Trending Projects

This repository contains a collection of XSS payloads designed to turn 'alert(1)' into more potent attacks.

A Go utility to generate malicious network traffic patterns for security testing and evaluation.

A Python tool for scanning IP and domain names to find weakly protected internal systems.

A static analyzer for PE executables, useful for malware analysis and security research.

SPARTA is a network infrastructure penetration testing tool written in Python.

ServerScan is a high-concurrency network scanning and service detection tool written in Golang.

A comprehensive information gathering tool for security researchers and pentesters.

This Python project allows stealing Net-NTLM hashes using a vulnerable PDF document, used for security research.

A toolkit to attack Office365 using various security tools and techniques.

An open-source project focused on protecting user privacy and security against mass surveillance.

A collection of common system vulnerabilities encountered in red team operations.

The XSS Hunter service is a portable version of XSSHunter.com, a tool for security researchers and developers.

A malicious payload evasion tool for bypassing security measures and executing custom code.

An extensible, multi-threaded internal network penetration testing tool with various plugins for information gathering, vulnerability scanning, and more.

NextScan is a comprehensive enterprise-level black-box vulnerability scanning system that integrates vulnerability scanning, management, asset scanning, and crawling services.

A virtual machine for adversary emulation and threat hunting, not a developer discovery platform focused on vibe coders.

A Go tool that manipulates compiled executables to avoid detection from EDRs.

A collection of common PHP webshells for penetration testing and CTF challenges, not intended for hosting on live servers.

A general collection of information, tools, and tips regarding CTFs and similar security competitions

XVWA is a vulnerable web app for security enthusiasts to learn application security.

This GitHub repository is a tool for using an Android device as a Rubber Ducky against another Android device.

This repository provides password cracking rules for Hashcat based on statistics and industry patterns.

A collection of open-source security tools and custom scripts for Red Team operations.

A Python-based DDoS attack tool that leverages the Shodan API to find vulnerable Memcached servers.

A simple and fast SSH server bruteforcer tool for security professionals and developers.

A customizable Windows-based virtual machine for threat intelligence analysis and hunting

Advanced honeypot framework for security researchers and developers.

A Python script that generates a dictionary for fuzzing file uploads to detect vulnerabilities.

A Java deserialization exploit framework for penetration testing and security research.

A Java tool for exploiting Shiro550 and Shiro721 vulnerabilities with various payload options.

A reverse tunneling tool for pentesters, built with Go, to easily establish secure connections.

A comprehensive SOAR (Security Orchestration, Automation and Response) platform for efficient security automation without coding.

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

CredSniper is a phishing framework that supports capturing 2FA tokens for security research.

A Python tool to monitor GitHub for new CVEs, security updates, and more, with multi-channel notifications.

A C# workshop on writing custom backdoor payloads for red team security research.

An open-source Python tool to audit the security of SSH servers.

This is an exploit for a vulnerability (CVE-2019-11043) and not a developer tool or platform.

This repository contains personal notes on Active Directory penetration testing, not a developer discovery platform for vibe coders.

A powerful mobile security testing framework for automating instrumentation and dynamic analysis of mobile apps.

This is a security research repository from the Microsoft Security Response Center (MSRC).

A collection of resources for Python security and code review, aimed at security-conscious developers.

Open source metadata repository for security events, useful for security researchers and analysts.

Automated Red Team Infrastructure deployment using Docker for penetration testing and security research.

Curated blocklists for ad-blocking and malware prevention on Pi-hole and DNS filters.

Collection of ad-blocking rules and configs for proxy/tunnel clients (Loon, Surge, QuantumultX, ShadowRocket, Egern).

A comprehensive scanner for the Log4j RCE vulnerability (CVE-2021-44228) to help secure your applications.

Android security patching framework that disables signature verification for system modifications

This is a hardware backdoor research project for x86 CPUs, not a developer discovery platform focused on vibe coders.

This repository is a collection of exploits and hacking tools, not a vibe coder platform.