Trending Projects

An open-source tool focused on software supply chain security, with software composition analysis, vulnerability detection, and a vulnerability database.

Burp extension that can bypass TLS fingerprinting, WAF, and spoof any browser for penetration testing.

This is a guide for configuring Cobalt Strike's C2 communication, not a developer discovery platform for vibe coders.

A tool to monitor and detect sensitive information leaks on GitHub repositories.

A PowerShell script that checks and hardens the Windows configuration for better security.

A hardened memory allocator designed for modern systems, with integration into Android's Bionic libc.

A C++ library for loading and executing shellcode, likely used for security research and penetration testing.

A collection of Google Dorks that can be used to find vulnerable websites indexed in Google Search results.

This GitHub repository contains tools to exploit and hack Windows systems, primarily through PowerShell scripts.

XVWA is a vulnerable web app for security enthusiasts to learn application security.

An open-source tool for performing security assessments on Oracle databases.

A remote administration tool for iOS/macOS/Linux that provides advanced exploitation and security capabilities.

An open-source web crawler and spider tool for detecting cross-site scripting (XSS) vulnerabilities.

This Java application is designed for automatic SQL database injection, a common technique used in cybersecurity and penetration testing.

A comprehensive penetration testing toolkit for asset information collection, subdomain brute-forcing, search syntax, asset mapping, fingerprinting, and more.

An open-source OWASP-based web application security testing checklist to help track completed and pending test cases.

AntiVirus Evasion Tool for bypassing antivirus detection, primarily used by security researchers.

This repository provides a detailed analysis of the reported backdoors in the Pinduoduo e-commerce platform.

A browser extension for OSINT (Open-Source Intelligence) search, focused on threat intelligence and security.

A Java tool for exploiting JNDI-based attacks and ysoserial payloads for web security testing.

A collection of cybersecurity and incident response notes for blue team professionals.

This project provides research articles and fileless webshells to bypass professional detection tools.

A Python tool for stealthy data exfiltration using DNS requests.

An open-source SSH man-in-the-middle tool for penetration testing and security research.

A framework for rapid prototyping of custom C2 channels, with integration to existing offensive toolkits.

A collection of RSS feeds for cybersecurity and information security news, blogs, and social media.

This repository provides downloads for various VPN software across different platforms.

A static taint analysis platform to scan vulnerabilities in Android apps.

Collection of common wordlists for brute force attacks on RDP, SSH, and IP camera passwords.

This repository provides self-study tutorials and resources for network security tools and practices.

This is an open-source tool for performing various types of spam and DDoS attacks, primarily targeting Discord, email, and SMS.

A collection of Beacon Object Files (BOFs) for situational awareness tasks on compromised systems.

This is a Java security repository focused on secure coding and code auditing.

A collection of security-related datasets for security research and analysis.

PowerShell utilities for passing the hash authentication method used in some security attacks.

A curated list of threat modeling resources for learning and practicing security review.

A Python-based tool to bypass the Great Firewall of China's TLS SNI detection.

An open-source web vulnerability scanner and auto-exploiter for Drupal, Joomla, WordPress, and more.

Distributed password cracking tool built on Hashcat for security researchers and penetration testers.

This repository contains a proof of concept for the CVE-2021-40444 vulnerability.

A Ruby tool for automatic exploitation of XXE vulnerabilities using direct and out-of-band methods.

This project provides ESP8266 firmware for performing deauthentication attacks on wireless networks.

An easy-to-set-up SSH honeypot that logs the activity of anyone who connects to it.

VPN/proxy node recommendation and evaluation guide for airport services

A penetration testing tool for network asset discovery and targeted attack surface profiling.

A collection of Azure security resources and notes for security researchers and penetration testers.

A repository with tips and tutorials for bug bounty hunting and penetration testing.

OpenVPN GUI is a graphical frontend for the OpenVPN VPN client, allowing users to easily manage their VPN connections on Windows.

An OSINT project to automate Google dorks search for finding information about specific websites.

An open-source penetration testing tool for scanning and exploiting internal networks in Windows, Linux, and Mac environments.