Trending Projects

A cloud security posture management (CSPM) tool that helps developers secure their cloud infrastructure.

This is a PHP webshell with handy features, not a developer discovery platform for vibe coders.

linWinPwn is a bash script that streamlines the use of Active Directory security tools for penetration testing.

A curated list of threat modeling resources for learning and practicing security review.

A shell script tool to send anonymous SMS messages, useful for developers who need to test SMS functionality.

An educational resource that explains CSRF tokens and how they work to protect web applications.

A framework for quickly exploiting the Fastjson vulnerability in Java applications.

An automated bitcoin wallet brute-forcer written in Python for cracking and stealing wallets.

A Rust library that provides a comprehensive fingerprinting database for security research and web enumeration.

A Go-based utility for penetration testing and network security, featuring DHCP, DNS, and other network spoofing capabilities.

Smap is a drop-in replacement for Nmap that uses Shodan.io to scan and discover devices on a network.

A PHP command-line tool for checking security vulnerabilities in Composer dependencies.

Powerful and extensible proxy server with anti-censorship functionality for Android devices

A comprehensive list of reentrancy attacks on Ethereum smart contracts for security research.

A Burp Suite extender plugin that forwards passive scan traffic for vulnerability scanning.

A collection of hacking tools and resources in C# for developers interested in cybersecurity.

Autorize is an extension for Burp Suite that automates authorization enforcement detection to ease security testing.

A vulnerable Spring Boot web application for learning about the Log4Shell vulnerability (CVE-2021-44228).

A Python tool that can be used to brute-force and enumerate subdomains for security scanning and vulnerability discovery.

This repository provides a collection of tools and techniques for attacking and defending Active Directory using modern adversary tradecraft.

A Windows password auditing tool that supports multi-threaded batch checks to quickly detect weak passwords and accounts.

An open-source OSINT tool for finding profiles by username across various social media platforms.

Improve your security and privacy by blocking ads, tracking and malware domains.

Adversary Tactics - PowerShell Training for security professionals and penetration testers.

This is a Python-based tool for cracking WiFi passwords, not a developer platform for vibe coders.

A Python-based HTA encryption tool for Red Teams to obfuscate and execute malicious scripts.

This Python repository generates customized word lists for a variety of use cases, including penetration testing.

Single Packet Authorization (SPA) firewall tool that provides an alternative to traditional port-knocking.

A Burpsuite plugin for recursively detecting vulnerable paths in web applications.

A Python tool for black-box regex fuzzing to bypass validations and discover normalizations in web apps.

This repository provides a tool for generating various types of webshells that are difficult to detect.

This is an awesome list of hacking tools and resources in Chinese.

A C-based Beacon Object File (BOF) for use in remote operations on compromised systems.

An OSINT tool for location tracking and social engineering attacks.

Hackazon is a modern vulnerable web app for security research and training purposes.

A scalable fuzzing infrastructure to find vulnerabilities and improve software stability.

An open-source web vulnerability scanner that helps developers audit and secure web applications.

A powerful penetration testing tool for LLMNR, NBT-NS and MDNS poisoning with rogue authentication servers.

A collection of leaked credentials for security research and password security testing.

Guidelines and training material to write secure smart contracts on the Ethereum blockchain.

An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.

A collection of real-world infosec wordlists for security researchers and penetration testers.

PowerShell tools for exploiting MachineAccountQuota and DNS vulnerabilities.

A collection of Windows exploits and hacking tools for security research and penetration testing.

This is a shell script for attacking wireless connections using Kali Linux tools.

A set of process injection techniques for Windows Thread Pools, primarily for security research purposes.

XploitSPY is an Android monitoring tool for malicious activities and remote access.

A Python tool for sending phishing messages and attachments to Microsoft Teams users.

Simple Swift wrapper for Keychain that works across iOS, watchOS, tvOS and macOS.

HTML5 Security Cheatsheet - a collection of HTML5-related XSS attack vectors.