Trending Projects

This repository contains resources and examples related to Linux rootkits, which are malicious software designed to gain unauthorized access to a system.

A highly customizable and extensible automated security scanning engine for red teams

A comprehensive collection of awesome resources and modules for the Flipper Zero device, focused on security tools and penetration testing.

A curated collection of cybersecurity RSS feeds to help developers stay up-to-date on the latest security news and best practices.

A Perl script that suggests Linux exploits based on the target system's operating system release number.

A Python tool for stealthy data exfiltration using DNS requests.

A collection of Living Off The Land Binaries and Scripts (LOLBins and LOLScripts) for cybersecurity research and testing.

A large open-source database for detecting secrets, API keys, passwords, and more, useful for security-focused vibe coders.

A Python tool that dumps Active Directory Integrated DNS information for any authenticated user.

A curated list of Immunefi bug bounty writeups, useful for security researchers and bug bounty hunters.

A Python-based weaponized web shell for penetration testing and security research.

A pure Python implementation of Mimikatz, a popular Windows credential theft tool.

A powerful web interface for manipulating Android and iOS apps at runtime for mobile security research.

This is a collection of malware samples, not a tool for vibe coders.

Reflective DLL Injection to convert DLLs into position-independent shellcode

A multi-cloud OSINT tool to enumerate public resources in AWS, Azure, and Google Cloud.

A security audit tool to assess and improve cybersecurity posture.

The SpecterOps project management and reporting engine focused on information security and penetration testing.

A curated list of web3 security resources for penetration testers and bug hunters.

A Python-based geolocation OSINT tool that gathers information from social media platforms.

Beagle is a Python-based incident response and digital forensics tool that transforms security logs and data into graphs.

A comprehensive list of web security and code audit resources for developers.

Examples demonstrating how to implement AWS security patterns using CloudFormation and Terraform.

A Python-based reverse shell payload generator and handler for penetration testing and red teaming

Sudomy is a subdomain enumeration tool for bug hunting and pentesting, providing automated reconnaissance.

A Python script to automatically coerce a Windows server to authenticate on an arbitrary machine through multiple methods.

A Go tool to leak git repositories from misconfigured websites for security research and penetration testing.

A C++ tool for post-exploitation and malware bypassing antivirus/EDR solutions.

PhoneInfoga is a tool for advanced phone number information gathering and validation using free resources.

Findomain is a fast and comprehensive domain discovery tool with features like port scanning, HTTP checking, and alert integrations.

A Python script to find leaked secrets on GitHub using custom dorks.

Easy-to-follow tutorials for beginners on using Shadowsocks to bypass internet restrictions.

An OSINT framework and package manager for security researchers and bug bounty hunters.

A curated list of resources for Identity and Access Management knowledge in cloud platforms

DomainPasswordSpray is a PowerShell tool for performing password spray attacks against a domain.

A Go port of the Shikata ga nai encoder with several improvements for security researchers and pentesters.

Robust automation tool that efficiently detects web application vulnerabilities using advanced scanning and URL enumeration techniques.

A curated list of resources related to executable packing, useful for malware analysis and security research.

A Python tool that scans for misconfigurations in Cross-Origin Resource Sharing (CORS) policies.

A collection of hacking tools and resources in C# for developers interested in cybersecurity.

This repository provides security research and tools for cracking Android app security.

A PowerShell tool for dominating Active Directory through lateral movement, credential theft, and more.

A large collection of learning resources and labs for offensive security enthusiasts and professionals.

This is a wiki collecting resources for hardening red team infrastructure, not a vibe coder tool.

Quickly discover exposed hosts on the internet using multiple search engines for bug bounty and reconnaissance.

APKiD is a tool for identifying Android apps that have been packed, obfuscated, or secured using various techniques.

A curated list of writeups from the Google VRP Bug Bounty program, useful for security researchers and bug hunters.

A collection of 60k+ Nuclei templates to scan WordPress sites for vulnerabilities and CVEs.

A powerful Android decompiler tool for malware analysis, vulnerability detection, and code reversing.

Th3Inspector is a comprehensive tool for information gathering and security research.