSiffer – recursive directory fuzzer + file downloader with progress bars.
    It fuzzes directories using a wordlist (recursively), crawls discovered pages, and downloads files that match extensions from your list. Use responsibly. Only scan targets you own or have explicit permission to test – https://github.com/A1ERTA/SiteSifter
74. Advanced Port Scanner with Shodan and CVE Lookup – an advanced asynchronous port scanner written in Python. It scans a target for open ports, retrieves banners, identifies services and versions, and performs CVE lookups using the NVD API. Additionally, it can integrate with Shodan to provide extra host details – https://github.com/chrispl89/port_scanner/
75. Cloud Security Toolkit – all-in-one destination for cutting-edge cloud security resources! Whether you’re diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered – https://github.com/eshlomo1/CloudSec
76. cveseeker – A powerful, modular, and extensible vulnerability assessment and vulnerability intelligence tool searching for CVEs and exploits using keywords across multiple sources. It collects, analyzes, and enriches CVE data from multiple trusted sources, empowering security researchers, and organizations to keep vulnerabilities close and actions proactive – https://github.com/krystianbajno/cveseeker
77. Data & AI Platform – offers a comprehensive suite of tools and resources for deploying and configuring essential Azure services. It orchestrates the creation of a modern enterprise data and AI estate, primed to power your AI applications and deliver rapid value. Hundreds of customers have utilized this platform to build a unified data and AI infrastructure, accelerating their AI transformation – https://github.com/microsoft/Data-and-AI-Platform/
78. LeakBaseCTI – specialized investigative framework to investigate cases of malicious actors in the OSINT and backup LeakBase – https://github.com/VECERTUSA/LeakBaseCTI
79. ThreatWeaver – an advanced web application that leverages artificial intelligence for automated threat modeling and security analysis. It allows users to upload architecture diagrams and detailed application descriptions, which are then analyzed using the STRIDE and MITRE ATT&CK frameworks, generating clear threat models along with recommendations for mitigation measures – https://github.com/p4pryk/ThreatWaver/

Which Stay tuned for updates as I continue to organize and categorize these resources!

This post is part of my ongoing effort to contribute to the tech community by sharing useful resources and tools I discover along my professional journey. Which other projects are worth to observe? Write a comment and share your findings.