Trending Projects

A next-generation enumeration tool for security professionals and CTF players, with additional features like JSON/YAML export.

An automatic framework to detect, exploit and report XSS vulnerabilities in web applications.

EHole is a penetration testing tool for detecting system fingerprints used in red team attacks.

A Wi-Fi/LAN intruder detector that checks connected devices and alerts on unknown or disconnected devices.

This repository contains a collection of exploits and proof-of-concept code for various CMS, platforms, and software vulnerabilities.

A proposed standard that allows websites to define security policies.

A Go-based open-source tool for analyzing and detecting malware using VirusTotal-like functionality.

A collection of automated and manual wordlists for content discovery and bruteforcing.

A fast and efficient security scanner for websites built with JavaScript module bundlers like Webpack.

Open-source tools and middleware for working with smart cards and secure elements.

This repository contains publications from the security research firm Trail of Bits, covering academic papers and conference presentations.

This Java-based tool is a collection of vulnerability detection utilities, not focused on AI coding tools.

This is an open-source EDR (Endpoint Detection and Response) repository, not a developer discovery platform for vibe coders.

This is a collection of hacking and cybersecurity-related books, not a developer tool platform.

A multi-cloud OSINT tool to enumerate public resources in AWS, Azure, and Google Cloud.

This is a Python-based penetration testing framework for discovering vulnerabilities.

Picocrypt is a small, secure encryption tool written in Go that can be used for file encryption and privacy.

A Python script that exploits .git folder disclosure to retrieve source code from web servers.

An OSINT framework and package manager for security researchers and bug bounty hunters.

A modular penetration testing framework written in Python for security researchers and hackers.

A security scanner that helps identify issues with Drupal, Silverstripe and other CMSs.

A Python tool for generating various types of NTLMv2 hash theft files for security research and testing.

Collection of vulnerable PHP code snippets for security research and bug bounty hunting.

A comprehensive security scanner written in Go, supporting port scanning, protocol detection, fingerprinting, and brute-force attacks.

A powerful web interface for manipulating Android and iOS apps at runtime for mobile security research.

A collection of tools, tips, and tricks for exploring and securing Industrial Control Systems (ICS) and SCADA systems.

A tool for enumerating, escalating privileges, and escaping Docker containers through a suite of exploits.

Elkeid is an open-source security solution for hosts, containers, K8s, and serverless workloads.

Th3Inspector is a comprehensive tool for information gathering and security research.

A high-performance, comprehensive credentials bruteforcing and enumeration tool for security research.

SploitScan is a sophisticated cybersecurity utility for vulnerabilities and exploit analysis.

This repository provides a collection of tools and techniques for attacking and defending Active Directory using modern adversary tradecraft.

A low bandwidth DoS tool written in Python that can be used for penetration testing.

Deprecated JavaScript implementation of the Signal Protocol, now replaced by the TypeScript-based libsignal-client.

KeyDecoder is a mobile app that lets you quickly decode mechanical keys using your smartphone's camera.

Reflective DLL Injection to convert DLLs into position-independent shellcode

A high-value vulnerability collection and notification service for developers, integrating with popular chat platforms.

A security audit tool to assess and improve cybersecurity posture.

This project provides a basic anti-detection frida-server solution for developers.

A Python tool to extract one-time password (OTP) secrets from QR codes exported by 2FA apps like Google Authenticator.

This repository provides tools and configurations for accessing censorship-circumvention services like Shadowsocks, Clash, and Trojan.

A collection of PowerShell functions for hackers and penetration testers.

A DNS client that supports various encryption and anonymization protocols to bypass censorship and protect privacy.

A Java tool for exploiting JNDI-based attacks and ysoserial payloads for web security testing.

A web scraper and analyzer for security information sites and security professionals' social accounts.

A Python script to find leaked secrets on GitHub using custom dorks.

A Wi-Fi penetration testing framework for security researchers and ethical hackers.

This GitHub repository contains tools and resources for red team and blue team security research and penetration testing.

APKiD is a tool for identifying Android apps that have been packed, obfuscated, or secured using various techniques.

A tool to dump cookies and credentials directly from Chrome/Edge process memory.