Trending Projects

A fast internal network scanning tool for security researchers and system administrators.

This is a guide for configuring Cobalt Strike's C2 communication, not a developer discovery platform for vibe coders.

A pentest reporting tool written in Python to free developers from Microsoft Word.

GUAC aggregates software security metadata into a high fidelity graph database.

SSH-MITM is a tool for auditing and analyzing SSH connections through a MITM proxy.

A comprehensive collection of cheatsheets for various infosec tools and security-related topics.

A Python-based syscall shellcode loader, a work-in-progress security research project.

PowerShell framework to assess Azure security for Windows and Linux systems

Reverse-engineering tool for account pooling with load balancing, auto-refresh, caching & proxy support

A set of tools for detecting and preventing cloud storage data leaks across major cloud providers.

Athena OS is a Arch/Nix-based Linux distribution focused on cybersecurity learning and penetration testing.

A program to reverse Docker images into Dockerfiles, useful for security researchers and developers.

OWASP Joomla Vulnerability Scanner, a security tool for scanning Joomla websites for vulnerabilities.

A fast emergency response tool for supply chain vulnerability scanning and port scanning

An NSE script that leverages the Vulners.com API to provide vulnerability information for Nmap scans.

This is a work-in-progress repository that collects and organizes past talks and materials related to Kubernetes, containers, and virtualization security.

Secure password sharing with automatic expiration, view limits, and audit logs

ScareCrow is a payload creation framework designed to bypass endpoint detection and response (EDR) solutions.

A Docker-based platform for quickly setting up various vulnerability test environments for security research.

An opinionated security and code quality standard for Solidity smart contracts.

Python reference implementation of The Update Framework (TUF), a library for securing software update systems

This repository contains a Linux eBPF backdoor over TCP, allowing remote access and exploitation.

This is a repository for a Cross-Site Scripting (XSS) receiver, likely used for CTF challenges or security research.

This repository is a curated list of advanced Windows exploitation references, not a developer discovery platform for vibe coders.

Android certificate pinning disable tool that helps developers bypass SSL pinning in Android apps.

A comprehensive tool for exploiting vulnerabilities in VMware vCenter Server

Minimal TOTP generator in 20 lines of Python for developers who need a simple 2FA solution.

APT-Hunter is a threat hunting tool for Windows event logs, designed for purple team use to detect APT activity.

A proof-of-concept reflective loader for Cobalt Strike, enhancing its evasion features.

An open source security framework that provides a badge for projects following best practices.

This is a keylogger for macOS written in Swift, not a tool for vibe coders.

A Python library for parsing Cobalt Strike beacon data, useful for security analysis and incident response.

A vulnerable server used for learning software exploitation, written in C.

An open-source C++ compiler for fully homomorphic encryption, enabling secure computation on encrypted data.

KeyDecoder is a mobile app that lets you quickly decode mechanical keys using your smartphone's camera.

RootMyTV is an exploit for rooting/jailbreaking LG webOS smart TVs.

Striker is an offensive information and vulnerability scanner for security professionals.

A Python library for security researchers and penetration testers to automate web application testing.

SharpSploit is a .NET post-exploitation library written in C# for security research and penetration testing.

An open-source dataset of Advanced Persistent Threat (APT) group information and analysis.

A framework for quickly exploiting the Fastjson vulnerability in Java applications.

This is a collection of resources related to SSRF (Server-Side Request Forgery) for security researchers and developers.

A Python-based tool for automating favicon-based reconnaissance during bug bounty and penetration testing.

Websploit is a high-level MITM (Man-in-the-Middle) framework written in Python for network penetration testing.

A security-focused static analysis tool for Android and Java applications.

This is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Proof of Concept for an advanced in-memory evasion technique to hide injected shellcode from scanners.

A script for searching extracted firmware file systems for sensitive information.

A cross-platform honeypot web server designed to punish and deter unruly HTTP bots and spammers.

This repository contains resources and tools for analyzing Virtual Machine Protection (VMP) obfuscation techniques.