Trending Projects

A repository that provides tips and tricks for pwn (binary exploitation) in CTF challenges.

A cryptography toolkit providing a variety of secure algorithms and primitives for developers.

An OSINT project to automate Google dorks search for finding information about specific websites.

A security risk analysis tool for Kubernetes resources, helping developers secure their cloud infrastructure.

A PowerShell script for detecting potential compromised accounts and applications in Azure/M365 environments.

SharpDPAPI is a C# port of Mimikatz DPAPI functionality for interacting with Windows Data Protection API.

A curated list of resources for vulnerability research and exploit development.

A comprehensive cheatsheet for Red Team activities and penetration testing techniques.

A fully interactive reverse shell for Windows, allowing remote access and control.

Open-source RASP (Runtime Application Self-Protection) solution for improving application security.

A security tool that helps analyze changes to the attack surface of an operating system during software installation.

ADRecon is a tool for gathering information about Active Directory and generating a report on its current state.

A cryptography library for .NET that provides cryptographic primitives and algorithms.

PcapXray is a network forensics tool that visualizes packet capture data as a network diagram, enabling device identification and important communication analysis.

A browser extension for encrypting emails with OpenPGP, compatible with webmail providers.

Collection of common wordlists for brute force attacks on RDP, SSH, and IP camera passwords.

A PowerShell script designed to bypass AMSI and commercial antivirus solutions for penetration testing

OWASP Mutillidae II is a deliberately vulnerable web app for web-security training and assessment.

A tool to block Spotify ads and analytics on Linux, macOS, and Windows using the hosts file.

A vulnerable Android app for developers and security enthusiasts to learn about Android insecurities.

This is a semi-automated, no-bs version of the public exploit code for MS17-010 vulnerability.

A Go-based wordlist framework for security researchers, bug bounty hunters, and hackers.

A security solution for Kubernetes and container environments, providing runtime protection and threat detection.

This repository provides a collection of advanced XSS payloads for penetration testing and security research.

Open-source database for managing vulnerability disclosure and bug bounty programs

Curated blocklists for ad-blocking and malware prevention on Pi-hole and DNS filters.

Collection of ad-blocking rules and configs for proxy/tunnel clients (Loon, Surge, QuantumultX, ShadowRocket, Egern).

A collection of exploit scripts for vulnerabilities in various web applications and frameworks.

An advanced web directory and file scanning tool for penetration testing and security research.

A comprehensive penetration testing framework with a variety of cybersecurity resources for security professionals.

A comprehensive information gathering tool for security researchers and pentesters.

A field guide for Capture the Flag (CTF) competitions, focused on security and hacking.

A curated list of amazing Homomorphic Encryption libraries, software and resources for developers.

A Python library for Active Directory reconnaissance tasks, useful for penetration testing.

Hackazon is a modern vulnerable web app for security research and training purposes.

Unicorn is a tool for using a PowerShell downgrade attack and injecting shellcode into memory.

This is an evil RAT (Remote Administration Tool) for macOS / OS X, built with Python.

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR.

This is a Linux eBPF rootkit with malicious capabilities including a backdoor, C2, and stealth features.

A collection of bug bounty tools and examples for security researchers and penetration testers.

Local privilege escalation tool for Windows that can be used for security research and penetration testing.

gasmask is an information gathering tool that performs OSINT (Open-Source Intelligence) reconnaissance.

A toolkit for auditing and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities in web applications.

This Python-based backdoor uses Gmail to exfiltrate data and track user activity for red team engagements.

A simple command-line tool to brute force crack HS256, HS384 & HS512 JWT tokens.

This is an IPv6 attack toolkit for penetration testing and security research.

This is a tool to generate passwords using personal information, not an AI coding tool.

A Python tool that automatically collects Proof of Concept (POC) or Exploit (EXP) from GitHub based on CVE IDs.

This repository contains the original proof-of-concepts for the React2Shell CVE-2025-55182 vulnerability.

ArcherySec is an open-source vulnerability management and security testing platform for DevSecOps teams.