Client emulator to play steam games on LAN without Internet connection.
Ultimate Cybersecurity Roadmap (2025 Edition) | Beginner to Advanced Guide | Learn Ethical Hacking, SOC Analysis, Threat Hunting, Incident R…
Information on the WIP Custom Nintendo WiiU/3DS/2DS server and service replacements
Lists of .NET Deobfuscator and Unpacker (Open Source)
Lists of .NET Obfuscator (Free, Freemium, Paid and Open Source )
Templates and scripts for 010 editor
Kali Linux terminal-like interactive portfolio website
Projects for security students
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
A word list containing 25,000 of the most common English words, divided into syllables.
BlueTeam, RedTeam, Bug bounty, CTI, OSINT, Threat Hunting, Network and Web Recon, Discovery, Enumeration, Vulnerability Mapping, Exploitatio…
365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
A variant of the Largest Area Fit First (LAFF) algorithm + brute force algorithm
Collocation of technical documentation and guides for devops, developers, pentesters, systems administrators and other IT professionals webs…
Depending on the configuration made by the infrastructure analyst, there are some ways to get past the 403-forbidden error generally by conf…
A new approach to fighting cross-session tracking: multi-layer online fingerprint obfuscation. Spoofs browser/OS (headers & JS), hardware, T…
Python based script for Information Gathering.
A workbench for developing 6502 code.
🔱 [ Phishing Simulation Made Easy ] 🔱. Simple and beginner friendly automated phishing simulation page creator.
This repository contains POC scenarios as part of CVE-2025-0411 MotW bypass.
Linux Driver for USB WiFi Adapters that are based on the RTL8811AU and RTL8821AU Chipsets - v5.12.5.2
Linux Driver for USB WiFi Adapters that are based on the RTL8811CU, RTL8821CU, RTL8821CUH and RTL8731AU Chipsets - v5.12.0.4
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
A CTF platform designed for A1natas.
AWS Identity and Access Management Visualizer and Anomaly Finder
Implementations of some Android Auto features as unofficial IDrive apps
ABCDE是一个使用Kotlin编写的OpenHarmony逆向工具包,目前已经实现的功能为解析方舟字节码文件中 的类信息、方法信息、字面量数组信息以及对方法进行反汇编,解析资源索引文件等功能。
Everything for pentest. | 渗透测试知识库,以 AI Agent 可执行的格式沉淀安全方法论。
Network security sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers.
阿里云aliyun/腾讯云tencentcloud/华为云huaweicloud/aws等各种云厂商的accesskey运维安全工具,accesskey利用工具,包括但不限于创建ecs、ecs查询和命令执行、oss查询和批量下载等各种功能,aws accesskey rce;re…
ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminating t…
open source security auditing tools for games on android and linux. Containing memory scanner/editor, apk GUI, value freezer, android non ro…
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Enumerate AD through LDAP with a collection of helpfull scripts being bundled
A Network Enumeration and Attack Toolset for Windows Active Directory Environments.
Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. …
Active Directory Penetration Testing for Red Teams
A modular Active Directory lab builder for hands-on penetration testing and security research in isolated environments.
Provides various Windows Server Active Directory (AD) security-focused reports.
Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?
ADB-Toolkit V2 for easy ADB tricks with many perks in all one. ENJOY!
Lean and powerful adblocking solution for OpenWrt
ADB WEBKIT Access ADB On Browser With Awesome UI …
Create local administrators with the SAMR API (lowest-level technique). Implemented in C#, Crystal, Python and Rust
Active Directory Forensic Toolkit : Detect & reconstruct AD attacks from Windows event logs (EVTX)
Varied and carefully selected filter lists and consolidates for use in AdGuard Home.
This is the fastest way to get admin rights at work, school, etc., in just a few seconds.
today we will hack the admin panel of the site.
AdminPBuster identifies hidden admin panels for any domain using a built-in wordlist that includes both common and obscure paths, effectivel…
Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.ed…
Collect and query ADS-B data to find aircraft and trends based on geographic region(s), altitude, bearing, aircraft type and more.
Free Active Directory pentesting tool and Linux CLI for AD enumeration, BloodHound, Kerberoasting, ADCS, DCSync, and attack paths.
Timeline of Active Directory changes with replication metadata
An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signatu…
🔥 Repo related to my FrontendMasters course. An Advanced Web Dev Quiz that covers a wide range of the things web devs get to deal with on a …
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Bl…
Supporting materials for my "Intelligence-Led Adversarial Threat Modelling with VECTR" workshop
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
This is Advance Phishing Tool ! OTP PHISHING
Automated PowerHacker Suite: Your all-in-one solution for ethical hacking. Conduct comprehensive network mapping, vulnerability assessments,…
Active Directory information dumper via ADWS for evasion purposes.
The ATT&CK Emulation Library includes a collection of adversary emulation plans used in published ATT&CK Evaluations.
PowerShell Obfuscator. A PowerShell script anti-virus evasion tool
A Security Tool for Bug Bounty, Pentest and Red Teaming.
A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations…
Age based repository file encryption gitops tool
Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis. 49 rules mapped to OWASP Agentic Top 10 (202…
Official python agent for using the distributed hashcracker Hashtopolis
Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnera…
A CLI tool for threat modeling and visualizing AI agents built using popular frameworks like LangGraph, AutoGen, CrewAI, and more.
A security scanner for your LLM agentic workflows
ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy.
[NeurIPS 2024] Official implementation for "AgentPoison: Red-teaming LLM Agents via Memory or Knowledge Base Backdoor Poisoning"
Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor for supply chain attacks, test prompt inject…
A collection of useful scripts for Cobalt Strike
contains utils for AGS: game extractor, repacker, disassembler and assembler
An “open-thoughts” research — Ad Hoc Broadcast, Trace, and Revoke.
Build AI-powered security tools. 50+ hands-on labs covering ML, LLMs, RAG, threat detection, DFIR, and red teaming. Includes Colab notebooks…
🤖 Curated AI OSINT resources — Google dorks, Shodan queries, GitHub dorks, and techniques to discover exposed LLM endpoints, leaked AI API k…
🚀 AI-powered JavaScript Decompiler & Deobfuscator. 基于 AI 与 AST 的 JS 代码分析与混淆还原工具,把不可读的构建产物变成人能看懂的代码。
Learn AI security through a series of vulnerable LLM CTF challenges. No sign ups, no cloud fees, run everything locally on your system.
A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and…
Top Things to do After Installing Kali Linux
Penetration Testing AI Assistant based on open source LLMs.
AI/ML/LLM Penetration Testing Toolkit by Mr-Infect — the #1 GitHub resource for AI security, red teaming, and adversarial ML techniques. Thi…
AI-Assisted Reverse Engineering with Ghidra
XBot - Advanced AI Cybersecurity Agent | Gemini system prompt for automated penetration testing and security assessments
Clone any website with one command using AI coding agents
AI for Ethical Hacking - Workshop
Turn any LLM into an autonomous pentester. You define the scope, the agent does the work, you review the findings.
Aidsfuscator is a java bytecode obfuscator that aims to become the best, if not then one of the best, free obfuscators. Join the discord se…
AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovati…
Universal ROBLOX Aimbot Module
A collection of unified blocklists designed to provide complete filtering capabilities for different online threats. These blocklists are cu…
Air Script is a powerful Wi-Fi auditing tool with optional email alerts for captured handshakes.
Complete suite of tools for 802.11 WEP and WPA/WPA2 cracking. Includes monitoring (airodump-ng), attacking (aireplay-ng), testing (airmon-ng…
WiFi security auditing tools suite
AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and …
Multi-use bash script for Linux systems for auditing wireless networks. Automates various wireless attacks including handshake capture, evil…
This is a multi-use bash script for Linux systems to audit wireless networks.
Enhanced functions and new features for airgeddon!
A WiFi security auditing software mainly based on aircrack-ng tools suite
AIRT — A free, open-source AI Red Teaming course with 8 modules and hands-on Docker labs. Built with Perplexity Computer.
Code Repository for: AIRTBench: Measuring Autonomous AI Red Teaming Capabilities in Language Models
AiScan-N 来了!这是一款基于人工智能驱动的Ai自动化网络安全(运维)工具,专注于网络安全评估、漏洞扫描、运维、应急响应、渗透测试自动化,Ai大模型工具集【CLI Agent】 ,Ai驱动的安全检测技术,提升安全测试(运维)效率,专为企业和个人用户打造,尤其适合初学者(小白…
Aizawa is a command-line webshell designed to execute commands through HTTP header
A Windows Botnet written in Golang
Search and browse documents and data; find the people and companies you look for.
Albanian Hacking Tool!! Tools to help you with ethical hacking, Social media hack, phone info, Gmail attack, phone number attack, user disco…
This project is all about ICS Security. In an effort to contribute to the ICS community.
A C#-based webshell management tool for penetration testing.
Hunt down 840+ social media accounts using AI
Complete reverse engineering of Alipay SecurityGuard SDK — 9 CVEs (MITRE #2005801), AVMP VM bypass, 396/408 (97%) unprotected JSBridge APIs
Re-implementation of Oddworld: Abe's Exoddus and Oddworld: Abe's Oddysee
Practical labs, notes, and reports for CEH v13 modules — covering web hacking, network pentesting, malware analysis, social engineering, and…
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
All-in-One Hacking Tools For Hackers! And more hacking tools! For termux.
A comprehensive tool that assists penetration testing projects. It is a flexible, compact and efficient scan tool mainly used for lateral pe…
Intentionally vulnerable Android application.
Repository for the code snippets from the AllThingsIDA video channel
I started this blog around 1996, hosting it on geocities.com at first. What started as a small collection of random posts about chess and co…
IDApython Scripts for Analyzing Golang Binaries
All of my hacking tools that are available for free to the public - 200+ hacking tools all opensource also 10,500 COMMITS!!!
OWASP tool for in-depth DNS enumeration, network mapping, and attack surface discovery. Uses both passive and active techniques to find subd…
In-depth attack surface mapping and asset discovery
OWASP Amass Docker Compose for setting up a full instance of the infrastructure
Amazing Sandbox - run third-party tools and AI agents securely on your machine
Parse and analyze a Windows Amcache.hve registry hive, VirusTotal integration.
A Rust implementation of Obfuscator-LLVM (OLLVM) passes
A Minimalist Instruction Extender for the ARM architecture and IDA Pro
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Director…
yet another tool for analysing binaries
Collection of PowerShell AMSI (Antimalware Scan Interface) bypass techniques. Patches AMSI in-memory to prevent PowerShell scripts from bein…
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
Strumenti di Acquisizione e Analisi di copie Forensi
Альтернативы и аналоги бота Глаз Бога и похожие Телеграм боты для поиска и анализа информации.
analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple …
Inject a shared library into a process using ptrace
Reverse engineering and pentesting for Android applications
Crack Android PIN, passwords, patterns, gestures
Disassemble ANY files including .so (NDK, JNI), Windows PE(EXE, DLL, SYS, etc), linux binaries, libraries, and any other files such as pict…
移动安全漏洞挖掘专家SKILL,基于 HackerOne 真实报告的移动安全漏洞挖掘知识库,提供 Android 和 iOS 应用的漏洞挖掘手法、技术细节和代码模式分析。
This is more of a checklist for myself. May contain useful tips and tricks. Still need to add a lot of things.
Delve into a comprehensive checklist, your ultimate companion for Android app penetration testing. Identify vulnerabilities in network, data…
A big list of Android Hackerone disclosed reports and other resources.
Inspect and intercept full HTTP requests sent from Android WebViews
🔓A Curated List Of Modern Android Exploitation Conference Talks.
The script allows to bypass SSL pinning on Android >= 7 and makes APK file ready for HTTPS traffic inspection
Remove Certificate Pinning from APKs
Android-BackDoor is a python and shell script that simplifies the process of adding a backdoor to any Android APK file. It also exploits the…
androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of…
androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of…
📖 从 0 到 1,系统化学习 Android 逆向,让学习变得有趣、好玩、易上手!
Tool to check the strength of Android root and emulator detection
A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
AndroRAT | Remote Administrator Tool for Android OS Hacking
AndroSH No-Root Multi-Distro Linux on Android via Shizuku/ADB - Run Arch, Fedora, Alpine, Debian, Ubuntu, Kali, Void, Manjaro, OpenSUSE & Ch…
Penetration testing and auditing toolkit for Android apps.
Run interactive android exploits in linux.
Android Unreal Engine Dumper Tool
Python binary analysis framework supporting both static and dynamic symbolic execution (concolic execution). Used for automatic exploit gene…
Repo for various angr ipython features to give it more of a cli feeling
AngryOxide was developed as a way to learn Rust, netlink, kernel sockets, and WiFi exploitation all at once.
Ankermake M5 protocol specifications and libraries *NOT AFFILIATED WITH ANKER*
A flexible, AI powered C2 framework built with operators in mind
Redirect All Traffic Through Tor Network For Kali Linux
This is a DDOS tool {denial-of-service} by sending commands to botnet members. Botnet members can be called zombies and the botnet itself ca…
Ansible role to apply a security baseline. Systemd edition.
754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · …
Independent research white paper by Jon “GainSec” Gaines examining the security posture of a connected public safety technology ecosystem.
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target sy…
㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
Real-time detection of anti-bot systems, CAPTCHAs & fingerprinting techniques. Identifies Cloudflare, Akamai, DataDome, reCAPTCHA, hCaptcha,…
.NET Project containing plenty of advanced techniques to detect various types of malicious actions on your software, with syscall support.
A jailbreak tweak / dylib that hardens jailbroken devices against WebKit RCE and iMessage zero-click exploits like Coruna / DarkSword / BLAS…
AntiHunter Perimeter Defense Systems - DIGI Node Firmware
a library for performing fast, configurable cleansing of HTML coming from untrusted sources
Anubis is a subdomain enumeration and information gathering tool. Anubis collates data from a variety of sources, including HackerTarget, DN…
[UNMAINTAINED] A Python script to obfuscate and protect your code through anti debuggers, junk code and custom encryption.
You should never use malware to infiltrate a target system. With the skill of writing and exploiting technical codes, you can do the best wa…
全能协议分析工具:浏览器抓包 + MITM 代理 + 指纹伪装 + AI 分析 + MCP Server 无缝对接 AI Agent/IDE | All-in-one protocol analysis toolkit — built-in browser capture,…
Static and dynamic Android application security analysis
📲 Apepe is a project developed to help to capture informations from a Android app through his APK file. It can be used to extract the conten…
…
AI-powered offensive security testing using autonomous agents, directly in your terminal.
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).
List of API's for gathering information about phone numbers, addresses, domains etc
On demand query API for https://github.com/davidonzo/Threat-Intel project.
memory search and patch tool on debuggable apk without root & ndk
🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection
🛠 Tools and scripts to manipulate Android APKs
Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK.
apk加固特征检查工具,汇总收集已知特征和手动收集大家提交的app加固特征,全网最全开源加固特征,支持40+厂商的加固检测,欢迎大家提交无法识别的app
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intend…
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Advanced Android AV Evasion Tool Written In Python 3 that can Embed/Bind meterpreter APK to any Legitimate APK
apkInspector is a tool designed to provide detailed insights into the zip structure of APK files, offering the capability to extract content…
Android Reverse-Engineering Workbench for VS Code
Scanning APK file for URIs, endpoints & secrets.
Scan for secrets, endpoints, and other sensitive data after decompiling and deobfuscating Android files. (.apk, .xapk, .dex, .jar, .class, .…
Open-source, cross platform Qt6 based IDE for reverse-engineering Android application packages. It features a friendly IDE-like layout inclu…
Tool for reverse engineering Android APK files. Decodes resources to their original form, rebuilds decoded resources back to APK. Supports s…
A tool for reverse engineering Android apk files
A MCP Server for APK Tool (Part of Android Reverse Engineering MCP Suites)
Extract endpoints from APK files
在数字化浪潮下,钓鱼攻击已成为企业网络安全的主要威胁之一。仿冒网页、恶意邮件等钓鱼手段层出不穷,一旦员工不慎中招,可能导致企业核心数据泄露、系统瘫痪、财产损失等严重后果。在此背景下,阿波罗安全风险演练平台ApolloFish)应运而生,平台以“实战演练赋能安全意识提升”为核心目标…
make it possible to run method of android-app with original Java Virtual Machine.
A collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quick…
AppSec Payloads Arsenal for Pentration Tester and Bug Bounty Hunters
AppVerifier is an app signing certificate hash viewer and verifier.\ It enables you to easily verify that your apps are genuine with others!
Interesting APT Report Collection And Some Special IOCs
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea…
Pull some Malware samples here for other security researchers/malware analyst's to analyze and play with.
APT38 Tactic PoC for Stealing 0days from security researchers
Automated pentest reporting with custom templates, project tracking, customer dashboard and client management tools. Streamline your securit…
Helm Charts For Installing Aqua Security Components
Tool for visual inspection of websites across large numbers of hosts. Takes screenshots of web pages, performs basic HTTP probing, and gener…
Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTT…
A privacy-respecting, ad-free, self-hosted Google metasearch engine with strong security that offers full API support and utilizes Qwant for…
The Arch Linux Security Tracker is a lightweight flask based panel for tracking vulnerabilities in Arch Linux packages, displaying vulnerabi…
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
Hacking Methodology, Cheatsheats, Conceptual-Breakdowns
An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv…
Arcjet JavaScript (JS) / TypeScript SDK. Stop bots and automated attacks from burning your AI budget, leaking data, or misusing tools with A…
Argo is an automated general crawler for automatically obtaining website URLs . Argo 是一个自动化扫描器爬虫 用于自动化获取网站的URL 基于go-rod实现了静态和动态结合的方式来实现
This script will automatically set up an OSINT workstation starting from a Ubuntu OS.
The Ultimate Information Gathering Toolkit
HTTP parameter discovery suite. Finds hidden HTTP parameters in web applications by checking 25,000+ parameter names. Supports GET, POST, JS…
HTTP parameter discovery suite.
HarmonyOS NEXT Decompiler(纯血鸿蒙反编译器)
Local-first AI-powered document intelligence platform for investigative journalism
ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
ARL 资产侦察灯塔系统(可运行,添加指纹,提高并发,升级工具及系统,无限制修改版) | ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检…
基于ARL v2.6.2版本源码,生成docker镜像进行快速部署,同时提供七千多条指纹
基于ARL-V2.6.2版本自研 ARL的安装这里就不多赘述了,可以看这里 https://github.com/ki9mu/ARL-plus-docker/blob/dev/ARL-README.md
A minimalistic ARP scan tool written in Rust for fast local network scans
Android binary resources read/write library
Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty
Red Team tools, infrastructure, and hardware weaponized
The classic launcher, evolved. Fast, Go-based command library equipped with 200+ cybersecurity cheat-sheets. Just install and start hacking.
A modular vulnerability scanner with automatic report generation capabilities.
A cross platform forensic parser written in Rust!
:books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.
Artículos relacionados a la Ciberseguridad y Hacking.
Open-source universal artifact registry. Drop-in Artifactory/Nexus alternative with 40+ package formats, security scanning, WASM plugins, an…
🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Download IP block lists by ASN - network provider addresses, updated daily
Download autonomous system list organized by ASN
It records your screenshots and code, then lets you upload to ASHIRT
Adversary Simulators High-Fidelity Intelligence and Reporting Toolkit
AI-Powered Malware Analysis & Threat Intelligence for Ghidra Transform your static analysis workflow with cutting-edge AI capabilities, comp…
ASM2HEX 是一款功能强大的汇编语言与十六进制机器码相互转换工具。它提供了一个直观的图形界面,让用户可以轻松地在汇编指令和对应的机器码之间进行转换。无论你是处理 ARM64、ARM 还是 Thumb 指令集,ASM2HEX 都能提供准确可靠的转换结果。ASM2HEX is a…
The most powerful ARM 64 (v8, v9) Assembler / Disassembler for .NET
A library for creating, reading and editing PE files and .NET modules.
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Netwo…
Go CLI and Library for quickly mapping organization network ranges using ASN information.
AspGoat is an intentionally vulnerable ASP.NET Core application for learning and practicing web application security.
Creates an HTML-report with analysis of commit statistics
AssemblyLine 4: File triage and malware analysis
Base components for Assemblyline 4 (Datastore, ODM, Filestore, Remote Datatypes, utils function, etc...)
GUI Application to work with engine assets, asset bundles, and serialized files
Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner.
Automated Security Testing For REST API's
Astral-PE is a low-level mutator (Headers/EP obfuscator) for native Windows PE files (x32/x64)
[WIP] A Modern Rust Remote Administration Tool for Windows.
1. Edit .env file to set: - DATA_STORE: Absolute path to a folder to store player exploit related files. - USERID: The user:group id tuple t…
Athena OS is a Arch/Nix-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!
Athena OS Nix configuration files focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!
My set of tools. The code is more important than the features, so feel free to reuse it. 🙂
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
The collaborative workspace for visual verification
ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilitie…
A simple tool designed to create Atomic Red Team tests with ease.
Advanced dork Search & Mass Exploit Scanner
Utilities for working with the MITRE™ ATT&CK™ framework, including a relational data model and an adversary emulation planning tool.
Enterprise penetration testing management platform. Manages projects, schedules, findings, evidence, and generates branded reports. Includes…
AttackMate is an attack orchestration tool that executes full attack-chains based on playbooks.
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
AttifyOS is a penetration testing distro for security professionals to assess the security of Internet of Things (IoT) devices. The latest v…
AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.
