Trending Projects

This is a database of known phishing domains and URLs that can be used to validate and detect phishing attacks.

Comprehensive list of known attack vectors and common anti-patterns for Solidity smart contract security.

Buttercup is a Python tool that finds and patches software vulnerabilities.

This is a Python-based tool for cracking WiFi passwords, not a developer platform for vibe coders.

A high-speed covert tunnel to bypass Deep Packet Inspection firewalls by disguising TCP traffic as SMTP email.

This repository is a list of Android Remote Access Trojans, not a developer discovery platform for vibe coders.

This is a cheatsheet for pentesting and cybersecurity, not a developer discovery platform for vibe coders.

This repository provides tools and configurations for accessing censorship-circumvention services like Shadowsocks, Clash, and Trojan.

This is a repository of hacking tools and scripts for the Termux Linux environment on Android.

A Python tool that scans for misconfigurations in Cross-Origin Resource Sharing (CORS) policies.

Attack surface mapping tool for CVEs

A stealthy Linux kernel rootkit for modern kernels, useful for security research and penetration testing.

A Burp Suite extension to find potential endpoints, parameters, and generate a custom target wordlist

Crowbar is a Python-based brute forcing tool for penetration testing, supporting protocols not covered by other tools.

A reconnaissance tool that utilizes various techniques to expedite initial information gathering on target organizations.

This is a security tool for bypassing antivirus, EDR, and other security products.

A collection of links related to VMware escape exploits, not a developer discovery platform for vibe coders.

A network attack tool written in Python that can be used for various network security tasks.

A curated list of resources for bypassing Endpoint Detection and Response (EDR) solutions for ethical hacking.

Pilot program for submitting CVE records through GitHub, ending on 6/30/2023.

A collection of security POCs and exploits maintained by the Baize Sec security team.

WeChat database decryption tool for extracting encrypted messages and keys from SQLCipher 4

This repository is a Python library for performing Kerberos attacks, not focused on AI coding tools.

A Python library that makes it easy to pop remote shells and leverage penetration testing tools.

A WebSocket-based memory shell/webshell tool for developers interested in security research.

A tool for enumerating, escalating privileges, and escaping Docker containers through a suite of exploits.

An open-source remote access tool (RAT) developed in C#, providing a comprehensive set of features for remote system management.

A Python library to completely block Google and its services for improved privacy and reduced tracking.

A Python library to discover subdomains of a target domain, useful for security researchers and pentesters.

An open-source OSINT tool for recon and security research without API keys

A demonstration of phishing by abusing the browser autofill feature.

This is a Java-based one-click scanning tool for security researchers and penetration testers.

A C++ tool for post-exploitation and malware bypassing antivirus/EDR solutions.

Android certificate pinning disable tool that helps developers bypass SSL pinning in Android apps.

A LinkedIn enumeration tool that extracts valid employee names from an organization through web scraping.

A Rust-based security tool for Linux exploitation that aims to leave zero traces on system logs and filesystem timestamps.

AD Miner is an Active Directory audit tool that uncovers security weaknesses using Bloodhound graph data.

A PHP library to detect potentially malicious PHP files, useful for security-focused developers.

Picocrypt is a small, secure encryption tool written in Go that can be used for file encryption and privacy.

A PHP library that scans php.ini files to check for security best practices.

Comprehensive penetration testing toolkit for web, mobile, APIs, and more, useful for security-focused developers.

A web scraper and analyzer for security information sites and security professionals' social accounts.

A payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods.

OWASP Mutillidae II is a deliberately vulnerable web app for web-security training and assessment.

A Python-based tool to help developers test and bypass Web Application Firewalls (WAFs) before attackers do.

A collection of tools to perform advanced searches on GitHub for security research and bug bounty.

A collection of offensive C# tooling for security research and penetration testing.

ScopeSentry is a comprehensive security tool for mapping cyberspace, enumerating subdomains, scanning ports, and identifying vulnerabilities.

A pentest reporting tool written in Python to free developers from Microsoft Word.

A comprehensive tool for exploiting vulnerabilities in VMware vCenter Server