Trending Projects

Curated DevSecOps resources and tooling for secure software development.

A Python tool that can identify the type of hash, including common ones like MD5 and SHA256, for developers working in cybersecurity and CTF challenges.

A collection of automated and manual wordlists for content discovery and bruteforcing.

A modern reverse shell sessions manager written in Go for security researchers and penetration testers.

A comprehensive collection of resources for building and operating a Security Operations Center (SOC)

ServerScan is a high-concurrency network scanning and service detection tool written in Golang.

A shell script that transparently encrypts files within a Git repository to securely manage secrets.

A privilege escalation tool for Windows domains where LDAP signing is not enforced.

A Python codebase to generate an msdt-follina payload, a vulnerability exploit in Microsoft.

A list of domains and IPs that stay live in Russia when mobile internet is restricted, for censorship circumvention.

This is a collection of detailed tutorials on using various VPN/proxy services like Shadowsocket, V2Ray, and Trojan for secure internet access.

A high-performance, ModSecurity-compatible Nginx firewall module for web application security.

A tool to simulate application layer DoS attacks for security testing and performance analysis.

A curated list of blockchain security CTF competitions for developers to improve their security skills.

OnionSearch is a Python script that scrapes URLs from different .onion search engines for open-source intelligence.

This GitHub repository is a tool for using an Android device as a Rubber Ducky against another Android device.

An open-source, lightweight, and cross-platform website vulnerability scanning tool to help developers quickly detect security risks.

A collection of Burp Suite encryption plugins that support various crypto algorithms and execute custom JS code for security testing.

A curated list of OSX and iOS related security tools for developers and security professionals.

A Python tool that automates gaining administrative rights in Active Directory environments using offensive tactics.

HackBar is a Burpsuite plugin that provides a user-friendly interface for web application penetration testing.

A simple reverse ICMP shell written in C for remote system access and control.

This is a repository for a Cross-Site Scripting (XSS) receiver, likely used for CTF challenges or security research.

A collection of Living Off The Land Binaries and Scripts (LOLBins and LOLScripts) for cybersecurity research and testing.

A powerful mobile security testing framework for automating instrumentation and dynamic analysis of mobile apps.

Compiled binaries for the Ghostpack suite of post-exploitation tools for penetration testing.

Undetectable Windows payload generation tool for penetration testing and security research.

A password cracking tool with a single rule to crack all passwords, or at least try to.

Adversary Tactics - PowerShell Training for security professionals and penetration testers.

A collection of BadUSB payloads for the DigiSpark Attiny85 microcontroller, useful for penetration testing and security research.

This Python library provides a comprehensive set of tools for penetration testing and offensive security.

A physical memory manipulation and hacking tool that exploits PCI-based DMA vulnerabilities.

A Python library that provides AV/EDR evasion capabilities via direct system calls for vibe coders.

A comprehensive cryptography library with implementations and challenges for security researchers and CTF participants.

A Go tool to leak git repositories from misconfigured websites for security research and penetration testing.

A powerful internal penetration testing tool suite written in Go that supports various service brute-force attacks.

A comprehensive list of reentrancy attacks on Ethereum smart contracts for security research.

This is a repository containing notes on penetration testing, not a developer discovery platform.

A library for protecting against prototype pollution vulnerabilities in JavaScript applications.

This repository provides access to the latest proxy/VPN resources for developers who need to bypass censorship or access restricted content.

A Suricata-based network detection and response (NDR) distribution for security monitoring and threat hunting.

This GitHub repository contains resources related to GitHub Security Lab, a project focused on security research.

Malleable C2 is a domain-specific language to redefine indicators in Beacon's communication for Cobalt Strike.

Splunk Security Content is a Python library for cybersecurity detection and response engineering.

A Python-based shell handler tool for security researchers and penetration testers.

This is a low-level LSASS memory dumper using direct system calls and API unhooking, not a developer discovery platform.

An Android library that prevents app piracy using Google Play Licensing, APK signature protection, and more.

This repository provides methods to bypass 403/401 errors and includes bash automation scripts.

A transparent and secure way to look up public keys for encryption, authentication, and more.

This is a post-exploitation toolkit for penetration testing and security research.