Audits performed by Solidified
Reverse engineering assistant that extracts strings and related pseudocode from a binary file.
Execute commands across Windows and Linux systems using multiple RCE methods
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Automatic encoding detection and decoding CLI tool for CTF and security analysis
this is an old joke
This repo contains the codes of the penetration test benchmark for Generative Agents presented in the paper "AutoPenBench: Benchmarking Gene…
AutoAR is an automated security reconnaissance tool, ASM and Discord bot for bug bounty hunters and penetration testers. It automates gather…
AutoAudit—— the LLM for Cyber Security 网络安全大语言模型
Automated Forensics Orchestrator for Amazon EC2 and EKS is a self-service AWS Guidance implementation that enterprise customers can deploy t…
The Automation Working Group seeks to leverage automation technologies to reduce the workload related to reporting and managing vulnerabilit…
CLI enabling more autonomous black-box penetration tests using Large Language Models (LLMs)
AutoPentestX – Automated Pentesting & Vulnerability Reporting Tool
Semantic analysis engine for detecting vulnerability fixes in Windows kernel driver patches — 58 YAML rules, Ghidra decompilation, reachabil…
Hardware hacker’s flying probe automation stack for agent-driven target discovery, microscope mapping, safety-monitored CNC motion, probe …
Digital forensics platform and graphical interface to The Sleuth Kit. Features timeline analysis, keyword search, web artifact extraction, f…
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law…
Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack. Implemented in C#, C++, Crystal, Pyth…
AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
Enterprise AI Red Team Platform | 企业级AI红队平台 | 132 MCP Tools | Pure Python Engines | SDK+CLI+MCP | Auto-Download sqlmap/nuclei/ffuf | Product…
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection exten…
Automagically extract forensic timeline from volatile memory dump
This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of runn…
This repository contains material related to A Versatile Cybersecurity Development Lifecycle (AVCDL)
An online AV evasion platform written in Springboot (Golang, Nim, C) supports embedded, local and remote loading of Shellocde methods.
📱 Avilla Forensics: A Global Revolution in Mobile Forensics Avilla Forensics is much more than a simple data extraction tool – it represents…
AVML - Acquire Volatile Memory for Linux
Analyse your malware to surgically obfuscate it
Transforms a .NET binary into a chain of meaningless-looking await expressions.
这是一本能让你从零开始学习AWD并深入AWD的手册,我也会根据经验和需求逐步完善相关内容。如果你要参加AWD相关比赛,相信本项目能给你带来帮助~
Watchbird A powerful PHP WAF for AWD …
Awesome collection of resources 😎 Work in progress🔥
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programmin…
A curated collection of free or freemium web-based penetration testing and vulnerability analysis tools. These tools assist security profess…
Welcome to "Awesome Incident Response," the ultimate open-source repository designed to simplify and guide you through the intricate world …
A list of useful Crypto resources for OSINT investigations
Welcome to the ultimate list of resources for AI in cybersecurity. This repository aims to provide an organized collection of high-quality r…
A curated list of tools, papers, and datasets for applying AI to cybersecurity tasks. This list primarily focuses on modern AI technologies …
A list of articles, videos, and tools related to the use of AI for OSINT.
ai reverse 一把梭
A curated list of awesome Android Reverse Engineering training, resources, and tools.
List of Awesome Asset Discovery Resources
A curated list of algorithms and papers for auditing black-box algorithms.
Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Se…
Curated collection of cybersecurity tools featured in Black Hat Arsenal events.
A curated list of tools officially presented at Black Hat events
List of Bluetooth BR/EDR/LE security resources
A curated compilation of extensive resources dedicated to bootkit and rootkit development.
A collection of awesome browser extension useful for OSINT along with their use case.
This is my personal repo, which includes bug bounty tips, a collection of tools, one-liners, and other resources I personally prefer while h…
A curated list of various bug bounty tools
A collection of fascinating and bizarre Censys Search Queries
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
Security testing toolkit for Claude Code: curated SecLists wordlists, injection payloads, and expert agents for authorized pentesting, CTFs,…
Cloud-ops automation runbooks that are ready to use. Build your own automations using the hundreds of drag and drop actions included in the …
A collection of tools to improve your containerized apps security posture
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
A curated list of CTF frameworks, libraries, resources and softwares
A list of Capture The Flag (CTF) frameworks, libraries, resources and software for started/experienced CTF players 🚩
A curated list of tools useful within the field of cyber security, for both blue and red team operations.
A collection of awesome platforms, blogs, documents, books, resources and cool stuff about security
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
Awesome .NET Security Resources
The best of Dutch OSINT Sources
Awesome EDR Bypass Resources For Ethical Hacking
😎 🔗 Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
Collection of Event ID ressources useful for Digital Forensics and Incident Response
A curated list of awesome resources related to executable packing
A collection of awesome resources & modules for the Flipper Zero device. Best used with Rogue Master Flipper Zero Custom Firmware.
The FOFA Library collects usage tips, common scenarios, F&Q, and more for FOFA.
⭐️ A curated list of awesome forensic analysis tools and resources
Protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Awesome Golang Security resources 🕶🔐
😎 Awesome lists about Hackathons around the globe! ✨🎉
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty …
A collection of various awesome lists for hackers, pentesters and security researchers
Awesome hacking is an awesome collection of hacking tools.
A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribut…
A curated list of tools for incident response
A collection of papers, tools about type inferring, variable renaming, function name inferring on stripped binary executables.
A curated list of awesome infosec courses and training resources.
A filesystem cartography and correlation software focusing on visualization. * rbasefind
Cybersecurity oriented awesome list
Awesome Security lists for SOC/CERT/CTI
A curated list of awesome LLM Red Teaming training, resources, and tools.
This project aims to consolidate and share high-quality resources and tools across the cybersecurity domain.
awesome llvm security [Welcome to PR]
A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php.
A curated list of awesome malware persistence tools and resources.
🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️
A curated list of awesome Memory Forensics for DFIR
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
Awesome Node.js Security resources
Awesome Object Capabilities and Capability Security
A collection of awesome one-liner scripts especially for bug bounty tips.
A curated list of awesome OSCP resources
:scream: A curated list of amazingly awesome OSINT
🔍 Curated OSINT & recon toolkit for Kali Linux — 100+ tools, one-command installer, covering SOCMINT, GEOINT, network recon, dark web, foren…
OSINT tools for Information gathering, Cybersecurity, Reverse searching, bugbounty, trust and safety, red team oprations and more.
A curated list of OSINT MCP servers. Pull requests are welcomed!
A curated list of awesome tools, research, papers and other projects related to password cracking and password security.
Collection of cheat sheets useful for pentesting
A comprehensive, step-by-step penetration testing checklist for ethical hackers. Covers pre-engagement, information gathering, analysis, exp…
A curated list of awesome privilege escalation
A curated list of amazingly projects
A compiled list of tools for reconnaissance and footprinting
一个攻防知识库。A knowledge base for red teaming and offensive security.
A curated list of awesome reverse engineering resources for various topics
a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE
Community curated list of search queries for various products across multiple search engines.
A curated list of security card games.
A collection of awesome security hardening guides, tools and other resources
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
A curated knowledge base to build, run and mature a SOC (including CSIRT).
An awesome list for the SpiceDB ecosystem 😎
…
A curated list of Site Reliability and Production Engineering resources.
📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources
🚀 A curated list of awesome testing tools 🚀
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
👓A collection of papers/tools/exploits for UEFI security.
share some useful archives about vm and qemu escape exploit.
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Awesome Vulnerable Applications
🛡️Awesome lists about all kinds of interesting topics of Wazuh XDR/SIEM
A list of web application security
🐶 A curated list of Web Security materials and resources.
A curated list of wordlists for bruteforcing and fuzzing
A curated list of awesome YARA rules, tools, and people.
This repository is a collection of Awesome XSS resources. Contributions are welcome and should be submitted via an issue.
This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.
Pentesting lab with a Kali Linux instance accessible via ssh & wireguard VPN and with vulnerable instances in a private subnet
Easily rotate your AWS access key. :key:
A powerful tool for using AWS Identity Center for the CLI and web console.
awsome kali MCPServers is a set of MCP servers tailored for Kali Linux
Bash Script to automate install of AWUS036ACH Wireless Alfa drivers instead of manually running every command. Works on Kali Linux/Debian Sy…
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf…
Library for parsing and printing compiled Android manifest files
eBPF-powered silent observer for containerized runtimes, built for malware analysis sandboxes and Agentic AI monitoring.
Azul is a malware repository for reverse engineers, incident responders and everyone in-between.
In an Azure AD environment, it's possible to determine whether a user has Multi-Factor Authentication (MFA) disabled without requiring any s…
Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information
B2R2 is a collection of useful algorithms, functions, and tools for binary analysis.
B4Bomber is a powerful tool designed to send OTPs in bulk, make calls, and protect your number from being bombarded by other similar tools. …
The purpose of this tool is: 1. to transliterate and generate possible usernames out of a full names list that may include names written in …
Babeltrace /ˈbæbəltreɪs/ is an open-source trace manipulation toolkit.
Backup Files Wordlist Generator - generate a comprehensive list of potential backup file Wordlist based on a given list URL and backup file …
Collection of links on bad opsec
This Python script allows you to hide a payload within a JPG image using steganography techniques. It uses the stegano library to encode and…
A collection of manifests that will create pods with elevated privileges.
Socket-based TS/JavaScript API for WhatsApp Web
The Binary Analysis Metadata tool gathers information about Windows binaries to aid in their analysis. #nsacyber
Bandit is a tool designed to find common security issues in Python code.
The "bane" Python library stands out as a robust toolkit catering to a wide spectrum of cybersecurity and networking tasks. Its versatile ra…
Android Dex disassembler and Binary Ninja plugin
The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a suite of utilities and libraries that enables analysis of binary prog…
Generator of ANSI C tracers which output CTF data streams
A set of functions to increase productivity while hacking with Bash
Bash post exploitation toolkit
The Official Bash Bunny Payload Repository
Automated Network Reconnaissance and OSINT framework. Streamlines IP tracking, geolocation, and digital footprint analysis in a modular Pyth…
An active attack tool against Wi-Fi networks with internal CMD commands
BatchObfuscator is a tool designed to assist software developers in making their Windows batch scripts difficult to modify and understand. B…
Convert your .bat/.cmd scripts to .exe and protect (obfuscate) them with BatchToApp!
NO LONGER MAINTAINED - Android security & privacy analysis for the masses. 2026 Update incoming WIP
Quelques conseils autour des obligations légales, fiscales et juridique pour la pratique du Bug Bounty en France
The recursive internet scanner for hackers. 🧡
Visualize BBOT scans in realtime with VivaGraphJS
🔥 Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and …
bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, design…
BeaconatorC2 is a framework for red teaming and adversarial emulation, providing a full-featured management interface, along with a catalog …
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Jeopardy-style CTF challenge deployment and management tool.
Browser Exploitation Framework. Hooks web browsers via JavaScript and provides extensive command modules for session hijacking, social engin…
Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script d…
How does BeReal work (Under the hood)
A list of useful payloads for Web Application Security and Pentest/CTF
ffffffff0x team toolset for penetration testing, cryptography research, CTF and daily use. | ffffffff0x 团队工具集,用来进行渗透测试,密码学研究,CTF和日常使用。
WiFi jammer for Windows 2026 from GitHub. Deauth attack tool with network scanner & monitor mode. Stand-alone app for security testing.
The goal of this project is to provide additional features on top of the existing npm audit options
A backdoor with a multitude of features.
Swiss army knife for network attacks and monitoring. Supports ARP spoofing, DNS spoofing, SSL stripping, WiFi attacks, Bluetooth LE, BLE sca…
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security
A parsing tool for backgrounditems.btm
Expolit Lists. 相关集合💥💥💥 ;) 用友NC反序列化/ CTF/ Java Deserialization/Shiro Vulns/ CNVD or CVE Vulns/ Log4j2/ Hikvision-decrypter...✨✨✨
一个通过 iOS 逆向分析实现的 无广告版哔哩哔哩 客户端,感谢使用,欢迎Star。
#+title: Binary graph #+options: toc:nil #+startup: showeverything #+author: 8dcc
A command line tool for extracting machine learning ready data from software binaries powered by Radare2
BinAbsInspector: Vulnerability Scanner for Binaries
Commercial reverse engineering platform with an excellent intermediate language (BNIL), Python/C++ API, and collaborative analysis features.…
Collection of Statically linked binaries for Linux. Suited for Forensics
An open-source benchmark for evaluating AI agents' ability to find backdoors hidden in compiled binaries.
Public API, examples, documentation and issues for Binary Ninja
C# protection, packer, and archive scanning library
Raw binary firmware analysis software
Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free de…
BinData - Reading and Writing Binary Data in Ruby
Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".
Quickly find differences and similarities in disassembled code
Ghidra Extension to integrate BinDiff for function matching
Export disassemblies into Protocol Buffers
_Note_: A Snippet version can be copy/pasted from here
A Binary Genetic Traits Lexer Framework
a graphical tool to visualize binary data
Analyze ELF binaries like a boss 😼🕵️♂️
A reversing plugin for cross-decompiler collaboration, built on git.
Firmware analysis tool for searching, extracting, and analyzing binary images. Identifies embedded files and code (file signatures, magic by…
Hex diff viewer using alignment algorithms from biology
Cross-platform embeddable sandboxing
Get Bitdefender Total Security Ultimate on GitHub: a complete, high-performance toolkit for seamless malware defense and professional protec…
Obfuscator for .NET and Mono, with a customizable engine for building your own obfuscators.
Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.
Extract BITS jobs from QMGR queue and store them as CSV records
The Black Hat Bash book repository
C++ Programming for Hackers
The Black Hat GraphQL Book Repository
A collection of advanced Python scripts for cybersecurity, penetration testing, and ethical hacking.
🏴☠️ tools (py3 version) of Black Hat Python book 🏴☠️
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Install the tools and start Attacking , black-tool v5.5.5 ! ⬛
GUI based offensive penetration testing tool (Open Source)
An ArchLinux based distribution for penetration testers and security researchers.
An OSINT tool to search for accounts by username and email in social networks.
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
BLACKEYE v2.0 | New Phishing tool with localtunnel (Discount)
The ultimate phi8hi5g tool with 41 websites available!
List of free GPTs that doesn't require plus subscription
Source code and exercises from the book "Black Hat Python" by Justin Seitz.
Source code for the book "Black Hat Python" by Justin Seitz. The code has been fully converted to Python 3, reformatted to comply with PEP8 …
Daily updated domains blacklist 🚫
1. google new login page 2. Netflix 3. Linkdin 4. Facebook New Login Page 5. Instagram 6. Apple ID 7. Spotify 8. Bitcoin 9. Paypal 10. Amazo…
Black Obfuscator is an obfuscator for Android APK DexFile, it can help developer to protect source code by control flow flattening, and make…
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come f…
A framework for program analysis with a focus on modeling programmer assumptions, context- and path-sensitive analyses, and type checking.
Simple, fast and lightweight Header-Only C++ Assembler Library
An ESP-32 based multi-tool for pentesting.
A very high-speed, configurable, and portable packet-crafting utility optimized for embedded devices
ipsets dynamically updated with firehol's update-ipsets.sh script
Uses graph theory to reveal hidden and often unintended relationships within Active Directory environments. Attackers use it to find attack …
A community-driven OWASP Foundation project building open-source tools for vulnerability reporting, bug tracking, security automation & cont…
BlueHydra is a Bluetooth device discovery service built on top of the bluez library. BlueHydra makes use of ubertooth where available and at…
A collection of exploits for different VoIP products.
Index the world's undocumented APIs
Reverse Engineering Furby Connect's Bluetooth Protocol and Update Format
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
An Active Defense and EDR software to empower Blue Teams
Another Bluetooth Exploit Framework
A tool which perform deauthentication attack on unpaired bluetooth devices.
This repo shares blue team security notes and resources for detecting and preventing cyber attacks. Topics covered include email, file, log,…
Tools and Techniques for Blue Team / Incident Response
Blue Team detection lab created with Terraform and Ansible in Azure.
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-e…
binary ninja cli for coding agents
Multilayered AV/EDR Evasion Framework (no longer actively maintained)
Bounces when a fish bites - Evilginx database monitoring with exfiltration automation
bof-launcher - a library for loading, executing and in-memory masking BOFs on Windows (x64, x86) and Linux (x64, x86, aarch64, arm). Ready t…
An example reference design for a proposed BOF PE
Bolt is one of the fastest and most feature-packed web proxies ever!
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
BomberCat is the latest security tool that combines the most common card technologies: NFC technology (Near Field Communication) and magneti…
…
BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.
This is a book about Rizin reverse engineering framework and it's originally based on the radare2 book
A small collection of bookmarklets that are useful for OSINT, including ones for e-mail addresses, Facebook, extracting links and WhatsMyNam…
It is an executable that boots Kali-Chroot (one Installed with Nethunter apk) in Termux.
A boot record parser that identifies known good signatures for MBR, VBR and IPL.
Generate smart and powerful wordlists
Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell.
THANKS YOU FOR CODE | credit NixWasHere/NixC2
Use this bot to monitor new CVEs containing defined keywords and send alerts to Slack and/or Telegram.
Decompilation of The Legend of Zelda: Breath of the Wild (Switch 1.5.0)
↕️🤫 Stealth redirector for your red team operation security
Java bytecode obfuscator with GUI
A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery
A static analysis security vulnerability scanner for Ruby on Rails applications
Chromium Browser DoS Attack via document.title Exploitation
🍞 BREAD: BIOS Reverse Engineering & Advanced Debugger
Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media sent with this functionality.
无回显漏洞测试辅助平台,平台使用Java编写,提供DNSLOG,HTTPLOG等功能,辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
"Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber …
Stealer for Windows 10/11 for Chrome, Edge, Firefox, Brave with Wallet, Discord, Telegram and many more functions. Passwords, cookies, autof…
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats …
BrowserBruter is a powerful web form fuzzing automation tool designed for web security professionals and penetration testers. This Python-ba…
BrowserSnatch is a powerful browser stealer or browser data extraction tool intended to be used for ethical hacking or penetration testing.
Wordlists handcrafted (and automated) with ♥
A multi-purpose tool to hack instagram with many options.
These files are part of a CRC parameter brute-forcing tool. Please have a look at http://sitsec.net/blog/2012/02/10/brute-forcing-crc-parame…
A collection of wordlists for security testing, penetration testing, and password analysis.
Some files for bruteforcing certain things.
Instagram multi-bruteforce Platfrom
Bruter is an OSINT tooling, an experiment to build a reconnaissance simple app to have fun 🕵️♂️
Fast, multi-protocol credential brute-forcer. Parses Nmap, Nessus, and Nexpose output to automatically test default and custom credentials a…
Automatically brute force all services running on a target.
Fast, zero-dependency credential testing tool in Go. Brute force SSH, MySQL, PostgreSQL, Redis, MongoDB, SMB, and 20+ protocols. Hydra alter…
Modeling stellar photometry with "brute force" methods
Cheatsheet, Notes, Payloads and Mayhem for Burp Suite Practitioner Exam (BSCP)
This Python script is created to recover Bitcoin wallet addresses from mnemonic phrases and check their balances.
32 BTC Puzzle | BTC BruteForce Contest
Field reference for BTL1 and Tier 1 SOC work — grep-ready cheatsheets, SPL queries, Volatility workflows, live response commands
Bluetooth Low Energy (BLE) packet sniffer and transmitter for both standard and non standard (raw bit) based on Software Defined Radio (SDR)…
Stream head-tracking data from the Samsung Galaxy Buds Pro in real-time
My Notes & Resources Of Bug Bounty Checklists
Bug Bounty Tools used on Twitch - Recon
Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More
My personal bug bounty toolkit.
This repository is a curated resource for aspiring bug hunters, offering hands-on labs, tools, and structured guidance to support your learn…
This repo contains different variants of Bug Bounty & Security & Pentest & Tech related Articles
Repository of Bug-Bounty Writeups
The Repository contains various payloads, tools, tips and tricks from various hackers around the world. Please take a quick look down here 👇…
Identify the organization's global footprint, network boundaries, and historical data.
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
BugScanX All-in-One Tool for Finding SNI Bug Hosts …
The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).
Buildware-Tools is an all-in-one multitool for security research and automation.
Scans a disk image, file, or directory and extracts features such as email addresses, URLs, credit card numbers, phone numbers, and other fo…
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Decompiler, deminifier and deobfuscator for Bun-compiled standalone JavaScript binaries
Patch-level verification for Bundler
🛡️ Open-source and cloud-native Web Application Firewall (WAF)
BurnWP Advanced Exploiter System instead Scanner & Custom Plugin for Pentester
Leading platform for web application security testing. The Community Edition includes an intercepting proxy, repeater, intruder, and decoder…
Marketplace of extensions for Burp Suite covering active/passive scanning, custom insertion points, logging, authentication testing, and int…
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
Burp Suite Certified Practitioner Exam Study
This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.
Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to s…
Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration,…
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the activ…
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and…
Burp Suite extension to discover assets from HTTP response.
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips fo…
1. https://github.com/1N3/IntruderPayloads 2. https://github.com/xl7dev/BurpSuite 3. https://github.com/Mr-xn/BurpSuite-collections
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Latest BurpSuitePro is a script for installing and updating Burp Suite Professional on Linux and Windows, ensuring Java compatibility for sm…
🥧 An open source re-implementation of GameMaker: Studio's runner (YoYo Runner), targeting Undertale v1.08 (Bytecode Version 16)
An open-source post-exploitation framework for students, researchers and developers.
