Trending Projects

LunaSec is a dependency security scanner that automatically notifies you about vulnerabilities in your codebase.

OSINT-SPY is a Python tool for performing in-depth information gathering on email, domain, IP, and organization targets.

A tool for bypassing antivirus software and executing lateral movement commands.

SharpUp is a C# port of various PowerUp functionality for security research and testing.

A browser extension that protects user privacy by intercepting and serving local copies of common remote resources.

This repository contains a collection of tools for red team hacking and penetration testing.

A Burp Suite extender plugin that forwards passive scan traffic for vulnerability scanning.

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

A security tool to search for interesting files in S3 buckets, useful for bug bounty and penetration testing.

A Python-based DDoS testing tool that can perform Layer 7 attacks using KeepAlive+NoCache techniques.

A GUI tool for macOS that allows users to spoof their MAC address at the link layer.

An integrated BurpSuite vulnerability detection plugin for security researchers.

Woodpecker is a high-risk vulnerability detection and deep exploitation framework for vibe coders.

A tool for extracting browser passwords, with plans for additional functionality.

This repository contains binaries for the book 'Practical Malware Analysis', a resource for malware analysis.

This GitHub repository contains learning materials related to red team techniques and security research.

A tool to disable SSL verification and pinning on Android, allowing developers to bypass security checks.

A Python framework for detecting vulnerabilities in content management systems (CMS).

Open source platform to enhance security and observability of cloud native applications and infrastructure

A Rust cryptography library with implementations of various algorithms.

A curated list of writeups from the Google VRP Bug Bounty program, useful for security researchers and bug hunters.

GUAC aggregates software security metadata into a high fidelity graph database.

A Python tool for evading antivirus detection, useful for security researchers and penetration testers.

A Python-based proof-of-concept tool to perform a MitM attack and extract clear text credentials from RDP connections.

A pure-Python, fully automated and unattended fuzzing framework for software testing and security research.

A framework for creating stealthy malware droppers that bypass antivirus software

Software to identify different types of hashes, useful for security researchers and pentesters.

This is a Windows Privilege Escalation tool that can be used to elevate a user's privileges to a domain admin.

BinaryAlert is a serverless, real-time and retroactive malware detection tool powered by AWS Lambda and Terraform.

A tool to block Spotify ads and analytics on Linux, macOS, and Windows using the hosts file.

A collection of essential cybersecurity resources and tools for security researchers and pentesters.

A Go-based security testing framework for generating and testing PoCs for vulnerabilities.

A collection of PowerShell functions for hackers and penetration testers.

A security risk analysis tool for Kubernetes resources, helping developers secure their cloud infrastructure.

A Firefox extension to protect users from browser fingerprinting.

PowerShell tools for exploiting MachineAccountQuota and DNS vulnerabilities.

SSH-MITM is a tool for auditing and analyzing SSH connections through a MITM proxy.

Conpot is a Python-based ICS/SCADA honeypot for security research and defensive purposes.

A comprehensive information gathering tool for security researchers and pentesters.

A demo of overriding a user's clipboard content, which can be used for security research.

GlobaLeaks is a secure and open-source whistleblowing platform for anyone to set up and maintain.

A powerful Python tool to analyze PDF documents, useful for security researchers and developers.

Iris-web is a collaborative incident response platform for digital forensics and incident response teams.

An API security project presenting unique attack and defense methods in the API security field.

An Android app that can brute force WiFi passwords without requiring a rooted device.

CaA - a Java tool for information gathering, analysis, and intelligence exploration for bounty hunters and security researchers.

A minimal and effective Wi-Fi, BLE, and 2.4 GHz band jammer written in C.

This Python-based tool can bypass firewalls and forward traffic using a webshell, potentially useful for security research.

This repository provides a comprehensive list of rootkits for security research and penetration testing.

A C++ tool for extracting clear text passwords from the Windows Remote Desktop Protocol (RDP) client.