Trending Projects

Comprehensive cheatsheet for assessing the security of mobile applications using various tools and commands.

A Burp Suite plugin to bypass WAFs by inserting junk data into requests.

A curated list of open-source anti-censorship tools for developers and internet freedom advocates.

Tinfoil Chat is an end-to-end encrypted, onion-routed secure messaging system for privacy-conscious developers.

This is a tool for conducting targeted evil twin attacks against WPA2-Enterprise networks and performing indirect wireless pivots using hostile portal attacks.

A tool to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems.

Asset discovery and identification tools to quickly identify web fingerprint information and locate asset types.

Distributed password cracking tool built on Hashcat for security researchers and penetration testers.

A collection of Azure security resources and notes for security researchers and penetration testers.

This is a Chrome extension that demonstrates bypassing Widevine L3 DRM for media content.

A curated list of resources for detection engineering, a cybersecurity function for proactively identifying malicious activity.

A PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC functions.

A collection of notes, checklists, and writeups on bug bounty hunting and web application security.

A simple FOFA client written in JavaFX for security researchers and red teams.

This repository contains a Linux eBPF backdoor over TCP, allowing remote access and exploitation.

This repository is a curated list of advanced Windows exploitation references, not a developer discovery platform for vibe coders.

A reconnaissance tool that utilizes various techniques to expedite initial information gathering on target organizations.

A modern cryptographic primitives and protocols library written in C for security and TLS applications.

This is a Python-based tool for hosting PlayStation 4 exploits, not a developer discovery platform for vibe coders.

An ESP32 firmware that revolutionizes pentesting with a focus on security research and penetration testing.

Tsunami is a general purpose network security scanner for detecting high severity vulnerabilities.

A toolkit for reverse engineering and malware analysis on Windows systems.

An open-source two-factor authentication app for Android with support for HOTP, TOTP, and OpenPGP.

A simple yet powerful IOC and YARA scanner for security analysis and threat hunting.

A fast Go HTML sanitizer to scrub user-generated content and prevent XSS attacks.

A Python script that exploits .git folder disclosure to retrieve source code from web servers.

OWASP Mutillidae II is a deliberately vulnerable web app for web-security training and assessment.

This repository contains binaries for the book 'Practical Malware Analysis', a resource for malware analysis.

A PowerShell script for detecting potential compromised accounts and applications in Azure/M365 environments.

A Python tool that creates actionable data from vulnerability scans for security professionals.

A Python tool to help MySQL client file reading and JDBC client Java deserialization for security testing.

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms.

This repository is a collection of documents leaked by Edward Snowden, a former NSA contractor and whistleblower.

A curated collection of top-tier penetration testing tools and productivity utilities for security researchers and bug bounty hunters.

A Python framework for wireless penetration testing and network security assessment.

A Python tool for LinkedIn reconnaissance and data extraction.

This Python tool detects sensitive information leaks by scanning web applications for vulnerable files.

Autorize is an extension for Burp Suite that automates authorization enforcement detection to ease security testing.

An exploitation framework based on Python for Industrial Control System (ICS) and SCADA security research.

A Windows privilege escalation tool that uses Windows Tokens to elevate privileges

A comprehensive web security dictionary for security researchers and penetration testers.

Open Source Cloud Native Application Protection Platform (CNAPP) for securing cloud-native applications

A social media enumeration and correlation tool for security researchers and penetration testers.

Pafish is a malware analysis tool that uses various techniques to detect virtual machines and analysis environments.

An automated NoSQL database enumeration and web application exploitation tool for security researchers.

An open-source repository of payloads for the Hak5 Bash Bunny, a multi-function USB attack platform.

A Python library for stealing signatures and making invalid signatures for testing purposes.

This is a remote access tool (RAT) focused on obtaining interactive shells, not a developer discovery platform.

An open-source framework for analyzing and detecting information leaks, security incidents, and data privacy issues.

The OWASP Top 10 is a standard awareness document for web application security.