Evade EDR's the simple way, by not touching any of the API's they hook.
BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).
⚠️ Avertissement : Ce projet est strictement éducatif et démonstratif. Il n’a pas vocation à être utilisé dans un contexte malveillant. L’ob…
EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.
Tool that tests MANY url bypasses to reach a 40X protected page.
Bypass WAF SQL Injection SQLMAP
This map lists the essential techniques to bypass anti-virus and EDR
Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supported)!…
takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities
All social Media hacking with information gathering
Useful C2 techniques and cheat sheets learned from engagements
This is the C2 compiler written in C2 itself.
TeamServer and Client of Exploration Command and Control Framework
The C3Mini-BlueJammer (MINI FORMFACTOR) (Bluetooth jammer, BLE jammer, WiFi jammer, RC jammer) disrupts 2.4GHz communications. It generates …
Cache Commander — a TUI and MCP server to explore, audit, and clean developer cache directories. Scan for CVEs, find outdated packages, recl…
Caddy module to block or manipulate requests originating from AIs or cloud services trying to train on your websites
Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)
Obfuscation resilent Java class reader/writer
Cybersecurity AI (CAI), the framework for AI Security
Modern web security auditing tool built as a Rust-based alternative to Burp Suite. Features a clean UI, workflow automation, HTTPQL query la…
🚀 Caido releases, wiki and roadmap
Automated Adversary Emulation Platform
Cam-dumper is a written tool in the language of Python program for hacking CCTV cameras that can access cameras in 20 countries
Cameradar hacks its way into RTSP videosurveillance cameras
CamOver is a camera exploitation tool that allows to disclosure network camera admin password.
Grab cam shots & GPS location from target's phone front camera or PC webcam just sending a link.
Camera phishing screen (to take photos from the front and rear cameras)
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.
Automated IP Camera & Network Video Stream Reconnaissance Toolkit
Automated Payload Reverse Engineering Pipeline for the Controller Area Network (CAN) protocol
Cansina is a Web Content Discovery Application.
The program for scanning and testing city cameras (DVR, RTSP, Hikvision) is a tool developed exclusively for educational purposes to analyze…
The FLARE team's open-source tool to identify capabilities in executable files.
Malware Configuration And Payload Extraction
A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Securi…
capNcook - a dark web exploration tool
Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PP…
Capture the Flag game using the Minetest Voxel Engine
[UNMAINTAINED] A Python script to obfuscate and protect your code by renaming classes, functions, variables and remove comments and docstrin…
Make production Rust binaries auditable
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Adversarial frameworks for Android and iOS sandbox evasion.
Cyber-investigation Analysis Standard Expression (CASE) Ontology
Official code for CAT-Net: Compression Artifact Tracing Network. Image manipulation detection and localization.
⚡️ Catalyst is a self-hosted, open source incident response platform and ticket system that helps to automate alert handling and incident re…
CatSniffer is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices usin…
[scanner] [TcpListener] [FileMiner] [Subscrabber]…
Penetration tests on SSH servers using brute force or dictionary attacks. Written in C.
Extracting URLs of a specific target based on the results of "commoncrawl.org"
CCUPP 是一个基于社会工程学的弱口令密码字典生成工具,通过分析用户的个人信息(姓名、生日、电话、地址等),智能生成可能的弱口令密码字典。
Decompilation of Deus Ex: Human Revolution
CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
📦 Make security testing of K8s, Docker, and Containerd easier.
一个使用 Edns-Client-Subnet(ECS) 遍历智能CDN节点IP地址的工具
The CdsCTF project is an innovative and high-performance CTF platform.
A tool to resolve seccomp just like seccomp-tools, written in C
Certified Ethical Hacker (CEH) v12 Notes
💻 Certified ethical hacker summary in bullet points
This comprehensive repository contains detailed study notes, practical examples, and hands-on labs for Certified Ethical Hacker (CEH) v12 ce…
Generate an Angular 5 CRUD application from an existing database schema (we provide a sample one)
Internet-wide scanning platform that indexes the full certificate and banner data for every publicly reachable IP address. Useful for attack…
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
A C++ tool to unstrip Rust/Go binaries (ELF and PE)
Automated cacert.pem management for PHP projects
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & …
Certified Red Team Professional (CRTP) - Notes
Offensive tool for Active Directory Certificate Services (AD CS) enumeration and abuse. Finds and exploits ESC1-ESC13 misconfigurations in c…
Certonid is a Serverless SSH Certificate Authority
The Certora Prover is the state-of-the-art security tool for automated formal verification of smart contracts running on EVM-based chains, S…
This project aims to be a drop-in replacement for the certstream server by Calidog. This tool aggregates, parses, and streams certificate da…
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive managem…
Custom Word List generator that spiders a target website to build a wordlist based on the site's content. Useful for targeted password attac…
CeWLeR - Custom Word List generator Redefined. CeWL alternative in Python, based on the Scrapy framework.
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark…
ChainReactor is a research project that leverages AI planning to discover exploitation chains for privilege escalation on Unix systems. The …
Rapidly Search and Hunt through Windows Forensic Artefacts
Chalk allows you to follow code from development, through builds and into production.
Live logger and GUI tool for the Chameleon Mini developed for Android OS in Java.
changeme picks up where commercial scanners leave off. It focuses on detecting default and backdoor credentials and not necessarily common c…
"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules…
chat log tool, easily use your own chat data. 聊天记录工具,轻松使用自己的聊天数据
Connect Cursor, Copilot & Claude AI directly to Cheat Engine via MCP. Automate reverse engineering, pointer scanning, and memory analysis us…
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Collection of knowledge about information security
High quality and text versions of cheat sheets from Cyber Detective Twitter
Development environment for Meedan Check, a collaborative media annotation platform
a tool that functions to detect scammers based on telephone number analysis from the total number of markers
Checksystem for attack-defense CTF
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating …
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality rev…
A CHIP-8 interpreter, assembler and disassembler in C
Platform Security Assessment Framework
Fast TCP/UDP tunnel transported over HTTP and secured via SSH. Used for port forwarding and pivoting through restrictive firewalls. Single b…
Chista | Open Threat Intelligence Framework
🔍 Discover if a domain is resolvable or blocked by secure DNS and Ad-blocking services, and experience the innovative idea of DaaS - DNS as …
A lightweight emulation framework for emulating security algorithms in iOS executables and libraries.
CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tool…
A tool to transform Chromium browsers into a C2 Implant
The Cyclops's binary code can be directly downloaded here; It's source code is not provided now.
Wayback Machine OSINT Framework
承影,愿你在光影之间,找到属于自己的锋芒。开源的类 BurpSuite 应用 ChYing — may you find your own edge between light and shadow. An open-source, BurpSuite-like applicat…
Citizen Intelligence Agency. Open-source intelligence platform analyzing Swedish political activities using AI and data visualization. Track…
Complete structured archive of every CIA World Factbook edition from 1990-2025. 281 countries, 36 years, 1M+ parsed data fields in SQL Serve…
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
LEAKED SYSTEM PROMPTS FOR CHATGPT, GEMINI, GROK, CLAUDE, PERPLEXITY, CURSOR, DEVIN, REPLIT, AND MORE! - AI SYSTEMS TRANSPARENCY FOR ALL! 👐
Obtain GraphQL API schema even if the introspection is disabled
CLAP(Contrastive Language-Assembly Pre-training) learns transferable binary code representations with natural language supervision
一个 CLASS 文件混淆工具,支持方法字段参数名引用分析和重命名混淆,支持字符串提取/AES加密运行时解密/整型异或混淆/垃圾代码花指令混淆/错误注解崩溃/特殊字符迷惑用户/反编译器对抗/方法和字段的隐藏等,配置简单,容易上手
ClatScope Info Tool – The best and most versatile OSINT utility for retrieving geolocation, DNS, WHOIS, phone, email, data breach informatio…
ClatsCracker is a versatile Executable & Python based password-cracking tool supporting 25 hash algorithms. It offers dictionary or brute-fo…
AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Co…
Backdooring Claude Code via hooks in settings.json. Authorized use only!
Independent research on Claude Code internals, Claude Agent SDK, and related tooling.
use claude code's agent teams orchestraction with any harness
AI-powered cybersecurity code review skill for Claude Code. 8 specialist agents, OWASP 2025, CWE Top 25, MITRE ATT&CK, 11 languages, zero co…
claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file…
Claude reads its own source code — 17-chapter architectural deep-dive into Claude Code v2.1.88. EN/ZH bilingual.
Claude Code skills for journalism, media, and academia - verification, FOIA, data journalism, academic writing, and more
Claude Code v2.1.88 source analysis: system prompts, 87 hidden feature flags, cost optimization, architecture diagrams, undercover mode, and…
Runtime security enforcement and threat hunting engine for autonomous AI fleets. Build Swarm Detection & Response (SDR) platforms with Clawd…
TikTok User Info Scraper allows you to fetch detailed information about TikTok users by their username or user ID, without requiring logins …
CLDF: Cross-Linguistic Data Formats - the specification
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Claude Code plugin that generates production-grade Python CLIs for any web app. 17 CLIs and counting.
Copy links from the sharing menu with automatic removal of shorteners and trackers.
Open-source security research tool for identifying origin IP exposure of websites protected by Cloudflare and similar reverse proxy services…
Monitoring the Cloud Landscape
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Identify IP addresses owned by public cloud providers
☁️ Curated Cloud OSINT resources — dorks, tools, and techniques for AWS, Azure, GCP, Oracle Cloud, and other major providers reconnaissance
This Repo serves as a collection of shared security and penetration testing resources for the cloud.
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Aliba…
Check whether an IP address or hostname belongs to popular cloud providers
Analysis of Cloudflare anti-bot cookie flow (cf_bm / cf_clearance) from a defensive perspective.
Try to find the origin IP of a webapp protected by Cloudflare.
Find Real IPs hidden behind Cloudflare with Criminal IP(criminalip.io), security OSINT Tool.
This repo contains IOC, malware and malware analysis associated with Public cloud
This script is used to search for cloud certificate entities such as Amazon, Azure, and others that have been extracted by the kaeferjaeger.…
A tool that helps you find the real IP addresses hiding behind Cloudflare by checking subdomains.
云安全利用工具-云平台AK/SK-WEB利用工具,添加AK/SK自动检测资源,无需手动执行,支持云服务器、存储桶、数据库操作
Local-first AWS forensic engine. Finds waste via dependency graph analysis and enables safe remediation with Terraform state restoration.
Zero Infrastructure Password Cracking
👉 如果你觉得这个项目有用,顺手点个 Star 鼓励一下吧!Star 越多,更新越快~
Managed wrappers around the .NET Unmanaged API
Cobalt Strike module x loader x profile x wike / A public collection of open resources for Cobalt Strike (only legal use in Red Team and pen…
change C2_GET_URL, C2_POST_URL, USER_AGENT, BEACON_KEYS_PATH in generate_config.py
坤坤CS 基于CobaltStrike cat 4.5二开项目 添加反沙箱、反测绘。集成常用后渗透插件,开箱即用
Coefficient-Based Reconstruction of Arithmetic — a Mixed Boolean-Arithmetic (MBA) expression simplifier for deobfuscation
Autonomous Assumed Breach Penetration-Testing Active Directory Networks
Payload encoding utility to effectively lower payload entropy.
为 Claude Code / Codex CLI 注入邪修人格、4种可切换输出风格与 56 篇攻防工程秘典
Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, deriv…
将这个项目伪装为一个.git泄露,红队使用扫描器扫描到.git泄露大概率会忍不住诱惑下载,如果下载完使用JetBrains家的IDE打开则会直接RCE。
Static Python dependency graph with interactive HTML visualization, massive object detection, and unlinked module analysis (no code executio…
一款轻量级匹配Sink点的代码审计扫描器,为了帮助红队过程中快速代码审计的小工具
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
Coeus 🌐 is an OSINT ToolBox empowering users with tools for effective intelligence gathering from open sources. From social media monitoring…
A modern and lightweight COFF (Common Object File Format) loader for Windows written in Rust, designed to run COFF files on Windows. It supp…
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
Collection of quality safety articles. Awesome articles.
Hash collisions and exploitations
Reverse-engineering of rechargeable disposable vapes that include a small color TFT LCD (Raz/Kraze/etc.)
…
Mobile penetration testing android & iOS command cheatsheet
A command and control (C2) server
Keeper Commander is a python-based CLI and SDK interface to the Keeper Security platform. Provides administrative controls, reporting, impor…
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandian…
Automated all-in-one OS command injection and exploitation tool. Detects and exploits command injection vulnerabilities in web applications …
Automated All-in-One OS Command Injection Exploitation Tool
Common CTF Challenges is a collection of tools and resources to help individuals improve their Capture the Flag (CTF) skills. Cover a wide r…
Converting data from services like Censys and Shodan to a common data model
:gem: RapidFort hardened secure images
Open-source Claude Code skills, agents, and slash commands for AI-powered penetration testing, bug bounty hunting, and security research
Cheat Sheets for programming languages and tools
「🛡️」About Condor
Quarkslab conference talks
Configuration Extractors for Malware
iOS混淆加固差异化翻新加密工具,模拟人工手动混淆,识别上下文 ,支持继承链、类型识别、方法多参等复杂高级混淆。source-to-source obfuscation of iOS projects,Xcode's refactor->rename. 告别插入毫无关联的垃圾代码…
🔥🔥🔥 专业版iOS混淆工具,马甲工具包、ipa静态分析工具(相似度对比、敏感词检测),提供试用版本,100%过机器审核,解决 AppStore 4.3,2.3.1问题,支持语言 c、c++、objc、dart、swift 并支持各种资源改名,混淆、傻瓜化操作、一键出包,提供良好…
Application secrets and configuration management for developers.
Containers Leveraging container technologies to build Red Team tools [](https://www.python.org/) [](https://go.dev/) [](https://www.docker.c…
ContainerSSH: Launch containers on demand
Security automation content in SCAP, Bash, Ansible, and other formats
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
C2 infrastructure over Microsoft Teams.
[V5] This will help you setup a grabber with the following features: History, Passwords, Tokens, Cookies, Emails, IP Adresses, Roblox Login …
🧵 CLI tool for directly patching container images!
Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code!
Open source compliance automation for SOC 2, GDPR, ISO27001, NIST 800-53, and more
Android Unpacking Automation using Corellium Devices
Automate Scoping, OSINT and Recon assessments.
perhaps the best CORS middleware library for Go
Lightweight program to find all known misconfigurations in CORS (Cross-Origin Resource Sharing) implementations. Tests for null origin, pre-…
Cortex: a Powerful Observable Analysis and Active Response Engine
The following repository is used by TheHive Project to develop and store Cortex analyzers & responders.
A next-gen Ide for JVM development on Android
Comprehensive Counter OSINT and privacy guide (initially for CIS countries)
Исчерпывающее руководство по приватности и контр-ОСИНТ для Рунета и всего СНГ 🇷🇺
Offensive & proactive tool designed to disrupt phishing attacks by flooding fake phishing websites' login portals with a deluge of fake user…
How to tell original from fake DS18B20 temperature sensors.
Clean, filter and sample URLs to optimize data collection – Python & command-line – Deduplication, spam, content and language filters
.NET-based C2 framework with a collaborative web interface. Uses .NET Grunts as implants, supports a rich task library, and integrates with …
Covenant is a collaborative .NET C2 framework for red teamers.
An x86-64 code virtualizer for VM based obfuscation
轻量级DDD正向/逆向业务建模框架,支撑复杂业务系统的架构演化!
Tool to guess CPE name based on common software name
Work-in-progress tool to reverse unity's IL2CPP toolchain.
Know the dangers of credential reuse attacks.
cracke-dit ("Cracked It") makes it easier to perform regular password audits against Active Directory environments.
Swiss army knife for pentesting Windows/Active Directory environments. Tests credentials at scale, executes commands, dumps credentials, and…
For all your network pentesting needs
A simple Reverse Engineering challenge for starter in Reverse Engineering Attack to understand the basic concept of Reverse Engineering & Ho…
CRADLE is a collaborative platform for Cyber Threat Intelligence analysts. It streamlines threat investigations with integrated note-taking,…
A powerful browser crawler for web vulnerability scanners
Crawls web pages and prints any link it can find.
python爬虫项目合集,从基础到js逆向,包含基础篇、自动化篇、进阶篇以及验证码篇。案例涵盖各大网站(xhs douyin weibo ins boss job,jd...),你将会学到有关爬虫以及反爬虫、自动化和验证码的各方面知识
A collection of modifications, enhancements, and reverse engineered resources for Creation Kit by Bethesda.
A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock:
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
Phishing framework written in Python using Flask and Jinja2 templates. Supports 2FA capture (TOTP/HOTP) and has pre-built modules for Gmail,…
A fast tool to scan CRLF vulnerability written in Go
The repository is a valuable resource for individuals looking to enhance their knowledge and skills in cybersecurity. It provides in-depth m…
Cronos Crypter is an simple example of crypter created for educational purposes.
[LEGACY] CROSS † CHANNEL 中文化 (汉化) 项目,源代码以及网站。(全翻译文本、全平台移植源码已公开!欢迎修改&学习!)CROSS † CHANNEL Chinese Localization Project, source codes and websi…
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Crtsh Subdomain Enumeration | This bash script makes it easy to quickly save and parse the output from https://crt.sh website.
A Python Script to Get Subdomain using https://crt.sh
Your personal intelligence agent. Watches the world from multiple data sources and pings you when something changes.
Wordlist generator that creates wordlists based on specified criteria including character sets, patterns, minimum and maximum length. Can ge…
CRY.ME (CRYptographic MEssaging application)
Ephemeral, zero-knowledge, end-to-end post-quantum encrypted sensitive data sharing
Python implementations of cryptographic attacks and utilities.
A fresh feed of crypto phishing and crypto scam websites. Automatically updated daily/frequently.
This is a simple C# app that helps Windows users start mining without dealing with command-line operated binaries. It is bundled with the la…
Documenting Venezuela's surveillance infrastructure through their own open APIs. La Bóveda de Cristal - A vault made of glass.
Homemade Aggressor scripts kit for Cobalt Strike
Run Cobalt Strike BOFs in Brute Ratel C4!
Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)
Enterprise-grade Distributed Asset & Vulnerability Scanner. Features: Port Scanning, Subdomain Brute-force, Fingerprinting, and PoC Detectio…
Build Content-Security-Policy headers from a JSON file (or build them programmatically)
Discover new target domains using Content Security Policy
CTF challenge (mostly pwn) files, scripts etc
Ctf solutions from p4 team
We’re glad you’re here. We need more people like you.
My CTF journey since 2015. Stats, writeups, code snippets, notes, challenges.
记录一下我的CTF生涯中的各种东西吧,第一年基本上就是纯摆烂了,也算是从第二年开始记录了。
My CTF writeups
Repository to index useful online tools for CTF
An Intrusion Prevention System for Attack-Defense CTFs
List of tools and commands that may be helpful in CTFs
A summary and solutions for 200+ CTF blockchain challenges
A collection of Capture The Flag (CTF) challenges created by Trail of Bits engineers for various security competitions and events.
Security CTF Challenges =======================
This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
FAUST Gameserver for attack-defense CTFs
.'\ /. .'.-.-'.-.. ..._: .-. .-. :_... .' '-.(o ) (o ).-' . : _ _ _~(_)~_ _ _ : : /: ' .-=_ _=-. ;\ : : :|-.._ ' _..-|: : CTF-BR{Flag_in_com…
:triangular_flag_on_post: A CLI tool & library to enhance and speed up script/exploit writing with string conversion/manipulation.
Textbook with chapters for each usual picoCTF challenge category.
Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more
面向小白用户的 CTF / 逆向 Skills 整合包:自动分流、头脑风暴、教学模式、比赛模式、只提示模式
Come and join us, we need you!
Perfect Blue's CTF Writeups
Search engine for CTF writeups with instant results.
ctfcli is a tool to manage Capture The Flag events and challenges
The next-generation CTF Swiss Army Knife powered by Rust & Tauri. Features a visual node-based workflow and local AI intelligence for extrem…
CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's ea…
A python script to dump all the challenges locally of a CTFd-based Capture the Flag.
Fantastic toolkit for CTFers and everyone.
CTFNote is a collaborative tool aiming to help CTF teams to organise their work.
Shellcode packer for CTFs and pentest / red team exams aiming for AV evasion!
CTF Cheat Sheet + Writeups / Files for some of the Security CTFs that I've done
市场上虽然存在大量的网络安全工具和软件,但它们大多针对某一特定领域或功能,缺乏一个统一的、集成的、易于使用的综合工具平台。这导致参赛者在CTF竞赛中需要频繁切换不同的工具,不仅降低了工作效率,还增加了操作失误的风险。由gitee转发 ↓
CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports …
CTI Expert — Cyber Threat Intelligence & OSINT analysis skill for Claude Code. 67+ commands, 35 techniques, no API keys required.
ModSDK - a modding toolkit to create mods for Crash Team Racing in C. This repository also houses an effort to fully decompile and reverse-e…
cupidcr4wl is an Open-Source Intelligence username and phone number search tool that crawls adult content platforms to see if a targeted acc…
Common User Passwords Profiler (CUPP)
A selection of useful Custom Serch Engines for OSINT.
