Trending Projects

Trojan-go is a Go-based Trojan proxy that provides an unidentifiable mechanism to bypass the Great Firewall of China.

A library that helps detect various malware analysis techniques used in the wild.

A handbook for securing your cryptocurrency against the 'dark forest' of blockchain threats.

A library that provides workarounds for Google SafetyNet attestation, useful for Android developers.

A cheatsheet of default credentials to help blue/red teamers identify devices with default passwords

An open-source security scanner tool for penetration testing and vulnerability detection with a focus on automation and extensibility.

GmSSL is a cryptographic toolbox supporting Chinese national cryptography standards including SM2, SM3, SM4, SM9 and SSL/TLS protocols.

A security knowledge framework maintained by the ffffffff0x team, covering web security, ICS security, forensics, and more.

A fast, simple web crawler designed for quick discovery of endpoints and assets within a web application.

Analysis of bot protection systems and techniques to bypass browser fingerprinting for web scraping.

A powerful Android decompiler tool for malware analysis, vulnerability detection, and code reversing.

A comprehensive guide to Capture The Flag (CTF) competitions for security and hacking enthusiasts.

A Python script that finds endpoints in JavaScript files for security and information gathering purposes.

A collection of exploit scripts for vulnerabilities in various web applications and frameworks.

A tool to find secrets and sensitive information in code repositories across GitHub, GitLab, and Bitbucket.

A tool for checking and mitigating various CPU vulnerabilities like Spectre, Meltdown, and ZombieLoad.

Linux enumeration tool for penetration testing and CTFs with multiple verbosity levels.

An open-source remote vulnerability testing framework for security research and penetration testing.

This repository contains a vulnerability scanner and rapid response system for enterprise networks.

A collection of security-related presentations and research reports shared at various conferences and events.

A comprehensive IT security toolkit for Android developers and professionals.

A Python script that exploits .git folder disclosure to retrieve source code from web servers.

A comprehensive scanner for the Log4j RCE vulnerability (CVE-2021-44228) to help secure your applications.

A Python library for patching PE, ELF, and Mach-O binaries with shellcode, primarily for security research and penetration testing.

A comprehensive collection of Android and iOS mobile security resources and tools for developers.

An NSE script that leverages the Vulners.com API to provide vulnerability information for Nmap scans.

A Chrome extension and Express server that exploits keylogging abilities of CSS.

HElib is an open-source C++ library for homomorphic encryption, supporting BGV and CKKS schemes.

A collection of leaked credentials for security research and password security testing.

A curated list of security resources for all connected IoT/embedded devices and firmware.

A Python script to find leaked secrets on GitHub using custom dorks.

A Python tool for discovering URLs and parameters from web archives for bug hunting, fuzzing, and further probing.

A tool to find the origin servers of websites behind Cloudflare using Censys internet-wide scan data.

A tool that automatically integrates and synchronizes the latest Nuclei vulnerability POCs from across the web.

This C# tool generates executable files that can bypass antivirus detection for malicious purposes.

This is a collection of malware samples, not a tool for vibe coders.

RedEye is a visual analytic tool supporting Red & Blue Team operations for cybersecurity professionals.

Freenet is a decentralized, anonymous peer-to-peer network for secure and private communication.

This repository generates a CobaltStrike cross-platform payload for red team activities.

JexBoss is a tool to verify and exploit Java deserialization vulnerabilities in JBoss and other Java applications.

A full-featured C2 framework for silently persisting on webservers with a single-line PHP backdoor.

A Docker-based platform for quickly setting up various vulnerability test environments for security research.

A Python library for stealing signatures and making invalid signatures for testing purposes.

This Python tool is a penetration testing and vulnerability scanning utility for quickly gaining access to target systems.

This repository contains a collection of exploits and proof-of-concept code for various CMS, platforms, and software vulnerabilities.

This GitHub repository contains a collection of resources related to Remote Access Tools (RATs) and Command & Control (C&C) infrastructure.

Advanced DNS filter/blocklists for privacy, security, and clean browsing.

A PowerShell script for quickly finding missing software patches for local privilege escalation vulnerabilities.

A platform for exploiting Java vulnerabilities, including deserialization, JNDI, and Log4j RCE.

A PHP command-line tool for checking security vulnerabilities in Composer dependencies.