Trending Projects

Zeek is a powerful network analysis framework for security monitoring and incident response.

A Python-based tool to suggest Windows exploits based on installed updates and patches.

A simple way to block internet access per app on Android devices.

A network monitoring and bandwidth limiting tool for developers without administrative access.

This GitHub repository contains resources related to GitHub Security Lab, a project focused on security research.

A personal VPN project using Shadowsocks and v2ray to provide a free and secure VPN solution.

A GUI tool for macOS that allows users to spoof their MAC address at the link layer.

A CLI tool that helps developers inspect Android APK files and bypass HTTPS certificate pinning

This is an automated penetration testing tool written in Go, not a developer discovery platform focused on vibe coders.

A tool to monitor and detect sensitive information leaks on GitHub repositories.

A collection of Google Dorks that can be used to find vulnerable websites indexed in Google Search results.

PingCastle is a reporting tool that helps secure Active Directory by identifying and remediating security vulnerabilities.

A Python codebase to generate an msdt-follina payload, a vulnerability exploit in Microsoft.

A curated collection of top-tier penetration testing tools and productivity utilities for security researchers and bug bounty hunters.

The Rogue Access Point Framework for security and penetration testing

A Python script for brute-forcing WPA/WPA2 WiFi passwords, not suitable for vibe coders.

A fast internal network scanning tool for security researchers and system administrators.

A library of payloads for the O.MG line of hacking gadgets from Mischief Gadgets

OSS-Fuzz is a continuous fuzzing platform for open-source software, focused on improving security and stability.

A comprehensive scanner for the Log4j RCE vulnerability (CVE-2021-44228) to help secure your applications.

This C# project demonstrates an attack technique to retrieve NTLM hashes without touching LSASS.

A Go package and command-line tool for analyzing Java archives (JAR files) for Log4j vulnerabilities.

A curated list of resources related to executable packing, useful for malware analysis and security research.

Direct Memory Access (DMA) Attack Software for security research and penetration testing

This is an Android app that detects and fights against IMSI-Catchers, StingRays, and silent SMS attacks.

A GDPR, WCAG 2.2 AA, and EAA compliant, self-hosted CAPTCHA alternative with a PoW mechanism.

w13scan is a passive security scanner that can detect vulnerabilities in web applications.

An open-source tool focused on software supply chain security, with software composition analysis, vulnerability detection, and a vulnerability database.

A tool for bypassing websites protected by CloudFlare WAF, useful for penetration testing and website analysis.

Mars is a comprehensive security tool for asset discovery, subdomain enumeration, port scanning, and more.

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework.

A minimal and effective Wi-Fi, BLE, and 2.4 GHz band jammer written in C.

This is a C-based tool for bypassing Windows User Account Control (UAC) security features.

A collection of top Termux hacking tools for Android devices, focused on security and penetration testing.

BloodHound is a tool for graphically visualizing Active Directory environments to discover attack paths.

A Python tool for black-box regex fuzzing to bypass validations and discover normalizations in web apps.

Advanced Wazuh rules for more accurate threat detection in your Wazuh environment.

An SSL-enabled credential harvester and Word document template URL injector for security research.

This is a social engineering tool for hacking that can access webcam, microphone, and location.

This is an archived repository that provides a web crawler and search engine for the now-defunct Wooyun security vulnerability database.

A collection of incident response playbooks mapped to MITRE ATT&CK tactics and techniques.

This is a Java-based one-click scanning tool for security researchers and penetration testers.

A malicious payload evasion tool for bypassing security measures and executing custom code.

An open-source script that automatically removes DRM from Steam games

A HTML5/CSS3 version of a security certification roadmap for developers.

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Wazuh - a powerful open-source security platform for threat detection, incident response, and compliance.

This is a deprecated WiFi hacking tool that can be used for man-in-the-middle attacks and network sniffing.

Microsoft Defender for Cloud is a cloud security platform that provides advanced threat protection and compliance management for cloud environments.

Android certificate pinning disable tool that helps developers bypass SSL pinning in Android apps.