I use 1Password password manager for saving all my passwords, various other credentials and private notes and it has been a lifesaver thus far. Having a unique password for all my accounts and using 2FA wherever available means I should be quite safe in case any of my accounts gets breached or the password gets leaked.
Lynis - Security auditing and hardening tool, for UNIX-based systems.
SeKey - Use Touch ID / Secure Enclave for SSH Authentication.
SOPS - Editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.
ClusterFuzz - Scalable fuzzing infrastructure which finds security and stability issues in software.
RAMBleed - Reading Bits in Memory Without Accessing Them.
Sliver - General purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.
Infosec_Reference - Information Security Reference That Doesn't Suck.
Messaging Layer Security (MLS) - Security layer for encrypting messages in groups of size two to many.
Molasses - Rust implementation of the Message Layer Security group messaging protocol.
mkcert - Simple zero-config tool to make locally trusted development certificates with any names you'd like.
Boulder - ACME-based CA, written in Go.
HoneyTrap - Extensible and opensource system for running, monitoring and managing honeypots.
Flan Scan - Lightweight network vulnerability scanner.
Hardenize - Meet the new standard for network and security configuration monitoring.
american fuzzy lop - Security-oriented fuzzer.
Pwnagotchi - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.
camo - HTTP proxy to route images through SSL. Making insecure assets look secure.
OSS-Fuzz - Continuous Fuzzing for Open Source Software.
crunchy - Finds common flaws in passwords. Like cracklib, but written in Go.
Dispatch - All of the ad-hoc things you're doing to manage incidents today, done for you, and much more.
Sublist3r - Fast subdomains enumeration tool for penetration testers.
Awesome Zero trust - Curated collection of awesome resources for the zero-trust security model.
vaulted - Spawning and storage of secure environments.
Destructive Farm - Exploit farm for attack-defense CTF competitions.
Panther - Cloud-native platform for detecting threats with log data, improving cloud security posture, and conducting investigations.
bettercap - Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
security.txt - Proposed standard which allows websites to define security policies.
lego - Let's Encrypt client and ACME library written in Go.
hashcat - World's fastest and most advanced password recovery utility.
Brim - Open source desktop application for security and network specialists.
testssl.sh - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
AFL++ - Fuzzing framework.
Awake Security - Advanced Network Traffic Analysis Solution.
OpenSC - Open source smart card tools and middleware.
SnapPass - Share passwords securely.
The SSO Wall of Shame - List of vendors that treat single sign-on as a luxury feature, not a core security requirement.
Password Manager Resources - Place for creators of password managers to collaborate on resources to make password management better for everyone.
gopass - Password manager for the command line written in Go.
Rosetta - Simple, scriptable file encryption tool.
OWASP Amass - In-depth Attack Surface Mapping and Asset Discovery.
DEF CON - Hacking Conference.
Payloads All The Things - List of useful payloads and bypass for Web Application Security and Pentest/CTF.
F-Secure Labs - Cyber security research and development.
Chamber - CLI for managing secrets. Currently it does so by storing secrets in SSM Parameter Store, an AWS service for storing secrets.
HowToHunt - Some Tutorials and Things to Do while Hunting Particular Vulnerability.
EarlyBird - Sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
mc2 - Multiparty Collaboration + Coopetition projects.
Google Security Research - Hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google.
Timesketch - Collaborative forensic timeline analysis.
XSStrike - Advanced XSS Detection Suite.
GHunt - Investigate Google Accounts with emails.
HideAndSec - Group of cybersecurity enthusiasts.
Web Hacker's Weapons - Collection of cool tools used by Web hackers.
Infection Monkey - Open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection.
OpenEDR - Free and open source platform allows you to analyze what’s happening across your entire environment at base-security-event level.
Neurax - Library for constructing self-spreading binaries.
Quarkslab - Software and security services.
Drata - Put SOC 2 Compliance On Autopilot.
Hacker Roadmap - Beginner pen-testing start guide.
Darkbit - Cloud-native security built for your business.
CALDERA - Scalable Automated Adversary Emulation Platform.
Hack The Box - Hacking Training For The Best. Individuals & Companies.
resync - Curate, monitor, and derive signal from the world's attack surface.
Starting Up Security - Collection of information security essays and links to help growing teams manage risks.