Trending Projects

CMS Scanner: A tool to scan WordPress, Drupal, Joomla, and vBulletin websites for security issues.

A vulnerable iOS app to help mobile security enthusiasts and professionals test their penetration testing skills.

Psiphon is an open-source tool for circumventing internet censorship, built in Go.

A popular browser extension that provides enhanced security and privacy features for web browsing.

A browser extension that isolates Facebook activity to prevent Facebook from tracking users across the web.

A library of payloads for the O.MG line of hacking gadgets from Mischief Gadgets

A multi-packer tool that helps Red Team engineers obfuscate and watermark their malware implants.

Perun is a network asset vulnerability scanner/framework for pentesters, red teams, and security professionals.

Open-source database for managing vulnerability disclosure and bug bounty programs

A database of vulnerable Ruby Gems, helping Ruby developers stay secure.

An open-source security guide covering security standards, frameworks, threat models, encryption, and benchmarks.

This is a Java web security repository, likely focused on web application security research and testing.

A Python-based DFIR tool for cybersecurity incident response and analysis.

SharPyShell is a tiny and obfuscated ASP.NET webshell for C# web applications.

This Python script allows you to abuse Exchange Server to escalate privileges and gain Domain Admin access.

A flexible DNS name permutation tool for security researchers and penetration testers.

Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers.

An open-source, extensible network penetration testing tool for security research and reconnaissance.

This repository appears to be an educational resource on cloud security, not a developer discovery platform focused on vibe coders.

A C# version of PowerShell for red teaming and penetration testing purposes.

A collection of utilities for the MITRE ATT&CK framework, used for adversary emulation and red team testing.

This repository is a security tool for detecting and analyzing IMSI-catchers, which are mobile network surveillance devices.

This repository contains detailed adversary simulation APT campaigns targeting various critical sectors.

A tool to scan and identify Fastjson vulnerabilities, including version, dependencies, and autoType status.

A Rust implementation of the Noise Protocol Framework for secure communication.

AutoPWN Suite is a Python-based project for scanning vulnerabilities and automatically exploiting systems.

Wazuh - a powerful open-source security platform for threat detection, incident response, and compliance.

This repository contains a tutorial for setting up a phishing toolkit on Kali Linux or Termux.

An all-in-one Instagram hacking tool for information gathering, brute force attacks, and account reporting.

Muraena is a reverse proxy tool for automating phishing and post-phishing activities.

A Burp plugin that simplifies testing encrypted traffic as efficiently as testing plaintext.

Security tools and apps for Android, focused on hacking, penetration testing, and cybersecurity.

A VoIP security testing toolset that helps security teams, QA, and developers test SIP-based VoIP systems and applications.

A Python library for mass scanning IPs to discover vulnerable network services.

A beginner-friendly Python toolkit for penetration testing and ethical hacking.

An automated system hardening framework written in Python for securing Linux systems.

Kunai is a threat-hunting tool for Linux that uses eBPF to detect and monitor security threats.

Builds malware analysis Windows VMs for secure malware research and analysis.

A Ruby framework for penetration testing and security auditing of WordPress systems.

DNSChef is a DNS proxy tool for penetration testers and malware analysts to intercept and manipulate DNS traffic.

ExtremeInjector is an unknown library or tool, likely related to security or hacking.

A webshell management tool for Godzilla that helps bypass traffic detection devices.

Sleepy Puppy is a security-focused XSS payload management framework for developers.

This is a collection of cybersecurity learning resources for beginners and enthusiasts.

A Python project that reverse-engineers the new 'captchaless' ReCaptcha system.

A C++ tool that can terminate all EDR/XDR/AVs processes, potentially used for security research.

This repository contains write-ups for iOS vulnerabilities that have been released.

This repository demonstrates exploiting vulnerabilities to impersonate a Domain Admin from a standard domain user account.

A privacy leak detection tool for developers to check for personal data exposure.

A collection of community-contributed Nuclei templates for bug bounty and penetration testing.