Trending Projects

A curated list of awesome resources and tools for information security professionals.

A Go-based port of Wappalyzer that automates mass scanning to uncover technologies used on websites.

A tool to find secrets and sensitive information in code repositories across GitHub, GitLab, and Bitbucket.

A Python library for patching PE, ELF, and Mach-O binaries with shellcode, primarily for security research and penetration testing.

ScareCrow is a payload creation framework designed to bypass endpoint detection and response (EDR) solutions.

A collection of Java security vulnerabilities and exploits for frameworks like Fastjson, Jackson, Spring, Dubbo, and more.

ESLint plugin that provides security-related linting rules for Node.js projects

ADRecon is a tool for gathering information about Active Directory and generating a report on its current state.

A collection of bug bounty tools and examples for security researchers and penetration testers.

A high-performance, comprehensive credentials bruteforcing and enumeration tool for security research.

A Python-based tool to bypass the Great Firewall of China's TLS SNI detection.

A security tool to search for interesting files in S3 buckets, useful for bug bounty and penetration testing.

This is a proof of concept for the SMBGhost RCE vulnerability, written in Python.

Athena OS is a Arch/Nix-based Linux distribution focused on cybersecurity learning and penetration testing.

A repository containing proof-of-concept projects, experiments, and security resources for developers.

Python low-interaction honeyclient for security research and incident response

A security knowledge framework maintained by the ffffffff0x team, covering web security, ICS security, forensics, and more.

Curated list of VPN/proxy services (shadowsocks, trojan, v2ray) for circumventing network restrictions.

A collection of exploit scripts for vulnerabilities in various web applications and frameworks.

This repository contains a collection of vulnerability proof-of-concepts and exploits for security research purposes.

A Java security audit plugin that helps developers find security vulnerabilities in web and Android apps.

RootMyTV is an exploit for rooting/jailbreaking LG webOS smart TVs.

This is a PHP code audit project focused on improving code security and quality.

A Python library for spoofing Apple BLE proximity pairing messages, likely used for security research.

This repository appears to be a hacking tool and not a developer discovery platform focused on vibe coders.

This is a PowerShell toolkit for security researchers and penetration testers.

A library for protecting against prototype pollution vulnerabilities in JavaScript applications.

A semi-automated tool for rapidly searching public GitHub data for sensitive secrets and information leaks.

Strongbox is a secure password manager for iOS and macOS, featuring encryption, password generation, and KeePass support.

This repository contains learning notes related to binary security, contributed by the Disiwater Reverse Engineering community.

A Python tool to search for leaked credentials in the PWNDB database.

A framework for enumerating, spraying, exfiltrating, and backdooring Office 365 accounts, not for AI vibe coders.

A fast and efficient dork scanner written in Go for bug bounty and security research.

A collection of Kali Linux tools for information gathering, penetration testing, and wireless security.

A Python framework for wireless penetration testing and network security assessment.

A Burp plugin that can find reflected XSS vulnerabilities in real-time while browsing a website.

An open-source CMS scanner that automates detection of security flaws in popular CMS platforms.

Spartacus is a toolkit for DLL/COM hijacking, providing utilities for proxy DLL generation and Windows process monitoring.

This repository demonstrates exploiting vulnerabilities to impersonate a Domain Admin from a standard domain user account.

A comprehensive web security dictionary for security researchers and penetration testers.

A simple remote control tool in C# for red team and security research purposes.

This repository contains a vulnerability scanner and rapid response system for enterprise networks.

This project is a web proxy tool that allows pivoting and exploitation through a bastion server.

A Docker-based platform for quickly setting up various vulnerability test environments for security research.

Striker is an offensive information and vulnerability scanner for security professionals.

A static taint analysis platform to scan vulnerabilities in Android apps.

A toolkit for emulating and analyzing firmware for security vulnerabilities, targeted at IoT and embedded devices.

Comprehensive list of known attack vectors and common anti-patterns for Solidity smart contract security.

A Python library that makes it easy to pop remote shells and leverage penetration testing tools.

This is an awesome list of hacking tools and resources in Chinese.