Trending Projects

This GitHub repository contains resources related to GitHub Security Lab, a project focused on security research.

This is a low-level LSASS memory dumper using direct system calls and API unhooking, not a developer discovery platform.

An Android library that prevents app piracy using Google Play Licensing, APK signature protection, and more.

A transparent and secure way to look up public keys for encryption, authentication, and more.

This is a post-exploitation toolkit for penetration testing and security research.

This repository contains miscellaneous exploit code for security researchers and penetration testers.

A PowerShell script designed to bypass AMSI and commercial antivirus solutions for penetration testing

A Go package and command-line tool for analyzing Java archives (JAR files) for Log4j vulnerabilities.

A curated list of web3 security resources for penetration testers and bug hunters.

Cortex is a powerful open-source engine for observable analysis and active incident response.

An anti-DDoS Lua script for Nginx to protect web servers from various attack types using a JavaScript-based authentication puzzle.

A collection of 'Proof of Concept or GTFO' articles and magazines for hackers and security researchers.

A PowerShell Runspace Post Exploitation Toolkit for security research and penetration testing.

This repository is a curated list of advanced Windows exploitation references, not a developer discovery platform for vibe coders.

A comprehensive SOAR (Security Orchestration, Automation and Response) platform for efficient security automation without coding.

A curated list of resources related to executable packing, useful for malware analysis and security research.

An open-source Java-based network intrusion detection and response system for visibility and security.

This is a leaked repository of the Zeus trojan horse malware, not for actual use.

A tool for bypassing websites protected by CloudFlare WAF, useful for penetration testing and website analysis.

Hostfile blocklist for ads and tracking, updated regularly to improve privacy and performance.

A toolkit for emulating and analyzing firmware for security vulnerabilities, targeted at IoT and embedded devices.

A collection of Aggressor scripts for Cobalt Strike, a popular penetration testing framework.

A comprehensive penetration testing framework with a variety of cybersecurity resources for security professionals.

A curated list of resources related to AWS security, including books, tutorials, and security tools.

Android library that provides a secure way to store sensitive data in shared preferences with encryption.

A comprehensive security checklist for developers, security researchers, and penetration testers.

Curated list of machine learning tools and resources for cybersecurity professionals.

This is a cheatsheet for pentesting and cybersecurity, not a developer discovery platform for vibe coders.

A Burp Suite extension to find potential endpoints, parameters, and generate a custom target wordlist

A reconnaissance tool that utilizes various techniques to expedite initial information gathering on target organizations.

This is a security tool for bypassing antivirus, EDR, and other security products.

A collection of links related to VMware escape exploits, not a developer discovery platform for vibe coders.

A network attack tool written in Python that can be used for various network security tasks.

Pilot program for submitting CVE records through GitHub, ending on 6/30/2023.

This repository is a Python library for performing Kerberos attacks, not focused on AI coding tools.

WeChat database decryption tool for extracting encrypted messages and keys from SQLCipher 4

A Python library that makes it easy to pop remote shells and leverage penetration testing tools.

A Python library to discover subdomains of a target domain, useful for security researchers and pentesters.

Android certificate pinning disable tool that helps developers bypass SSL pinning in Android apps.

A LinkedIn enumeration tool that extracts valid employee names from an organization through web scraping.

A PHP library that scans php.ini files to check for security best practices.

Comprehensive penetration testing toolkit for web, mobile, APIs, and more, useful for security-focused developers.

A payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods.

A Python-based tool to help developers test and bypass Web Application Firewalls (WAFs) before attackers do.

LunaSec is a dependency security scanner that automatically notifies you about vulnerabilities in your codebase.

A browser extension that protects user privacy by intercepting and serving local copies of common remote resources.

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

A Python-based DDoS testing tool that can perform Layer 7 attacks using KeepAlive+NoCache techniques.

Woodpecker is a high-risk vulnerability detection and deep exploitation framework for vibe coders.

A tool for extracting browser passwords, with plans for additional functionality.