Trending Projects

This Java plugin helps discover unauthorized/sensitive information/privilege escalation vulnerabilities in web applications during security testing.

This is a sample penetration testing report provided by TCM Security, not a developer discovery platform.

cwe_checker finds vulnerable patterns in binary executables, helping developers identify and fix security issues.

DecryptTools is a comprehensive tool for decryption tasks, likely useful for security researchers and developers.

A curated, well-maintained hostfile to block ads, tracking, cryptomining, and more for better privacy and performance.

A collection of useful Google Dorks for web security and bug bounty hunting.

A ready-to-go phishing platform built with JavaScript for malicious social engineering attacks.

Microsoft Defender for Cloud is a cloud security platform that provides advanced threat protection and compliance management for cloud environments.

Remote video eavesdropping using a software-defined radio platform, not a vibe coder tool.

A Python-based DDoS testing tool that can perform Layer 7 attacks using KeepAlive+NoCache techniques.

A framework for enumerating, spraying, exfiltrating, and backdooring Office 365 accounts, not for AI vibe coders.

A collection of trust and safety tools to help fight digital harms and protect online communities.

Kalitorify is a transparent proxy tool for Kali Linux OS that routes traffic through the Tor network for enhanced privacy and security.

A Go-based CLI tool for testing web cache poisoning vulnerabilities.

An automatic exploit generation tool for finding and capturing flags in CTF challenges.

CloudBrute is an awesome cloud enumeration tool written in Go that helps security researchers and penetration testers discover cloud security issues.

Digital Privacy is a comprehensive collection of resources for information protection and open-source intelligence (OSINT)

Boundary enables identity-based access management for dynamic infrastructure.

An open-source password manager with end-to-end encryption and progressive web app capabilities.

A collection of cheatsheets for tools related to pentesting organizations that leverage cloud providers.

A PowerShell module and framework for interacting with and auditing Active Directory and Windows internals.

A collection of BadUSB payloads for the DigiSpark Attiny85 microcontroller, useful for penetration testing and security research.

r2frida combines the static and dynamic analysis capabilities of Radare2 and Frida for Android and iOS security assessments.

A C++ project that removes various kernel callbacks to bypass antivirus and endpoint detection and response (EDR) tools.

A utility for detecting phishing domains targeting Web3 users, built with TypeScript.

A curated list of awesome resources and tools for information security professionals.

A PowerShell framework for attacking RDP sessions and lateral movement in Windows environments.

A modular, customizable tool for building security incident scenarios and artifacts for Blue/Red Team operations.

This is a collection of security-related mind maps, not a developer discovery platform for vibe coders.

A Python-based platform security assessment framework for analyzing firmware security.

A curated list of Node.js security resources for developers, including best practices, tools, and vulnerability info.

A tool to test and exploit JNDI Injection vulnerabilities in Java applications.

A software sandbox for secure storage of sensitive information in memory, built using Go.

An open-source OWASP-based web application security testing checklist to help track completed and pending test cases.

Cortex is a powerful open-source engine for observable analysis and active incident response.

An Android app that can brute force WiFi passwords without requiring a rooted device.

A fast and powerful steganography cracking tool for security researchers and CTF participants.

A tool that helps developers easily trace classes, functions, and modify method return values on iOS platforms.

A collection of security testing tools and payloads for web application penetration testing.

A Go-based tool that can bypass 40X/HTTP errors by tampering with HTTP requests, headers, and credentials.

Comprehensive list of known attack vectors and common anti-patterns for Solidity smart contract security.

A collection of wordlists and tools for bruteforcing and penetration testing purposes.

A command-line tool for cracking password hashes using the popular Hashcat library.

ThePhish is an automated tool for analyzing and detecting phishing emails, providing cybersecurity professionals with a comprehensive solution.

An open-source intrusion detection system for monitoring and detecting suspicious activity in Active Directory environments.

A modular password spraying tool with threading, proxy support, and more for security researchers.

A DNS rebinding attack framework written in JavaScript for security research and testing.

A security tool for monitoring and protecting Windows 11 systems from spyware and malware.

A toolset to simulate an APT attack on a system, useful for security testing and research.

This repository generates a CobaltStrike cross-platform payload for red team activities.