Trending Projects

AoiAWD is a portable, low-privilege EDR system designed for cybersecurity competitions.

Privilege escalation tools for Windows and Linux with color-coded outputs

A comprehensive resource for bug bounty hunters, covering payloads, bypasses, and other security techniques.

This is an automated phishing tool with 30+ templates, made for educational purposes only.

An NSE script that leverages the Vulners.com API to provide vulnerability information for Nmap scans.

A comprehensive collection of Android and iOS mobile security resources and tools for developers.

Pre-built vulnerable Docker environments for security research and learning

This GitHub repository provides a collection of free security and hacking ebooks for developers.

Burpsuite Professional is a popular web application security testing tool used by security professionals.

A fast passive subdomain enumeration tool for security researchers and bug bounty hunters.

This GitHub repository contains a Proxifier keygen tool, written in Python, for developers who need to bypass network restrictions.

A curated list of awesome search engines for penetration testing, vulnerability assessments, and security research.

This is a powerful DDoS attack script written in Python with 56 different attack methods.

An Android app for online privacy and security, featuring tools like Tor, I2P, and DNSCrypt.

NoDPI is a Python utility for bypassing DPI (Deep Packet Inspection) to circumvent internet censorship.

A scalable fuzzing infrastructure to find vulnerabilities and improve software stability.

This repository contains a comprehensive checklist of web and API vulnerabilities for bug bounty hunters and security researchers.

OpenVPN is an open-source VPN daemon that provides secure and reliable virtual private network connections.

Protect against DNS poisoning in China with this lightweight DNS proxy written in C.

This GitHub repository contains a collection of tools and techniques for Red Team and penetration testing activities.

This repository provides free SSR/V2ray node subscriptions and related tools for bypassing internet censorship.

A curated list of security resources for all connected IoT/embedded devices and firmware.

This is a work-in-progress repository that collects and organizes past talks and materials related to Kubernetes, containers, and virtualization security.

A Chrome extension and Express server that exploits keylogging abilities of CSS.

This repository provides a collection of deals and discounts for InfoSec-related software and tools during the Black Friday season.

A program designed to search for and eliminate silent cryptocurrency miners on a system.

OpenSnitch is an interactive application firewall for Linux that helps developers secure their systems.

VeraCrypt is a disk encryption tool with strong security based on TrueCrypt, not a developer tool for vibe coders.

LuLu is a free, open-source macOS firewall that provides protection against unauthorized network access.

An open-source remote vulnerability testing framework for security research and penetration testing.

This is an open-source webshell project that provides access to remote servers through various scripting languages.

A Python script that exploits .git folder disclosure to retrieve source code from web servers.

An open-source password manager with end-to-end encryption and progressive web app capabilities.

Free VPN configs for Russia using shadowsocks, v2ray, vless protocols with whitelist bypass

Advanced offline password cracker supporting hundreds of hash and cipher types across multiple platforms

A Python framework for conducting Man-In-The-Middle attacks, useful for security research and penetration testing.

A comprehensive security and attack surface management platform for penetration testing and vulnerability assessment.

This repository provides a collection of tools and techniques for attacking and defending Active Directory using modern adversary tradecraft.

Teler is a real-time HTTP intrusion detection system written in Go for analyzing logs and detecting threats.

A curated list of awesome resources for the OSCP (Offensive Security Certified Professional) certification.

A collection of Python scripts used during penetration testing engagements.

Sliver is an adversary emulation framework written in Go that can be used for red team engagements.

A standalone man-in-the-middle attack framework for phishing login credentials and bypassing 2FA.

This is a reconnaissance tool for locating smartphones using social engineering techniques.

A penetration testing tool for finding 'delicious candy' (sensitive data) on systems.

DVWA is a PHP web application designed to be insecure, allowing developers to learn and practice web application security testing techniques.

Proof-of-Concept code for a critical remote code execution vulnerability (CVE-2025-55182) in a Python-based application.

This repository provides a comprehensive guide to the OSCE3 (OSWE, OSEP, OSED, OSEE) offensive security certifications.

UICKeyChainStore is a simple Objective-C wrapper for securely storing data in the Keychain on iOS, watchOS, tvOS, and macOS.

A PoC tool to coerce Windows hosts to authenticate to other machines via the MS-RPRN RPC interface.