Trending Projects

A collection of Burp Suite encryption plugins that support various crypto algorithms and execute custom JS code for security testing.

A simple reverse ICMP shell written in C for remote system access and control.

A semi-automated tool for rapidly searching public GitHub data for sensitive secrets and information leaks.

The XSS Hunter service is a portable version of XSSHunter.com, a tool for security researchers and developers.

A toolkit for emulating and analyzing firmware for security vulnerabilities, targeted at IoT and embedded devices.

A collection of security POCs and exploits maintained by the Baize Sec security team.

A WebSocket-based memory shell/webshell tool for developers interested in security research.

A comprehensive tool for exploiting vulnerabilities in VMware vCenter Server

A security tool to search for interesting files in S3 buckets, useful for bug bounty and penetration testing.

Open source platform to enhance security and observability of cloud native applications and infrastructure

A collection of one-liners for bug bounty hunting and web application security research.

A malicious payload evasion tool for bypassing security measures and executing custom code.

APT-Hunter is a threat hunting tool for Windows event logs, designed for purple team use to detect APT activity.

A proof-of-concept reflective loader for Cobalt Strike, enhancing its evasion features.

A vulnerable app with examples showing how to not use secrets, useful for security education.

A framework for quickly exploiting the Fastjson vulnerability in Java applications.

A collection of academic papers related to fuzzing, binary analysis, and exploit development for vibe coders.

This is a course repository for a University of Cincinnati Malware Analysis class, not a developer discovery platform.

A simple and fast SSH server bruteforcer tool for security professionals and developers.

A command-line tool to generate various Metasploit payloads for penetration testing and security research.

TrevorC2 is a legitimate website that tunnels client/server communications for covert command execution.

A C++ project that allows hiding PowerShell scripts in plain sight to bypass security features.

A collection of defenses and detections against Cobalt Strike, a popular penetration testing tool.

A community-curated list of public bug bounty and responsible disclosure programs for security researchers.

Captfencoder is an open-source suite of network security tools, including crypto, hashing, and security utilities.

PoC for the Zerologon vulnerability, which allows an attacker to completely compromise a Windows domain controller.

A fast and efficient dork scanner written in Go for bug bounty and security research.

A Python script for batch scanning with the Acunetix AWVS scanner, supporting various vulnerability checks.

A GUI framework for the Nuclei vulnerability PoC scanner, allowing quick PoC searches and one-click Nuclei runs.

Apache Teaclave SGX SDK helps developers write Intel SGX applications in Rust for confidential computing.

A comprehensive list of web security and code audit resources for developers.

This repository contains writeups and cheatsheets for Vulnhub CTF challenges, useful for OSCP preparation and penetration testing.

The-XSS-Rat/SecurityTesting is a Python repository focused on security testing and penetration testing tools.

Ncrack is a high-speed network authentication tool used for cracking authentication credentials across a network.

A C++ tool for bypassing security products by obscuring the intentions of a process.

An open-source Go library that uncovers unexpected SSH server exposures and vulnerabilities.

HostHunter is an open-source OSINT tool for discovering hostnames and IP addresses during security assessments and penetration testing.

This repository is a comprehensive book focused on penetration testing and the ATTCK framework, not a developer discovery platform for vibe coders.

A collection of CTF (Capture The Flag) tools for cryptography, web security, and more.

This Python project generates Gmail keyloggers for Windows, primarily used for penetration testing.

This Python project allows stealing Net-NTLM hashes using a vulnerable PDF document, used for security research.

This is a Python script for monitoring and crawling the Chinese Darknet, not a developer discovery platform.

Autorize is an extension for Burp Suite that automates authorization enforcement detection to ease security testing.

A Ruby tool for embedding XXE/XML exploits into different filetypes for security research.

A Python library for parsing Cobalt Strike beacon data, useful for security analysis and incident response.

Examples demonstrating how to implement AWS security patterns using CloudFormation and Terraform.

A Go-based port of Wappalyzer that automates mass scanning to uncover technologies used on websites.

This repository contains a collection of tools and resources for penetration testing and security research.

Automated JavaScript recon tool for bug bounty hunters and security researchers.

A Python tool that can be used to brute-force and enumerate subdomains for security scanning and vulnerability discovery.