Trending Projects

The Bug Hunters Methodology is a comprehensive guide for penetration testing and security research.

A Rust-based tool for rapidly searching and hunting through Windows forensic artifacts.

A modular sysmon configuration repository for security monitoring and threat hunting.

An open-source library for creating security detection rules and threat hunting content.

Sudomy is a subdomain enumeration tool for bug hunting and pentesting, providing automated reconnaissance.

A Python script to automatically coerce a Windows server to authenticate on an arbitrary machine through multiple methods.

Advanced DNS filter/blocklists for privacy, security, and clean browsing.

This GitHub repository provides instructions to install the Metasploit Framework 6 on the Termux Android terminal emulator.

A curated list of resources related to the security and compromise of locks, safes, and keys.

This repository provides a comprehensive set of tools for vulnerability exploitation and post-exploitation.

CaA - a Java tool for information gathering, analysis, and intelligence exploration for bounty hunters and security researchers.

A tool to spoof TLS/JA3 fingerprints in Go and JavaScript for bypassing security measures.

A DNS client that supports various encryption and anonymization protocols to bypass censorship and protect privacy.

An IIS short filename enumeration tool for security audits and penetration testing.

A tool for cloning and running the popular WiFi Pineapple security device on generic hardware.

Modlishka is a reverse proxy tool for penetration testing and security research.

A collection of cheat sheets for penetration testing and security research.

A comprehensive collection of tools for ethical hacking and penetration testing.

A PowerShell script that checks and hardens the Windows configuration for better security.

A machine learning security engine that automatically prevents threats against web apps and APIs.

A Python tool for generating various types of NTLMv2 hash theft files for security research and testing.

A large open-source database for detecting secrets, API keys, passwords, and more, useful for security-focused vibe coders.

A Java agent-based tool to quickly generate memory shell payloads for common Java web frameworks.

This is a hacking tool that can track a user's location, capture their picture, and collect device information.

This repository provides a collection of Windows kernel exploit samples for penetration testing and security research.

This GitHub repository provides a collection of free security and hacking ebooks for developers.

Open-source tools and middleware for working with smart cards and secure elements.

Pentest Report Generator is an open-source tool for security professionals to generate professional penetration testing reports.

High-fidelity detection mechanism for finding security vulnerabilities in Next.js and React apps.

A customizable and automated penetration testing reporting platform for offensive security professionals.

A Magisk/KernelSU module that automatically adds user certificates to the system root CA store

An open-source 802.11 attack tool written in Rust for security researchers and penetration testers.

A collection of PDF/books about modern web application security and bug bounty programs.

An open-source OSINT tool for tracking social media accounts across multiple platforms.

This repository provides a patch to hide QEMU and bypass various anti-detection mechanisms.

A tool to download all Pwned Passwords hash ranges and save them offline for use without a dependency on the k-anonymity API.

A compilation of resources from the Practical Ethical Hacking Udemy course, focused on Python-based security tools.

A C# library to prevent malware from gaining admin privileges through UAC authorization.

A collection of study notes and resources for learning web hacking and security.

This is the unofficial Git repository for the Tor Project, a popular tool for online privacy and anonymity.

A curated list of awesome resources for reverse engineering and malware analysis.

A powerful network reconnaissance framework that allows you to build your own self-hosted alternatives to Shodan, ZoomEye and more.

Linux enumeration tool for penetration testing and CTFs with multiple verbosity levels.

A collection of Burpsuite plugins, articles, and usage tips for web security testing and penetration testing.

A comprehensive wordlist for web fuzzing and security testing, useful for bug bounty and pentesting.

A vulnerable Windows & Linux kernel driver for security research and exploit development.

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

A Python script for finding sensitive data (API keys, access tokens, JWTs) and searching JavaScript files.

A multi-cloud OSINT tool to enumerate public resources in AWS, Azure, and Google Cloud.

A highly customizable and extensible automated security scanning engine for red teams