✂️ Removing CDN IPs from the list of IP addresses
This is a collection of RATs for educational purposes
Free and Open Source Reverse Engineering Platform powered by rizin
Gather and update all available and newest CVEs with their PoC.
Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat …
Laravel RCE Exploit PoC - CVE-2021-3129 (user-friendly with automatic log path detection)
A series of weaknesses has been discovered that could allow an attacker to inject malicious code in to aspects of the setup script, which ca…
A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
CVE-2023-22515: Confluence Broken Access Control Exploit
This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of m…
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smu…
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions ar…
exploit for f5-big-ip RCE cve-2023-46747
Windows AppLocker Driver (appid.sys) LPE
CVE-2024-21683 Confluence Post Auth RCE
Time Based SQL Injection in Zabbix Server Audit Log --> RCE
Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )
This repository contains a Proof of Concept (PoC) for CVE-2024-32002, a Remote Code Execution (RCE) vulnerability in Git submodules. The exp…
CVE-2024-32640 | Automated SQLi Exploitation PoC
Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit
Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)
CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support
PfSense Stored XSS lead to Arbitrary Code Execution exploit
POC exploit for CVE-2024-49138
GiveWP PHP Object Injection exploit
PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)
Vite开发服务器任意文件读取漏洞(CVE-2025-30208),漏洞覆盖面大,利用简单且不受限制,漏洞危害巨大!
Local Privilege Escalation to Root via Sudo chroot in Linux
Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463
CVE-2025-49144 PoC for security researchers to test and try.
A powerful Redis exploitation tool that leverages CVE-2025-4984
Next.js React Server Components RCE exploit for CVE-2025-55182
Docker poc lab for CVE-2025-55182 / CVE-2025-66478 (React2Shell) detection and exploitation
A complete proof-of-concept demonstrating CVE-2025-55182, a critical vulnerability in react-server-dom-webpack@19.0.0 that allows unauthenti…
Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088
n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable…
收集本人自接触渗透测试用于漏洞验证的所有热门CVE、POC、CNVD攻击有效载荷+测试工具+FUZZ,一个仓库满足许多攻击测试场景,开箱即用.
Production-grade MCP server giving Claude 27 security intelligence tools across 21 APIs — CVE lookup, EPSS scoring, CISA KEV, MITRE ATT&CK, …
This repository contains proof-of-concept (PoC) exploits and research for various CVEs and vulnerabilities, primarily for educational and se…
:beetle: Repository of CVE found by OCD people
EPSS & VEDAS Score Aggregator for CVEs
cve-search - a tool to perform local searches for known vulnerabilities
A Model Context Protocol (MCP) server for querying the CVE-Search API
CVE.ICU is an automated platform that provides comprehensive analysis and visualization of Common Vulnerabilities and Exposures (CVE) data. …
Generate MITRE ATT&CK and D3FEND from a list of CVEs. Database with CVE, CWE, CAPEC, MITRE ATT&CK and D3FEND Techniques data is updated dail…
Check linux sources dump for known CVEs.
A Python library and command line interface for CVE Services.
Autoconfigured ELK Stack That Contains All EPSS and NVD CVE Data
This repo Gathers all available cve exploits from github.⚠️ Be careful Malware.
Nmap script that scans for probable vulnerabilities based on services discovered in open ports.
CVS is a powerful comprehensive attack surface management platform. 森罗万象-强大的网络空间测绘、资产管理、漏洞扫描等全生命漏洞周期的综合攻击面管理平台,化繁为简,以一御百。
cwe_checker finds vulnerable patterns in binary executables
A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Cyber Threat Intelligence Data, Indicators, and Analysis
An AI-powered cybersecurity agent inspired by Claude Agent SDK, designed exclusively for defensive security operations.
Curated manuals, playbooks, and checklists for OSINT, OPSEC, cyber security, and digital investigations
Open-source cybersecurity analysis agent for Claude Code. Scans projects for vulnerabilities across all OWASP 2025 Top 10 and CWE Top 25 cat…
Cyber-Zero: Training Cybersecurity Agents Without Runtime
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
A list of cyber-chef recipes and curated links
This is an aspiring project aimed at accumulating knowledge from the world of cybersecurity and presenting it in a cogent way, so it is acce…
这将自动: 1. 启动MySQL Docker容器 2. 初始化数据库schema 3. 启动后端API服务 (端口31337) 4. 启动前端开发服务器 (端口8080)
Cyberonix is a complete resource hub for Cyber Security Community. Our aim is to make this tool an 1 stop solution for all the Hackers out t…
Aggregates security advisories from 10 international CERTs daily and provides an AI skill that cross-references alerts against your project'…
Cyberpunk 2077 Netrunner Hacking Tool (Easy to use and install). Don't use it on illegal and malicious activity. Inspired by the game CyberP…
CyberScan: Network's Forensics ToolKit
Some useful books related to Cybersecurity, Linux and more.
A collection of essential and foundational cybersecurity knowledge, thoughtfully organized for easy comprehension.
Welcome Cybersecurity's World. An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, …
List of some cybersecurity conferences
Social Media, Website, Crypto Hacking 🔥 Hacker, Cyber, Cybersecurity. Instagram, TikTok, YouTube, Telegram, Snapchat Hacking. Cryptocurrency…
⚠️ Education and Certification are Optional
Complete career paths for SOC, Pentesting, Blue Team, Red Team & more
A collection of awesome software, libraries, learning tutorials, documents, books & technical resources and cool stuff about dark web.
A comprehensive, step-by-step guide to mastering cybersecurity from beginner to expert level with curated resources, tools, and career guida…
Cybersecurity Notes For Intermediate and Advanced Hackers | CEH Exam Prep Also Included
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, b…
Building 67 Projects ranging from beginner to advanced so anyone can — learn from, build upon, use as a reference, or even copy directly. Ga…
Skills and career roadmap for various security roles like application security, cloud security, DevSecOps, security engineer, security resea…
Схема карьерных треков в кибербезопасности
This repository is aimed to contain all basic tools and resources for cybersecurity. In this repository you will get all material which you …
CyberSecurityRSS: A collection of cybersecurity rss to make you better!
AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tes…
CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine,…
A collection of resources for Threat Hunters
Active reconaissance, information gathering and OSINT built in a portable web application test.
Diablo II Save File Format (.d2s format)
Demonized Shell is an Advanced Tool for persistence in linux.
OWASP D4N155 - Intelligent and dynamic wordlist using OSINT
D810-ng (Next Generation) is an updated, tested, refactored, and optimized IDA Pro plugin used to deobfuscate code at decompilation time by …
This repository contains Bug Bounty writeups
:zap: an open source cheat for Counter-Strike: Global Offensive.
📦 Produce secure packages and containers with declarative configurations
Fast parameter analysis and XSS scanner. Features DOM-based XSS detection, built-in BAC (Blind XSS), custom payloads, headless Chrome suppor…
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Android reverse-engineering tool / smali editor
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising…
DDOS Tool: To take down small websites with HTTP FLOOD. Port scanner: To know the open ports of a site. FTP Password Cracker: To hack file s…
A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callba…
A Powerful Phishing Tool with 50+ phishing templates. For more about Dark-Phish tool please visit the website.
https://drive.google.com/drive/folders/0BzSQv5PaltE-ci1LaDh5MDRId2M?resourcekey=0-9E8yBDVHw0gzKEuWYvCdEA&usp=sharing
Open Source Intelligence Interface for Deep Web Scraping
DarkFlare Firewall Piercing (TCP over CDN)
DarkGPT Lite is a specialized CLI tool providing unrestricted conversations with AI for cybersecurity research purposes
Build sneaky & malicious LNK files.
4EverProxy Acces Onion sites directly from your browser without TOR. Ahmia search engine Darkweb search engine wich filter dangerous da…
Dark Web & Deep Web Search Engine. Data Crawler and indexer for Darkweb , OSINT Tools for the Dark Web
DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolate…
:detective: Dart / Flutter VM snapshot analyzer
Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
1. 本地/分离加载 2. ollvm混淆编译/gcc编译 3. IAT obfuscate 4. Anti-VM 5. Anti-Sandbox(API Hammering,自定义sleep) 6. Anti-Debug 7. 内存加密 8. add resource/sign
Sensitive Data Management: Data Discovery and Anonymization toolkit
Reverse-engineered parsers for Ableton Live & FL Studio project files.
DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted fro…
Enhanced version of dd for forensics and security
🔥 A lightweight DDD(Domain Driven Design) Enhancement Framework for complex business architecture!轻量级DDD增强框架!
A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.
A fast and accurate disassembler
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Interne…
Explore RootSec's DDOS Archive, featuring top-tier scanners, powerful botnets (Mirai & QBot) and other variants, high-impact exploits, advan…
…
The ultimate AI-powered toolkit for python reverse engineering
Agentic pentest tooling. Currently achieving 81% (KIMI K2.5) on XBOW's benchmark in full black-box. Completely Self-hosted. Every model avai…
A dos (denial of service) attack for local networks using dead router attack (IPv6) and ARP attack (IPv4) simultaneously
DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM…
An open-source ESP8266_Deauther with customizable Evil Twin attack, and WiFi signal strength checker, with a user-friendly web interface and…
For automated installation of Hyprland on Debian 13 Trixie (Testing) and Debian SiD (Unstable)
A GUI and CLI tool for removing bloat from executables
This is the repository for Binary Ninja Debugger. The debugger is written in C++ and is shipped with BN as a plugin.
Discover hidden debugging parameters and uncover web application secrets
DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the Droi…
Autonomous Hacking Agent for Red Team
This repo aims to help you decipher the UAL from a Digital Forensics & Incident Response (DFIR) perspective. The UAL is the Microsoft 365 Un…
Manual Prompt Injection / Red Teaming Tool
A GameCube & Wii decompilation toolkit
Collaborative decompilation and reverse engineering website
Reverse-engineering tool for docker environments
Decyx: AI-powered Ghidra extension for enhanced reverse engineering and binary analysis.
Official DedSec Project GitHub Repository
This is a exploit with the capability to control ip camera movement even without a username and password.
DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。支持中转站。让安全不再昂贵,让审计不再复杂。
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
DeepFace UI is a web application for facial recognition and analysis built with DeepFace. It offers an intuitive interface to upload images,…
Deep Learning models for network traffic classification
Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of…
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G & 4G/LTE Routers
Identifies the bytes that Microsoft Defender flags on.
Extracted Yara rules from Windows Defender mpavbase and mpasbase
DefGen allows you to create your personalized HTML defacing webpage pre-integrated with CSS and JavaScript
a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations on decentralized finance
CTFer的福音,Misc手的利器,自动爆破PNG图片宽高并一键修复离线脚本工具
A modern and open-source cross-platform software for chips reverse engineering.
DeimosC2 is a Golang command and control framework for post-exploitation.
A reverse engineer's checksum toolbox
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and…
Delvelin is a Code Vulnerability Analyzer for Java and Kotlin that supports best practices in security and risk management.
Extract any website’s design system into tokens in seconds: logo, colors, typography, borders & more. One command.
Some deobfuscator for java lol
Powershell script deobfuscation using AST in Python
Evasion by machine code de-optimization.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for pro…
Real-time phishing & scam domain blocklist — 130k+ curated threats, 888K+ community, free API, multiple formats
Scam intelligence, phishing attribution, drainer mapping. Legal OSINT only. Public data. Real cases. For researchers and victims.
Program for determining types of files for Windows, Linux and MacOS.
Cheat sheet to detect and remove linux kernel rootkit
Reverse engineering the 1997 game "Carmageddon"
Free Goethe-Zertifikat study materials for all CEFR levels (A1–C2) — vocabulary, grammar, reading, listening, speaking, writing, and mock ex…
DevBrute is a versatile password brute forcing tool designed to tackle a wide range of Social Media accounts and Web Applications. With its …
The Red Guild's devcontainer focused in web3 and security.
DevGuard Backend - Secure your Software Supply Chain - Attestation-based compliance as Code, manage your CVEs seamlessly, Integrate your Vul…
A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT ti…
This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow when the victim ope…
Devil is a tool that is basically made for facebook to Hack target accounts , BruteForce Attack , grab friendlist accounts , yahoo chacker ,…
⚡ Perform Evil Twin Attack Using NodeMCU Board
A Pentester's Powershell Client
Scripts and other things for working with DEVONthink, a personal information management system.
Curated List of Best DevOps Tools
A research decompiler implemented as a Binary Ninja plugin.
A work in progress Android dalvik byte code(DEX) editor
Dexcom G7 .apk patcher | ✅ AAPS Broadcasting ✅ Disable compatibility checks ✅ Enable Screenshots ✅ Decrease required android version
A dex analyzer for finding obfuscated codes dynamically
An advanced DEX editor for Android.
…
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
Digital Forensics Incident Response and Detection engineering: Análisis forense de artefactos comunes y no tan comunes. Técnicas anti-forens…
PowerShell module for Office 365 and Azure log collection
Forensics artefact collection tool for systems running Microsoft Windows
Powershell module for VMWare vSphere forensics
Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!
DFIRTrack - The Incident Response Tracking Application
Australian Open Source Intelligence Gathering Resources, Austra…
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by e…
DHV is a terminal-based tool for diving into Python code, giving easy visual access to bytecode disassembly and the abstract syntax tree. If…
Diablo ~ Hacking / Pentesting & Reporting
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
You can download the binaries from the releases page. To build the tool yourself, follow instructions in Compiling.md
Diccionarios de: usuarios, passwords, XSS, ficheros, carpetas, dorks, etc .. ( hackingyseguridad.com )
A stand-alone web server application for building and publishing full fledged dictionary websites and APIs for any language.
GUI & console sources for Detect It Easy(DiE): https://github.com/horsicq/Detect-It-Easy/
Native Python3 bindings for @horsicq's Detect-It-Easy
A powerful Open Source Intelligence (OSINT) tool for analyzing digital footprints across multiple platforms. This tool helps researchers and…
Free hands-on digital forensics labs for students and faculty
A curated list of essential digital forensics tools used for investigation, data recovery, and security analysis. These tools help in disk f…
Digler is a tool for forensic disk analysis and file recovery. It's designed to help you unearth lost or deleted data from various disk imag…
Dynamically invoke arbitrary code in Rust
Open-source vulnerability disclosure and bug bounty program database
Open-source vulnerability disclosure policy templates.
A web-compatible Shockwave Player emulator written in Rust
…
VS2022 Add-in. Click on any method or class to see what .NET Core's JIT generates for them (ASM).
A disassembler for JITed functions in Racket.
Small repo for Telegram and Discord OSINT and research
Imitate discord's old login page! I AM NOT RESPONSIBLE FOR ANY CONSEQUENCES. FOR SECURITY TESTING PURPOSES ONLY
・Change prefix to whatever you want in config
Host Guardian --- A lightweight system monitor bot for Discord that alerts on high CPU, shows top processes, and lets you safely terminate t…
Discord Remote Administration Tool fully written in Python3
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creati…
An experimental distributed JWT token cracker built using Node.js and ZeroMQ
Elenco di Distro LINUX - WINDOWS - MacOS
Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.
Divide full port scan results and use it for targeted Nmap runs
A Super NES ROM Disassembler and tracelog capture/analysis tool with a focus on collaborative workflow UX. Exports .asm files ready to be co…
Tools for handling firmwares of DJI products, with focus on quadcopters.
Microsoft Windows DLL Export Browser (Enumerate Exports, COM Methods and Properties) with Advanced Search Features.
Creates a proxy dll which sits between the game and original dll
Automated DLL Hijacking Discovery, Validation, and Confirmation. Turning local misconfigurations into weaponized, confirmed attack paths.
Weaponize DLL hijacking easily. Backdoor any function in any DLL.
Reverse-engineered schematics for DMG-CPU-B
BTD - Bin To DNN: A DNN Executables Decompiler
DNS-Blocklists: For a better internet - keep the internet clean!
Grab your DNS logs, detect anomalies, and finally understand what's happening on your network. The missing piece between DNS servers and you…
HaGeZi DNS: Free, Non-Commercial EU Public DNS Servers
Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls.
High-performance DNS validator using template-based verification
A tool to perform DNS reconnaissance on target networks. Among the DNS information got from include subdomains, mx records, web application …
DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intellig…
Easy files and payloads delivery over DNS
Passive DNS Capture and Monitoring Toolkit
DNS enumeration script supporting zone transfers, reverse lookups, SRV record enumeration, top-level domain expansion, and brute-force subdo…
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Domain name permutation as a service
DNSWatch - DNS Traffic Sniffer and Analyzer
Fast and multi-purpose DNS toolkit from ProjectDiscovery. Resolves domains, performs wildcard filtering, brute-forces subdomains, and extrac…
DNXFIREWALL® and DAD'S NEXT-GEN FIREWALL™, a C/CPython hybrid next generation firewall built on top of Linux and bound to kernel/ netfilter …
APT Emulation tool to exfiltrate sensitive .docx, .pptx, .xlsx, .pdf files
基于Ubuntu构建并用于快速调试pwn题的镜像,开箱即用,告别搭建环境的苦恼!
Ghidra Client/Server Docker Image
Latest hashcat docker for CUDA, OpenCL, and POCL. Deployed on Vast.ai
Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning
Docker image gathering packers and tools for making datasets of packed executables and training machine learning models for packing detectio…
Qualys sslabs-scan utility in a tiny docker image
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
An external attack surface monitoring (EASM) tool to find externally accessible documents.
A multifunctional Telegram based Android RAT without port forwarding.
Offline Cybersecurity Knowledge Base
Generic PE loader for fast prototyping evasion techniques
Some results of my DGA reversing efforts
Full Toolkit for Next-Level Domain Analysis
🌐 The all-in-one tool, for keeping track of your domain name portfolio. Got domain names? Get Domain Locker!
Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to automate…
Newly registered Domain Monitoring to detect phishing and brand impersonation with subdomain enumeration and source code scraping
DOM Clobbering Wiki, Browser Testing, and Payload Generation
domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with…
A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers …
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
Generates position-independent shellcode from .NET assemblies, PE files, scripts (VBScript, JScript), and XSL that runs in memory. Used to e…
🤖 LLM-powered agent for automated Google Dorking in bug hunting & pentesting.
Automated Google Dorking Tool. Generates and runs advanced search queries for exposed files. It also tests SQLi, Analyzes and extracts metad…
DorkHub is the security researcher's companion. It’s a comprehensive repository of Google dorks collected in one place, specifically designe…
Collection of dorking-related resources. Dorks lists, Cheatsheets, Articles, Databases. Google, Yahoo, Yandex, Bing, Baidu, DuckDuckGo, Brav…
Simple Google Dorks search tool
List of Github repositories and articles with list of dorks for different search engines
Debug and DebugX (short: Debug/X) are extended versions of MS DEBUG
Search for Directory Traversal Vulnerabilities
Loads environment variables from .env for nodejs projects.
a secure dotenv–from the creator of `dotenv`
This program can remove Anti De4Dot, Junk Types, Math Protection, Anti Decompiler, Control Flow protections from a .NET assembly.
Listener that spawns a new tmux window for each incoming reverse shell + Supports listening on many ports
osint tool for dumping links containing trackers from each user on one or all discords
A C# tool to output crackable DPAPI hashes from user MasterKeys
An android Dex protection shell implementation
DPULSE - Tool for complex approach to domain OSINT
Dracula OS is a Linux operating system meticulously designed for OSINT (Open Source Intelligence) and Cyber Intelligence missions.
Collaboration and reporting platform for security assessments. Centralizes findings, enables team collaboration, imports results from Nmap, …
Dradis Framework: Collaboration and reporting for IT Security teams
Dragodis is a Python framework which allows for the creation of universal disassembler scripts.
DRAKVUF Black-box Binary Analysis
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
Reflective shellcode loaderwith advanced call stack spoofing and .NET support.
DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on r…
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
A flexible playground for Android CTF challenges.
Drone pentesting framework console
Plugin-based scanner that aids security researchers in identifying issues with Drupal, SilverStripe, and WordPress sites. Detects plugins, t…
The Leading Security Assessment Framework for Android.
The Android Agent for the Drozer Security Assessment Framework.
Directory Services Internals (DSInternals) PowerShell Module and Framework
Project template for decomp-toolkit
Android shell virus that will reset, brick and corrupt the Android device with a link, also contains Antivirus and now supports Android 10+
A collection of Ducky scripts to be used in a Hak5 Rubber Ducky or Flipper Zero
Duolingo Hacks One of the best Duolingo hacks. Discord Support Server: https://discord.gg/abqMVbDanB…
Grants Duolingo Max and other paid features for free + more
An open-source, C#-based remote administration tool (RAT), enabling complete control of a remote Windows machine, designed for legitimate re…
Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
This course uses a deliberately vulnerable banking application to demonstrate common security vulnerabilities, their impact, and how to fix …
Damn Vulnerable Web Application (DVWA)
Full featured multi arch/os debugger built on top of PyQt5 and frida
To install dwpa on your server, please refer to INSTALL.md
Dynamic Instrumentation Tool Platform
DyninstAPI: Tools for binary instrumentation, analysis, and modification.
Windows Remote Administration Tool that uses Discord, Telegram and GitHub as C2s
Fast Vim-inspired TUI hex editor
E4GL30S1NT - Simple Information Gathering Tool
A powerful static binary rewriting tool
This is my EAC Bypass (Setup) Driver that offers an undetected communication and callback handler/hooking system through IOCTL.
