Trending Projects

Mars is a comprehensive security tool for asset discovery, subdomain enumeration, port scanning, and more.

A powerful MongoDB auditing and penetration testing tool for developers.

Trojan Source is a research project that exposes invisible vulnerabilities in source code.

A Python script that generates a dictionary for fuzzing file uploads to detect vulnerabilities.

This repository covers code execution and AV evasion methods for macros in Office documents.

A simple Trojan deployment script that can set up a proxy server with just one command.

This is a Chrome extension that demonstrates bypassing Widevine L3 DRM for media content.

A virtual machine for CTF competitions, with multiple versions and systems to choose from for an out-of-the-box experience.

A cybersecurity incident response testing tool that generates tailored scenarios using LLMs and the MITRE ATT&CK framework.

A memory-based evasion technique to make shellcode invisible from process start to end.

A security platform for managing application assets, vulnerabilities, and security knowledge.

A comprehensive penetration testing framework for security researchers and red teams.

A collection of vulnerability labs for security analysis and exploitation.

Bandit is a static code analysis tool that helps find security issues in Python code.

A C# library for bypassing EDR's active projection DLL's by preventing entry point execution.

A collection of smart hosts used to block access to various websites and improve privacy

A collection of scripts and executables for penetration testing and digital forensics.

An automatic exploit generation tool for finding and capturing flags in CTF challenges.

Collection of PoC and offensive techniques used by the BlackArrow Red Team

A repository showcasing security research and bug bounty case studies, not focused on vibe coders.

CocoaSecurity provides an Objective-C library for common cryptographic and encoding/decoding functions.

A collection of red team tools and scripts for security research and penetration testing.

A collection of penetration testing and software development tips for security-focused developers.

AntiSpy is a free anti-virus and rootkits toolkit that can detect, analyze, and restore kernel modifications.

A cybersecurity platform to protect against the Ukraine-Russia conflict on the internet.

Spartacus is a toolkit for DLL/COM hijacking, providing utilities for proxy DLL generation and Windows process monitoring.

A Java byte code analyzer for finding deserialization gadget chains in applications.

A collection of self-contained htaccess shells and attacks for penetration testing and security research.

This is a Java security SDK and coding standard for developers building secure applications.

A Python library that exploits a vulnerability in Apple software to craft PNG files that appear differently

Perun is a network asset vulnerability scanner/framework for pentesters, red teams, and security professionals.

A C# version of PowerShell for red teaming and penetration testing purposes.

Sleepy Puppy is a security-focused XSS payload management framework for developers.

An interactive network scanner written in Go with features like port scanning, service detection, and vulnerability assessment.

This is a curated list of Burp Suite resources, including 400+ open source plugins and 400+ posts/videos.

This repository is a collection of database exploitation techniques for penetration testing.

Sublert is a security and reconnaissance tool that leverages certificate transparency to monitor new subdomains and SSL/TLS certificates.

This repository contains the source code for the book 'Violent Python' focused on cybersecurity and ethical hacking tools.

A secure, native-level encryption library for Android that uses the ChaCha20-Poly1305 algorithm and the libsodium library.

An open-source two-factor authentication app for Android with support for HOTP, TOTP, and OpenPGP.

A comprehensive scanner for the Log4j RCE vulnerability (CVE-2021-44228) to help secure your applications.

A collection of Linux, macOS, and Windows kernel privilege escalation vulnerabilities with compilation environments, demos, and details.

An on-path blackbox network traffic security testing tool written in Python.

A hardware U2F security token optimized for physical security, affordability, and style.

A collection of open-source security projects to help enterprise security professionals build security capabilities.

An experimental host-based intrusion detection system (HIDS) written in Go.

Asset discovery and identification tools to quickly identify web fingerprint information and locate asset types.

A collection of common PHP webshells for penetration testing and CTF challenges, not intended for hosting on live servers.

XcodeGhost is a malicious code injection vulnerability affecting Xcode, Apple's primary IDE for iOS development.

A Python library for spoofing Apple BLE proximity pairing messages, likely used for security research.