Trending Projects

A Go-based toolkit for building phishing campaigns and C2 infrastructure.

Next-generation Linux kernel exploit suggester tool for security researchers and penetration testers.

A Java tool for exploiting Shiro550 and Shiro721 vulnerabilities with various payload options.

This repository contains a C# library for abusing Active Directory certificate functionality.

A collection of precompiled Windows exploits, not actively maintained.

A Go-based open-source tool for analyzing and detecting malware using VirusTotal-like functionality.

A proof-of-concept for exploiting the critical CVE-2021-44228 vulnerability in the Log4j logging library.

Educational, CTF-styled labs for individuals interested in Memory Forensics

A Python-based tool for automating WeChat mini-program penetration testing.

This is a collection of high-risk vulnerability exploitation tools, likely not intended for vibe coders.

A repository providing a list of the top 25 vulnerability parameters for security researchers and bug bounty hunters.

Local privilege escalation tool for Windows that can be used for security research and penetration testing.

A simple FOFA client written in JavaFX for security researchers and red teams.

A Java tool for exploiting JNDI-based attacks and ysoserial payloads for web security testing.

Linux/Windows post-exploitation framework with advanced stealth and rootkit capabilities for penetration testing.

A Chrome extension that turns victim browsers into HTTP proxies, allowing you to browse as them.

A recon tool that allows searching on URLs exposed via shortener services for security research.

A Python tool that can identify the type of hash, including common ones like MD5 and SHA256, for developers working in cybersecurity and CTF challenges.

A modern reverse shell sessions manager written in Go for security researchers and penetration testers.

A comprehensive collection of resources for building and operating a Security Operations Center (SOC)

ServerScan is a high-concurrency network scanning and service detection tool written in Golang.

A Python codebase to generate an msdt-follina payload, a vulnerability exploit in Microsoft.

A curated list of blockchain security CTF competitions for developers to improve their security skills.

This GitHub repository is a tool for using an Android device as a Rubber Ducky against another Android device.

An open-source, lightweight, and cross-platform website vulnerability scanning tool to help developers quickly detect security risks.

Malleable C2 is a domain-specific language to redefine indicators in Beacon's communication for Cobalt Strike.

The XSS Hunter service is a portable version of XSSHunter.com, a tool for security researchers and developers.

A simulated phishing system for red-blue team exercises in the field of cybersecurity.

This repository provides password cracking rules for Hashcat based on statistics and industry patterns.

Comprehensive list of known attack vectors and common anti-patterns for Solidity smart contract security.

A Python tool that scans for misconfigurations in Cross-Origin Resource Sharing (CORS) policies.

Attack surface mapping tool for CVEs

This is a Java-based one-click scanning tool for security researchers and penetration testers.

A C++ tool for post-exploitation and malware bypassing antivirus/EDR solutions.

A Rust-based security tool for Linux exploitation that aims to leave zero traces on system logs and filesystem timestamps.

A collection of offensive C# tooling for security research and penetration testing.

A comprehensive tool for exploiting vulnerabilities in VMware vCenter Server

A tool for bypassing antivirus software and executing lateral movement commands.

A Burp Suite extender plugin that forwards passive scan traffic for vulnerability scanning.

An integrated BurpSuite vulnerability detection plugin for security researchers.

This GitHub repository contains learning materials related to red team techniques and security research.

A Go-based security testing framework for generating and testing PoCs for vulnerabilities.

Peirates is a Kubernetes Penetration Testing tool written in Go for security research and vulnerability assessment.

A Burp Suite plugin to bypass WAFs by inserting junk data into requests.

A proof-of-concept reflective loader for Cobalt Strike, enhancing its evasion features.

This repository contains a collection of XSS payloads designed to turn 'alert(1)' into more potent attacks.

SharpDPAPI is a C# port of Mimikatz DPAPI functionality for interacting with Windows Data Protection API.

A Python tool to check if a website is blocked by a Russian ISP using deep packet inspection and DNS checks.

Proof-of-Concept code for a critical remote code execution vulnerability (CVE-2025-55182) in a Python-based application.

This Python project is a 'super weapon' that aims to bypass online censorship, likely not suitable for vibe coders.