📚 Awesome Lists 🤖 AI Security 🐳 Docker Images 🖥️ Self Hosting 📖 Books 🛠️ Tools

--- ## 📚 Awesome Lists

🔐 Security — General

• Awesome Cyber Security — A collection of awesome software, libraries, documents, books, and resources about security.
• Awesome Cyber Security (okhosting) — A curated list of cyber security resources and tools.
• Awesome Security — A collection of awesome software, libraries, documents, books, resources and cool stuff about security.
• Awesome Appsec — A curated list of resources for learning about application security: books, websites, blog posts, and self-assessment quizzes.
• Awesome Security Hardening — A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.
• Awesome Infosec — A curated list of awesome information security resources.

🎯 Offensive Security & Pentesting

• Awesome Hacking — A curated list of awesome hacking tools and resources.
• Awesome Hacking (Hack-with-Github) — A collection of awesome lists for hackers, pentesters & security researchers.
• Awesome Pentest — A collection of awesome penetration testing and offensive cybersecurity resources.
• Awesome CTF — A curated list of CTF frameworks, libraries, resources, software and tutorials.
• Awesome Web Hacking — A list to learn more about web application security.

🔵 Detection, DFIR & Threat Intel

• Awesome Incident Response — A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.
• Awesome Threat Detection — A curated list of awesome threat detection and hunting resources.
• Awesome Threat Intelligence — A curated list of awesome Threat Intelligence resources.
• Awesome SOC/DFIR Detections — Curated detection resources for SOC and DFIR teams.
• Awesome SOC — A collection of sources of documentation and field best practices to build and run a SOC (including CSIRT).
• Awesome Malware Analysis — A curated list of awesome malware analysis tools and resources.
• Awesome Forensics — Curated list of awesome free forensic analysis tools and resources.
• Awesome Honeypots — A curated list of awesome honeypots plus related components.
• Awesome Yara — A curated list of awesome YARA rules, tools, and resources.

🌐 Networking & Traffic Analysis

• Awesome Network Analysis — An awesome list of resources to construct, analyze and visualize network data.
• Awesome Networking — A curated list of awesome networking libraries, resources and shiny things.
• Awesome PCAP Tools — List of tools to help process pcap files for network traffic research.

💻 Scripting & Development

• Awesome Bash — A curated list of delightful Bash scripts and resources.
• Awesome Powershell — A curated list of delightful PowerShell packages and resources.
• Awesome Python — An opinionated list of awesome Python frameworks, libraries, software and resources.
• Awesome README — A curated list of awesome READMEs.

🎤 Talks & Learning

• Awesome Sec Talks — A curated list of awesome Security talks.
• Awesome Sysadmin — A curated list of amazingly awesome open source sysadmin resources.

--- ## 🤖 AI Security

🔴 AI Red Teaming

Open source tools and frameworks for adversarial testing, attacking, and evaluating AI/ML systems.

• PyRIT — Microsoft's Python Risk Identification Toolkit for generative AI. Automates red teaming of LLMs, multimodal models, and AI pipelines.
• Garak — LLM vulnerability scanner. Tests for prompt injection, jailbreaks, data leakage, hallucination, and more across many model providers.
• ps-fuzz (Prompt Fuzzer) — Open source tool for fuzzing LLM system prompts to find injection vulnerabilities and weaknesses.
• AI Exploits (ProtectAI) — Real-world exploits and vulnerabilities found in ML infrastructure and AI tooling. Maintained by the ProtectAI team.
• Adversarial Robustness Toolbox (ART) — IBM's library for defending ML models against adversarial attacks: evasion, poisoning, extraction, and inference attacks.
• CleverHans — A Python library to benchmark ML model vulnerability to adversarial examples.
• TextAttack — A framework for adversarial attacks, data augmentation, and adversarial training in NLP.
• PromptBench — Microsoft's unified library for evaluating and benchmarking LLM robustness against adversarial prompts.

🔵 AI Blue Teaming & Defense

Open source tools for monitoring, protecting, and securing AI/ML systems and applications in production.

• Rebuff — Self-hardening prompt injection detector. Uses LLM-based detection, a canary token system, and a shared database of attack signatures.
• LLM Guard — A comprehensive security toolkit for LLM interactions: input/output scanning for prompt injection, PII, toxicity, and code detection.
• NeMo Guardrails — NVIDIA's open source toolkit for adding programmable guardrails to LLM-based conversational applications.
• LangKit — An open source text metrics toolkit for monitoring LLM inputs/outputs. Detects prompt injection, toxicity, PII, and sentiment drift.
• Vigil — LLM prompt injection and jailbreak detection server with REST API. Scans prompts against known attack signatures and semantic embeddings.
• MLflow — Open source platform for ML lifecycle management including experiment tracking, model registry, and monitoring for drift.
• Evidently AI — Open source ML and LLM observability framework. Monitors model performance, data drift, and output quality over time.
• Guardrails AI — Open source framework for adding structural, type, and quality constraints to LLM outputs.

📖 AI Security Learning Resources

Open source courses, guides, research, and references for learning AI/ML security concepts.

• OWASP Top 10 for LLMs — The OWASP project documenting the top 10 most critical vulnerabilities in LLM applications, with mitigations.
• Prompt Engineering Guide — Comprehensive guide to prompt engineering including adversarial prompting, prompt injection, and jailbreaking techniques.
• MITRE ATLAS — Adversarial Threat Landscape for Artificial-Intelligence Systems. A knowledge base of adversarial ML tactics and techniques analogous to ATT&CK.
• Awesome LLM Security — A curated list of LLM security resources: papers, tools, and real-world vulnerabilities specific to language models.
• Awesome ML Privacy — Resources on privacy in machine learning: membership inference, model inversion, differential privacy, and federated learning.
• AI Red Team Exercises — Practical exercises and lab scenarios for hands-on adversarial AI testing and red team practice.

--- ## 🐳 Docker Images for Security

🗡️ Offensive & Pentesting

• docker pull kalilinux/kali-rolling — Official Kali Linux
• docker pull metasploitframework/metasploit-framework — Official Metasploit
• docker pull phocean/msf — Docker Metasploit (community)
• docker pull noncetonic/archlinux-pentest-lxde — Arch Linux Penetration Tester

🎯 Vulnerable Training Targets

• docker pull bkimminich/juice-shop — OWASP Juice Shop
• docker pull danmx/docker-owasp-webgoat — OWASP WebGoat
• docker pull citizenstig/dvwa — Damn Vulnerable Web Application (DVWA)
• docker pull vulnerables/web-owasp-nodegoat — OWASP NodeGoat
• docker pull citizenstig/nowasp — OWASP Mutillidae II
• docker pull ismisepaul/securityshepherd — OWASP Security Shepherd
• docker pull wpscanteam/vulnerablewordpress — Vulnerable WordPress
• docker pull hmlio/vaas-cve-2014-6271 — Vulnerability as a Service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 — Vulnerability as a Service: Heartbleed

🔬 Scanning & Assessment

• docker pull owasp/zap2docker-stable — OWASP ZAP
• docker pull wpscanteam/wpscan — WPScan
• docker pull diogomonica/docker-bench-security — Docker Bench for Security
• docker pull opendns/security-ninjas — Security Ninjas

--- ## 🖥️ Self Hosting

• Awesome Selfhosted — A list of Free Software network services and web applications which can be hosted on your own servers.

--- ## 📖 Books

Recommendations coming soon.

--- ## 🛠️ Tools

Curated tooling list coming soon.