Trending Projects

A shell script that creates multiple TOR instances with load balancing for secure and anonymous communication.

This Python project allows stealing Net-NTLM hashes using a vulnerable PDF document, used for security research.

This is a Python script for monitoring and crawling the Chinese Darknet, not a developer discovery platform.

A plug-in type web vulnerability scanner written in Python

A fast, open-source CORS misconfiguration vulnerability scanner written in Python.

Autorize is an extension for Burp Suite that automates authorization enforcement detection to ease security testing.

A vulnerable Spring Boot web application for learning about the Log4Shell vulnerability (CVE-2021-44228).

A comprehensive collection of tools and techniques for cracking various types of verification codes and captchas.

A Python tool that dumps Active Directory Integrated DNS information for any authenticated user.

A proof-of-concept server demonstrating a remote code execution vulnerability in Redis versions up to 5.0.5.

An open-source information security preparedness tool for adversarial simulation and security testing.

A modular, open-source vulnerability scanner with automatic report generation capabilities.

A Python-based C2/post-exploitation framework for offensive security and penetration testing

A repository showcasing security research and bug bounty case studies, not focused on vibe coders.

This Python project extracts and collects strong and weak passwords from previously leaked password data.

A collection of red team tools and scripts for security research and penetration testing.

An ESP32 firmware that revolutionizes pentesting with a focus on security research and penetration testing.

CocoaSecurity provides an Objective-C library for common cryptographic and encoding/decoding functions.

A tool that helps developers easily trace classes, functions, and modify method return values on iOS platforms.

A Python library for parsing Cobalt Strike beacon data, useful for security analysis and incident response.

An open-source software supply chain security solution for detecting dependencies, vulnerabilities, and license compliance.

Lightweight certificate transparency log monitor for monitoring SSL/TLS certificates.

A Ruby tool for embedding XXE/XML exploits into different filetypes for security research.

Active Directory assessment and privilege escalation script for security researchers and penetration testers.

A Python tool that automatically collects Proof of Concept (POC) or Exploit (EXP) from GitHub based on CVE IDs.

This is a collection of OSINT and penetration testing tools for security researchers and red teams.

An Active Directory data ingestor for BloodHound Legacy written in Rust, focused on security research and penetration testing.

PoC for a local privilege escalation vulnerability in the pkexec command of the polkit library (CVE-2021-4034)

A root exploit for CVE-2022-0847 (Dirty Pipe), a Linux kernel vulnerability.

This repository provides a cheatsheet for the Cobalt Strike penetration testing framework, useful for red team operations.

This is a collection of hacking tools for Android, Instagram, and wifi, not a developer discovery platform.

This Python library scans Pastebin for suspicious content using Yara rules.

An open-source tool to generate application whitelist bypasses for red and blue team use.

A macOS Mail plugin to block email trackers, read receipts, and spy pixels for privacy protection.

Hemmelig is an encrypted secrets management tool that keeps sensitive information secure in chat logs, emails, and more.

LimeRAT is a simple yet powerful remote administration tool for Windows, commonly used for malicious purposes.

An IIS short filename enumeration tool for security audits and penetration testing.

A collection of penetration testing and software development tips for security-focused developers.

This repository provides a collection of advanced XSS payloads for penetration testing and security research.

A curated list of mobile-based CTFs, write-ups, and vulnerable Android apps for security researchers and developers.

A C-based Beacon Object File (BOF) for use in remote operations on compromised systems.

An online port scan scraper written in Python for penetration testing and security research.

This repository provides a tool for remotely accessing webcams, which can be used for malicious purposes.

A collection of historical vulnerability analyses for the ThinkPHP framework.

Stealth is a secure, peer-to-peer, private, and automatable web browser/scraper/proxy for developers who value privacy.

This is a Python library for cracking WPA passwords using precomputed data.

KeySweeper is a stealthy Arduino-based device that wirelessly sniffs, decrypts, and logs keystrokes from Microsoft wireless keyboards.

A Python-based parser and emulation engine to analyze and detect malicious VBA macros.

Examples demonstrating how to implement AWS security patterns using CloudFormation and Terraform.

An automated, modular cryptanalysis tool for security researchers and penetration testers.