Trending Projects

An open-source OSINT tool to find breached emails, databases, pastes, and other relevant information.

An advanced Python tool for email reconnaissance and cybersecurity research.

Reverse-engineering tool for account pooling with load balancing, auto-refresh, caching & proxy support

A modular, open-source vulnerability scanner with automatic report generation capabilities.

Clair is a static analysis tool for scanning container images and identifying vulnerabilities.

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang.

A step-by-step tutorial on fuzzing, a security testing technique to find vulnerabilities in software.

A Python script for brute-forcing WPA/WPA2 WiFi passwords, not suitable for vibe coders.

A Python-based reverse shell payload generator and handler for penetration testing and red teaming

A collection of cybersecurity handbooks and resources for security professionals and CTF players.

Secure password sharing with automatic expiration, view limits, and audit logs

ARL (Asset Reconnaissance Lighthouse) is a security tool for quickly investigating and building an asset information library for penetration testing and vulnerability assessment.

A framework for rapid prototyping of custom C2 channels, with integration to existing offensive toolkits.

An OSINT tool that generates username lists for companies on LinkedIn to aid in penetration testing and security research.

Single Packet Authorization (SPA) firewall tool that provides an alternative to traditional port-knocking.

This repository provides a suite of tools for mapping network assets, scanning ports, and extracting sensitive information from web applications.

A large collection of learning resources and labs for offensive security enthusiasts and professionals.

A HTML5/CSS3 version of a security certification roadmap for developers.

A popular browser extension that provides enhanced security and privacy features for web browsing.

An all-in-one Instagram hacking tool for information gathering, brute force attacks, and account reporting.

A free, open-source password manager compatible with KeePass, with cross-platform support.

A comprehensive security assessment tool that supports scanning for common web vulnerabilities and custom PoCs.

A powerful Nginx server-side script that blocks bad bots, spam referrers, vulnerability scanners, and other malicious traffic.

A web security testing platform built with PHP for discovering and testing web vulnerabilities.

A Python script that finds endpoints in JavaScript files for security and information gathering purposes.

A curated collection of awesome tools and resources for securing APIs, benefiting the entire community.

A fast Go HTML sanitizer to scrub user-generated content and prevent XSS attacks.

A Python tool to automate Google Hacking Database scraping and searching for bug bounty and OSINT purposes.

A tool for creating vulnerable environments to simulate attacks and collect data into Splunk for security research and detection.

A middleware to create a flexible proxy pool, providing a fixed request address for long-term use.

An efficient and advanced man-in-the-middle (MITM) framework for security research and penetration testing.

This repository provides a collection of hacking tools and backdoor generators for security research and penetration testing.

A Python script to track location with live address and accuracy using Termux on Linux platforms.

SocialBox is a Bruteforce Attack Framework for Facebook, Gmail, Instagram, and Twitter.

A comprehensive collection of awesome resources and modules for the Flipper Zero device, focused on security tools and penetration testing.

A comprehensive network reconnaissance and analysis tool for security professionals and network engineers

This repository provides access to the latest proxy/VPN resources for developers who need to bypass censorship or access restricted content.

A Python library to completely block Google and its services for improved privacy and reduced tracking.

Comprehensive penetration testing toolkit for web, mobile, APIs, and more, useful for security-focused developers.

An integrated BurpSuite vulnerability detection plugin for security researchers.

The OWASP Top 10 is a standard awareness document for web application security.

Run frida-server on boot with Magisk, always up-to-date for Android exploitation and reverse-engineering.

A Python tool for remotely dumping DPAPI credentials from Windows systems.

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms.

This is an advanced remote access trojan (RAT) written in Python that can be controlled through Discord.

Collection of vulnerable PHP code snippets for security research and bug bounty hunting.

Psiphon is an open-source tool for circumventing internet censorship, built in Go.

GmSSL is a cryptographic toolbox supporting Chinese national cryptography standards including SM2, SM3, SM4, SM9 and SSL/TLS protocols.

Google CTF is a security-focused repository with CTF challenges, not a developer discovery platform for vibe coders.

This Rust-based repository provides tools and resources for offensive security and penetration testing.