Trending Projects

This is a semi-automated, no-bs version of the public exploit code for MS17-010 vulnerability.

Mars is a comprehensive security tool for asset discovery, subdomain enumeration, port scanning, and more.

This is a course repository for a University of Cincinnati Malware Analysis class, not a developer discovery platform.

A comprehensive tool for scanning and exploiting various OA vulnerabilities in bulk.

This is a GUI launcher for the XRAY web vulnerability scanning tool, focusing on web security.

cwe_checker finds vulnerable patterns in binary executables, helping developers identify and fix security issues.

A Nuclei plugin for Burp Suite, a popular web application security testing tool.

A Burpsuite plugin for recursively detecting vulnerable paths in web applications.

DecryptTools is a comprehensive tool for decryption tasks, likely useful for security researchers and developers.

A modular password spraying tool with threading, proxy support, and more for security researchers.

SploitScan is a sophisticated cybersecurity utility for vulnerabilities and exploit analysis.

An utility tool that integrates high-risk vulnerability exploits for security researchers and penetration testers.

Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

A GUI framework for the Nuclei vulnerability PoC scanner, allowing quick PoC searches and one-click Nuclei runs.

A secure, fast, and enterprise-level honeypot management system with support for multiple protocols.

A Python-based tool for automating favicon-based reconnaissance during bug bounty and penetration testing.

Pillager is an information gathering tool for post-exploitation purposes.

A C# tool for discovering and exploiting SQL injection vulnerabilities across various databases.

A network reconnaissance and asset discovery tool written in Go for security professionals.

LSTAR is a comprehensive post-exploitation plugin for CobaltStrike, a popular penetration testing framework.

A refactored and improved password spraying tool that uses FireProx APIs to stay anonymous and beat throttling.

This is a comprehensive network security tool for professionals and enthusiasts, featuring decryption, analysis, scanning, and traceability.

A set of tools for detecting and preventing cloud storage data leaks across major cloud providers.

A Java deserialization exploit framework for penetration testing and security research.

A passive Burp Suite plugin for detecting FastJson vulnerabilities.

Websploit is a high-level MITM (Man-in-the-Middle) framework written in Python for network penetration testing.

A collection of Kali Linux tools for information gathering, penetration testing, and wireless security.

A memory-based evasion technique to make shellcode invisible from process start to end.

A tool for port forwarding and intranet proxy, useful for penetration testing and network troubleshooting.

A modded version of the Shellphish tool with colorized text, animations, and extra features for Termux.

A library providing comprehensive web security concepts and best practices for developers.

A comprehensive penetration testing framework for security researchers and red teams.

A Python tool for automatic detection of ThinkPHP vulnerabilities.

An open-source CMS scanner that automates detection of security flaws in popular CMS platforms.

An automatic exploit generation tool for finding and capturing flags in CTF challenges.

A collection of Red Team focused tools, scripts, and notes for cybersecurity professionals.

Collection of PoC and offensive techniques used by the BlackArrow Red Team

A curated list of Immunefi bug bounty writeups, useful for security researchers and bug bounty hunters.

A file-sharing tool that allows you to find the responsible person in case of a data leakage.

An advanced in-memory evasion technique for encrypting and decrypting shellcode contents.

A Python-based CTF scoreboard and game manager for developers interested in security and penetration testing.

DIVA Android is a deliberately insecure and vulnerable Android app for security testing and education.

AoiAWD is a portable, low-privilege EDR system designed for cybersecurity competitions.

Automated JavaScript recon tool for bug bounty hunters and security researchers.

This Go-based stealth redirector helps red team operations by providing OPSEC for C2 infrastructure.

Perun is a network asset vulnerability scanner/framework for pentesters, red teams, and security professionals.

A flexible DNS name permutation tool for security researchers and penetration testers.

A tool to scan and identify Fastjson vulnerabilities, including version, dependencies, and autoType status.

Sleepy Puppy is a security-focused XSS payload management framework for developers.

A webshell management tool for Godzilla that helps bypass traffic detection devices.