Trending Projects

A proof-of-concept reflective loader for Cobalt Strike, enhancing its evasion features.

A vulnerable app with examples showing how to not use secrets, useful for security education.

This is a C# project that scans for and exploits two CVE vulnerabilities (CVE-2021-42287/CVE-2021-42278).

A Python tool that creates actionable data from vulnerability scans for security professionals.

This C-based library helps developers discover and exploit buffer overflow vulnerabilities.

GitHub App to set and enforce security policies for open-source projects on GitHub.

A dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A framework for quickly exploiting the Fastjson vulnerability in Java applications.

A Python-based DDoS attack tool that leverages the Shodan API to find vulnerable Memcached servers.

A library and command line tool to detect SHA-1 collisions in files.

NetRipper is a PowerShell tool for penetration testing that allows smart traffic sniffing.

A Python tool to dump information from Active Directory via LDAP, useful for security research and penetration testing.

A Go-based C2 tool for penetration testing with Lua plugin support, domain fronting, and remote file/process management.

A library of Elastic Security detection content for Endpoint protection, written in YARA language.

An iOS security testing framework for penetration testing and vulnerability assessment of mobile apps.

A tutorial on how to exploit a double-free vulnerability, focused on binary exploitation and security research.

An automated bitcoin wallet brute-forcer written in Python for cracking and stealing wallets.

This is a proof of concept for the SMBGhost RCE vulnerability, written in Python.

A repository of comprehensive wordlists used in bug bounty programs and ethical hacking.

CredSniper is a phishing framework that supports capturing 2FA tokens for security research.

This is a security research repository from the Microsoft Security Response Center (MSRC).

Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.

enum4Linux is a Linux tool for enumerating data from Windows and Samba hosts.

Metarget is a Python framework for automatically creating vulnerable infrastructures for security research and testing.

This Python project generates professional phishing emails for social engineering and hacking purposes.

A tool to create a fake Windows logon screen and steal user credentials, potentially used for malicious purposes.

A collection of tools that integrate with Cobalt Strike for advanced C2 framework development.

MouseJack is a security research tool focused on discovering and analyzing vulnerabilities in wireless mice and keyboards.

A collection of security-focused tools and projects for developers working on security-related tasks.

A community-driven checklist for securing Ruby on Rails applications.

A repository containing a list of XSS (Cross-Site Scripting) vectors and payloads for security research and testing.

An open-source framework for analyzing and detecting information leaks, security incidents, and data privacy issues.

This is a collection of resources related to SSRF (Server-Side Request Forgery) for security researchers and developers.

A Python tool to help MySQL client file reading and JDBC client Java deserialization for security testing.

A library for detecting various types of network attacks and intrusions.

A powerful XSS scanning and parameter analysis tool written in Ruby for bug bounty and penetration testing.

A collection of academic papers related to fuzzing, binary analysis, and exploit development for vibe coders.

A compilation of commands, tips, and scripts for penetration testing and security research.

A comprehensive collection of cybersecurity and infosec resources for developers.

This repository contains research code and papers from members of the vx-underground community, focused on malware development and research.

A collection of resources for Python security and code review, aimed at security-conscious developers.

A Python tool for generating various types of NTLMv2 hash theft files for security research and testing.

A proof-of-concept backdoor that uses Gmail as a command-and-control server, likely not suitable for vibe coders.

This is a C-based exploit targeting a Windows SMBv3 vulnerability (CVE-2020-0796) known as SMBGhost.

A simple asset discovery engine for cybersecurity professionals

Beagle is a Python-based incident response and digital forensics tool that transforms security logs and data into graphs.

A Rust library that provides a comprehensive fingerprinting database for security research and web enumeration.

This is a collection of tools for penetration testing and OSINT, not a vibe coder platform.

A comprehensive resource for cybersecurity professionals, containing tools used by various ransomware gangs.

This is a sample penetration testing report provided by TCM Security, not a developer discovery platform.