Trending Projects

This Python-based tool can bypass firewalls and forward traffic using a webshell, potentially useful for security research.

A community-driven checklist for securing Ruby on Rails applications.

A virtual machine for adversary emulation and threat hunting, not a developer discovery platform focused on vibe coders.

A customizable Windows-based virtual machine for threat intelligence analysis and hunting

Passhunt is a tool for searching default credentials across network devices, web apps, and more.

A mirror of a privacy-focused software recommendations repository focused on security and privacy.

This repository provides resources and learning materials for software security research and education.

This repository covers code execution and AV evasion methods for macros in Office documents.

This is a comprehensive network security tool for professionals and enthusiasts, featuring decryption, analysis, scanning, and traceability.

A flexible DNS name permutation tool for security researchers and penetration testers.

A blazing-fast security auditing tool for Kubernetes that helps DevOps and security teams secure their cloud-native infrastructure.

Detect and fingerprint WAF technologies, test bypass techniques for security research

Firefox hardening configuration script for enhanced privacy and security

Reverse shell handler for Linux and Windows

Android reverse engineering tool for unpacking apps via memory analysis and code extraction.

An awesome collection of resources for securing Go applications and infrastructure.

An offensive manual web application penetration testing framework written in Python.

This repository is a collection of exploits and hacking tools, not a vibe coder platform.

A comprehensive security checklist for developers, security researchers, and penetration testers.

A comprehensive information gathering tool for security researchers and pentesters.

A comprehensive guide to improving privacy and security on Windows 10.

CredSniper is a phishing framework that supports capturing 2FA tokens for security research.

Automated Red Team Infrastructure deployment using Docker for penetration testing and security research.

A dictionary of common attack vectors for penetration testing, not a developer platform for AI tools.

A C# library for bypassing EDR's active projection DLL's by preventing entry point execution.

Collection of PoC and offensive techniques used by the BlackArrow Red Team

A Python library for decoding common remote access trojans (RATs) used by cybercriminals.

A transparent ransomware claim tracker for monitoring and analyzing ransomware activity on the dark web.

Automation tools for internal Windows penetration testing and Active Directory security research.

This project provides research articles and fileless webshells to bypass professional detection tools.

A powerful mobile security testing framework for automating instrumentation and dynamic analysis of mobile apps.

WeChat database decryption tool for extracting encrypted messages and keys from SQLCipher 4

OSINT tool for email/username enumeration across platforms. Security research & investigation focused.

This is a public repository for the AppSec Ezine, a resource for application security professionals.

A Go reverse shell that communicates over DNS for bypassing firewalls and restricted networks.

An open-source, stateless password manager that prioritizes privacy and self-hosting.

A hardware U2F security token optimized for physical security, affordability, and style.

Android library that provides a secure way to store sensitive data in shared preferences with encryption.

A pure-Python, fully automated and unattended fuzzing framework for software testing and security research.

This is a collection of resources related to SSRF (Server-Side Request Forgery) for security researchers and developers.

A password cracking tool for Windows that can bypass authentication without privileges

A penetration testing tool and framework for security researchers and ethical hackers.

This is a one-click script to set up Shadowsocks/ShadowsocksR and enable BBR kernel acceleration on Ubuntu/CentOS/Debian.

Woodpecker is a high-risk vulnerability detection and deep exploitation framework for vibe coders.

A collection of techniques and resources for bypassing MySQL SQL injection vulnerabilities.

A Swift library for performing RSA public/private key encryption, useful for mobile app security.

This repository is a comprehensive book focused on penetration testing and the ATTCK framework, not a developer discovery platform for vibe coders.

AntiSpy is a free anti-virus and rootkits toolkit that can detect, analyze, and restore kernel modifications.

A private messaging system that hides metadata, built with Go, focused on privacy and research.

An open-sourced remote vulnerability PoC/EXP framework for penetration testing and security research.