Trending Projects

A PAM module that allows users to set alternate passwords to clear sensitive data or notify IT/Security if coerced.

This is a C# project that scans for and exploits two CVE vulnerabilities (CVE-2021-42287/CVE-2021-42278).

A vulnerable app with examples showing how to not use secrets, useful for security education.

A Python tool that creates actionable data from vulnerability scans for security professionals.

This C-based library helps developers discover and exploit buffer overflow vulnerabilities.

This is a tool for cracking Mifare Classic RFID cards, not a developer platform for vibe coders.

This repository contains a collection of XSS payloads designed to turn 'alert(1)' into more potent attacks.

GitHub App to set and enforce security policies for open-source projects on GitHub.

SharpDPAPI is a C# port of Mimikatz DPAPI functionality for interacting with Windows Data Protection API.

A dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A framework for quickly exploiting the Fastjson vulnerability in Java applications.

Powerful and extensible proxy server with anti-censorship functionality for developers

A Python-based DDoS attack tool that leverages the Shodan API to find vulnerable Memcached servers.

A library and command line tool to detect SHA-1 collisions in files.

A Python tool to check if a website is blocked by a Russian ISP using deep packet inspection and DNS checks.

gasmask is an information gathering tool that performs OSINT (Open-Source Intelligence) reconnaissance.

NetRipper is a PowerShell tool for penetration testing that allows smart traffic sniffing.

A command-line tool for cracking password hashes using the popular Hashcat library.

A Python tool to dump information from Active Directory via LDAP, useful for security research and penetration testing.

PhoneInfoga is a tool for advanced phone number information gathering and validation using free resources.

A Go-based C2 tool for penetration testing with Lua plugin support, domain fronting, and remote file/process management.

This is an Albanian hacking tool with various functionalities for ethical hacking and information gathering.

A passive information leakage detection tool for Chrome and Firefox developers using AI tools.

A library of Elastic Security detection content for Endpoint protection, written in YARA language.

A tutorial on how to exploit a double-free vulnerability, focused on binary exploitation and security research.

A tool for obtaining database and image keys for WeChat versions 4.0 and above

An automated bitcoin wallet brute-forcer written in Python for cracking and stealing wallets.

An iOS security testing framework for penetration testing and vulnerability assessment of mobile apps.

Logging Made Easy (LME) is a no-cost, open-source platform that centralizes log collection, enhances threat detection, and enables real-time alerting for small to medium-sized organizations.

A Python tool to search for leaked credentials in the PWNDB database.

Tool for bypassing Discord server verification checks on low-spec machines.

This is a proof of concept for the SMBGhost RCE vulnerability, written in Python.

A comprehensive collection of cheatsheets for various infosec tools and security-related topics.

r2frida combines the static and dynamic analysis capabilities of Radare2 and Frida for Android and iOS security assessments.

A repository of comprehensive wordlists used in bug bounty programs and ethical hacking.

CredSniper is a phishing framework that supports capturing 2FA tokens for security research.

A collection of CTF (Capture The Flag) challenges and resources for security researchers and developers.

This is a security research repository from the Microsoft Security Response Center (MSRC).

This Java plugin helps discover unauthorized/sensitive information/privilege escalation vulnerabilities in web applications during security testing.

Linux Malware Detection (LMD) is a command-line tool for detecting malware on Linux systems.

Proof-of-Concept code for a critical remote code execution vulnerability (CVE-2025-55182) in a Python-based application.

Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.

enum4Linux is a Linux tool for enumerating data from Windows and Samba hosts.

This Python project is a 'super weapon' that aims to bypass online censorship, likely not suitable for vibe coders.

A framework for enumerating, spraying, exfiltrating, and backdooring Office 365 accounts, not for AI vibe coders.

Metarget is a Python framework for automatically creating vulnerable infrastructures for security research and testing.

A tool to create a fake Windows logon screen and steal user credentials, potentially used for malicious purposes.

This Python project generates professional phishing emails for social engineering and hacking purposes.

An awesome curated list of vulnerable web applications for security researchers and bug bounty hunters.

A curated list of open-source anti-censorship tools for developers and internet freedom advocates.