Trending Projects

This repository provides a detailed analysis of the reported backdoors in the Pinduoduo e-commerce platform.

A tool for bypassing antivirus software and executing lateral movement commands.

This is a penetration testing framework written in Python for security professionals.

An efficient Android vulnerability scanner to help developers and hackers find potential security issues.

A web application that assists network defenders in mapping adversary behaviors to the MITRE ATT&CK framework.

A root exploit for CVE-2022-0847 (Dirty Pipe), a Linux kernel vulnerability.

w13scan is a passive security scanner that can detect vulnerabilities in web applications.

A proof-of-concept for exploiting the critical CVE-2021-44228 vulnerability in the Log4j logging library.

A curated list of awesome security hardening techniques for Windows.

A payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods.

A collection of various JSP webshell implementation methods for security researchers and penetration testers.

A Python tool that creates actionable data from vulnerability scans for security professionals.

A tutorial on how to exploit a double-free vulnerability, focused on binary exploitation and security research.

A collection of security engineer interview questions from Glassdoor.com for job preparation.

A collection of AWS penetration testing tools and scripts for security researchers and ethical hackers.

A C# library for bypassing EDR's active projection DLL's by preventing entry point execution.

This repository contains the original proof-of-concepts for the React2Shell CVE-2025-55182 vulnerability.

Protect against DNS poisoning in China with this lightweight DNS proxy written in C.

A Python-based honeypot framework for setting up and managing modern honeypot sensors.

This is an automated penetration testing tool written in Go, not a developer discovery platform focused on vibe coders.

This Python-based tool can bypass firewalls and forward traffic using a webshell, potentially useful for security research.

A virtual machine for assessing Android applications, reverse engineering, and malware analysis.

A C# version of PowerShell for red teaming and penetration testing purposes.

This is an archived repository that provides a web crawler and search engine for the now-defunct Wooyun security vulnerability database.

Exploit Database repository for security researchers and penetration testers.

A Python tool for stealthy data exfiltration using DNS requests.

A Rust cryptography library with implementations of various algorithms.

This is a C# project that scans for and exploits two CVE vulnerabilities (CVE-2021-42287/CVE-2021-42278).

Trojan Source is a research project that exposes invisible vulnerabilities in source code.

A Java library that unpacks malicious backdoors and exploits used by the Chinese e-commerce company Pinduoduo.

A memory-based evasion technique to make shellcode invisible from process start to end.

A password cracking tool for Windows that can bypass authentication without privileges

A Python tool that helps find interesting Amazon S3 buckets by monitoring certificate transparency logs.

A secure and scalable network traffic analysis framework written in Go for security and monitoring.

LunaSec is a dependency security scanner that automatically notifies you about vulnerabilities in your codebase.

A Python tool to check if a website is blocked by a Russian ISP using deep packet inspection and DNS checks.

A collection of security-focused writeups and resources for web application security researchers and developers.

Metasploit module to exploit the Eternalblue-Doublepulsar vulnerability.

This is a Python library for cracking WPA passwords using precomputed data.

This repository appears to be a hacking tool and not a developer discovery platform focused on vibe coders.

This book provides a comprehensive guide to understanding and exploiting the internals of the glibc heap for security researchers.

This repository contains a zero-day code injection and persistence technique in C, but it is not focused on AI tools for developers.

A collection of Docker images for network intrusion and penetration testing tools.

A collection of Red Team focused tools, scripts, and notes for cybersecurity professionals.

A repository providing examples and tools for conducting security assessments on Azure and AWS cloud environments.

A collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+, a popular red team toolkit.

A Chrome extension and Express server that exploits keylogging abilities of CSS.

This repository provides principles and guidance for designing and deploying a zero trust architecture.

A Python-based proof-of-concept tool to perform a MitM attack and extract clear text credentials from RDP connections.

This repository appears to be a security research project related to 802.11 wireless network vulnerabilities, not a developer tool for vibe coders.