Trending Projects

GooFuzz is a tool to perform fuzzing with an OSINT approach, enumerating targets without leaving evidence.

A C++ tool for extracting clear text passwords from the Windows Remote Desktop Protocol (RDP) client.

Generates millions of password mutations in seconds for penetration testing and security research.

A fast, open-source GitHub recon tool that scans for leaked secrets across all of GitHub.

A collection of tools that integrate with Cobalt Strike for advanced C2 framework development.

A powerful XSS scanning and parameter analysis tool written in Ruby for bug bounty and penetration testing.

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

A set of process injection techniques for Windows Thread Pools, primarily for security research purposes.

A Python-based tool for batch URL collection and vulnerability scanning, useful for security research and penetration testing.

Noriben is a portable, simple malware analysis sandbox written in Python.

A PHP shell that bypasses disabled functions to achieve command execution.

This Python tool detects sensitive information leaks by scanning web applications for vulnerable files.

Digital Privacy is a comprehensive collection of resources for information protection and open-source intelligence (OSINT)

A tool to test and exploit JNDI Injection vulnerabilities in Java applications.

This repository provides a comprehensive cheat sheet for common Active Directory enumeration and exploitation techniques.

Fibratus is a powerful security tool for adversary tradecraft detection, protection, and hunting on Windows.

A high-performance, comprehensive credentials bruteforcing and enumeration tool for security research.

An open-source OWASP-based web application security testing checklist to help track completed and pending test cases.

A Python tool for stealthy data exfiltration using DNS requests.

This repository provides methods to bypass 403/401 errors and includes bash automation scripts.

Cortex is a powerful open-source engine for observable analysis and active incident response.

An Android app that can brute force WiFi passwords without requiring a rooted device.

Trojan Source is a research project that exposes invisible vulnerabilities in source code.

A utility for detecting phishing domains targeting Web3 users, built with TypeScript.

PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)

A Python tool that can be used to brute-force and enumerate subdomains for security scanning and vulnerability discovery.

This is a collection of various web shells, not a developer platform focused on AI coding tools.

Simple Swift wrapper for Keychain that works across iOS, watchOS, tvOS and macOS.

Automatic Linux privilege escalation tool that exploits common vulnerabilities and misconfigurations.

Unicorn is a tool for using a PowerShell downgrade attack and injecting shellcode into memory.

This is a toolkit for penetration testing and security research, not a developer platform focused on vibe coders.

This repository generates a CobaltStrike cross-platform payload for red team activities.

A Python library that generates and resolves permutations of subdomains, useful for security researchers.

ArcherySec is an open-source vulnerability management and security testing platform for DevSecOps teams.

A Python script for checking Linux privilege escalation vulnerabilities for security testing.

A simple FOFA client written in JavaFX for security researchers and red teams.

A comprehensive penetration testing toolkit for asset information collection, subdomain brute-forcing, search syntax, asset mapping, fingerprinting, and more.

An easy-to-set-up SSH honeypot that logs the activity of anyone who connects to it.

A collection of Living Off The Land Binaries and Scripts (LOLBins and LOLScripts) for cybersecurity research and testing.

A Python library that makes it easy to pop remote shells and leverage penetration testing tools.

A security risk analysis tool for Kubernetes resources, helping developers secure their cloud infrastructure.

enum4Linux is a Linux tool for enumerating data from Windows and Samba hosts.

A modern 32/64-bit position independent implant template for security researchers and penetration testers.

Suricata IDS rules to detect red team and malicious behavior like CobaltStrike, MSF, Empire, etc.

A curated list of amazing Homomorphic Encryption libraries, software and resources for developers.

A Python library for Active Directory reconnaissance tasks, useful for penetration testing.

Ladon 911 for Cobalt Strike & Cracked Download, a large network penetration scanner with various security tools

This repository contains a tutorial for setting up a phishing toolkit on Kali Linux or Termux.

Security tools and apps for Android, focused on hacking, penetration testing, and cybersecurity.

This is a collection of cybersecurity learning resources for beginners and enthusiasts.