Trending Projects

This is a penetration testing guide based on OWASP, including test cases, resources, and examples.

This is an Android GUI application that provides tools for wireless network cracking and monitoring, not a developer platform for vibe coders.

This is a tool for conducting targeted evil twin attacks against WPA2-Enterprise networks and performing indirect wireless pivots using hostile portal attacks.

AWSGoat is a Damn Vulnerable AWS Infrastructure for security testing and research.

A curated list of tools and resources for investigating crypto hacks, security incidents, and on-chain analysis.

A security audit tool to assess and improve cybersecurity posture.

This GitHub repository contains tools to exploit and hack Windows systems, primarily through PowerShell scripts.

VPN/proxy node recommendation and evaluation guide for airport services

A Python-based tool for performing brute-force attacks on passwords, with a focus on security research.

Collection of KQL queries for Advanced Hunting, Detection, and Threat Hunting in Azure Sentinel and Defender for Endpoint.

A library for protecting against prototype pollution vulnerabilities in JavaScript applications.

This Python tool is a Facebook hacking tool, not a developer discovery platform for vibe coders.

SharpUp is a C# port of various PowerUp functionality for security research and testing.

A GUI tool for macOS that allows users to spoof their MAC address at the link layer.

A tool to disable SSL verification and pinning on Android, allowing developers to bypass security checks.

A tool to dump cookies and credentials directly from Chrome/Edge process memory.

A fast, open-source GitHub recon tool that scans for leaked secrets across all of GitHub.

An automated bitcoin wallet brute-forcer written in Python for cracking and stealing wallets.

This Python project generates professional phishing emails for social engineering and hacking purposes.

Rosenpass is a post-quantum-secure VPN that uses WireGuard to transport the actual data.

A curated list of vulnerable apps and systems for penetration testing practice.

An OSINT tool for finding profiles by username, useful for security research and information gathering.

A post-quantum cryptography library written in C for key exchange and encryption.

This repository provides a collection of advanced XSS payloads for penetration testing and security research.

A ready-to-go phishing platform built with JavaScript for malicious social engineering attacks.

A security advisory database for Rust crates published through crates.io, focused on vulnerability research and reporting.

DIVA Android is a deliberately insecure and vulnerable Android app for security testing and education.

This repository contains labs for practical malware analysis and triage, not a developer discovery platform for vibe coders.

A multi-packer tool that helps Red Team engineers obfuscate and watermark their malware implants.

A Rust implementation of the Noise Protocol Framework for secure communication.

This repository contains a tutorial for setting up a phishing toolkit on Kali Linux or Termux.

An open-source post-exploitation framework for students, researchers and developers.

A comprehensive list of open-source tools for AWS security, including defensive, offensive, auditing, and incident response capabilities.

NullArray/AutoSploit is an automated mass exploiter tool for penetration testing and security research.

This is an Android app that detects and fights against IMSI-Catchers, StingRays, and silent SMS attacks.

A fast, simple web crawler designed for quick discovery of endpoints and assets within a web application.

This is an Android security learning repository, not a developer discovery platform for vibe coders.

A blackbox tool to disable SSL certificate validation within iOS and macOS applications.

A curated list of security resources for all connected IoT/embedded devices and firmware.

A simple keylogger for Windows, Linux and Mac used for hacking and penetration testing.

Malcolm is a powerful network traffic analysis tool suite for PCAP files, Zeek logs, and Suricata alerts.

The OWASP MASVS is the industry standard for mobile app security verification and testing.

Improve your security and privacy by blocking ads, tracking and malware domains.

A Python-based tool for automating password cracking methodologies using Hashcat.

An all-in-one hacking tool for Linux and Android (Termux) to turn your environment into a hacking machine.

PowerShell utilities for passing the hash authentication method used in some security attacks.

An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.

Comprehensive cheatsheet for assessing the security of mobile applications using various tools and commands.

A password cracking tool with a single rule to crack all passwords, or at least try to.

A comprehensive list of reentrancy attacks on Ethereum smart contracts for security research.