Trending Projects

A collection of webshells and backdoors written in PHP for security researchers and penetration testers.

A collection of bug bounty tools and examples for security researchers and penetration testers.

A proposed standard that allows websites to define security policies.

This is an exploit for a vulnerability (CVE-2019-11043) and not a developer tool or platform.

This is a collection of high-risk vulnerability exploitation tools, likely not intended for vibe coders.

A Python tool to test for the CVE-2020-1472 vulnerability, which is a critical security issue.

An open-source dataset of Advanced Persistent Threat (APT) group information and analysis.

This is a remote access tool (RAT) focused on obtaining interactive shells, not a developer discovery platform.

This is a guide for configuring Cobalt Strike's C2 communication, not a developer discovery platform for vibe coders.

A tool to monitor and detect sensitive information leaks on GitHub repositories.

AntiVirus Evasion Tool for bypassing antivirus detection, primarily used by security researchers.

This repository provides a detailed analysis of the reported backdoors in the Pinduoduo e-commerce platform.

This repository provides an organized list of resources for malware development, which is not recommended for general use.

This repository provides principles and guidance for designing and deploying a zero trust architecture.

A command-line tool to audit source code for security vulnerabilities using grep patterns.

A Python tool for data exfiltration and infiltration using text-based steganography to evade detection.

ServerScan is a high-concurrency network scanning and service detection tool written in Golang.

A Python tool that automates gaining administrative rights in Active Directory environments using offensive tactics.

This is a repository for a Cross-Site Scripting (XSS) receiver, likely used for CTF challenges or security research.

A comprehensive cryptography library with implementations and challenges for security researchers and CTF participants.

This is a low-level LSASS memory dumper using direct system calls and API unhooking, not a developer discovery platform.

A PowerShell script designed to bypass AMSI and commercial antivirus solutions for penetration testing

A comprehensive security checklist for developers, security researchers, and penetration testers.

Comprehensive list of known attack vectors and common anti-patterns for Solidity smart contract security.

A Python tool that scans for misconfigurations in Cross-Origin Resource Sharing (CORS) policies.

Attack surface mapping tool for CVEs

A network attack tool written in Python that can be used for various network security tasks.

A Python library that makes it easy to pop remote shells and leverage penetration testing tools.

This repository is a Python library for performing Kerberos attacks, not focused on AI coding tools.

A demonstration of phishing by abusing the browser autofill feature.

OWASP Mutillidae II is a deliberately vulnerable web app for web-security training and assessment.

A collection of offensive C# tooling for security research and penetration testing.

A browser extension that protects user privacy by intercepting and serving local copies of common remote resources.

A Python tool for evading antivirus detection, useful for security researchers and penetration testers.

Software to identify different types of hashes, useful for security researchers and pentesters.

This repository contains learning notes related to binary security, contributed by the Disiwater Reverse Engineering community.

This is an Intel SGX library for Linux that provides hardware-based confidential computing capabilities.

A Python library for generating password wordlists and hashcat rules for offline password cracking

A Python tool that automates the reconnaissance process to map an application's attack surface.

A Python tool that searches various hash APIs to quickly crack hashes and integrates with HashCat for advanced cracking.

A vulnerable app with examples showing how to not use secrets, useful for security education.

A Python-based DDoS attack tool that leverages the Shodan API to find vulnerable Memcached servers.

A library and command line tool to detect SHA-1 collisions in files.

A tutorial on how to exploit a double-free vulnerability, focused on binary exploitation and security research.

This Java plugin helps discover unauthorized/sensitive information/privilege escalation vulnerabilities in web applications during security testing.

A community-driven checklist for securing Ruby on Rails applications.

An open-source framework for analyzing and detecting information leaks, security incidents, and data privacy issues.

This is a collection of resources related to SSRF (Server-Side Request Forgery) for security researchers and developers.

A Python tool to help MySQL client file reading and JDBC client Java deserialization for security testing.

A proof-of-concept backdoor that uses Gmail as a command-and-control server, likely not suitable for vibe coders.