Native code virtualizer for x64 binaries
1. Hack the World using Termux this tool is developed by sabri.zaki for penetration testing using 2. metasploit-framework 3. sqlmap 4. nmap …
Here I gather all the resources about hacking that I find interesting
The extension implements eBPF architecture support for Ghidra and allows for disassembly and decompilation of eBPF programs.
ECDSA nonce-reuse attack to recover a private key.
A platform to develop, run and administer CTF competitions. This is the online echoCTF.RED platform source code
EchoPhish is a phishing tool created specifically for Instagram, designed to bypass two-factor authentication (2FA).
Deploy reverse shells and perform stealthy process injection with EchoStrike – a Go-based tool for ethical hacking and Red Team operations.
INE/eLearnSecurity Certified Professional Penetration Tester (eCPPT) / PTP v2 and v3 Notes
INE/eLearnSecurity Certified Professional Penetration Tester (eCPPT) / PTP v2 and v3 Notes
edb is a cross-platform AArch32/x86/x86-64 debugger.
eBPF-based lightweight debugger for Android with MCP support
Whois for the Cloud: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
AppLocker-Based EDR Neutralization
Scan installed EDRs and AVs on Windows
Ghidra analyzer for UEFI firmware.
IDA plugin and loader for UEFI firmware analysis and reverse engineering automation
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malici…
Notes I took while preparing for eJPT certification by INE Security (passed 19/20, fka eLearn Security)
This repository contains a roadmap for preparing for the EJPTv2 exam.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring suppo…
ELEGANTBOUNCER is a detection tool for file-based mobile exploits.
An online multiplayer version of the threat modeling card games: Elevation of Privilege (EoP), OWASP Cornucopia, OWASP Cumulus, and Elevatio…
:gem: Go library to parse Executable and Linkable Format (ELF) files.
Static analyzer tool for Solana
An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E0…
Conceal e-mail addresses in a string by replacing their domain
Some great resources to gather OSINT on Email Addresses & Usernames. Alternatively check the exposure of your Email & Username.
Find Email Spoofing Vulnerablity of domains
A OSINT tool to obtain a target's phone number just by having his email address
With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generat…
EMBA - The firmware security analyzer
EMBArk - The firmware security scanning environment
A FREE comprehensive step-by-step embedded hacking course covering Embedded Software Development to Reverse Engineering.
OnePlus 11 EmberHeart kernel with Nethunter, KernelSU-Next and SuSFS
Graphical disassembler for multiple architectures for easy navigation
Emora is an OSINT tool like sherlock but with a GUI, which search for accounts by username across social networks
Self‑healing Gossip Mesh C2 with Assisted Peer Discovery, Modular Post‑Exploitation, and OPSEC‑Focused Transport
EmpireCTF – write-ups, capture the flag, cybersecurity
An OSINT tool that helps detect members of a company with leaked credentials
A fast Windows emulator + debugger for reverse engineering. Runs any executable in debug mode, disassembles with Zydis, emulates instruction…
Easy-to-use IDA plugin for code emulation
A simple emulator for Windows designed for reverse engineering, testing binary files, and execution logging.
Simple emulator of the Intel 4004 chip.
Documentation and scripts to properly enable Windows event logs.
The dum^H^H^Hsimplest encryption tool in the world.
EncryptStorage provide a little more security in frontend
This is the open sourced code for the extension, EndPointer
A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W
Enhanced BurpGPT 是一个强大的 Burp Suite 插件。通过分析指定的 HTTP 请求和响应,帮助安全测试人员更快速地发现潜在的安全漏洞。
EnigmaCracker is a tool for brute forcing crypto wallets
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
A Bug Bounty Platform that allows hunters to issue commands over a geo-distributed cluster. The ideal user is someone who is attempting to s…
EntityFramework Reverse POCO Code First Generator - Beautifully generated code that is fully customisable. This generator creates code as if…
A pure PowerShell solution for Entra OAuth authentication, enabling easy retrieval of access and refresh tokens
CLI program to calculate the entropy of files
Linux alternative to enum.exe for enumerating data from Windows and Samba systems. Extracts usernames, shares, workgroup info, password poli…
Next-generation rewrite of enum4linux with YAML/JSON output, improved reliability, and additional checks for modern Windows environments.
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for securit…
Relational database brute force and post exploitation tool for MySQL and MSSQL
Graph Visualization for windows event logs
Threadless Process Injection through entry point hijacking
PIC shellcode (C/C++) development toolkit designed for malware developers.
Automatically login and find available free games the Epic Games Store. Sends you a prepopulated checkout link so you can complete the check…
🧹 Cleaning up images from Kubernetes nodes
An Xdbg Plugin of the ERC Library.
Erebus is an Initial Access wrapper for the Mythic Command & Control Server. It converts existing Mythic shellcode into payloads specificall…
…
Open-source Monster Hunter Frontier Online server emulator in Go
An eslint plugin to find strings that might be secrets/credentials
Open Source ESP32 Project for Pentesting.
A project for the ESP32 that allows you to deauthenticate stations connected to WiFi networks
ESP32DIV is a multi-purpose wireless testing toolkit powered by an ESP32
A curated list of ESP32 related reversing resources
Crashes iOS 17 Devices using really any device
WifiPhisher implementation on ESP32
🧰 ESXi Testing Tookit is a command-line utility designed to help security teams test ESXi detections.
A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.
A fun script to steal Ether from wallets suffering from insufficient entropy during key generation.
Blazing fast multiple Ethereum and Crypto vanity wallet generator💰 Generate a ten thousand beautiful crypto wallets in a sec ⚡️🎨 Awesome eth…
新一代Webshell管理器,兼容蚁剑与冰蝎的PHP webshell
This repository is all about tips on ethical hacking and penetration testing!
Hands-on ethical hacking projects for beginners, covering network scanning, web app testing, password cracking, honeypots, Wi-Fi auditing, p…
A comprehensive guide for anyone looking to learn penetration testing and ethical hacking — from beginner to advanced. You'll find a structu…
this repo contains complete road map For become a Ethical Hacker For completely for free. Share this repo with your Friends.
Python programs & tools built in the Ethical Hacking with Python EBook
EVA is an AI-assisted penetration testing agent that enhances offensive security workflows by providing structured attack guidance, contextu…
Hide any window from screen capture on Windows.
Evil-BW16-WebUI is a dual-band (2.4GHz/5GHz) WiFi deauthentication tool for BW16 and ESP32 boards, featuring real-time monitoring, a web-bas…
Full-featured WinRM shell for hacking and penetration testing. Supports pass-the-hash, file upload/download, in-memory script loading, and P…
The ultimate WinRM shell for hacking/pentesting
Execute commands interactively on remote Windows machines using the WinRM protocol (just faster)
, stake.us, primedice bot by me with ❤
Standalone man-in-the-middle attack framework that bypasses 2FA by proxying authentication sessions and capturing session cookies. Uses phis…
Reverse engineered to remove IOCs, added Exchange Online Protection IP blacklist and bing-bot user-agent blocking, DNS configuration and not…
This repository provides penetration testers and red teams with an extensive collection of dynamic phishing templates designed specifically …
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access
Features -------- individual IP or IP range scan individual port, ports list, or ports range banner grabbing (not fully implemented, works w…
A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlight…
evilwaf is a penetration testing tool designed to detect and bypass common Web Application Firewalls (WAFs).
A Symbolic Ethereum Virtual Machine (EVM) bytecode interpreter, parser and decompiler, along with several other utils for programmatically e…
Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
A fast library for parsing and importing Windows Event Logs into Elasticsearch.
INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes
🐟 Social Media Phishing Suite written in python & php
The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)
ExeSpy is a cross-platform PE viewer for EXE and DLL files
Fully featured and community-driven hacking environment
ExifTool is a powerful command-line tool that can be used to extract and edit metadata in a wide range of media files, including images, aud…
ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap
Platform-independent Perl library and command-line tool for reading, writing, and editing metadata in a wide variety of files including phot…
exiftool (OSINT image metadata utility) in the browser (via WebAssembly!)
This is An Offensive Hacking Tool which can be used by hackers and for penetration testing purposes. Hack Responsibly!!!!!!!
Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution
generate and search pattern string for exploit development
Tips on how to write exploit scripts (faster!)
Find website ips addresses and website ip behind cloudflare.
Knowledge Base of Exploitation Techniques
Archive of public exploits and vulnerable software maintained by Offensive Security. SearchSploit provides offline command-line search of th…
This is a fully automated Active directory Lab made with the purpose to reduce the hustle of creating it manually.
Exposor is a tool using internet search engines to detect exposed technologies with a unified syntax.
Automatic ROP chain generator for x86-64 binaries, powered by Triton symbolic execution.
A curated list of exploits for ChromeOS
A modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.
Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The e…
A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
State of the art OSINT tool. | A powerful open-source alternative to other face search engines.
Convolutional neural network for analyzing pentest screenshots
EyeSpy is a PowerShell tool for finding IP Cameras and spraying credentials at the underlying RTSP streams if present.
Takes screenshots of web pages, RDP, and VNC services. Reports on default credentials and interesting headers. Useful for rapidly assessing …
ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool
Automation tool for locating symbols & structs in binary (primary IDA focused)
An open-source command-line tool for cybersecurity reporting automation and a configuration language for reusable templates. Reporting-as-Co…
Red Hat Dependency Analytics extension
Open-source URL masking & analysis tool for security research, phishing awareness, and defensive testing. Demonstrates adversary techniques …
This Is A Danger Tool Use Your Brane And Run This Script (NO SYSTEM IS SAFE ) DEVELOPER = AKASHBLACKHAT) facebook brutforce attack toolFACEB…
FACEBOOK FAKE LOGIN PAGE
Collection of Facebook Bug Bounty Writeups
Facemash: A Python-forged, AI-driven beast that obliterates Facebook accounts with ruthless brute force. Crafted for cybersecurity research,…
Pen Test Report Generation and Assessment Collaboration
A fast and lightweight decoder for x86 and x86-64 and encoder for x86-64.
Daemon to ban hosts that cause multiple authentication errors
Obfuscate all your TCP connections into HTTP protocol.
Binary Analysis Framework in Rust
In this repository you'll find reverse engineered source code for Fallout 2.
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
FAME Automates Malware Evaluation
This repository is automatically added to all FAME installations.
Integrated multi-user pentest environment for collaborative penetration testing. Aggregates tool output in real-time, manages vulnerabilitie…
Open Source Vulnerability Management Platform
Hack wifi using termux (rooted).
FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.
Incident Response - Fast suspicious file finder
FAT filesystems explore, extract, repair, and forensic tool
Faulty Cat is a low-cost Electromagnetic Fault Injection (EMFI) tool, designed specifically for self-study and hobbiest research.
IP lookup by favicon using Shodan
All-sources tool to search websites by favicons
Discover and monitor internet assets using favicon hashes across search engines.
Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
About Bruteforce attack on Facebook account using python script
Fback is a tool that helps you create target-specific wordlists using a .json pattern.
~~~ >> This tool is made from the python language which means more efficiency and accurate .. ~~~
FBI Watchdog is a multi-layered domain monitoring tool that detects law enforcement seizures, DNS changes, HTTP fingerprint shifts, WHOIS re…
🕵️ OSINT Tools for gathering information and actions forensics 🕵️
Detect bots, vision AI agents, and headless browsers through 40+ behavioral signals and SHA-256 proof of work. Self-hosted, privacy-first, a…
Automated API security testing
专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF
Decompiler from Java bytecode to Java, used in IntelliJ IDEA.
Fast, recursive content discovery tool written in Rust. Performs automatic recursive scanning and handles redirects, filters, and parallel s…
A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vectors…
Unofficial Final Fantasy VIII Remastered core mod based on import-dependency DLL that updates the gamecode and fixes issues left by develope…
Fast web fuzzer written in Go. Supports directory discovery, parameter fuzzing, virtual host discovery, POST data fuzzing, and custom header…
_or_ - If you are on macOS with homebrew, ffuf can be installed with: brew install ffuf _or_ - If you have recent go compiler installed: go …
Golang tool which helps dropping the irrelevant entries from your ffuf result file.
A Full-Featured HexEditor compatible with Linux/Windows/MacOS
DNS reconnaissance tool for locating non-contiguous IP space and hostnames against specified domains. Performs zone transfers, brute-force, …
A DNS reconnaissance tool for locating non-contiguous IP space.
Execute ELF files without dropping them on disk
FileTrove indexes files and creates metadata from them.
Secure file type validation for .NET applications using magic number detection
FIM is an Open Source Host-based file integrity monitoring tool that performs file system analysis, file integrity checking, real time alert…
Fingerprint-aware TLS reverse proxy. Use Finch to outsmart bad traffic—collect client fingerprints (JA3, JA4 +QUIC, JA4H, HTTP/2) and act on…
Find-gh-poc …
findCDN is a tool created to help accurately identify what CDN a domain is using.
Easy to use bitcoin recovery tool to fix damaged private key, mini-private key, address, BIP38 encrypted key, mnemonic (seed phrase), BIP-32…
当对内网束手无策的时候,入口机器上面说不定藏着突破口,翻找本地的文件和建立的网络连接就是手法
FindME is a CLI tool for searching social media and online profiles linked to a username. It’s ideal for reconnaissance, digital footprint v…
find dangling domains in a multi cloud environment
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdo…
Monitoring Registry and File Changes in Windows
CMS/LMS/Library etc Versions Fingerprinter
ALLINONE framework and technology detect lib
:fire: Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:
Black box fuzzer for web applications
1. Go To https://numverify.com. And get your API key from there. 🔑 2. Add your API key to the config.json file. 🔧 3. Install Libraries: pip …
Firegex, a firewall for Attack-Defense CTFs
Zen protects your Java app against attacks with one line of code. Get peace of mind— at runtime.
Zen protects your Node app against attacks with one line of code. Get peace of mind— at runtime.
Toolkit to emulate firmware and analyse it for security vulnerabilities
The RF and reverse engineering framework for everyone. Follow and ★ to show your support!
FIT is a modular suite of Python applications for digital forensic acquisition of online contents such as web pages, emails, social media, a…
FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), generat…
FakeNet-NG - Next Generation Dynamic Network Analysis Tool
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Free educational content on reverse engineering and malware analysis from the FLARE team
This repository aims to compile all Flare-On challenge binaries and write-ups. Update: 2014 -2024.
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering enviro…
Quickly fuzz URLs and scan for secrets directly in your browser tabs
A TUI for Active Directory collection.
Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.
A Terminal UI for browsing security vulnerabilities (CVEs)
Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
Portable multi-tool for hardware hacking. Supports Sub-GHz radio, 125kHz RFID, NFC, Infrared, iButton, Bluetooth, GPIO, and USB. Runs open-s…
Flipper addons by Electronic Cats
Backpack-style addon boards for the Flipper Zero!
Collection of Flipper Zero scripts dumps and tools
My collection of IR, Sub-Ghz, remotes, links and other misc files related to the Flipper Zero device
Evil portal app for the flipper zero + WiFi dev board, Works on OFW, better on RM!
A 1:1 realistic Google captive portal for Phishing on a Flipper-Zero (EvilPortal)🐬👾.
Surveillance camera network map - 336K+ cameras worldwide with inter-agency data sharing visualization
FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
An open source platform to support analysts to organise their case and tasks
一款专为 CTF 竞赛设计的智能流量分析工具,支持多协议解析与自动化 Flag 提取,助力快速解题。
A modern platform for visual, flexible, and extensible graph-based investigations. For cybersecurity analysts and investigators.
Disposable, ephemeral network infrastructure powered by GitHub Codespaces.
FluxER - The bash script which installs and runs the Fluxion tool inside Termux. The wireless security auditing tool used to perform WPA/WPA…
Unified Vulnerability Intelligence Platform
Fluxion is a remake of linset by vk496 with enhanced functionality.
A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.
FOFA EX 是一款基于fofa api(也可导入鹰图、夸克文件)实现的红队综合利用工具,可基于模板把工具作为插件进行集成,自动化进行资产探测,目前提供的插件功能如下:探活、 nuclei 模板扫描、IP反查域名、域名反查 ICP 备案、dismap 指纹扫描
FofaMap v2.0 是一款基于 Python3 开发的全网首个 AI 驱动红队资产测绘智能体。在延续原有 FOFA 数据采集、存活检测、统计聚合、图标 Hash 及批量查询等核心功能的基础上,2.0 版本原生支持 MCP 协议,可无缝接入 Cursor、Claude 等 A…
Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.
Collection of script templates to create infinite UAC prompts forcing a user to run as admin ⚠
Console program to recover files based on their headers, footers, and internal data structures. Useful for recovering deleted images, PDFs, …
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
Forensics-Wiki是一个关于电子数据取证的维基百科,网址:https://www.forensics-wiki.com/ 。旨在为国内的取证从业者提供高质量的学习平台。
A list of free and open forensics analysis tools and other resources
Google Chrome forensic tool to process, analyze and visualize browsing artifacts
Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)
The latest Fortnite Offsets, always updated. Current Patch: v39.30
A security scanner as fast as a linter, written in Rust. Live in the terminal? It also comes with a TUI triage for secrets, post-quantum aud…
A Firefox add-on for OSINT investigations
Fracker is a suite of tools that allows to easily trace and analyze PHP function calls, its goal is to assist the researcher during manual s…
A flexible framework for security teams to build and deploy AI-powered workflows that complement their existing security operations.
Free Auto GPT with NO paids API is a repository that offers a simple version of Auto GPT, an autonomous AI agent capable of performing tasks…
LLM 逆向工程接口管理 | 通过标准 OpenAI API 访问 ChatGPT / gpt4free / Bard / Claude / HuggingChat / 通义千问 等 AI 的破解版 || ChatGPT reverse engineering API manag…
SDK providing threat detection & security monitoring for mobile devices. Works with Flutter, React Native, Android and iOS. Shield your app …
IPv6 rate limiting evasion library that allows you to bind sockets to random IP addresses from specified prefixes
WiFi Penetration Testing & Auditing Tool
Dynamic instrumentation toolkit for developers, reverse engineers, and security researchers. Injects JavaScript or Python into native apps (…
One-click installer for Frida and Burp certs for SSL Pinning bypass
Frida 工具包 - 主要面向安卓端逆向,解决frida环境版本管理和对Agent端常用底层工具方法封装,支持MCP。(目前主要由AI开发维护代码)
A Frida script for intercepting traffic on Android, iOS Flutter applications (arm64, x86_64) Tested on a few flutter apps (e.g., Google Ads,…
A tool to help you intercept encrypted APIs in iOS or Android apps
A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
The repo contains a series of challenges for learning Frida for Android Exploitation.
Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile security, and dynamic analysis, featuring AI-assisted Fr…
A collection of my Frida instrumentation scripts to reverse engineer mobile apps and more.
Sublime snippets { "scope": "source.js", "completions": [ {"trigger": "fridainterceptor", "contents": "Interceptor.attach(\n ptr,\n {\n on…
UE4 dump frida script for UE >= 4.23 64bit Heavily based on UE4Dumper Tested on the games listed below. It might not work correctly with oth…
强大的 Frida 重打包工具,用于 iOS 和 Android。轻松修改 Frida 特征,增强隐蔽性,绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Fri…
Frieren is a micro-framework designed for use in routers and Single Board Computers (SBCs). This framework is built to be lightweight, effic…
Package your Frida script into an executable.
Simplifying SSL/TLS traffic analysis for researchers by making SSL decryption effortless.
Throw a tag at it and it comes back with a checksum.
FrogPost: postMessage Security Testing Tool
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning)
A Modular Penetration Testing Framework
fsociety is a penetration toolkit inspired from MR. ROBOT
fsociety Hacking Tools Pack – A Penetration Testing Framework
FTP lnk调用pythonw程序,用于攻防钓鱼场景下免杀运行捆绑木马文件
Framework for Testing WAFs (FTW!)
Formidable Unix Binary Arsenal & Repository. TUI built for offline payload generation, retrieval, and exfiltration.
A PowerShell-based malware designed to completely disable all Windows security features, featuring UAC bypass and advanced anti-virtualizati…
A collection of various awesome lists for hackers, pentesters and security researchers. With repository stars⭐ and forks🍴
A curated list of tools for incident response. With repository stars⭐ and forks🍴
A binary analysis framework written in Rust.
macOS forensic acquisition made simple
Reverse engineering Fujifilm cameras
Livro: Engenharia Reversa - Fundamentos e Prática
A minimalist re-implementation of the Fusée Gelée exploit, designed to run on embedded Linux devices. (Zero dependencies)
File upload vulnerability scanner and exploitation tool.
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
1337 Wordlists for Bug Bounty Hunting
A collection of useful lists for Penetration Testing & Bug Bounty - Content Discovery, Payloads, Variables, Sandbox Escaping, etc
https://www.bilibili.com/video/BV1xVy5YiEim/
Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules
Galah: An LLM-powered web honeypot.
Tips and Tutorials for Bug Bounty and also Penetration Tests.
Unofficial Galaxy Buds Manager for Windows, macOS, Linux, and Android
Extendable Pentesting Framework
CFW for the Nintendo Game and Watch
Tutorials, tools, and more as related to reverse engineering video games.
