Trending Projects

An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network.

A toolkit for emulating and analyzing firmware for security vulnerabilities, targeted at IoT and embedded devices.

A curated list of vulnerable apps and systems for penetration testing practice.

A comprehensive security guide for developers, covering best practices and common vulnerabilities.

A PowerShell tool for dominating Active Directory through lateral movement, credential theft, and more.

This repository generates a CobaltStrike cross-platform payload for red team activities.

An open-source OSINT tool for recon and security research without API keys

A command-line tool to generate various Metasploit payloads for penetration testing and security research.

A collection of security testing tools and payloads for web application penetration testing.

A free online security knowledge library for pentesters and researchers.

A Windows password auditing tool that supports multi-threaded batch checks to quickly detect weak passwords and accounts.

AD Miner is an Active Directory audit tool that uncovers security weaknesses using Bloodhound graph data.

A mobile tool for Android, iOS, and HarmonyOS developers focused on app analysis, vulnerability discovery, and penetration testing.

A collection of tools for iOS penetration testing and security research.

A collection of historical vulnerability analyses for the ThinkPHP framework.

A curated list of awesome cloud security resources for developers and security professionals

A shell script tool to send anonymous SMS messages, useful for developers who need to test SMS functionality.

A Java library for securely encrypting data into a native .so library for use in your projects.

A Rust plugin for sudo that requires another human to approve and monitor privileged sudo sessions for compliance.

Proof of concept for CVE-2019-0708, a critical remote code execution vulnerability in Microsoft's Remote Desktop Protocol (RDP).

A leaked guide on pentesting tools and techniques used by the Conti ransomware group

An open-source, stateless password manager that prioritizes privacy and self-hosting.

UFONet is a Denial of Service toolkit that can be used to disrupt and disrupt networks and servers.

A collection of real-world infosec wordlists for security researchers and penetration testers.

A reconnaissance tool that utilizes various techniques to expedite initial information gathering on target organizations.

This Windows Local Privilege Escalation Cookbook provides PowerShell scripts and techniques for privilege escalation on Windows systems.

A comprehensive list of web security and code audit resources for developers.

An OSINT tool for location tracking and social engineering attacks.

This is a collection of various web shells, not a developer platform focused on AI coding tools.

This is a collection of security-related mind maps, not a developer discovery platform for vibe coders.

A scalable fuzzing infrastructure to find vulnerabilities and improve software stability.

Comprehensive cheatsheet for assessing the security of mobile applications using various tools and commands.

This repository contains binaries for the book 'Practical Malware Analysis', a resource for malware analysis.

A Python-based platform security assessment framework for analyzing firmware security.

A C# research tool that identifies the bytes that Microsoft Defender flags on, useful for security researchers and developers working on evasion techniques.

DomainPasswordSpray is a PowerShell tool for performing password spray attacks against a domain.

An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.

A collection of 'Proof of Concept or GTFO' articles and magazines for hackers and security researchers.

This repository is a collection of documents leaked by Edward Snowden, a former NSA contractor and whistleblower.

A cloud security suite that audits the security posture of AWS, GCP, and Azure infrastructure.

A Go-based CLI tool for testing web cache poisoning vulnerabilities.

A cross-platform honeypot web server designed to punish and deter unruly HTTP bots and spammers.

A simple remote control tool in C# for red team and security research purposes.

Collection of Python-based security exploits and research tools written by the Rhino Security Labs team.

A C++ cheat/skin changer tool for the game League of Legends, used for modding and reverse-engineering.

This is a tool for conducting targeted evil twin attacks against WPA2-Enterprise networks and performing indirect wireless pivots using hostile portal attacks.

A collection of Go code examples and tools for security professionals

A comprehensive penetration testing toolkit for asset information collection, subdomain brute-forcing, search syntax, asset mapping, fingerprinting, and more.

Curated DevSecOps resources and tooling for secure software development.

A tool for enumerating, escalating privileges, and escaping Docker containers through a suite of exploits.