Trending Projects

A proof-of-concept for exploiting the critical CVE-2021-44228 vulnerability in the Log4j logging library.

This repository is a collection of exploits and hacking tools, not a vibe coder platform.

A secure and scalable network traffic analysis framework written in Go for security and monitoring.

A C++ library for loading and executing shellcode, likely used for security research and penetration testing.

XVWA is a vulnerable web app for security enthusiasts to learn application security.

A Chrome extension that turns victim browsers into HTTP proxies, allowing you to browse as them.

A Suricata-based network detection and response (NDR) distribution for security monitoring and threat hunting.

A simulated phishing system for red-blue team exercises in the field of cybersecurity.

This Python-based tool can bypass firewalls and forward traffic using a webshell, potentially useful for security research.

A comprehensive guide to improving privacy and security on Windows 10.

A collection of common vulnerabilities found in iOS applications to help secure iOS app development.

A collection of resources for Python security and code review, aimed at security-conscious developers.

A simple asset discovery engine for cybersecurity professionals

Evilgrade is a Perl framework that allows injecting fake updates to take advantage of poor upgrade implementations.

A tool for generating undetectable webshells, which can be useful for security testing and penetration tasks.

A secure, fast, and enterprise-level honeypot management system with support for multiple protocols.

This Arduino project exploits the trust of USB devices to install a cross-platform backdoor and reroute DNS.

A collection of security-focused writeups and resources for web application security researchers and developers.

A PHP shell that bypasses disabled functions to achieve command execution.

A collection of PowerShell scripts with 100% AV bypass capability for security research and pen-testing.

A C# workshop on writing custom backdoor payloads for red team security research.

A Splunk app that guides threat hunting by mapping security telemetry to the MITRE ATT&CK framework.

Malcom is a Python-based framework for analyzing and monitoring network traffic to detect malware communications.

A password cracking tool for Windows that can bypass authentication without privileges

A PowerShell framework for attacking RDP sessions and lateral movement in Windows environments.

A PowerShell-based utility for creating malicious Office macro documents.

A self-hosted VPN deployment with DNS ad blocking for privacy protection.

A file-sharing tool that allows you to find the responsible person in case of a data leakage.

A leaked guide on pentesting tools and techniques used by the Conti ransomware group

Builds malware analysis Windows VMs for secure malware research and analysis.

A Go library that allows executing binaries from a password-protected zip file for security purposes.

A Python tool that creates archives that can exploit directory traversal vulnerabilities.

This is a workshop focused on local privilege escalation techniques on Windows and Linux systems, not a developer tool for AI-powered coding.

A simple remote control tool in C# for red team and security research purposes.

A C++ cheat/skin changer tool for the game League of Legends, used for modding and reverse-engineering.

A collection of exploit scripts for vulnerabilities in various web applications and frameworks.

A Windows 10 privacy and security checker tool that helps users optimize their system settings.

A collection of security-related presentations and research reports shared at various conferences and events.

Security Onion is a Linux distribution for threat hunting, enterprise security monitoring, and log management.

Teler is a real-time HTTP intrusion detection system written in Go for analyzing logs and detecting threats.

HTML5 Security Cheatsheet - a collection of HTML5-related XSS attack vectors.

Conceal provides easy Android APIs for performing fast encryption and authentication of data.

Picocrypt is a small, secure encryption tool for developers focused on privacy and security.

A private messaging system that hides metadata, built with Go, focused on privacy and research.

An offensive software exploitation course focused on developing exploitation techniques.

This is a one-click script to set up Shadowsocks/ShadowsocksR and enable BBR kernel acceleration on Ubuntu/CentOS/Debian.

Operational information about the Log4Shell vulnerabilities in the Log4j logging library.

A collection of Go code examples and tools for security professionals

An educational resource that explains CSRF tokens and how they work to protect web applications.

A Python-based HTA encryption tool for Red Teams to obfuscate and execute malicious scripts.