Game of Thrones hacking CTF (Capture the flag)
Game patches for the Xenia emulator
Comprehensive Game Hacking Cheat Sheet for security researchers, reverse engineers, and CTF participants. Covers memory analysis, anti-cheat…
🛢 Dumping things, so you don't have to
📥 Game Tracker: Counter-Strike 2
📥 Game Tracker: Dota 2
📡 802.11 broadcast analyzer & injector
go install mvdan.cc/garble@latest # or @master
Visual Novels resource browser
The world's fastest apk (android)/java open source decompiler
GarudRecon automates domain recon with top open-source tools to discover assets, enumerate subdomains, and detect XSS, SQLi, LFI, RCE & more…
GateSentinel 是一个现代化的 C2 (Command and Control) 框架,专为安全研究和渗透测试设计。该项目采用 Go 语言开发服务端,C 语言开发客户端,提供了强大的远程控制和管理功能。
GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft S…
the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file.…
GDB (GNU Debugger) enhanced with pwndbg plugin for exploit development and reverse engineering. Adds heap visualization, stack inspection, R…
Google Dork List - Uncover the Hidden Gems of the Internet ( There are at least 320+ categories ) + Web App
Gecko Backdoor is a most powerful web php backdoor.
🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition…
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
Extra goodies for GEF to (try to) make GDB suck even less
Gemelli is a tool box for running Robust Aitchison PCA (RPCA), Joint Robust Aitchison PCA (Joint-RPCA), TEMPoral TEnsor Decomposition (TEMPT…
✨ Reverse-engineered Python API for Google Gemini web app
A knowledge source about TTPs used to target GenAI-based systems, copilots and agents
This repository preserves source materials and related documentation about GenP. For archival and research purposes only.
The IoT security toolkit to help identify IoT related dashboards and scan them for default passwords and vulnerabilities.
GeoIntel using Google's Gemini API to uncover the location where photos were taken through AI-powered geo-location analysis.
Intelligence tramite - Immagini - Video - Strumenti - Mappe
GeoServer(CVE-2024-36401/CVE-2024-36404)漏洞利用工具
Search WiFi geolocation data by BSSID and SSID on different public databases.
GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.
GEP (GDB Enhanced Prompt) - a GDB plug-in to enhance your GDB with fzf history search, fzf tab auto-completion, fish-like autosuggestions, a…
IDA plugin which queries language models to speed up reverse-engineering
The First Open Source Bug Bounty Platform
Extract subdomains from SSL certificates in HTTPS sites.
A tool to fastly get all javascript sources/files
GitGuardian Shield GitHub Action - Find exposed credentials in your commits
Guided Hacking's official tool to practice bypassing anti-debug techniques.
Scan signatures and netvars. Dumps header files, cheat tables and ReClass files.
Insta BruteForce { GH05T-INSTA 7.01 } Fork it...
NSA-developed software reverse engineering suite. Features a disassembler, decompiler, scripting (Java/Python), graphing, and collaborative …
Ghidra is a software reverse engineering (SRE) framework
The GolangAnalyzerExtension facilitates the analysis of Golang binaries using Ghidra. It supports go1.6 through go1.26.
Ghidra extension for exporting relocatable object files
An extension for Ghidra that adds support for the PlayStation 2.
Ghidra utilities for analyzing PC firmware
A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.
Nintendo Switch loader for Ghidra
A collection of over 200 Ghidra themes to make long hours of reverse-engineering even more enjoyable!
Xbox Executable Format (XBE) Loader Extension for Ghidra SRE framework
Sharp SM83 / Game Boy extension for Ghidra
Integrate LLM models directly into Ghidra for automated code refactoring and analysis.
A Pythonic Ghidra standard library
An LLM extension for Ghidra to enable AI assistance in RE.
A powerful Ghidra extension that provides an MCP (Model Context Protocol) server, enabling AI assistants and other tools to interact with Gh…
Python Command-Line Ghidra Decompiler
A Ghidra script that enables the analysis of selected functions and instructions using Large Language Models (LLMs). It aims to make reverse…
GhidRust: Rust decompiler plugin for Ghidra
Quickly clone or backup an entire org/users repositories into one directory - Supports GitHub, GitLab, Bitbucket, and more 🐇🥚
Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.
Detects process injection and memory manipulation used by malware. Finds RWX regions, shellcode patterns, API hooks, thread hijacking, and p…
Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. T…
GHOST - Global Human Operations & Surveillance Tracking: Open-source investigation management platform for tracking people, connections, an…
Useful tool to track location or mobile number.
Popular OSINT framework for online investigations.
Ghidra scripts for recovering string definitions in Go binaries
A modern, Rust-powered Linux scanner that unmasks hidden rootkits, stealthy eBPF tricks, and ghost processes in one fast sweep (50+ scanners…
Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.
Django-based engagement management and reporting platform. Tracks infrastructure, manages findings, stores evidence, and generates professio…
The SpecterOps project management and reporting engine
🕵️♂️ Offensive Google framework.
Network monitoring tool that maps process-to-network connections, identifies cloud providers, and detects beaconing activity. Zero-flag agen…
A binary lifter and analysis framework for Ethereum smart contracts
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.
GitFive is an OSINT tool to investigate GitHub profiles.
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Gith…
🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
You can get a lifetime of FREE VPS using GitHub Codespaces with Kali Linux Docker image installed on github workspace terminal. (beginner, f…
🔪 :octocat: Leak git repositories from misconfigured websites
gitlab-subdomains
Finding exposed secrets and personal data in GitLab
SAST tool for detecting hardcoded secrets like passwords, API keys, and tokens in git repositories. Scans commits, branches, and git history…
Gitleaks can be installed using Homebrew, Docker, or Go. Gitleaks is also available in binary form for many popular platforms and OS types o…
Protect your secrets using Gitleaks-Action
This tool uses the GitHub API to scan repositories owned by a user for email addresses and associated names. It provides options to scan spe…
🕵️ OSINT Tool (github tracker)
Tools to download and reconstruct exposed .git repositories from web servers. Includes Gitdumper (download), Extractor (extract commits), an…
A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.
Это моя версия бота Глаз Бога. Работает прекрасно и выдает много информации.
🎁A convenient glibc binary and debug file downloader and source code auto builder
Retrieve all mails of users related to a git repository, a git user or a git organization
Centralized platform for aggregating and visualizing global CVE data — including feeds from NVD, MITRE, CNNVD, JVN, CERT-FR, and more. Built…
Global threat map. Learn wars, conflicts, military bases and history of nations.
A utility to adjust the settings of Model O/D mice on Linux/BSD
Retrieves client-sided Lua files from Garry's Mod game servers
Gmail id brut force attack Gmail id hack tools (use : kali linux and trmoux)
Simple tool written in python3 to perform limited brute-force attacks on gmail accounts.
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions
This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and H…
Obfuscate string literals in JavaScript code.
✨ Sponsored by NDX AI Shopping Assistant
A FREE comprehensive online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of revers…
go-recon External recon toolkit …
Go library for SARIF - Static Analysis Results Interchange Format
Package rhymen/go-whatsapp implements the WhatsApp Web API to provide a clean interface for developers. Big thanks to all contributors of th…
6502 CPU emulator, assembler, disassembler, debugger and host written in go
Dynamic injection tool for Linux/Android
An impish, cross-platform binary parsing crate, written in Rust
Directory/file and DNS busting tool written in Go. Extremely fast. Modes include directory brute-force, DNS subdomain enumeration, virtual h…
Directory/File, DNS and VHost busting tool written in Go
shellcode免杀加载器,使用go实现,免杀bypass火绒、360、核晶、def等主流杀软
Vulnerabilities of Goby supported with exploitation.
AI-powered subdomain enumeration tool with local LLM analysis via Ollama - 100% private, zero API costs
Red team tool designed for quickly identifying hijackable programs, evading antivirus software, and EDR (Endpoint Detection and Response) sy…
Godot Secure is a Simple Python Script That modify the Godot Source Code Automatically, to integrate Camellia-256 / AES-256 encryption with …
Windows remote execution multitool
A Go implementation of Cobalt Strike style BOF/COFF loaders.
面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams
I used examples from the books & materials
This tool exploits Golden DMSA attack against delegated Managed Service Accounts.
A fast and minimal JS endpoint extractor
🔎🪲 Malleable C2 profiles parser and assembler written in golang
gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that yo…
Original Repository of the GonnaCry Ransomware.
15-stage Windows malware development & analysis course in Rust. Red team builds it, blue team detects it. All 15 binaries achieved 0/76 on V…
Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leav…
Google Photos client based on reverse engineered mobile API.
This repository lists most of the challenges used in the Google CTF since 2017, as well as most of the infrastructure that can be used to ru…
Dorking: how to find what Google easily showing you (plus Shodan, Yandex, Tor, and more... )
Best Resource for learning Google Dorks
Custom Google search engine dedicated to IT security & hacking stuff. Over 240 high-quality sources.
🔍 Chrome扩展,为安全研究和渗透测试提供Google/百度/Bing高级搜索语法快捷执行。一键Dorking、批量提取URL、智能过滤黑名单,大幅提升信息收集效率。 🔍 Chrome extension for security research and penetrat…
GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision.
Google account phishing tool written in python using django
Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.
Open-source phishing framework designed for business security awareness campaigns. Features a rich web UI, email templates, landing page tem…
Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophi…
Notification webhook for GoPhish
GoPhish Templates that I have retired and/or templates I've recreated.
tool for generating wordlists or extending an existing one using mutations.
A toy CTF Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
🔍 Search anyone's digital footprint across 300+ websites
Inspects source code for security problems by scanning the Go AST and SSA code representation.
Feature-rich single-binary file server for red teamers and developers. HTTP/S · WebDAV · SFTP · SMB · NTLM hash capture · DNS/SMTP callback…
High-performance SQL parser, formatter, linter & security scanner for Go - 1.5M+ ops/sec, multi-dialect, zero-copy, race-free
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
GoTo dnSpy for Visual Studio 2022
Unofficial Google Photos Desktop GUI Client
This program provides efficient web scraping services for Tor and non-Tor sites. The program has both a CLI and REST API.
goverview - Get an overview of the list of URLs
Go Web Application Penetration Test
A modern "Enigma" built on GnuPG brings easy and trustworthy to your privacy life.
gpoParser is a tool designed to extract and analyze configurations applied through Group Policy Objects (GPOs) in an Active Directory enviro…
Uses ChatGPT API, Bard API, and Llama2, Python-Nmap, DNS Recon, PCAP and JWT recon modules and uses the GPT3 model to create vulnerability r…
The official gpt4free repository | various collection of powerful language models | opus 4.6 gpt 5.3 kimi 2.5 deepseek v3.2 gemini 3
Decompiler and deobfuscator that offers support to track discord webhooks inside: blank stealer, luna grabber, thiefcat, Creal and all unobf…
A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / d…
Open-source mobile security testing suite for iOS and Android. Previously Passionfruit
A comprehensive list of usable Entra ID first-party clients with pre-consented Microsoft Graph scopes, in a simple YAML-file explorable with…
Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit
InQL is a Burp Suite and standalone GraphQL security scanner. Analyzes introspection queries, generates operations, detects batch query atta…
🛡️ The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers 🛡️
Security Auditor Utility for GraphQL APIs
🔍A cutting edge context aware GraphQL API fuzzing tool!
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is…
grep rough audit - source code auditing tool
Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and st…
CLI tool, Ghidra plug-in, and Haskell library for analyzing binaries using under-constrained symbolic execution
A symbolic execution engine for EVM smart contract binaries.
Database anonymization, synthetic data generation and logical dump
A reverse search tool for OSINT (Open Source Intelligence) gathering & facial recognition via Google Custom Search & Google Vision API's.
A free Grok API wrapper that allows you to use Grok without API access or Account.
JVM bytecode obfuscator framework
Web Security Scanner & Exploitation. Based on custom vulnerability scanners & Nuclei …
GSpots automatically finds GWorld, GNames, and GObjects in Unreal Engine Games.
Cyber Incident Response Team Playbook Battle Cards
Curated list of Unix binaries that can be used to bypass local security restrictions. Shows how to abuse sudo, SUID, capabilities, and file …
Search for Unix binaries that can be exploited to bypass system security restrictions.
GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
Intermediate Representation for Binary analysis and transformation
Pretty printer from GTIRB to assembly code
g(ULP) core backend and plugins
GView is a cross-platform framework for reverse-engineering. Users can leverage the diverse range of available visualization options to effe…
GVision is a reverse image search app that use Google Cloud Vision API to detect landmarks and web entities from images, helping you gather …
A set of plugins for Ghidra and x64Dbg synchronization. A faster, more flexible ret-sync.
Sniff XPC communication using Frida and Go
The GZ::CTF project, an open source CTF platform.
H.I.V.E is an automated OSINT (Open Source Intelligence) multi-tool that enables efficient data gathering from various sources through the u…
MCP server that connects AI assistants to HackerOne for bug bounty hunting
HackerOne "in scope" domains
This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, dig…
A modular, terminal-based toolkit for OSINT, reconnaissance, and scraping - built in Python, runs on Linux and Windows.
Habu Hacking Toolkit ====================
This is a tool for randomly hacking CCTV cameras in various countries that is available in the tools list {2026}
######################################################################## …
A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
AI-powered cybersecurity chatbot designed to provide helpful and accurate answers to your cybersecurity-related queries and also do code ana…
This tool is used for encrypt backdoor,shellcode,socks5 proxy generation,Information retrieval and POC arrangement for various architecture …
Advance phishing tool with custom URL tunneling hosted by LocalTunnel, Ngrok, Cloudflare
A detailed plan to achieve proficiency in hacking and penetration testing, with pathways including obtaining a degree in cybersecurity or ea…
Source code for Hacker101.com - a free online web and mobile security class.
nc 类题目的 Docker 容器资源限制、动态 flag、网页终端
欢迎各位选手以 Pull Request 的形式提交自己的 write-up(players 目录下以自己的昵称创建新文件夹,并在本文件的「来自选手」部分增加一行)。
各种安全相关思维导图整理收集。渗透步骤,web安全,CTF,业务安全,人工智能,区块链安全,数据安全,安全开发,无线安全,社会工程学,二进制安全,移动安全,红蓝对抗,运维安全,风控安全,linux安全
Complete collection of bug bounty reports from Hackerone.
Top disclosed reports from HackerOne
All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog
HackerToolkit offers a curated selection of tools designed to enhance your hacking capabilities. This repository not only organizes these to…
Hackerwasii is an information collection tool (OSINT) which aims to carry out research on a French, Swiss, Luxembourgish or Belgian person. …
HackGPT Enterprise is a production-ready, cloud-native AI-powered penetration testing platform designed for enterprise security teams. It co…
A single script to install important Pentesting Tools and wordlists on Debian based Linux OS.
Ha3Mrx Pentesting and Security Hacking
Collection of Combination of 👨🏻💻Ethical Hacking, 🐧Linux, Cyber security, 💰Bug Bounty, Penetration testing, Networking and more IT Related B…
A comprehensive collection of penetration testing cheatsheets, guides, and tools.
Notes, research, and methodologies for becoming a better hacker. Knowledge should be free.
A collection of awesome GitHub repositories for hackers, pentesters & security researchers. ADDING MORE REPOs SOON.
This repository contains some resources for ethical hackers penetration tester 😊 This may contain some files, tools, books, and links that n…
Hacking resources and cheat sheets. References, tools, scripts, tutorials, and other resources that help offensive and defensive security pr…
A FREE comprehensive online Rust hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of rev…
Top 100 Hacking & Security E-Books (Free Download)
🪝Hacking Social Media Accounts by using Phishing Mails (GoPhish) 🐬
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and …
This Repository is a collection of different ethical hacking tools and malware's for penetration testing and research purpose written in pyt…
A FREE Windows C development course where we will learn the Win32API and reverse engineer each step utilizing IDA Free in both an x86 and x6…
My documentation and tools for learn ethical hacking.
Helping Ethical Hackers use LLMs in 50 Lines of Code or less..
HacKingPro - Hack Like A Pro !
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
ALL IN ONE Hacking Tool For Hackers
ALL IN ONE Hacking Tool For Hackers, Penetration Tester and Cybersecurity. New Version Beginner to Advanced Tool. This Tool is made for educ…
HackLiners: CyberSec/BugHunting OneLiners
An open source IoT Hacker Tool by using Raspberry Pi Zero 2 W
Contained is all my reference material for my OSCP / Red Teaming. Designed to be a one stop shop for code, guides, command syntax, and high…
LLM Agent and Evaluation Framework for Autonomous Penetration Testing
HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
My WriteUps for HackTheBox CTFs, Machines, and Sherlocks.
Hack The Box CPTS, CWES, CDSA, CWEE, CAPE, CJCA Exam and Lab Reporting / Note-Taking Tool
Useful scripts to exploit Hack The Box retired machines/challenges
Handouts, setup scripts, sources, and solutions for challenges from Hack The Vote CTFs
The all-in-one browser extension for offensive security professionals 🛠
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news…
API security testing framework for REST, GraphQL, and gRPC that validates authorization logic using role-based testing and YAML-driven templ…
:key: Hash type identifier (CLI & lib)
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
HAL \[/hel/\] is a comprehensive netlist reverse engineering and manipulation framework.
Halberd : Multi-Cloud Agentic Attack Tool
ESP32-DIV HaleHound Edition for Cheap Yellow Display - Multi-protocol offensive security toolkit
Hamburglar -- collect useful information from urls, directories, and files
A living document for penetration testing and offensive security.
Cross-platform username reconnaissance tool built for OSINT investigators, cyber threat analysts, red teamers, and CTF enthusiasts.
Modern image vulnerability scanning & patching platform with multi-tool integration.
Ansible playbook for Linux hardening
Hardening Ubuntu. Systemd edition.
Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, …
🔍 Function-level tracing tool for Seccomp profiling, with eBPF
CLI tool for open source and threat intelligence
Vulnerability research assistant that extracts pseudocode from the IDA Hex-Rays decompiler.
Script to perform some hashcracking logic automagically
World's fastest password recovery utility supporting 300+ hash types. Uses GPU acceleration and advanced attack modes including dictionary, …
World's fastest and most advanced password recovery utility
Rule for hashcat or john. Aiming to crack how people generate their password
Hascat Rules Collection – Probably the largest collection of hashcat rule-files anywhere.
Yet another WPA/WPA2 hashes cracker web server. Powered by HashCat. The backend is written in Python Flask.
Run hashcathelper -h for help. The program is structured in subcommands. See hashcathelper -h for more information.
Interactive Python CLI that wraps Hashcat with guided menus for wordlist, rule-based, brute-force, and hybrid attacks. Supporting 300+ hash …
Identifies different types of hashes used to encrypt data. Supports over 220 hash types and provides the corresponding Hashcat mode ID for d…
A simple password manager with a twist.
hashtray is an OSINT (Open Source Intelligence) tool designed to find a Gravatar account associated with an email address and to locate an e…
A web front-end for password cracking and analytics
utility to sanitize hast nodes
Modular penetration testing platform that enables you to write, test, and execute exploit code.
Modern C2 framework designed for red teams. Features a sleek GUI, Demon agent with evasion techniques, team server for collaboration, and ex…
Windows应急响应工具---Hawkeye(鹰眼)。集Windows日志分析,进程扫描,主机信息于一体的综合应急响应分析工具
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
⚡ Blazing-fast tool to grab screenshots of your domain list right from terminal.
Small tool to capture packets from WLAN devices. Captures PMKID and EAPOL handshakes directly without requiring deauthentication. Outputs ca…
Small tool to capture packets from wlan devices.
A small set of tools to convert packets from capture files to hash files for use with Hashcat or John the Ripper.
Instagram without all the toxic features like reels, home page, explore page. You can still view your friend's reels, stories, view profiles…
אין מילון מלבד Hspell ונדב הראל ודן קניגסברג הם נביאי האמת
Heimdall is an advanced EVM smart contract toolkit specializing in bytecode analysis and extracting information from unverified contracts.
Use python helios.py --help for a full list of options and usage instructions.
【Hello CTF】题目配套,免费开源的CTF入门教程,针对0基础新手编写,同时兼顾信息差的填补,对各阶段的CTFer都友好的开源教程,致力于CTF和网络安全的开源生态!
本项目为 Hello-CTF 的关联项目,这是一个基于 Issue模板 + GitHub Action 实现的自动化赛事信息更新。
Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls
Heralding |travis badge| |version badge| |codacy badge| =======================================================
GDB TUI Dashboard for the understanding of vast knowledge
A reverse engineering tool for decompiling and disassembling the React Native Hermes bytecode
A command and control framework.
An HTTP toolkit for security research.
HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion
Fully-featured GUI Hex Control.
🔍 Colourful, human-friendly hexdump tool
Versatile GUI hex editor focused on binary file exploration and aiding pattern recognition
Automated Penetration Testing Mind Map with Artificial Intelligence
Header-only, lightweight C++ library for binary streaming & serialization. Network data handling made easy peasy!
Static analysis of malicious Python code
HexPatch: a binary patcher and editor written in Rust with terminal user interface (TUI).
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools…
Hextor - Hexadecimal editor and binary data analyzing toolkit
Hex Viewer/Editor/Analyzer compatible with Linux/Windows/MacOS
Help recon of hostnames from specific ASN or CIDR, thanks to Robtex and BGP.HE
Wordlist for web fuzzing, made from a variety of reliable sources including: result from my pentests, git.rip, ChatGPT, Lex, nuclei template…
Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware
Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
Browser forensics tool for Google Chrome (and other Chromium-based browsers)
A web based OSINT ressource and tool
Half-Life 2 SDK Mirrors
Hashlink bytecode disassembler, analyzer, decompiler and assembler.
