Trending Projects

A tool for automating brute-force attacks on services found through various scanning techniques.

A deliberately vulnerable CI/CD environment to learn CI/CD security through multiple challenges.

A collection of notes, checklists, and writeups on bug bounty hunting and web application security.

A comprehensive network reconnaissance and analysis tool for security professionals and network engineers

A high-performance, comprehensive credentials bruteforcing and enumeration tool for security research.

This repository is a collection of malware samples gathered from honeypots, useful for malware analysis.

A curated list of threat modeling resources for learning and practicing security review.

Free and open-source BadUSB payloads for the Flipper Zero hacking device, supporting Windows, Linux, and iOS.

A Python tool to scan binaries for known vulnerabilities and generate software bill of materials (SBOM).

A Python library that provides AV/EDR evasion capabilities via direct system calls for vibe coders.

A reconnaissance tool that utilizes various techniques to expedite initial information gathering on target organizations.

Picocrypt is a small, secure encryption tool written in Go that can be used for file encryption and privacy.

A network reconnaissance and asset discovery tool written in Go for security professionals.

A Python script that automatically cracks Jinja2 SSTI vulnerabilities to bypass WAF, designed for CTF challenges.

A security tool for developers to hunt endpoints, expose shadow APIs, and map attack surfaces.

Cryptomator for Android is an open-source file encryption tool for secure cloud storage access.

An open-source guideline to help embed security as part of the development pipeline.

Comprehensive security guide for developers covering common vulnerabilities and best practices

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang.

A C# library to prevent malware from gaining admin privileges through UAC authorization.

A comprehensive repository of red teaming tactics and techniques for security professionals.

Arachni is a powerful open-source web application security scanner framework for penetration testing and vulnerability detection.

An automated NoSQL database enumeration and web application exploitation tool for security researchers.

Project Wycheproof tests crypto libraries against known attacks, helping developers improve security.

A low bandwidth DoS tool written in Python that can be used for penetration testing.

JexBoss is a tool to verify and exploit Java deserialization vulnerabilities in JBoss and other Java applications.

Easy-to-follow tutorials for beginners on using Shadowsocks to bypass internet restrictions.

APKiD is a tool for identifying Android apps that have been packed, obfuscated, or secured using various techniques.

A Python library for stealing signatures and making invalid signatures for testing purposes.

This repository provides practical examples of malicious software in Python for educational purposes.

A JavaScript-based framework for dynamic analysis and penetration testing of Android and iOS apps.

A PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC functions.

This repository contains resources and examples related to Linux rootkits, which are malicious software designed to gain unauthorized access to a system.

A unified repository for different Metasploit Framework payloads.

A repository containing indicators of compromise (IOCs) from malware investigations.

A tool that uses the Windows Filtering Platform to block Endpoint Detection and Response (EDR) agents from reporting security events.

This repository provides a port of ParrotSec's stealth and anonsurf modules to Kali Linux for anonymous web browsing.

A Ruby tool for automatic exploitation of XXE vulnerabilities using direct and out-of-band methods.

A collection of real-world infosec wordlists for security researchers and penetration testers.

A Python tool to extract one-time password (OTP) secrets from QR codes exported by 2FA apps like Google Authenticator.

A Python library that demonstrates a security vulnerability in QR code-based login systems.

An integrated BurpSuite vulnerability detection plugin for security researchers.

Logging Made Easy (LME) is a no-cost, open-source platform that centralizes log collection, enhances threat detection, and enables real-time alerting for small to medium-sized organizations.

This Python repository generates customized word lists for a variety of use cases, including penetration testing.

SploitScan is a sophisticated cybersecurity utility for vulnerabilities and exploit analysis.

A Python library for analyzing and securing drone systems against security vulnerabilities.

This is a blocklist for Adobe's URLs and IPs that can be added to the Windows host file.

This repository contains write-ups for iOS vulnerabilities that have been released.

Easily identify emails, IP addresses, and more from text or PCAP files with this cybersecurity-focused Python library.

A comprehensive cheatsheet for bug bounty hunters, covering various payloads, tips, and tricks.