Trending Projects

A browser extension that protects user privacy by intercepting and serving local copies of common remote resources.

A pure-Python, fully automated and unattended fuzzing framework for software testing and security research.

A comprehensive guide to improving privacy and security on Windows 10.

An open-source information security preparedness tool for adversarial simulation and security testing.

A collection of penetration testing and software development tips for security-focused developers.

SecureDrop whistleblower platform repository

This Python repository provides a proof-of-concept for brute-forcing Apple ID login credentials.

This Arduino project exploits the trust of USB devices to install a cross-platform backdoor and reroute DNS.

A collection of red team tools and scripts for security research and penetration testing.

An on-path blackbox network traffic security testing tool written in Python.

VPN/proxy node recommendation and evaluation guide for airport services

An educational resource that explains CSRF tokens and how they work to protect web applications.

A hardware U2F security token optimized for physical security, affordability, and style.

An Android library that prevents app piracy using Google Play Licensing, APK signature protection, and more.

This is a post-exploitation toolkit for penetration testing and security research.

A Swift library for performing RSA public/private key encryption, useful for mobile app security.

A deprecated client for the Privacy Pass protocol, providing unlinkable cryptographic tokens for browser extensions.

Utility that retrieves plaintext Active Directory credentials for internal network access.

KeySweeper is a stealthy Arduino-based device that wirelessly sniffs, decrypts, and logs keystrokes from Microsoft wireless keyboards.

UICKeyChainStore is a simple Objective-C wrapper for securely storing data in the Keychain on iOS, watchOS, tvOS, and macOS.

Deprecated security and incident response platform for enterprises, built on the ELK stack.

Comprehensive scanning tool for security testing and penetration testing of websites and web applications.

An open-source Golang-based POC framework/library for quickly developing vulnerability detection systems.

An interactive CTF exploration tool focused on reverse-engineering and Windows security research.

A Python library to discover subdomains of a target domain, useful for security researchers and pentesters.

A security research project that discovers a vulnerability in the VirtualBox E1000 network driver, allowing a guest OS to escape to the host.

A security platform for managing application assets, vulnerabilities, and security knowledge.

Curated list of VPN/proxy services (shadowsocks, trojan, v2ray) for circumventing network restrictions.

A Python framework for detecting vulnerabilities in content management systems (CMS).

A PowerShell-based utility for creating malicious Office macro documents.

A demo of overriding a user's clipboard content, which can be used for security research.

A tool for generating undetectable webshells, which can be useful for security testing and penetration tasks.

Deprecated mana toolkit for wifi rogue AP attacks and MitM

A security and network analysis tool for penetration testing and man-in-the-middle attacks.

This C-based library helps developers discover and exploit buffer overflow vulnerabilities.

Encrypted digital estate planning tool—securely store secrets & plans for worst-case scenarios

This Go-based GitHub leak scanning system helps developers and security teams monitor for leaked credentials and sensitive data.

An online port scan scraper written in Python for penetration testing and security research.

A collection of proof-of-concept exploits for various software vulnerabilities, primarily focused on Java-based applications.

iOS jailbreak tool for security research and system-level experimentation on iOS 15-16

A private messaging system that hides metadata, built with Go, focused on privacy and research.

A simple asset discovery engine for cybersecurity professionals

An easy-to-use encryption library for JavaScript, utilizing RSA and AES algorithms.

Malcom is a Python-based framework for analyzing and monitoring network traffic to detect malware communications.

A C++ library for recovering the encryption key used by the WannaCry ransomware.

A curated list of domains using Cloudflare DNS at the time of the CloudBleed security incident.

A community-driven checklist for securing Ruby on Rails applications.

A Python library that decrypts and logs a process's SSL traffic for security analysis.

Portspoof is a C++ library that generates fake open ports to detect and mitigate network scanning attempts.

Operational information about the Log4Shell vulnerabilities in the Log4j logging library.