Trending Projects

A customizable Java in-memory webshell generation tool for security research and testing.

This repository contains resources and examples related to Linux rootkits, which are malicious software designed to gain unauthorized access to a system.

A highly customizable and extensible automated security scanning engine for red teams

A comprehensive roadmap and resources for those interested in pursuing a career in cybersecurity.

A Raspberry Pi-based toolkit for WiFi hacking and penetration testing.

A unified repository for different Metasploit Framework payloads.

ADB-Toolkit V2 is a collection of ADB scripts and tools for Android hacking and pentesting

This repository is a collection of resources and tools for penetration testing and security research.

This is a fork of the Reaver WPS (Wi-Fi Protected Setup) tool for security research and testing.

SocialBox is a Bruteforce Attack Framework for Facebook, Gmail, Instagram, and Twitter.

A comprehensive collection of awesome resources and modules for the Flipper Zero device, focused on security tools and penetration testing.

ARL (Asset Reconnaissance Lighthouse) is a security tool for quickly investigating and building an asset information library for penetration testing and vulnerability assessment.

This is a comprehensive security handbook covering web vulnerabilities, exploitation, code auditing, and penetration testing.

Awesome free cloud native security learning labs with CTF, self-hosted workshops, and guided vulnerability research.

A collection of Google Dorks to find websites with responsible disclosure programs or bug bounty programs.

This is a Windows kernel and user mode emulation library for malware analysis, not a vibe coder tool.

A multifunctional Telegram-based Android RAT (Remote Access Tool) without port forwarding.

A tool that uses the Windows Filtering Platform to block Endpoint Detection and Response (EDR) agents from reporting security events.

A browser extension for encrypting emails with OpenPGP, compatible with webmail providers.

A high-performance, comprehensive credentials bruteforcing and enumeration tool for security research.

A comprehensive guide to privacy settings for popular software and services.

BlueDucky is a Python implementation of a security vulnerability (CVE-2023-45866) that allows unauthenticated code execution using a HID keyboard.

An open-source 802.11 attack tool written in Rust for security researchers and penetration testers.

A comprehensive guide for web application penetration testing and bug bounty hunting.

An all-in-one hacking tool for Linux and Android (Termux) to turn your environment into a hacking machine.

This repository contains publications from the security research firm Trail of Bits, covering academic papers and conference presentations.

A framework for rapid prototyping of custom C2 channels, with integration to existing offensive toolkits.

A collection of RSS feeds for cybersecurity and information security news, blogs, and social media.

An open-source web vulnerability scanner and auto-exploiter for Drupal, Joomla, WordPress, and more.

In-depth repository of Telegram OSINT resources covering tools, techniques and tradecraft.

FPGA modules used with PCILeech DMA Attack Software for advanced security research and hardware hacking.

A Google Chrome extension for passive monitoring of high-risk fingerprinting, honeypot detection, and machine feature obfuscation.

A Python-based Instagram brute force password cracking tool for hacking and security research.

Comprehensive cheatsheet for assessing the security of mobile applications using various tools and commands.

A Python-based web vulnerability scanner for developers to identify and mitigate security risks.

A collection of helpful preload libraries for security research and penetration testing.

A collection of real-world infosec wordlists for security researchers and penetration testers.

A Python tool to scan binaries for known vulnerabilities and generate software bill of materials (SBOM).

A tool to simulate application layer DoS attacks for security testing and performance analysis.

OnionSearch is a Python script that scrapes URLs from different .onion search engines for open-source intelligence.

Compiled binaries for the Ghostpack suite of post-exploitation tools for penetration testing.

Splunk Security Content is a Python library for cybersecurity detection and response engineering.

AndroRAT is a Remote Administrator Tool for hacking Android devices, allowing remote control and exploitation.

A collection of proof-of-concept exploits for the Linux kernel, focused on privilege escalation.

A Python tool to extract one-time password (OTP) secrets from QR codes exported by 2FA apps like Google Authenticator.

GooFuzz is a tool to perform fuzzing with an OSINT approach, enumerating targets without leaving evidence.

A Python library that declutters URL lists for web crawling and penetration testing tasks.

A subdomain takeover vulnerability checker tool written in Go for bug bounty hunting and security research.

A Python library that demonstrates a security vulnerability in QR code-based login systems.

This is a database of known phishing domains and URLs that can be used to validate and detect phishing attacks.