Trending Projects

OSINT-SPY is a Python tool for performing in-depth information gathering on email, domain, IP, and organization targets.

This repository contains a collection of tools for red team hacking and penetration testing.

SharpUp is a C# port of various PowerUp functionality for security research and testing.

A security tool to search for interesting files in S3 buckets, useful for bug bounty and penetration testing.

A GUI tool for macOS that allows users to spoof their MAC address at the link layer.

A tool to disable SSL verification and pinning on Android, allowing developers to bypass security checks.

Open source platform to enhance security and observability of cloud native applications and infrastructure

This is a Windows Privilege Escalation tool that can be used to elevate a user's privileges to a domain admin.

PowerShell tools for exploiting MachineAccountQuota and DNS vulnerabilities.

A demo of overriding a user's clipboard content, which can be used for security research.

A C++ tool for extracting clear text passwords from the Windows Remote Desktop Protocol (RDP) client.

Strongbox is a secure password manager for iOS and macOS, featuring encryption, password generation, and KeePass support.

Firmware Analysis and Comparison Tool for security analysis and automation of firmware-based systems.

A malicious payload evasion tool for bypassing security measures and executing custom code.

A modern cryptographic primitives and protocols library written in C for security and TLS applications.

An EDR (Endpoint Detection and Response) testing tool for developers to experiment with defense evasion techniques.

A tool that creates spoofed certificates and signs executables to evade antivirus detection.

A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.

FiercePhish is a full-fledged phishing framework to manage phishing engagements and campaigns.

A fast, open-source GitHub recon tool that scans for leaked secrets across all of GitHub.

A PAM module that allows users to set alternate passwords to clear sensitive data or notify IT/Security if coerced.

A Python tool that provides quick suggestions for SQLMap tampering techniques to bypass SQL injection defenses.

This repository provides a patch to hide QEMU and bypass various anti-detection mechanisms.

This is a tool for cracking Mifare Classic RFID cards, not a developer platform for vibe coders.

Powerful and extensible proxy server with anti-censorship functionality for developers

A command-line tool for cracking password hashes using the popular Hashcat library.

r2frida combines the static and dynamic analysis capabilities of Radare2 and Frida for Android and iOS security assessments.

This Java plugin helps discover unauthorized/sensitive information/privilege escalation vulnerabilities in web applications during security testing.

An awesome curated list of vulnerable web applications for security researchers and bug bounty hunters.

A curated list of open-source anti-censorship tools for developers and internet freedom advocates.

A C# library for detecting the presence of malicious strings in .NET applications.

Anubis is a subdomain enumeration and information gathering tool for security professionals.

The OWASP Top 10 is a standard awareness document for web application security.

Enhance the security and privacy of your Windows 10 and Windows 11 deployments with an optimized, hardened, and debloated script.

This repository provides resources and guidance for entry-level cybersecurity job seekers to build their skills.

A powerful MongoDB auditing and penetration testing tool for developers.

A Python tool for remotely dumping DPAPI credentials from Windows systems.

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

An open-source tool for network exploitation and information gathering using the powerful Nmap scanner.

A collection of hacking tools and resources in C# for developers interested in cybersecurity.

A simple and fast SSH server bruteforcer tool for security professionals and developers.

An open source security framework that provides a badge for projects following best practices.

Single Packet Authorization (SPA) firewall tool that provides an alternative to traditional port-knocking.

A curated list of resources for vulnerability research and exploit development.

This repository is a collection of documents leaked by Edward Snowden, a former NSA contractor and whistleblower.

This appears to be a collection of security-focused tools for developers.

A PowerShell tool that extracts saved session information for remote access tools like WinSCP, PuTTY, and Remote Desktop.

TrevorC2 is a legitimate website that tunnels client/server communications for covert command execution.

This is a hacking tool that can track a user's location, capture their picture, and collect device information.

A curated collection of top-tier penetration testing tools and productivity utilities for security researchers and bug bounty hunters.