Trending Projects

A dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A comprehensive collection of cheatsheets for various infosec tools and security-related topics.

A comprehensive collection of cybersecurity and infosec resources for developers.

A security platform for managing application assets, vulnerabilities, and security knowledge.

Fort Firewall for Windows bandwidth limiting

SSRF (Server Side Request Forgery) testing resources for security professionals.

SharpSploit is a .NET post-exploitation library written in C# for security research and penetration testing.

A Python tool that helps discover subdomains, secrets, and external JavaScript files for security testing and bug bounty hunting.

A Python library that generates random DNS and HTTP/HTTPS traffic to create network noise and obfuscate online activities.

An open-source penetration testing tool for scanning and exploiting internal networks in Windows, Linux, and Mac environments.

Crowbar is a Python-based brute forcing tool for penetration testing, supporting protocols not covered by other tools.

Software to identify different types of hashes, useful for security researchers and pentesters.

A field guide for Capture the Flag (CTF) competitions, focused on security and hacking.

Mars is a comprehensive security tool for asset discovery, subdomain enumeration, port scanning, and more.

AI-powered penetration testing CLI using Gemini & LangChain for automated security workflows

Striker is an offensive information and vulnerability scanner for security professionals.

A browser extension for encrypting emails with OpenPGP, compatible with webmail providers.

A GUI framework for the Nuclei vulnerability PoC scanner, allowing quick PoC searches and one-click Nuclei runs.

A simple command-line tool to brute force crack HS256, HS384 & HS512 JWT tokens.

A command-line tool to audit source code for security vulnerabilities using grep patterns.

This repository contains a Linux eBPF backdoor over TCP, allowing remote access and exploitation.

Passhunt is a tool for searching default credentials across network devices, web apps, and more.

A collection of Android malware samples for security research and analysis.

A vulnerable server used for learning software exploitation, written in C.

An opinionated security and code quality standard for Solidity smart contracts.

Phishing catcher tool that uses Certificate Transparency to detect and report suspicious SSL/TLS certificates.

This is a PowerShell toolkit for security researchers and penetration testers.

A repository containing proof-of-concept projects, experiments, and security resources for developers.

JexBoss is a tool to verify and exploit Java deserialization vulnerabilities in JBoss and other Java applications.

The OWASP Developer Guide is a comprehensive resource for secure software development practices.

A PowerShell script anti-virus evasion tool for penetration testing and red team activities.

A Go-based CLI tool for testing web cache poisoning vulnerabilities.

This repository is a security tool for detecting and analyzing IMSI-catchers, which are mobile network surveillance devices.

A Python script that demonstrates how to get free WiFi access by spoofing network credentials.

A command-line tool for searching and downloading exploits, focusing on security research and penetration testing.

An open-source tool focused on software supply chain security, with software composition analysis, vulnerability detection, and a vulnerability database.

LSTAR is a comprehensive post-exploitation plugin for CobaltStrike, a popular penetration testing framework.

A script for searching extracted firmware file systems for sensitive information.

An open-source software supply chain security solution for detecting dependencies, vulnerabilities, and license compliance.

A directory traversal fuzzer tool written in Perl for penetration testing and security research.

Conceal provides easy Android APIs for performing fast encryption and authentication of data.

An open-source SSH man-in-the-middle tool for penetration testing and security research.

Malleable C2 is a domain-specific language to redefine indicators in Beacon's communication for Cobalt Strike.

A simulated phishing system for red-blue team exercises in the field of cybersecurity.

This is a Linux kernel CVE exploit analysis tool with a debugger environment, not focused on AI coding tools.

evilginx2 is a man-in-the-middle attack framework used for phishing credentials and session cookies.

This repository provides a collection of cheatsheets for various penetration testing tools and techniques.

A curated list of mobile-based CTFs, write-ups, and vulnerable Android apps for security researchers and developers.

A collection of security-related presentations and research reports shared at various conferences and events.

A collection of Java security vulnerabilities and exploits for frameworks like Fastjson, Jackson, Spring, Dubbo, and more.