Trending Projects

A collection of captive portals for phishing using a WiFi Pineapple, focused on penetration testing and security research.

A PowerShell framework for attacking RDP sessions and lateral movement in Windows environments.

A collection of attack scenarios and mitigations for Microsoft Entra ID (Azure Active Directory).

A Python tool to find web directories without bruteforcing, useful for security researchers and penetration testers.

A reverse tunneling tool for pentesters, built with Go, to easily establish secure connections.

A curated list of open-source anti-censorship tools for developers and internet freedom advocates.

Information Gathering tool for DNS, subdomains, ports, and directory enumeration.

A Python-based information gathering automation tool for security researchers and penetration testers.

A unified repository for different Metasploit Framework payloads.

OpenVPN GUI is a graphical frontend for the OpenVPN VPN client, allowing users to easily manage their VPN connections on Windows.

A Python tool that scans for misconfigurations in Cross-Origin Resource Sharing (CORS) policies.

This Python repository generates customized word lists for a variety of use cases, including penetration testing.

This is a stealth AirTag clone that bypasses Apple's tracking protection features, likely for nefarious purposes.

Project Wycheproof tests crypto libraries against known attacks, helping developers improve security.

A tool that automatically integrates and synchronizes the latest Nuclei vulnerability POCs from across the web.

A Python toolkit for conducting phishing campaigns and security testing, not suitable for vibe coders.

This GitHub repository contains learning materials related to red team techniques and security research.

APT-Hunter is a threat hunting tool for Windows event logs, designed for purple team use to detect APT activity.

This project allows you to create up to a thousand WiFi access points with custom SSIDs, useful for security testing.

This repository provides self-study tutorials and resources for network security tools and practices.

An easy-to-set-up SSH honeypot that logs the activity of anyone who connects to it.

Suricata IDS rules to detect red team and malicious behavior like CobaltStrike, MSF, Empire, etc.

This GitHub repository contains a collection of security-related resources for developers.

A PHP shell that bypasses disabled functions to achieve command execution.

A malicious JNDI injection attack server written in Java, not suitable for vibe coders.

An advanced web directory and file scanning tool for penetration testing and security research.

A collection of Azure security resources and notes for security researchers and penetration testers.

An alternative method for executing shellcode via callbacks in C++.

An automated bitcoin wallet brute-forcer written in Python for cracking and stealing wallets.

A curated list of Android Security materials and resources for penetration testing and bug hunting.

DecryptTools is a comprehensive tool for decryption tasks, likely useful for security researchers and developers.

Examples demonstrating how to implement AWS security patterns using CloudFormation and Terraform.

Conceal provides easy Android APIs for performing fast encryption and authentication of data.

A tool to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems.

A PowerShell module and framework for interacting with and auditing Active Directory and Windows internals.

This repository contains CTF (Capture the Flag) solutions from the p4 team, focused on security and writeups.

WeblogicTool is a GUI tool for Weblogic vulnerability detection, command execution, webshell injection, and password decryption.

Linux/Windows post-exploitation framework with advanced stealth and rootkit capabilities for penetration testing.

This repository provides methods to bypass 403/401 errors and includes bash automation scripts.

This is a cheatsheet for pentesting and cybersecurity, not a developer discovery platform for vibe coders.

A Burp Suite extension to find potential endpoints, parameters, and generate a custom target wordlist

An automatic framework to detect, exploit and report XSS vulnerabilities in web applications.

SharpDPAPI is a C# port of Mimikatz DPAPI functionality for interacting with Windows Data Protection API.

An open-source tool for network exploitation and information gathering using the powerful Nmap scanner.

A tool for port forwarding and intranet proxy, useful for penetration testing and network troubleshooting.

A comprehensive IT security toolkit for Android developers and professionals.

This repository provides a comprehensive cheat sheet for common Active Directory enumeration and exploitation techniques.

This is a repository of penetration testing tools for security researchers and developers.

This GitHub repository contains tools to exploit and hack Windows systems, primarily through PowerShell scripts.

USBGuard is a security framework for authorizing and controlling USB device interactions on Linux systems.