Trending Projects

Strongbox is a secure password manager for iOS and macOS, featuring encryption, password generation, and KeePass support.

A PowerShell script for detecting potential compromised accounts and applications in Azure/M365 environments.

Web and mobile application security training platform focused on secure coding practices.

A collection of one-liners for bug bounty hunting and web application security research.

Peirates is a Kubernetes Penetration Testing tool written in Go for security research and vulnerability assessment.

A Burp Suite plugin to bypass WAFs by inserting junk data into requests.

Firmware Analysis and Comparison Tool for security analysis and automation of firmware-based systems.

An educational resource that explains CSRF tokens and how they work to protect web applications.

An automatic framework to detect, exploit and report XSS vulnerabilities in web applications.

A Python-based HTA encryption tool for Red Teams to obfuscate and execute malicious scripts.

A security research project that discovers a vulnerability in the VirtualBox E1000 network driver, allowing a guest OS to escape to the host.

This is a tool for finding open databases by leveraging the Binaryedge.io platform.

This repository contains learning notes related to binary security, contributed by the Disiwater Reverse Engineering community.

A malicious payload evasion tool for bypassing security measures and executing custom code.

An open-source script that automatically removes DRM from Steam games

A Python2 tool for detecting and exploiting Struts2 vulnerabilities across all versions.

A modern cryptographic primitives and protocols library written in C for security and TLS applications.

A field guide for Capture the Flag (CTF) competitions, focused on security and hacking.

An EDR (Endpoint Detection and Response) testing tool for developers to experiment with defense evasion techniques.

A tool that creates spoofed certificates and signs executables to evade antivirus detection.

This is an Intel SGX library for Linux that provides hardware-based confidential computing capabilities.

A comprehensive guide to improving privacy and security on Windows 10.

A collection of open-source security tools and custom scripts for Red Team operations.

A Python-based geolocation OSINT tool that gathers information from social media platforms.

A collection of common vulnerabilities found in iOS applications to help secure iOS app development.

A vulnerable Android app for developers and security enthusiasts to learn about Android insecurities.

Generates millions of password mutations in seconds for penetration testing and security research.

A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.

A tool to dump cookies and credentials directly from Chrome/Edge process memory.

NoDPI is a Python utility for bypassing DPI (Deep Packet Inspection) to circumvent internet censorship.

FiercePhish is a full-fledged phishing framework to manage phishing engagements and campaigns.

A security scanner that helps identify issues with Drupal, Silverstripe and other CMSs.

A fast, open-source GitHub recon tool that scans for leaked secrets across all of GitHub.

An automatic SSTI detection tool with an interactive interface for penetration testing and security research.

A Python library for generating password wordlists and hashcat rules for offline password cracking

A collection of various JSP webshell implementation methods for security researchers and penetration testers.

This is a shell script for brute-forcing Instagram account passwords, not a developer tool for vibe coders.

Minimal TOTP generator in 20 lines of Python for developers who need a simple 2FA solution.

ClatScope is a powerful OSINT tool for investigators, penetration testers, and researchers to retrieve geolocation, DNS, WHOIS, phone, email, and data breach information.

APT-Hunter is a threat hunting tool for Windows event logs, designed for purple team use to detect APT activity.

EgeBalci/amber is a reflective PE packer written in Go, useful for security researchers and penetration testers.

A collection of SaaS attack techniques to help defenders understand the threats they face.

A collection of Grep Patterns for finding SSRF, RCE, LFI, SQLi, SSTI, IDOR, URL Redirection, and other vulnerabilities.

A Python tool that automates the reconnaissance process to map an application's attack surface.

A collection of wordlists and tools for bruteforcing and penetration testing purposes.

A Python tool that searches various hash APIs to quickly crack hashes and integrates with HashCat for advanced cracking.

A proof-of-concept reflective loader for Cobalt Strike, enhancing its evasion features.

This repository provides a patch to hide QEMU and bypass various anti-detection mechanisms.

A PAM module that allows users to set alternate passwords to clear sensitive data or notify IT/Security if coerced.

A Python tool that provides quick suggestions for SQLMap tampering techniques to bypass SQL injection defenses.