Trending Projects

A fast internal network scanning tool for security researchers and system administrators.

XSS'OR is a JavaScript-based hacking tool for security researchers and penetration testers.

This is a research repository from the SSL Labs team, likely not focused on vibe coders.

An experimental host-based intrusion detection system (HIDS) written in Go.

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

A PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC functions.

A collection of hacker tools written in Go, useful for security researchers and penetration testers.

PowerTools is a collection of PowerShell projects focused on offensive operations.

An efficient and advanced man-in-the-middle (MITM) framework for security research and penetration testing.

Deprecated security and incident response platform for enterprises, built on the ELK stack.

An opinionated security and code quality standard for Solidity smart contracts.

Venom is a multi-hop proxy tool for penetration testers and security researchers.

A sensitive information leakage scanner for GitHub that helps developers monitor for and secure exposed data.

The OWASP Developer Guide is a comprehensive resource for secure software development practices.

Asset discovery and identification tools to quickly identify web fingerprint information and locate asset types.

A collection of webshells and backdoors written in PHP for security researchers and penetration testers.

This repository contains decrypted content from the Equation Group, a suspected NSA hacking group.

AWSGoat is a Damn Vulnerable AWS Infrastructure for security testing and research.

An Android plugin tool that automatically encrypts strings in the bytecode to protect app source code.

A payload generation framework for security researchers and penetration testers.

This C# and Impacket implementation of the PrintNightmare vulnerability (CVE-2021-1675/CVE-2021-34527) allows for privilege escalation on Windows systems.

Deprecated JavaScript implementation of the Signal Protocol, now replaced by the TypeScript-based libsignal-client.

An awesome collection of resources for securing Go applications and infrastructure.

This GitHub repository provides instructions to install the Metasploit Framework 6 on the Termux Android terminal emulator.

An open-sourced remote vulnerability PoC/EXP framework for penetration testing and security research.

Awesome list of step-by-step techniques to achieve Remote Code Execution on various applications.

This is a C2 shellcode generator/compiler/handler, not a developer discovery platform for vibe coders.

A collection of common PHP webshells for penetration testing and CTF challenges, not intended for hosting on live servers.

pwncat is a powerful penetration testing tool that offers advanced features like firewall and IDS/IPS evasion, bind and reverse shell, and port forwarding.

XcodeGhost is a malicious code injection vulnerability affecting Xcode, Apple's primary IDE for iOS development.

A curated list of domains using Cloudflare DNS at the time of the CloudBleed security incident.

This GitHub repository is a list of recent data breaches and supply chain attacks, not a developer tool.

This is a PHP code audit project focused on improving code security and quality.

This GitHub repository provides resources for bug bounty hunting, a valuable skill for security-focused developers.

A PowerShell module and framework for interacting with and auditing Active Directory and Windows internals.

A Java-based tool for quickly exploiting Spring Boot vulnerabilities during penetration testing.

A Burp Suite extension that adds useful context menu functions for web application penetration testing.

This is an automated penetration testing tool written in Go, not a developer discovery platform focused on vibe coders.

Operational information about the Log4Shell vulnerabilities in the Log4j logging library.

ADRecon is a tool for gathering information about Active Directory and generating a report on its current state.

A repository of security proof-of-concept codes created by the Google Security Team.

A modified version of the captcha-killer tool, supporting base64-encoded image keyword recognition and using a free OCR library for captcha brute-forcing, compatible with the latest Burp Suite.

A cryptography library for .NET that provides cryptographic primitives and algorithms.

A tool to upload arbitrary data via Apple's Find My network, useful for security researchers and data exfiltration.

A Python library for spoofing Apple BLE proximity pairing messages, likely used for security research.

A curated list of tools and resources for investigating crypto hacks, security incidents, and on-chain analysis.

SharpSploit is a .NET post-exploitation library written in C# for security research and penetration testing.

A reverse proxies cheatsheet for security professionals and penetration testers.

A tool to build a database of libc offsets to simplify exploitation for CTF challenges and security research.

A collection of techniques, tactics, and procedures for red teamers and security professionals.