Trending Projects

A security platform for managing application assets, vulnerabilities, and security knowledge.

This Rust library provides a framework for using Notion as a platform for offensive operations.

A cheatsheet for bypassing a browser's XSS filter, useful for security researchers and penetration testers.

This is a workshop focused on local privilege escalation techniques on Windows and Linux systems, not a developer tool for AI-powered coding.

A Chrome extension and Express server that exploits keylogging abilities of CSS.

Rule sets for Surge proxy clients (iOS/Mac) with ad-blocking, anti-censorship, and GFW bypass capabilities.

A curated list of domains using Cloudflare DNS at the time of the CloudBleed security incident.

This is an exploit for a vulnerability (CVE-2019-11043) and not a developer tool or platform.

This is a Java-based one-click scanning tool for security researchers and penetration testers.

Woodpecker is a high-risk vulnerability detection and deep exploitation framework for vibe coders.

A demo of overriding a user's clipboard content, which can be used for security research.

This Python-based tool can bypass firewalls and forward traffic using a webshell, potentially useful for security research.

A collection of resources for Python security and code review, aimed at security-conscious developers.

A collection of techniques and resources for bypassing MySQL SQL injection vulnerabilities.

Advanced honeypot framework for security researchers and developers.

A memory-based evasion technique to make shellcode invisible from process start to end.

A comprehensive penetration testing framework for security researchers and red teams.

This Go-based GitHub leak scanning system helps developers and security teams monitor for leaked credentials and sensitive data.

This Python project extracts and collects strong and weak passwords from previously leaked password data.

Active Directory assessment and privilege escalation script for security researchers and penetration testers.

An online port scan scraper written in Python for penetration testing and security research.

KeySweeper is a stealthy Arduino-based device that wirelessly sniffs, decrypts, and logs keystrokes from Microsoft wireless keyboards.

A file-sharing tool that allows you to find the responsible person in case of a data leakage.

A collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+, a popular red team toolkit.

Unix Privesc Check is a shell script that checks for common Unix privilege escalation vectors.

A comprehensive scanner for the Log4j RCE vulnerability (CVE-2021-44228) to help secure your applications.

YARA signature database for threat detection, malware analysis, and security scanning

Curated cheatsheets & command snippets for penetration testing and security research

Deprecated security and incident response platform for enterprises, built on the ELK stack.

This project provides research articles and fileless webshells to bypass professional detection tools.

Attack surface mapping tool for CVEs

A community-driven checklist for securing Ruby on Rails applications.

This repository provides resources and learning materials for software security research and education.

A deprecated client for the Privacy Pass protocol, providing unlinkable cryptographic tokens for browser extensions.

A macOS Mail plugin to block email trackers, read receipts, and spy pixels for privacy protection.

An automated, modular cryptanalysis tool for security researchers and penetration testers.

A Python library that decrypts and logs a process's SSL traffic for security analysis.

This GitHub repository contains a collection of anti-virus evasion techniques for developers.

A collection of proof-of-concept exploits for various software vulnerabilities, primarily focused on Java-based applications.

UICKeyChainStore is a simple Objective-C wrapper for securely storing data in the Keychain on iOS, watchOS, tvOS, and macOS.

An on-path blackbox network traffic security testing tool written in Python.

Conceal provides easy Android APIs for performing fast encryption and authentication of data.

Detect and fingerprint WAF technologies, test bypass techniques for security research

Firefox hardening configuration script for enhanced privacy and security

Reverse shell handler for Linux and Windows

A security and network analysis tool for penetration testing and man-in-the-middle attacks.

Android reverse engineering tool for unpacking apps via memory analysis and code extraction.

A PowerShell Runspace Post Exploitation Toolkit for security research and penetration testing.

Hostfile blocklist for ads and tracking, updated regularly to improve privacy and performance.

A Python framework for detecting vulnerabilities in content management systems (CMS).