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
A multi-platform GUI for bit-based analysis, processing, and visualization
holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the fo…
👋 Hi there! For any professional inquiries or collaborations, please reach out to me at: megadose@protonmail.com
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in…
SRE Agent - CNCF Sandbox Project
BYOVD hunter to help prioritize windows drivers worth manual analysis
Signature based honeypot detector tool written in Golang
HoneyHTTPD is a Python-based web server honeypot/service imitation builder. Great for honeypots or faking HTTP services.
30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql…
Honeyscanner: A vulnerability analyzer for honeypots
Fuzz your Rust code with Google-developed Honggfuzz !
Shellcode loader generator with multiples features
Tool for reverse engineering macOS/OS X
Hooks in to interesting functions and helps reverse the web app faster.
HopLa Burp Suite Extender plugin - Brings AI capabilities, autocompletion support, and a set of useful payloads to Burp Suite
An OSINT / digital forensics tool built in Python
hostagram osint tool Instagram | hostagram
A Python and ruby script to automate rogue AP process
Host A Hidden Service on TOR with an Onion Address !
Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.
Hound is a simple and light tool for information gathering and capture exact GPS coordinates
An advanced graphical search engine for Exploit-DB
How to exploit a double free vulnerability in 2021. Use After Free for Dummies
A WIP cheat sheet for various linux kernel heap exploitation techniques (and privilige escalations).
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliabili…
基于pwntools+angr的简单CTF AMD64 PWN AUTO FUZZ
IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations
The most comprehensive Hack The Box writeup collection - 500+ machines, 400+ challenges, interactive knowledge graph, skill trees, attack pa…
Fast and robust date extraction from web pages, with Python or on the command-line
Cleans HTML to avoid XSS attacks
My simple Swiss Army knife for http/https troubleshooting and profiling.
A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.
A Flask-based HTTP(S) command and control (C2) framework with a web interface. Custom Windows EXE/DLL implants written in C++. For education…
Fast and multi-purpose HTTP toolkit from ProjectDiscovery. Probes hosts for live web services, extracts title, status code, content length, …
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
Script to obtain watch or band bluetooth token from Huami servers. Mirrored from https://codeberg.org/argrento/huami-token
A videogame overlay framework written in Rust, supporting DirectX and OpenGL
:goberserk: :goberserk: :goberserk: Share of my Huge Collection of Cheatsheet (Coding, Cheat, Pinouts, Command Lists, Etc.) :goberserk: :go…
Multi-protocol passive fingerprinting library: TCP/HTTP (p0f-style) + TLS (JA4-style) analysis in Rust
A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
Suricata rules for network anomaly detection
Docker - Ubuntu with a bunch of PenTesting tools and wordlists
Advanced reconnaissance framework for bug bounty hunters - Automate subdomain enumeration, vulnerability scanning, and security reconnaissan…
Performing security tests inside your CI
Most Powerfull 😈Crash any android device with virus from any link using termux or kali linux
Fast and flexible online password brute-forcing tool supporting 50+ protocols including FTP, SSH, Telnet, HTTP, SMB, LDAP, MySQL, RDP, IMAP,…
Dynamic and static analysis with Real Time Malware Analysis with Antivirus for Windows, including open-source XDR (3 EDR projects), ClamAV, …
HydraBus HydraFW official firmware for open source multi-tool for anyone interested in learning/developping/debugging/hacking/Penetration Te…
Lua runtime introspection and network capturing tool for games on the Roblox engine.
memory introspection and reverse engineering hypervisor powered by leveraging Hyper-V
State-of-the-art native debugging tools
A hyper plugin to provide a flexible GDB GUI frontend with the help of GEF, pwndbg or peda
Security analysis of the hypervisor drm method used to bypass denuvo. Reverse engineering of the driver loaders and boot components using Gh…
Library for execution obfuscation, designed to protect memory regions during inactivity or sleep cycles. It leverages thread pool timers, wa…
I-Espresso is a tool that enables users to generate Portable Executable (PE) files from batch scripts. Leveraging IExpress, it demonstrates …
i-Haklab is a hacking laboratory for Termux that contains open source tools for pentesting, scan/find vulnerabilities, explotation and post-…
Swiss army knife of hacking written in Golang, capable of performing various kinds of attacks 🐉
An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.ta…
Wireshark-compatible all-channel BLE sniffer for bladeRF, with wideband Bluetooth sniffing for HackRF and USRP
Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua
Video Face Manipulation Detection Through Ensemble of CNNs
用于快速查询IP、域名资产备案信息及权重的工具。欢迎关注微信公众号加群反馈问题~
The industry-standard disassembler and decompiler (with Hex-Rays decompiler). Supports the widest range of processor architectures and binar…
Long overdue for an update. In particular for major IDA Pro version 9 (now 9.2). Has been for a while since , most certainly with version 9,…
IDA Plugin that fills in missing indirect CALL & JMP target information
Control Flow Flattening Deobfuscator for Obfuscator-LLVM as a plugin for IDA Pro.
Automatically identify and extract potential anti-debugging techniques used by malware.
IDA Python Script to Get All function names from Event Constructor (VCL)
Headless IDA Pro binary analysis via Model Context Protocol
A plugin based on IDAPython for a functional DWIM interface. Current development against most recent IDA is in the "persistence-refactor" br…
An interactive list of plugins for hex-rays' IDA Pro
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Signature maker plugin for IDA 9.x and 8.x
sigmaker is a zero-dependency IDA Pro 9.0+ cross-platform signature maker plugin with optional SIMD (e.g. AVX2/NEON/SSE2) speedups that work…
使用skill让 AI Agent 像安全分析师一样分析恶意样本 | AI Agent skill for automated malware analysis using IDA Pro
Install and browse 100+ community themes for IDA Pro (Dracula, Monokai, Solarized and more)
Automatic vtable detection, inheritance analysis, and function override tracking for reverse engineering compiled C++ binaries. Supports IDA…
IdaClu is a version agnostic IDA Pro plugin for grouping similar functions. Pick an existing grouping algorithm or create your own.
An integration for IDA and VS Code which connects both to easily execute and debug IDAPython scripts.
Xbox/Xbox360 loader plugin for IDA 9, and xex1tool, supporting most known Xbox executable file formats (XEX/XBE)
IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
ids-inf is a information gathering tool and with extra use full options like number unban and ban and it has phone number information gather…
Tools for creating, modifying, assembling and disassembling RemObjects PascalScript files.
OSINT tool researched and designed to hunt down IG handles
insta-follow-botz . Instagram hacks bot with instagram report ,followers , information gathering , instagram hacking
https://www.shadowhackr.com/2022/10/igfreak-instagram-hacking.html
ignorant allows you to check if a phone number is used on different sites like snapchat, instagram.
OSINT Project. Collect information from a mail. Gather. Profile. Timeline.
Run Il2CppDumper.exe and choose the il2cpp executable file and global-metadata.dat file, then enter the information as prompted
Dump Il2Cpp unprotected executable ELF and metadata from process memory
Windows Administrator level Implant.
This is a forensic tool written in Python 3. Use this tool to fetch the content (phone numbers, email addresses, messages and the account) f…
Export iMessage data + run iMessage Diagnostics
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
iMonitor (Endpoint Behavior Analysis System) is a endpoint behavior monitoring and analysis software based on iMonitorSDK.
Collection of Python classes for working with network protocols. Includes tools for SMB, MSRPC, LDAP, Kerberos, and more. Used for Pass-the-…
Dumps secrets remotely using a variety of techniques including DCSync (without running code on DC), VSS, and SAM dump. Part of the Impacket …
👻Impost3r -- A linux password thief
:bomb: Impulse Denial-of-service ToolKit
Automate the world of LinkedIn!
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
PagerDuty's Incident Response Documentation.
A concise, directive, specific, flexible, and free incident response plan template
PowerShell Digital Forensics & Incident Response Scripts.
Hands-on cybersecurity projects to enhance skills in phishing investigation, malware analysis, network intrusion detection, and DDoS attack …
An opensource incident management platform integrating with Slack.
The Open Source Incident Management Framework
Incursore came from nmapAutomator to be your personal raider while you enumerate a target.
Commonly used passwords in Indian demography
Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files.
The Indicator of Canary is a collection of PoCs from research on identifying canaries in various file formats. It focuses on identifying kno…
INE Training Notes
Infect Any Android Device With Virus From Link In Termux
[MIRROR] unofficial implementation of Dante protocol (Audio over IP)
Infiltra Firmware is an open-source firmware for wireless security testing, network analysis, and hardware hacking. FLASH IT BELOW USING OUR…
An AI-powered dashboard builder. Describe the widget you want in plain English and an AI agent writes, builds, and deploys it in real time.
Infisical is the open-source platform for secrets, certificates, and privileged access management.
InfoHound is an OSINT to extract a large amount of data given a web domain name.
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily c…
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
List of past and future infosec related events.
Notes from various sources for preparing to take the OSCP, Capture the Flag challenges, and Hack the Box machines.
Tools & Resources for Cyber Security Operations
InfraGuard is a Command & Control Redirection Proxy and Manager which protects your Red Team Infrastructure against threat attribution
eBPF-based GPU causal observability agent
Packet crafting, injection and sniffing tool
Re-write of Injection for Xcode in (mostly) Swift
A set of tutorials about code injection for Windows.
Injectra is a Python-based tool for injecting custom payloads into various file types using their magic numbers. It supports file types like…
Inline syscalls made easy for windows on clang
Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
Autonomous EDR for Linux. Install, forget, protected. Kernel-level eBPF detection, AI triage, autonomous response. Apache-2.0. The autonomou…
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable sc…
A full insecure kubernetes application for testing security tools
Its Bruteforce Tool For Instagram
Instagram login page clone which send your victim's credentials through email, using html css & php
best script for hacking instagram
Instagram password cracker - CLI
Track Instagram users' activities, profile changes and capture content with beautiful dashboards and instant notifications
Instagram and Facebook login page using HTML and CSS
First ever tool to view "Instagram private posts" anonymously
instahack is a bash & python based script which is officially made to test password strength of Instagram account from termux and kali with…
A python based tool for hacking instagram accounts
Auto password Generator & Multi Bruteforce Instagram
Download pictures (or videos) along with their captions and other metadata from Instagram.
A powerful Instagram bulk unlike tool to mass unlike Instagram reels and posts all at once for managing your digital footprint.
InstaReport v4.3.1 — Premium social media auto-report, ban & unban tool. One-click mass reporting for Instagram, Twitter/X, Threads & Snapch…
📸 an Instagram tracking script that logs any changes to an Instagram account (followers, following, posts, and bio) written in Python.
A modern and intuitive Chrome extension that brings your favorite OSINT tools, metadata analyzers, and Google Dorking assistants right into …
AI-powered platform for OSINT intelligence analysis. Features archive discovery with hypothesis-driven investigation, GLiNER entity extracti…
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
IntelOwl: manage your Threat Intelligence at scale
Out-of-band interaction gathering server. Generates unique collaboration URLs for detecting blind vulnerabilities like SSRF, XXE, SSTI, blin…
A deep technical dive into how MITM attacks actually work in Ethernet, IPv4, and IPv6 networks from ARP and DHCP to IPv6 RA, DNS, and FHRP s…
INTERCEPT / Policy as Code Auditing
An Ip-Grabber Tool With a Custom Redirect Link
MITM proxy for TCP/TLS/DTLS/UDP traffic, with STARTTLS, IoT, Thick Client and more.
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Active Directory and Internal Pentest Cheatsheets
Cast your OSINT net further a field and see what else you can discover on the Internet.
Hourly updated database of exploit and exploitation reports
A flexible internet crawler used for scanning technologies, instances and vulnerabilities worldwide across the internet.
Asset inventory of over 800 public bug bounty programs.
Indicators of Compromise from Amnesty International's cyber investigations
🔎 Find usernames and download their data across social media.
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date de…
Active Directory Auditing and Enumeration
Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel
Decrypt Chromium based browser passwords with PowerShell.
Inject RDPThief into memory with PowerShell.
Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related i…
Defanged Indicator of Compromise (IOC) Extractor.
IoCreateDriver Implementation, it can be useful if you're trying to bypass anticheats
IOK (Indicator Of Kit) is an open source language and ruleset for detecting phishing threat actor tools and tactics
A tool for generating detailed, locally-processed reports from iOS backups, supporting encrypted and unencrypted data.
MobileSubstrate tweak to dump iOS unreal engine games
This is more of a checklist for myself. May contain useful tips and tricks. Still need to add a lot of things.
IP-Biter: The Hacker-friendly E-Mail (but not only) Tracking Framework
Hide an IP address in scripts using hex/decimal/octal conversions
Track any ip address with IP-Tracer. IP-Tracer is developed for Linux and Termux. you can retrieve any ip address information using IP-Trace…
GUI analyzer for deep-diving into PDF files. Detect malicious payloads, understand object relationships, and extract key information for thr…
Monolingual wordlists with pronunciation information in IPA
Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
IPAnalyzer is an IP Address Tracker OSINT ethical hacking tool built for Linux distributions, designed to gather detailed information about …
Patch iOS Apps, The Easy Way, Without Jailbreak.
IP ASN History to find ASN announcing an IP and the closest prefix announcing it at a specific date
Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store
IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime sc…
IPGhost is a strong tool for ethical hackers. This tool automatically changes your IP address , making it hard for anyone to track your onl…
Decrypt an encrypted local iOS backup on Windows or MacOS
A simple IP locator tool
iPod usb gadget for audio playback. Client app: https://github.com/oandrew/ipod
🔨 List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), Ope…
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
This Python script can be used to bypass IP source restrictions using HTTP headers.
Enhanced Clash and Clash.Meta routing rules with Iranian domains ruleset and a focus on security and adblocking.
Enhanced sing-box and sing-box-clients routing rules with built-in Iranian domains and a focus on security and adblocking.
Enhanced v2ray/xray and v2ray/xray-clients routing rules with built-in Iranian domains and a focus on security and adblocking.
Collaborative Incident Response platform
My learning, tutorials on Cybersecurity
Segments intersection detection library
📊 OSINT dataset of 10,700+ Twitter/X accounts linked to Islamic Republic influence networks. Metadata-only for CIB research & network analys…
A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good pe…
Use DOMPurify on server and client in the same way
A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.
⛳️ PASS: ITIL 4 Foundation (IT Service Management) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.
Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your …
A password strength app that evaluates and rates your password's robustness, estimates crack time, and provides helpful warnings and suggest…
Dex to Java decompiler. Produces Java source code from Android APK/DEX/AAR/AAB files. Features a GUI with search, deobfuscation, and resourc…
Plugin for JADX to integrate MCP server
⚡ Fully automated MCP server built to communicate with JADX-AI-MCP Plugin to analyze Android APKs using LLMs like Claude — uncover vulnerabi…
The Swiss Army knife for automated Web Application Testing
An nsjail Docker image for CTF pwnables. Easily create secure, isolated xinetd/inetd-style services.
Reviving the language that brought us the Jak & Daxter Series
…
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Seco…
…
Python 3.9 obfuscator built on LibCST with a library of fun obfuscation techniques, including polynomial MBAs, runtime bytecode patching, et…
Jarida (Jadx + Frida) is a Jadx GUI plugin that lets you trace and optionally patch Java method return values at runtime using Frida, direct…
Spike JAR files with malicious implants.
Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE)
Java Vulnerability Exploitation Platform
The Java Disassembler (JDA) is a GUI reverse engineering tool that can turn this:
JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.
General purpose JavaScript deobfuscator
A deobfuscator for JavaScript codes generated by Obfuscator.io
A powerful obfuscator for JavaScript and Node.js
Java web and command line applications demonstrating various security topics
Java Dynamic Reverse Engineering and Debugging Tool
HeapDump敏感信息提取工具
(another?) UNOFFICIAL Steam mobile client project
Wii U RAM TCP Debugger Client/Cheat Code Manager
JieLi Technology ('杰理' aka "Jerry", "π" // "jelly", 光) is a company that was based in year 2010 in the ZhuHai city of Guangdong province, Ch…
JavaScript library for building web-based applications that employ secure multi-party computation (MPC).
Fast and customizable vulnerability scanner For JIRA written in Python
One stop place for Jira security reconnaissance and exploitation in your proximity
A Just-In-Time Decrypter for Windows executables (x86 and x64) that performs real-time, instruction-level decryption of encrypted code secti…
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background service…
Fast password cracker available for many operating systems. Auto-detects hash types, supports dictionary and incremental attacks, and includ…
Merge multiple pcap files together, gracefully.
助力红队成员一键生成免杀木马,使用rust实现 | Help Redteam members generate Evasive Anti-virus software Trojan
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
A network forensics and passive sniffer tool
OWASP Joomla vulnerability scanner. Detects Joomla version, components, modules, and templates with known vulnerabilities. Checks for common…
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
🚀 JoySafeter: An enterprise AI Agent Platform—Not just chatting. building、running、testing, and tracing autonomous Agent Teams with visual or…
jPSXdec: cross-platform PlayStation 1 audio and video converter
jQuery with XSS, Testing and Secure Version
JS-Confuser is a JavaScript obfuscation tool to make your programs *impossible* to read.
js cookie逆向利器:js cookie变动监控可视化工具 & js cookie hook打条件断点
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Write any JavaScript with six characters: ! ( ) + [ ]
Simple decompiler for Rizin. It's capable of generating readable pseudo code even on handmade assembly.
Reverse engineer obfuscated JavaScript visually. Chain transforms, inspect AST changes, write reusable deobfuscation plugins.
js hook toolkit that all you need
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensi…
jSQL Injection is a Java application for automatic SQL database injection.
A simple browser extension to quickly find interesting security-related information on a webpage.
JSSCM detects expired domains for Stored XSS exploitation during browsing.
jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite…
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF
Non-official write up for the Juice-Shop CTF
Simple LLM service identification - translate IP:Port to Ollama, vLLM, LiteLLM, or 60+ other AI services in seconds
Collection of Jupyter Notebooks by @fr0gger_
JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
Justniffer Just A Network TCP Packet Sniffer. Justniffer is a network protocol analyzer that captures network traffic and produces logs in …
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
🦁 Python project to identify and scan for vulnerabilities related to the Joomla CMS project. It scans for common misconfigurations and publi…
Toolkit for testing, tampering, and forging JSON Web Tokens. Tests common JWT vulnerabilities including algorithm confusion (alg:none, RS256…
Simple HS256, HS384 & HS512 JWT token brute force cracker.
Security Testing Scripts for JWT
A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.
JYso
Advance OTP Bypass Tool. Termux Supported.
Powerful+Fast+Low Privilege Kubernetes discovery tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Ex…
Filtry do uBlocka Origin i AdGuarda, chroniące przed różnymi zagrożeniami w polskiej sieci, takimi jak wirusy, fałszywe sklepy i subskrypcje…
Wersja hosts, PiHole, dnsmasq, domenowa (Forti Guard) filtrów KAD
CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- plea…
Kaitai Struct: declarative language to generate binary data parsers in C++ / C# / Go / Java / JavaScript / Lua / Nim / Perl / PHP / Python /…
Python Kaldi speech recognition with grammars that can be set active/inactive dynamically at decode-time
Kali-ios brings the power and versatility of Kali Linux right at your fingertips. It allows users to access Kali in text mode through a term…
A guide to using Kali Linux tools for web penetration testing, ethical hacking, forensics, and bug bounty. Covers setup, key tools, methodol…
Top 20 Kali Linux Related E-books (Free Download)
Transform your Android device into a cybersecurity playground with Kali Magic! 🚀
Raspberry Pi Zero 2 W Kali Linux (Pi-Tail) installation and setup
Run Kali Linux Nethunter Rootless with GUI in Termux
Graphical Web interface developed to facilitate the use of security information tools.
Kali Linux Phosh for PinePhone/Pro and other QCOM Mainlined Devices
Kali Linux Theme Installer , Zsh Shell , Pure Look
Kali Linux for WSL1 or WSL2 and desktop sessions over RDP.
KaliGPT: an Agentic AI (built with Gemini, ChatGPT, Ollama, OpenRouter Models) fine tuned for ethical hackers & students in offensive securi…
Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard…
Install Kali Linux Nethunter in termux - orginal by @Hax4us
NetHunter Rootless Edition. Maximum flexibility with no commitment. Install Kali NetHunter on any stock, unrooted Android device without vo…
Despliega un entorno de hacking profesional para Kali Linux ejecutando solo un script.
🦚 A web-app pentesting suite written in rust .
A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking H…
⡷⠂𝚔𝚊𝚛𝚖𝚊 𝚟𝟸⠐⢾ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
Information & PoC for CVE-2024-45200, Mario Kart 8 Deluxe's "KartLANPwn" buffer overflow vulnerability
Distributed malware processing framework based on Python, Redis and S3.
WIP Decompilation of Kirby & The Amazing Mirror (USA)
Tactical AI Workspace Monitor & EDR
A cybersecurity game in Azure Data Explorer
A simple tool to detect outdated shared libraries
Automatically audit your Keycloak configuration for security issues
Kernel-Enforced Install-Time Policies (KEIP): An eBPF/LSM based security tool that detects and blocks malicious network activity during pip …
Keklick - C2 Hunting, Reporting and Visualization Tool
NIST-based CVE lookup store and API powered by Rust.
Kerberos brute-forcing tool for performing user enumeration and password spraying against Active Directory. Does not trigger account lockout…
Persistent Powershell backdoor tool {😈}
Headless AI agent for deterministic reverse engineering.
