Trending Projects

Original C implementation of the Hell's Gate VX technique, a security research project.

A curated list of awesome security hardening techniques for Windows.

A comprehensive penetration testing toolkit for asset information collection, subdomain brute-forcing, search syntax, asset mapping, fingerprinting, and more.

OpenVPN GUI is a graphical frontend for the OpenVPN VPN client, allowing users to easily manage their VPN connections on Windows.

Comprehensive list of known attack vectors and common anti-patterns for Solidity smart contract security.

Comprehensive penetration testing toolkit for web, mobile, APIs, and more, useful for security-focused developers.

A Burp Suite extender plugin that forwards passive scan traffic for vulnerability scanning.

GlobaLeaks is a secure and open-source whistleblowing platform for anyone to set up and maintain.

A Python tool to dump information from Active Directory via LDAP, useful for security research and penetration testing.

This repository provides security research and tools for cracking Android app security.

A detailed roadmap for learning hacking and penetration testing skills, including cybersecurity certifications.

A comprehensive list of web security and code audit resources for developers.

A cloud security suite that audits the security posture of AWS, GCP, and Azure infrastructure.

A Windows privilege escalation tool that uses Windows Tokens to elevate privileges

P4wnP1 is a highly customizable USB attack platform based on a Raspberry Pi Zero or Raspberry Pi Zero W.

Findomain is a fast and comprehensive domain discovery tool with features like port scanning, HTTP checking, and alert integrations.

An open-source repository of payloads for the Hak5 Bash Bunny, a multi-function USB attack platform.

A comprehensive network reconnaissance and analysis tool for security professionals and network engineers

A Perl script that suggests Linux exploits based on the target system's operating system release number.

The SpecterOps project management and reporting engine focused on information security and penetration testing.

A Rust library that provides a comprehensive fingerprinting database for security research and web enumeration.

The-XSS-Rat/SecurityTesting is a Python repository focused on security testing and penetration testing tools.

A Python library for tracking the history of USB events on GNU/Linux for forensic and security purposes.

A social media enumeration and correlation tool for security researchers and penetration testers.

This is a collection of custom Bash scripts for automating various penetration testing tasks, including reconnaissance, scanning, enumeration, and malicious payload creation, for use with Kali Linux.

This tool allows developers to extract decrypted iOS app binaries from jailbroken devices for reverse engineering and security research.

A fast Go HTML sanitizer to scrub user-generated content and prevent XSS attacks.

Quickly discover exposed hosts on the internet using multiple search engines for bug bounty and reconnaissance.

OpenKeychain is an open-source OpenPGP implementation for secure communication on Android.

A PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC functions.

A collection of security POCs and exploits maintained by the Baize Sec security team.

A Python library to discover subdomains of a target domain, useful for security researchers and pentesters.

FiercePhish is a full-fledged phishing framework to manage phishing engagements and campaigns.

The OWASP Top 10 is a standard awareness document for web application security.

This repository provides resources and guidance for entry-level cybersecurity job seekers to build their skills.

A Burp Suite plugin that enables custom data processing like encryption/decryption and brute-force attacks.

This repository is a collection of documents leaked by Edward Snowden, a former NSA contractor and whistleblower.

A DNS rebinding attack framework written in JavaScript for security research and testing.

Malcom is a Python-based framework for analyzing and monitoring network traffic to detect malware communications.

A PowerShell framework for attacking RDP sessions and lateral movement in Windows environments.

A Python PoC tool that packages payloads into various output containers to evade detection and demonstrate risks.

An exploitation framework based on Python for Industrial Control System (ICS) and SCADA security research.

A Python tool to access the front and back cameras of a target's phone by sending a phishing link.

A frida tool to dump dex in memory to support security engineers analyzing malware.

Collection of security-focused projects for penetration testing and red team activities.

This is a cheatsheet for Burp Suite, a popular security testing tool used by bug bounty hunters and penetration testers.

Malcolm is a powerful network traffic analysis tool suite for PCAP files, Zeek logs, and Suricata alerts.

A Python tool to find web directories without bruteforcing, useful for security researchers and penetration testers.

A Python library for pwning IPv4 networks via IPv6 for security research and penetration testing.

This is an open-source tool for performing various types of spam and DDoS attacks, primarily targeting Discord, email, and SMS.