Trending Projects

This Go-based project provides a collection of techniques for bypassing antivirus (AV) protection, including API testing, encryption, and obfuscation.

A comprehensive collection of tools and techniques for cracking various types of verification codes and captchas.

A Python-based CTF scoreboard and game manager for developers interested in security and penetration testing.

A collection of Nuclei templates for security researchers and penetration testers.

This is a Java web security repository, likely focused on web application security research and testing.

AutoPWN Suite is a Python-based project for scanning vulnerabilities and automatically exploiting systems.

A Burp plugin that simplifies testing encrypted traffic as efficiently as testing plaintext.

DNSChef is a DNS proxy tool for penetration testers and malware analysts to intercept and manipulate DNS traffic.

A Python library and CLI tool equivalent to the CyberChef tool for data format conversion and processing.

A statically-linked SSH server with reverse shell functionality for CTFs and penetration testing.

This repository contains tools for web shell malware evasion and encrypted traffic transmission.

A tool that exploits locked/password protected computers over USB, drops a persistent backdoor, and siphons cookies.

An open-source security scanner tool for penetration testing and vulnerability detection with a focus on automation and extensibility.

A free C++ cryptography library that provides a variety of cryptographic schemes and primitives.

Digital Privacy is a comprehensive collection of resources for information protection and open-source intelligence (OSINT)

This repository provides a collection of tools and techniques for attacking and defending Active Directory using modern adversary tradecraft.

A powerful password cracking and dictionary building tool for brute-force attacks and social engineering.

ScareCrow is a payload creation framework designed to bypass endpoint detection and response (EDR) solutions.

This repository contains a collection of vulnerability proof-of-concepts and exploits for security research purposes.

ArcherySec is an open-source vulnerability management and security testing platform for DevSecOps teams.

RootMyTV is an exploit for rooting/jailbreaking LG webOS smart TVs.

Striker is an offensive information and vulnerability scanner for security professionals.

This GitHub repository contains a collection of resources related to Remote Access Tools (RATs) and Command & Control (C&C) infrastructure.

A Python tool to find web directories without bruteforcing, useful for security researchers and penetration testers.

This C# and Impacket implementation of the PrintNightmare vulnerability (CVE-2021-1675/CVE-2021-34527) allows for privilege escalation on Windows systems.

This is a C2 shellcode generator/compiler/handler, not a developer discovery platform for vibe coders.

An offensive web testing framework that helps security researchers and pentesters find and exploit vulnerabilities in web applications.

An automatic LFI (Local File Inclusion) exploiter and scanner written in Python.

This is a comprehensive security handbook covering web vulnerabilities, exploitation, code auditing, and penetration testing.

A repository for building and optimizing efficient penetration testing dictionaries and fuzzing tools.

A Python tool that sniffs for sensitive data from network interfaces or PCAP files.

A static taint analysis platform to scan vulnerabilities in Android apps.

This is a Java security repository focused on secure coding and code auditing.

A collection of security-related datasets for security research and analysis.

An OSINT project to automate Google dorks search for finding information about specific websites.

Python reference implementation of The Update Framework (TUF), a library for securing software update systems

A Google Chrome extension for passive monitoring of high-risk fingerprinting, honeypot detection, and machine feature obfuscation.

A privilege escalation tool for Windows domains where LDAP signing is not enforced.

This GitHub repository is a tool for using an Android device as a Rubber Ducky against another Android device.

HackBar is a Burpsuite plugin that provides a user-friendly interface for web application penetration testing.

A C++ tool for post-exploitation and malware bypassing antivirus/EDR solutions.

Android certificate pinning disable tool that helps developers bypass SSL pinning in Android apps.

AD Miner is an Active Directory audit tool that uncovers security weaknesses using Bloodhound graph data.

This GitHub repository contains learning materials related to red team techniques and security research.

A security risk analysis tool for Kubernetes resources, helping developers secure their cloud infrastructure.

Strongbox is a secure password manager for iOS and macOS, featuring encryption, password generation, and KeePass support.

Web and mobile application security training platform focused on secure coding practices.

This is a tool for finding open databases by leveraging the Binaryedge.io platform.

A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.

Minimal TOTP generator in 20 lines of Python for developers who need a simple 2FA solution.