Trending Projects

Privaxy is a next-generation ad and tracker blocker that blocks ads and trackers by MITMing HTTP(s) traffic.

A command-line tool to audit source code for security vulnerabilities using grep patterns.

A Python library for launching HTTP/HTTPS flood attacks using socks4/5 or HTTP proxies.

A Python tool to search popular search engines for security research and reconnaissance.

A tool to find the origin servers of websites behind Cloudflare using Censys internet-wide scan data.

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

A Python tool to test for the CVE-2020-1472 vulnerability, which is a critical security issue.

A C++ library for loading and executing shellcode, likely used for security research and penetration testing.

A comprehensive OSINT tool written in Go that allows searching anyone's digital footprint across 300+ websites.

An interactive cheat sheet of offensive security tools and commands for Windows/AD environments.

A security tool for developers to hunt endpoints, expose shadow APIs, and map attack surfaces.

Legion is an automatic enumeration tool based on open-source tools for security professionals and pentesters.

A comprehensive guide for mobile app security testing and reverse engineering.

A fast subdomain enumeration tool for penetration testers and security researchers.

An automated reconnaissance framework for web applications focused on highly configurable streamlined recon process.

proxychains is a tool that forces any TCP connection to follow through a proxy, supporting SOCKS4, SOCKS5 and HTTP(S) proxies.

A fast vulnerability scanner that helps pentesters identify potentially vulnerable web servers.

Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers.

Velociraptor is a digital forensics and incident response framework written in Go, with a focus on endpoint discovery and security.

This is a hacking tool that can track a user's location, capture their picture, and collect device information.

A reverse engineering framework for Flutter, focused on security research and bug bounty programs.

JA4+ is a suite of network fingerprinting standards for cybersecurity and network forensics analysis.

Email OSINT and password breach hunting tool, locally or using premium services

Tookie is an advanced OSINT tool that helps find social media accounts based on user inputs.

This Python library provides a comprehensive set of tools for penetration testing and offensive security.

Buttercup is a Python tool that finds and patches software vulnerabilities.

This is a C++ rootkit designed to provide stealth and evasion capabilities to malicious software.

A sensitive information protection toolkit written in Go for secure data handling.

A Frida-based Android app privacy compliance detection tool for developers.

A script that performs local Linux enumeration and privilege escalation checks.

A curated list of security resources for all connected IoT/embedded devices and firmware.

This GitHub repository is a tool for using an Android device as a Rubber Ducky against another Android device.

A collection of public penetration test reports for security research and learning.

A comprehensive toolkit for Windows penetration testing, including a range of security tools and utilities.

This is an open-source tool for detecting app hardening features in APK files, supporting over 40 vendors.

CVE cache of the official CVE List in CVE JSON 5 format, providing developers with a comprehensive vulnerability database.

A repository providing a list of the top 25 vulnerability parameters for security researchers and bug bounty hunters.

A general collection of information, tools, and tips regarding CTFs and similar security competitions

Metasploitable3 is a vulnerable virtual machine for security research and testing purposes.

An advanced Python-based tool for automating the detection and exploitation of SQL injection vulnerabilities.

A project documenting the history and providing a tutorial on the Shadowsocks proxy server.

A Zygisk module to hide root for KernelSU, Magisk and APatch, designed for Android 5.0+.

An open-source web vulnerability scanner and auto-exploiter for Drupal, Joomla, WordPress, and more.

A Python tool for discovering URLs and parameters from web archives for bug hunting, fuzzing, and further probing.

This GitHub repository provides a comprehensive collection of hacking resources and cheat sheets for security professionals.

A beginner-friendly Python toolkit for penetration testing and ethical hacking.

A cloud-native SIEM for intelligent security analytics for the entire enterprise.

A hosted reverse shell generator with many features for use in CTFs and security testing.

A Python tool for enumerating and abusing Active Directory Certificate Services (ADCS).

Monitor Linux processes without root permissions using this Go-based security tool.