Trending Projects

Awesome list of step-by-step techniques to achieve Remote Code Execution on various applications.

This repository is a collection of resources and tools for penetration testing and security research.

An open-source anti-DPI software that allows users to bypass internet censorship on various platforms.

This is a C2 shellcode generator/compiler/handler, not a developer discovery platform for vibe coders.

A curated list of cybersecurity datasets for security researchers and machine learning practitioners.

A collection of common PHP webshells for penetration testing and CTF challenges, not intended for hosting on live servers.

pwncat is a powerful penetration testing tool that offers advanced features like firewall and IDS/IPS evasion, bind and reverse shell, and port forwarding.

A curated list of resources related to Industrial Control System (ICS) security.

An offensive web testing framework that helps security researchers and pentesters find and exploit vulnerabilities in web applications.

A Go port of the Shikata ga nai encoder with several improvements for security researchers and pentesters.

A repository containing indicators of compromise (IOCs) from malware investigations.

A collection of tools, tips, and tricks for exploring and securing Industrial Control Systems (ICS) and SCADA systems.

XcodeGhost is a malicious code injection vulnerability affecting Xcode, Apple's primary IDE for iOS development.

A suite of tools for hacking social media accounts, including brute-force, phishing, and reporting attacks.

Improve your security and privacy by blocking ads, tracking and malware domains.

A curated list of domains using Cloudflare DNS at the time of the CloudBleed security incident.

This repository contains a C# library for abusing Active Directory certificate functionality.

This is a fork of the Reaver WPS (Wi-Fi Protected Setup) tool for security research and testing.

A collection of precompiled Windows exploits, not actively maintained.

This GitHub repository is a list of recent data breaches and supply chain attacks, not a developer tool.

An automatic LFI (Local File Inclusion) exploiter and scanner written in Python.

SocialBox is a Bruteforce Attack Framework for Facebook, Gmail, Instagram, and Twitter.

A network monitoring and bandwidth limiting tool for developers without administrative access.

This is a PHP code audit project focused on improving code security and quality.

This GitHub repository provides resources for bug bounty hunting, a valuable skill for security-focused developers.

A comprehensive collection of awesome resources and modules for the Flipper Zero device, focused on security tools and penetration testing.

A PowerShell module and framework for interacting with and auditing Active Directory and Windows internals.

A Java-based tool for quickly exploiting Spring Boot vulnerabilities during penetration testing.

A Burp Suite extension that adds useful context menu functions for web application penetration testing.

ARL (Asset Reconnaissance Lighthouse) is a security tool for quickly investigating and building an asset information library for penetration testing and vulnerability assessment.

This is a comprehensive security handbook covering web vulnerabilities, exploitation, code auditing, and penetration testing.

A large repository of cybersecurity-related links, but not focused on AI coding tools or platforms.

This is an automated penetration testing tool written in Go, not a developer discovery platform focused on vibe coders.

Operational information about the Log4Shell vulnerabilities in the Log4j logging library.

A Python library for pwning IPv4 networks via IPv6 for security research and penetration testing.

A repository for building and optimizing efficient penetration testing dictionaries and fuzzing tools.

ADRecon is a tool for gathering information about Active Directory and generating a report on its current state.

Awesome free cloud native security learning labs with CTF, self-hosted workshops, and guided vulnerability research.

Microsoft Defender for Cloud is a cloud security platform that provides advanced threat protection and compliance management for cloud environments.

A collection of Google Dorks to find websites with responsible disclosure programs or bug bounty programs.

A collection of bug bounty tools and examples for security researchers and penetration testers.

A repository of security proof-of-concept codes created by the Google Security Team.

A modified version of the captcha-killer tool, supporting base64-encoded image keyword recognition and using a free OCR library for captcha brute-forcing, compatible with the latest Burp Suite.

A cryptography library for .NET that provides cryptographic primitives and algorithms.

Tookie is an advanced OSINT tool that helps find social media accounts based on user inputs.

A curated list of Android Security materials and resources for penetration testing and bug hunting.

A tool to upload arbitrary data via Apple's Find My network, useful for security researchers and data exfiltration.

This is a Windows kernel and user mode emulation library for malware analysis, not a vibe coder tool.

A Python library for spoofing Apple BLE proximity pairing messages, likely used for security research.

A curated list of tools and resources for investigating crypto hacks, security incidents, and on-chain analysis.