Trending Projects

A collection of Grep Patterns for finding SSRF, RCE, LFI, SQLi, SSTI, IDOR, URL Redirection, and other vulnerabilities.

A collection of wordlists and tools for bruteforcing and penetration testing purposes.

A PAM module that allows users to set alternate passwords to clear sensitive data or notify IT/Security if coerced.

This repository contains a collection of XSS payloads designed to turn 'alert(1)' into more potent attacks.

Powerful and extensible proxy server with anti-censorship functionality for developers

This is a proof of concept for the SMBGhost RCE vulnerability, written in Python.

Metarget is a Python framework for automatically creating vulnerable infrastructures for security research and testing.

A collection of tools that integrate with Cobalt Strike for advanced C2 framework development.

A repository containing a list of XSS (Cross-Site Scripting) vectors and payloads for security research and testing.

A Nuclei plugin for Burp Suite, a popular web application security testing tool.

A collection of hacking tools and resources in C# for developers interested in cybersecurity.

This GitHub repository contains a hidden desktop tool for the Cobalt Strike penetration testing framework.

An open-source EDR (Endpoint Detection and Response) tool for Windows focused on threat hunting and security analysis.

A C++ project that removes various kernel callbacks to bypass antivirus and endpoint detection and response (EDR) tools.

This book provides a comprehensive guide to understanding and exploiting the internals of the glibc heap for security researchers.

This is a Docker-based environment for reproducing and testing IoT firmware vulnerabilities.

A DNS rebinding attack framework written in JavaScript for security research and testing.

A DNS enumeration tool that can be used for network reconnaissance and security testing.

A Python tool to generate unicode domains for IDN Homograph Attack and detect them.

A set of tools for detecting and preventing cloud storage data leaks across major cloud providers.

A Python-based tool for batch URL collection and vulnerability scanning, useful for security research and penetration testing.

A comprehensive toolkit for penetration testing and exploitation of VMware vCenter Server vulnerabilities.

This is a stealth AirTag clone that bypasses Apple's tracking protection features, likely for nefarious purposes.

This C# program demonstrates various process injection techniques for security research and testing.

A Python tool for LinkedIn reconnaissance and data extraction.

A script for searching extracted firmware file systems for sensitive information.

Athena OS is a Arch/Nix-based Linux distribution focused on cybersecurity learning and penetration testing.

Subdomain enumeration tool written in Go, with fast asynchronous DNS scanning to find subdomains for bug bounty hunting.

A simple command-line tool to brute force crack HS256, HS384 & HS512 JWT tokens.

A PowerShell tool for dominating Active Directory through lateral movement, credential theft, and more.

This is a repository for Twitch livestreams by a Turkish security researcher and penetration tester.

Lightweight certificate transparency log monitor for monitoring SSL/TLS certificates.

An Active Directory data ingestor for BloodHound Legacy written in Rust, focused on security research and penetration testing.

A C-based Beacon Object File (BOF) for use in remote operations on compromised systems.

This is a kernel exploit for the PS Vita on firmwares 3.65-3.68, allowing for jailbreaking and hacking capabilities.

PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)

This Shell repository appears to be a tool for Android malware development, not a developer discovery platform.

This Go-based stealth redirector helps red team operations by providing OPSEC for C2 infrastructure.

A C/C++ source obfuscator for bypassing antivirus detection, not a developer discovery platform for vibe coders.

An open-source security guide covering security standards, frameworks, threat models, encryption, and benchmarks.

Open-source database for managing vulnerability disclosure and bug bounty programs

SharPyShell is a tiny and obfuscated ASP.NET webshell for C# web applications.

DumpsterDiver is a Python tool to search for secrets in various file types.

An initial access and post-exploitation tool for AAD and O365 with a browser-based GUI

EZ is a cross-platform vulnerability scanner that combines information gathering, port scanning, service brute-forcing, URL crawling, and fingerprinting.

A collection of paths linked to sensitive APIs, devops internals, and known misconfigurations for web content discovery and security research.

A security tool for evading memory scanners used in Cobalt Strike UDRL attacks.

A comprehensive repository covering security engineering principles and practices to systematically secure anything.

Pupy is a cross-platform C2 and post-exploitation framework written in Python and C for pentesting and security research.

The Exploit Database is a collection of publicly disclosed cybersecurity vulnerabilities and exploits.