Trending Projects

A cheat sheet for mobile app penetration testing covering Android, iOS, network analysis, and more.

A low bandwidth DoS tool written in Python that can be used for penetration testing.

A Python script for finding sensitive data (API keys, access tokens, JWTs) and searching JavaScript files.

This is a repository of penetration testing tools for security researchers and developers.

A JavaScript-based framework for dynamic analysis and penetration testing of Android and iOS apps.

A reverse shell microservice that can be used for security testing and pentesting purposes.

A curated list of cybersecurity datasets for security researchers and machine learning practitioners.

AndroRAT is a Remote Administrator Tool for hacking Android devices, allowing remote control and exploitation.

A Python library to discover subdomains of a target domain, useful for security researchers and pentesters.

OSINT-SPY is a Python tool for performing in-depth information gathering on email, domain, IP, and organization targets.

A Python tool for generating various types of NTLMv2 hash theft files for security research and testing.

This Java-based tool is a collection of vulnerability detection utilities, not focused on AI coding tools.

A comprehensive repository of red teaming tactics and techniques for security professionals.

This tool allows developers to extract decrypted iOS app binaries from jailbroken devices for reverse engineering and security research.

Open-source tools and middleware for working with smart cards and secure elements.

A curated list of tools and resources for investigating crypto hacks, security incidents, and on-chain analysis.

A collection of common vulnerabilities found in iOS applications to help secure iOS app development.

A Python tool for remotely dumping DPAPI credentials from Windows systems.

A Python script that automatically cracks Jinja2 SSTI vulnerabilities to bypass WAF, designed for CTF challenges.

Proof of concept for CVE-2019-0708, a critical remote code execution vulnerability in Microsoft's Remote Desktop Protocol (RDP).

An IIS short filename enumeration tool for security audits and penetration testing.

This project is a Remote Access Trojan (RAT) that provides full remote command-line access, allowing for the download and execution of programs, and the spreading of viruses and malware.

Attify OS is a Linux distro for penetration testing and exploiting IoT devices.

Linux enumeration tool for penetration testing and CTFs with multiple verbosity levels.

Collection of security-focused projects for penetration testing and red team activities.

A small, fast, portable TLS/SSL implementation for embedded devices to the cloud.

A command-line tool to quickly search and find exploits in local and online databases for penetration testing.

A comprehensive guide for cybersecurity professionals preparing for job interviews.

This repository contains miscellaneous exploit code for security researchers and penetration testers.

A Python library that demonstrates a security vulnerability in QR code-based login systems.

This is a database of known phishing domains and URLs that can be used to validate and detect phishing attacks.

This is a blocklist for Adobe's URLs and IPs that can be added to the Windows host file.

GhostNet is an open-source, privacy-focused network tool for secure communication and anonymous web browsing.

A leaked guide on pentesting tools and techniques used by the Conti ransomware group

Google CTF is a security-focused repository with CTF challenges, not a developer discovery platform for vibe coders.

This repository contains a collection of exploits and proof-of-concept code for various CMS, platforms, and software vulnerabilities.

A Python-based YARA rule generator for malware analysis and research.

This is a leaked repository of the Zeus trojan horse malware, not for actual use.

An awesome curated list of vulnerable web applications for security researchers and bug bounty hunters.

A collection of CTF (Capture The Flag) tools for cryptography, web security, and more.

A comprehensive collection of techniques and examples for manually obfuscating PowerShell scripts to evade antivirus detection.

A malicious JNDI injection attack server written in Java, not suitable for vibe coders.

An automatic LFI (Local File Inclusion) exploiter and scanner written in Python.

This repository is a list of Android Remote Access Trojans, not a developer discovery platform for vibe coders.

This repository contains a collection of kernel exploits, likely not relevant for vibe coders.

A knowledge base for security research, hacking, and blockchain-related topics.

An open-source library for creating security detection rules and threat hunting content.

This is a collection of tools and resources for developers to bypass internet censorship and access restricted content.

A C-based loader that mitigates VMware Hardened VM detection to bypass anti-VM protections.

SocialBox is a Bruteforce Attack Framework for Facebook, Gmail, Instagram, and Twitter.