Trending Projects

A collection of awesome resources related to the Cobalt Strike security tool for red team activities.

A tool for searching for ROP gadgets in binary files to facilitate exploitation.

This project hosts security advisories and proof-of-concepts related to research conducted at Google.

P4wnP1 is a highly customizable USB attack platform based on a Raspberry Pi Zero or Raspberry Pi Zero W.

This is an Android security learning repository, not a developer discovery platform for vibe coders.

A comprehensive security scanner written in Go, supporting port scanning, protocol detection, fingerprinting, and brute-force attacks.

A collection of web attack payloads for security research and penetration testing.

Unicorn is a tool for using a PowerShell downgrade attack and injecting shellcode into memory.

Pafish is a malware analysis tool that uses various techniques to detect virtual machines and analysis environments.

Linux enumeration tool for penetration testing and CTFs with multiple verbosity levels.

This is the Kali NetHunter project, a penetration testing and security framework for Android devices.

A powerful OSINT tool for gathering open-source intelligence and performing online investigations.

A simple yet powerful IOC and YARA scanner for security analysis and threat hunting.

A free online security knowledge library for pentesters and researchers.

The vanhoefm/krackattacks-scripts repository contains scripts related to the KRACK attack on WPA2 wireless protocols.

An automatic SSRF fuzzer and exploitation tool for penetration testing and security research.

A Python-based weaponized web shell for penetration testing and security research.

A curated list of CVE PoCs, a useful resource for security researchers and penetration testers.

A Python script for brute-forcing WPA/WPA2 WiFi passwords, not suitable for vibe coders.

EHole is a penetration testing tool for detecting system fingerprints used in red team attacks.

A curated list of awesome resources for the OSCP (Offensive Security Certified Professional) certification.

This repository contains a comprehensive checklist of web and API vulnerabilities for bug bounty hunters and security researchers.

A fast and efficient security scanner for websites built with JavaScript module bundlers like Webpack.

KeyDecoder is a mobile app that lets you quickly decode mechanical keys using your smartphone's camera.

A comprehensive cheat sheet for advanced SQL injection techniques across various database platforms.

An open-source project focused on protecting user privacy and security against mass surveillance.

OS X Auditor is a free Mac OS X computer forensics tool.

Hayabusa is a Rust-based threat hunting and forensics timeline generator for Windows event logs.

Open-source tools and middleware for working with smart cards and secure elements.

An open-source password manager with end-to-end encryption and progressive web app capabilities.

A security tool that helps analyze changes to the attack surface of an operating system during software installation.

This repository provides suggestions and code for Capture The Flag (CTF) cybersecurity challenges.

ScareCrow is a payload creation framework designed to bypass endpoint detection and response (EDR) solutions.

Detect and fingerprint WAF technologies, test bypass techniques for security research

Firefox hardening configuration script for enhanced privacy and security

Quickly discover exposed hosts on the internet using multiple search engines for bug bounty and reconnaissance.

Collection of security-focused projects for penetration testing and red team activities.

PingCastle is a reporting tool that helps secure Active Directory by identifying and remediating security vulnerabilities.

A Go-based CLI tool to generate temporary phone numbers for bypassing SMS verification.

CHAOS is a free and open-source remote administration tool for controlling remote operating systems.

This is a penetration testing guide based on OWASP, including test cases, resources, and examples.

Open-source educational content for security researchers and bug bounty hunters.

A small, fast, portable TLS/SSL implementation for embedded devices to the cloud.

This repository provides a comprehensive cheat sheet for common Active Directory enumeration and exploitation techniques.

A collection of Java security vulnerabilities and exploits for frameworks like Fastjson, Jackson, Spring, Dubbo, and more.

This is an open-source EDR (Endpoint Detection and Response) repository, not a developer discovery platform for vibe coders.

This is a PHP webshell with handy features, not a developer discovery platform for vibe coders.

A C# research tool that identifies the bytes that Microsoft Defender flags on, useful for security researchers and developers working on evasion techniques.

CeWL is a Ruby library for generating custom word lists, useful for password cracking.

Th3Inspector is a comprehensive tool for information gathering and security research.