Trending Projects

A Python-based C2/post-exploitation framework for offensive security and penetration testing

An open-source tool to generate application whitelist bypasses for red and blue team use.

A tool to find secrets and sensitive information in code repositories across GitHub, GitLab, and Bitbucket.

A collection of Linux, macOS, and Windows kernel privilege escalation vulnerabilities with compilation environments, demos, and details.

Venom is a multi-hop proxy tool for penetration testers and security researchers.

A collection of incident response playbooks mapped to MITRE ATT&CK tactics and techniques.

A GUI tool for macOS that allows users to spoof their MAC address at the link layer.

This is a tool for finding open databases by leveraging the Binaryedge.io platform.

A vulnerable app with examples showing how to not use secrets, useful for security education.

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms.

A Python-based password brute force dictionary with keyboard combinations, pinyin, and alphanumeric dictionaries.

A modern 32/64-bit position independent implant template for security researchers and penetration testers.

A set of tools for creating and injecting malicious image payloads for web attacks.

A collection of open-source web security scanners for developers to assess web application vulnerabilities.

A collection of CTF (Capture The Flag) tools for cryptography, web security, and more.

A proof-of-concept server demonstrating a remote code execution vulnerability in Redis versions up to 5.0.5.

A Python library that helps developers bypass URL parsing restrictions and security checks.

A Python-based DFIR tool for cybersecurity incident response and analysis.

This repository demonstrates exploiting vulnerabilities to impersonate a Domain Admin from a standard domain user account.

A Python script that demonstrates how to get free WiFi access by spoofing network credentials.

Conceal provides easy Android APIs for performing fast encryption and authentication of data.

A daily updated composer exclusion list for security vulnerabilities in PHP projects.

JexBoss is a tool to verify and exploit Java deserialization vulnerabilities in JBoss and other Java applications.

An offensive software exploitation course focused on developing exploitation techniques.

A Swiss Army knife for automated web application testing, written in Go, useful for bug bounty hunters and security professionals.

The OWASP Developer Guide is a comprehensive resource for secure software development practices.

A PowerShell script for quickly finding missing software patches for local privilege escalation vulnerabilities.

A passive Shiro detection plugin for the BurpSuite security tool, used for web application security testing.

An open-source tool focused on software supply chain security, with software composition analysis, vulnerability detection, and a vulnerability database.

An open-source tool for performing security assessments on Oracle databases.

A static taint analysis platform to scan vulnerabilities in Android apps.

A Chrome extension that turns victim browsers into HTTP proxies, allowing you to browse as them.

This is a low-level LSASS memory dumper using direct system calls and API unhooking, not a developer discovery platform.

VECTR is a tool that helps track red and blue team testing activities to measure detection and prevention capabilities.

A Python-based tool to help developers test and bypass Web Application Firewalls (WAFs) before attackers do.

A comprehensive collection of cybersecurity and infosec resources for developers.

This repository contains research code and papers from members of the vx-underground community, focused on malware development and research.

A C# application that exploits user edit rights on Group Policy Objects to compromise controlled objects.

A set of tools to tunnel TCP communication over HTTP, bypassing network restrictions in firewalled environments.

This is a Docker-based environment for reproducing and testing IoT firmware vulnerabilities.

A Python tool to generate unicode domains for IDN Homograph Attack and detect them.

A collection of resources for penetration testing and securing Microsoft's cloud platform Azure.

This repository provides a comprehensive summary of the Certified Ethical Hacker (CEH) certification in bullet points.

Lightweight certificate transparency log monitor for monitoring SSL/TLS certificates.

A Go reverse shell that communicates over DNS for bypassing firewalls and restricted networks.

A JavaScript library that produces persistent, respawning "super" cookies in a browser, used for user identification.

A repository containing public documents and whitepapers about advanced persistent threat (APT) campaigns.

A comprehensive cheat sheet for understanding and mitigating Java Deserialization vulnerabilities.

A tool that automatically integrates and synchronizes the latest Nuclei vulnerability POCs from across the web.

A Java security audit plugin that helps developers find security vulnerabilities in web and Android apps.