My proof-of-concept exploits for the Linux kernel
Keskivonfer is a tool that allows you to extract information from a vinted account
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
I developed a rigorous cybersecurity project portfolio on mock clients covering NIST, audits, Linux, SQL, assets, threats, vulnerabilities, …
A manager for ssh-agent and gpg-agent
The Official Key Croc Payload Repository
Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.
KeyLeak Detector – Scan websites for exposed API keys and secrets
A simple keylogger for Windows, Linux and Mac
:closed_lock_with_key: Open Source Python Keylogger Collection
Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. keylogger Monitors all keystokes, Mou…
Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure…
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Attack Surface Discovery tool built on a microservice approach, utilizing multi-threading for fast, internet-scale asset indexing
Phishing campaign toolkit with client-server architecture. Features rich email templates with Jinja2, credential tracking, geo-location mapp…
For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the …
Wireless network detector, sniffer, wardriver, and WIDS (Wireless Intrusion Detection System). Supports Wi-Fi, Bluetooth, Zigbee, and other …
Hacking tools pack & backdoors generator.
KittyLoader is a highly evasive loader written in C / Assembly
This library aims for runtime code patching for both Android and iOS
Dedicated library for runtime code patching, injection and some useful memory utilities. works for both Android and Linux
KIZAGAN is a RAT,c2 command&control tool.It allows you to build executables and control infected machines.
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover support
✅ Fast & Async • 🔐 Recon + Brute • 🔧 Easy to Extend
A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API
The world's first agentic reverse engineer.
Kong API Manager with Prometheus And Graylog
Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible in m…
Open-source CLI for AI coding agents. Give your coding agents access to services without exposing keys.
Scan 30+ AWS services. Find cost waste. Detect security gaps. Map your attack surface. One command.
A remake of the Odyssey Game Engine that powered KotOR I & II written in JavaScript
Rootkits are typically closed-source threats that operate in shadows, making them difficult to understand and defend against. KoviD exists t…
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
All-in-One Toolkit for BruteForce Attacks
Kubernetes RBAC static analysis & visualisation tool
Krypton C2 is a simple botnet source. Credits Source Code: NixWasHere
KslDump — Why bring your own knife when Defender already left one in the kitchen?
pip install k2l | Mach-O + Obj-C analysis TUI / CLI kit and library. Zero compiled deps, runs anywhere with a python interpreter.
A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within cluste…
Tool for building Kubernetes attack paths
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on play…
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI a…
Digital Forensics Investigation Platform
此仓库不在更新,请移步:https://github.com/xsecself/pentester-skills
A unified game launcher for STAR WARS Battlefront II (EA) that adds community-hosted multiplayer with full mod support, a server browser, pr…
Kylebot | This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
L0p4 Toolkit is a powerful hacking toolset designed for hacker's. It includes advanced tools for web hacking (SQLi, XSS), network scanning, …
Professional network monitoring & visualization tool. L0P4Map combines high-speed ARP discovery with full nmap integration and a real-time i…
An archive of past challenges from LA CTF hosted by ACM Cyber at UCLA and Psi Beta Rho.
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描…
Disassembly of Legend of Zelda: Links Awakening DX
The most powerful Android RPA agent framework, next generation mobile automation.
[灯灯]微服务中后台快速开发平台,支持jdk21、jdk17、jdk8,专注于多租户、开放平台解决方案,亦可作为普通项目(非SaaS架构)的基础开发框架使用,目前已实现插拔式数据库隔离、SCHEMA隔离、字段隔离 等租户隔离方案。
intel x86(-64) code analysis library that reconstructs control flow
Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the k…
Laravel RCE Exploitation Toolkit
A Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developer…
Laravel XSS Protection Middleware
Alternative firmware for a cheap X-40 laser tape measure
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
Ultra-fast, low latency LLM prompt injection/jailbreak detection ⛓️
☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.
🕵️ Track down social media profiles using a specific username across multiple social network platforms
LazyHunter is an automated reconnaissance tool designed for bug hunters, leveraging Shodan's InternetDB and CVEDB APIs
Vulnerability scanning just got lazier
Automation tool to testing and confirm the xss vulnerability.
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory.
Passive leak enumeration tool.
A simple way to check if your data has been compromised in major security breaches affecting Iran — similar to "Have I Been Pwned" but focus…
Compromised SSH servers and scraped mirror sites leaked scripts intended for malicious use.
An all-in-one Shodan & ZoomEye supported tool to search, browse, preview and dump data leakage across 20+ services. Pulls real exposure stra…
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc.…
Claude Code 源码逆向恢复项目 | Source Map 逆向 · 架构分析 · 可运行版本 | 1900+ 文件 · 51万行代码 · 12章节课程
Study Notes For Web Hacking / Web安全学习笔记
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be co…
This repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.
【三万字原创】完全零基础从0到1掌握Java内存马,公众号:追梦信安
A resource full of Crypto/OSINT tools, techniques and training courses for CTI, AML, and forensic investigations.
A list of OSINT tools & resources for (fraud-)investigators, CTI-analysts, KYC, AML and more.
A lightweight security threat scanner intended to make malware detection more accessible and efficient.
A command-line interface for LevelDB
Dumps all of the Key/Value pairs from a LevelDB database
Top-level repository for LFI: Practical, Efficient, and Secure Software-based Sandboxing
Local File Inclusion discovery and exploitation tool
LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.
Build a database of libc offsets to simplify exploitation
Binary Exploitation Skill. Gain RCE from arbitrary write.
A Python library to debug binary executables, your own way.
Install open-source software from source to focus on Zero Trust Network principles, enhancing security for existing applications, and deploy…
Collection of source code for Unity IL2CPP
libinjection is a Golang port of the libinjection(https://github.com/client9/libinjection)
Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross…
Library for parsing internal structures of PE32/PE32+ binary files.
AirPods liberated from Apple's ecosystem.
A re-implementation of the RenderWare Graphics engine
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
A Coverage Explorer for Reverse Engineers
A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.
Please visit the Wiki for up-to-date information
Advanced tunneling/pivoting tool that creates a VPN-like tunnel from the agent to the operator without SOCKS proxies. Enables direct routing…
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Fully dockerized Linux kernel debugging environment
Yet another LLVM-based obfuscator
Scripted local Linux enumeration and privilege escalation checks. Collects system information, user data, SUID/SGID binaries, sudo configura…
A Linkedin Activity date Finder
Python 3 script to dump/scrape/extract company employees from LinkedIn API
🔍 An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.
Kali Linux Üzerinden İşlenen Linux Komut Satırı Dersleri Dokümantasyon Kaynağı
Information for MStar/SigmaStar SoC
Linux Dokümantasyonu Web Platformu
Linux privilege escalation auditing tool
In this repository you will find sample commands and test files for each day of the course "Linux for OSINT. A 21-day course for beginners".
A collection of links related to Linux kernel security and exploitation
Linux Kodachi is a Debian-based security OS by Warith Al Maawali, built for uncompromising privacy, anonymity, and reliability. It pairs har…
🌐🐧 Browsable Linux kernel syscall tables built with Systrack (https://github.com/mebeim/systrack)
Incident Response collection and processing scripts with automated reporting scripts
The most powerful security toolkit for Android: without rooting your device. Run security tools like Nmap, Metasploit, and Wireshark on your…
The vm images in this repo are lost, we recommend our new project: https://github.com/hust-open-atom-club/S2VulnHub
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
Reveals invisible links within JavaScript files
LLDB MCP Integration + other helpful commands
Little Bug Bounty & Hacking Tools⚔️
A multi-platform fuzzer for poking at userland binaries, network clients and servers
A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integra…
Cross-platform incident response and live forensics toolkit with built-in detection, structured analysis, and report generation — designed f…
Hyper-V Research is trendy now
A Minecraft hacked-client for the LiveOverflow Server. Contains various hacks for the challenges on the server, and some utilities.
Red Teaming python-framework for testing chatbots and GenAI systems.
LLEF is a plugin for LLDB to make it more useful for RE and VR
LLM OSINT is a proof-of-concept method of using LLMs to gather information from the internet and then perform a task with this information.
The Security Toolkit for LLM Interactions
Reverse Engineering: Decompiling Binary Code with Large Language Models
移植 OLLVM 到 LLVM 18,C&C++代码混淆(Porting OLLVM to LLVM 18: C & C++ Code Obfuscation)
Anti-LLM obfuscation via finger counting
LLVM fork with explicit compatibility with MSVC 2022 features.
Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time…
Lo4f is a sophistochated RAT (Remote Access Trojan), written entirely in python.
🏠 Selfhosted game servers for the latest versions of Roblox.
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
LockKnife: The Ultimate Android Security Research Tool. A unified TUI workspace and headless CLI for deep Android security research, built f…
Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indicat…
CLI utility and Python module for analyzing log files and other data.
Command Line Sock Puppet Creator for Investigators.
🐍 High-performance, multi-threaded YARA & IOC scanner
Living Off The Land Binaries And Scripts — documents Windows native binaries that can be abused for execution, download, bypass, and persist…
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection
Living of the Land of Free SaaS
Generate customized Password/Passphrase wordlist based on target information
Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS…
🔎 The cyber swiss army knife of lookup tools. Research information on domains, IPs, email addresses, and more!
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
公众保护个人隐私的战斗已经基本宣告失败。即使拥有话语权的精英们一直宣称隐私保护非常重要,但在强大的资本、政府面前,个人隐私不值一提。既然无法赢得隐私保护的战斗,那么公众应有权知道哪些隐私数据被泄露了、被谁泄露了,让公众可以自己选择方案保护自己。
The Lost Nintendo DS Television Output, brought back to life
:zap: Fast Web Security Scanner written in Rust based on Lua Scripts :waning_gibbous_moon: :crab:
基于Memprocfs和Volatility的可视化内存取证工具
灵取证是一款功能强大且专业的安卓设备数据取证工具,专门为执法部门、司法机构和安全调查人员设计开发。本工具采用先进的取证技术,确保数据提取过程的完整性和准确性。本工具的开发和使用严格遵循相关法律法规框架,确保所有数据提取操作都在合法授权范围内进行。通过专业的数据处理流程,为执法调查…
Lsploit is a comprehensive asset collection and vulnerability scanning tool. Lsploit是一款便携式综合资产分析及漏扫框架,拥有高性能,功能丰富,结合最新漏洞通告,嵌入ai,可自行组装exp,poc…
LuaN1aoAgent is a cognitive-driven AI hacker. It is a fully autonomous AI penetration testing agent powered by DeepSeek V3.2. Using dual-gra…
Information Gatherer & Webapps Exploiter
🍹A static injector of dynamic library for application (android, iphoneos, macOS, windows, linux)
A private Lumina server for IDA Pro
LummaC2 extracted binaries by reversing & LummaC2 Stealer Analysis
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests…
视觉小说翻译器 / Visual Novel Translator
locate and attack Lync/Skype for Business
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system…
LZR quickly detects and fingerprints unexpected services running on unexpected ports.
274 Automated checks across 14 compliance frameworks, interactive HTML report, no data leaves your machine.
ON NO! Someone put an RPG in a packet sniffer
MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).
macOS (& ios) Artifact Parsing Tool
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD ser…
Scripts to process macOS forensic artifacts
Mach is a fast, reliable, and extensible web fuzzing tool built for security researchers, bug bounty hunters, and penetration testers. Desig…
CTF challenges designed and implemented in machine learning applications
machofile is a module to parse Mach-O binary files
🔬 A Swift library for parsing mach-o files to obtain various information.
Presenting a wide range of more than 100 powerful BadUSB scripts exclusively designed for Mac OS & the Flipper Zero device. As the sole cura…
Various scripts for macOS tasks
A cross platform parser for Apple UnifiedLogs!
Forensic Artifact Collection Tool for macOS
Office for Mac Macro Payload Generator
Open source toolkit for Mafia games. (Mafia II, Mafia III, Mafia DE)
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, …
Magicspoofing it's a python script that checks & test SPF/DMARC DNS records an tries to spoof a domain with a open relay mail system.
Penetration tester productivity tool designed to allow easy data consolidation and report generation. Stores test results in a tree structur…
🔐 Run frida-server on boot with Magisk, always up-to-date
Run a more undetectable frida server on boot using magisk 🔐✅
Purple-team telemetry & simulation toolkit.
A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat lan…
🕵️♂️ Collect a dossier on a person by username from 3000+ sites
A simple username osint tool built in rust
Simple telegram bot to run your own Maigret search with a couple of clicks!
Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's…
A web application that allows the users to check whether their SPF, DMARC and DKIM configuration is set up correctly.
Automatically clone websites and patch them with PHP to create phishing pages
Dynamic unpacker based on PE-sieve
#supply #chain #attack #detection
A Malware Scarecrow for Windows 10/11 with a user-friendly touch.
Debian packaging of Linux Malware Detect (https://github.com/rfxn/linux-malware-detect)
Golang library for malware development
Maldump makes it easy to extract quarantined files of multiple AVs from a live system or a mounted disk image.
IoM implant, C2 Framework and Infrastructure
Malhunt is an automated malware hunting tool that analyzes memory dumps using Volatility3, applying YARA rules, code injection scanning, and…
Next Generation C2 Framework, IoM-server/client
Focused malicious code detection ruleset, with a high protection-to-noise ratio
Aggregation of lists of malicious domains (phishing) that can be integrated into FortiGate firewalls and other products.
💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers…
Collection of (4000+) malicious rMQR Codes for Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
This repository implements a simplified PoC that demonstrates how signature malleability attacks using compact signatures can be executed.
MalQR is a collection of malicious QR Codes and Barcodes you can use to test the security of your scanners.
A Python RESTful API framework for online malware analysis and threat intelligence services.
Interactive data mining tool that renders graphical link charts of relationships between domains, people, companies, IPs, and social media a…
🔎 OSINT Maltego Transforms for investigating Telegram channels, groups, and users, including deanonymization via stickers, forwarded message…
This repository contains analysis scripts, YARA rules, and additional IoCs related to our Telekom Security blog posts.
Various snippets created during malware analysis
Materials for Windows Malware Analysis training (volume 1)
Hands-on projects on Static and Dynamic malware analysis with real-world tools.
Some of my Malware Analysis writeups
As a bug hunter, are your bug bounty reports getting rejected because you don't use a "malicious" Proof of Concept (PoC) app to exploit the …
Free educational courses in reverse engineering, malware analysis, and programming
Anomaly based Malware Detection using Machine Learning (PE and URL)
Notes and IoCs of fresh malware
Collection of malware persistence and hunting information. Be a persistent persistence hunter!
Code written as part of our various malware investigations
This repository contains 130 malware and ransomware samples for research and analysis purposes.
My projects to understand malware development and detection. Use responsibly. I'm not responsible if you cause unauthorised damage to anyone…
Personal research and publication on malware families
My new malware database, the old one is now archived and all my new malwares will be uploaded here instead. As always, this is made for educ…
MalwareDB: bookkeeping for malware, goodware, and unknown files with relationship discovery
This repository contains various snippets I use in my malware, command and control servers, payloads, and much more. Hopefully it can help y…
Malware hashes for open source projects.
repository of tools & resources of the MMD team
Simple Malware Scanner written in python
Test Blue Team detections without running any attack.
Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malp…
Mass static malware analysis tool
A low-overhead dynamic binary instrumentation and modification tool for ARM (both AArch32 and AArch64 support) and RISC-V (RV64GC).
This project is no longer internally developed and maintained. However, we are happy to review and accept small, well-written pull requests …
Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.
Implementation of the famous Image Manipulation\Forgery Detector "ManTraNet" in Pytorch
mapAccountHijack is a tool designed to carry out a MAP Account hijack attack, which exploits the Message Access Profile (MAP) in Bluetooth C…
Industrial IR-based static analysis framework for Java bytecode
MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files.
MAPS cloud scanner and response parser for Microsoft Defender research.
📖 Collect links to profiles by username through search engines and analyze with various plugins
Mask sensitive data: replace blacklisted elements with redacted values
Introducing "URL Making Technology" to the world for the very FIRST TIME. Give a Mask to Phishing URL like a PRO.. A MUST have tool for Phis…
A CAD tool for extracting bits from Mask ROM photographs.
The fastest Internet port scanner. Can scan the entire IPv4 address space in under 6 minutes. Produces output compatible with Nmap.
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for ident…
A fast network scanning tool to detect open ports and security vulnerabilities (Compatible with Debian & Red Hat OS)
This tool is with 552 fake numbers from diffrent Country and Receive SMS Online / Temporary Phone Number You can receive SMS online with th…
MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineerin…
Masto is an OSINT tool written in python to gather intelligence on Mastodon users and instances.
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Matkap - hunt down malicious Telegram bots
My Privacy DNS #Matrix lists for blacklisting
Adaptix C2 agent using Crystal Palace PIC linker and PICO module system
A attempt to write down the protocol of the eQ3 / ELV MAX! Cube
A phishing tool for over +30 sites
Mazesec团队自制靶机题解仓库,专注于分享HackMyVM平台的自制靶机PDF题解,涵盖渗透测试实战与安全研究,供学习交流使用。
GUI Maze Solver for ASCII Maze in CTF
Best hands-on lab for learning the fundamentals of cybersecurity and penetration testing workflows also packaged as Docker containers for fa…
MCAntiMalware MCAntiMalware is an Anti-Malware program which detects over 1000 malicious plugins and runs 24/7 for constant protection…
A Model Context Protocol server that provides network asset information based on query conditions. This server allows LLMs to obtain network…
MCP configuration to connect AI agent to a Linux machine.
MCP server for maigret, a powerful OSINT tool that collects user account information from various public sources.
Reticle intercepts, visualizes, and profiles JSON-RPC traffic between your LLM and MCP servers in real-time, with zero latency overhead. Sto…
A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.
A Model Context Protocol (MCP) server that enables AI assistants to interact with IDA Pro for reverse engineering and binary analysis tasks.
Wireshark-like forensic analysis for Model Context Protocol communications Capture, inspect, and investigate all HTTP requests and response…
MCP server for Shodan — search internet-connected devices, IP reconnaissance, DNS lookups, and CVE/CPE vulnerability intelligence. Works wit…
MCP server for VirusTotal API — analyze URLs, files, IPs, and domains with comprehensive security reports, relationship analysis, and pagina…
Optimize security workflows with the MD5 HashTray on GitHub. Advanced features for professional hash generation and checksum automation.
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAP…
Backend for HTTP Observatory on MDN
Search geolocations for (social) media posts in databases like Bellingcat, Cen4InfoRes etc.
An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.
This repository updates latest Bug Bounty medium writeups every 10 minutes, https://readmedium.com/Medium_URL, https://archive.ph/Medium_URL…
Speedy, massively parallel, modular login brute-forcer. Supports AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP, NNTP, PcAnywhere, POP3, REXE…
Mobile Edge-Dynamic Unified Security Analysis
AI-first security scanner with 76 analyzers, 9,600+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Sc…
An open source interactive disassembler
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
A collection of C++11 headers useful for reverse engineering
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output t…
Cybersecurity research results. Simple C/C++ and Python implementations
Mapping the information system / Cartographie du système d'information
Grab Discord tokens, Chrome passwords and cookies, and more
Mergen is an open-source, native macOS application for auditing and checking the security of your MacOS.
Discover and enumerate all subdomains associated with a website, including those not publicly advertised. Use this tool to conduct thorough …
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
MESH enables remote wireless debugging for Android, providing mobile forensics & network monitoring over an encrypted, censorship-resistant …
:globe_with_meridians: LEGO blocks for networking, a Python library to help create and test flexible network topologies across real and simu…
Curated list of Meta (formerly Facebook) owned IT assets
OSINT tools and more but without API key
Unleash Metadata Intelligence with MetaDetective. Your Assistant Beyond Metagoofil.
A native reimplementation of the Metroid Prime engine
Information gathering tool that downloads and extracts metadata from public documents (PDF, Word, Excel, PowerPoint) found via Google dork s…
Search Google and download specific file types
MetaHook (https://github.com/nagist/metahook) porting for SvEngine (GoldSrc engine modified by Sven-Coop), as a client-side modding framewor…
A tool to quickly identify relevant, publicly-available open source intelligence ("OSINT") tools and resources, saving valuable time during …
A tool for BLE environment monitoring. Find and track Bluetooth devices around, and get notified when the target device is detected.
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
The world's most widely used penetration testing framework. Provides hundreds of exploit modules, payloads, encoders, and post-exploitation …
Metasploit-AI is a cutting-edge cybersecurity framework that combines the power of Metasploit with advanced artificial intelligence and mach…
Install Latest Metrasploit In Termux (2026). Features automatic Ruby 3.4+ Nokogiri/Gumbo patches, PostgreSQL auto-fix, and silent installati…
Metasploit's advanced, dynamically extensible payload. Runs entirely in memory, supports migration, keylogging, screenshot capture, pivoting…
Parses $MFT from NTFS file systems
Game Boy ROM disassembler with RGBDS compatible output
MobileGestalt Keys (De)obfuscation.
Server emulator for Marvel Heroes
Reverse engineering framework in Python
an introduction to the Bitcoin (BTC) network and how addresses are made , and Automated Attacking
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
Set of Mindmaps providing a detailed overview of the different #Microsoft auditing capacities for Windows, Exchange, Azure,...
Microsoft Sentinel SOC Operations
A query aggregator for OSINT based threat hunting
RouterOS Attack & Exploitation Framework — 40 CVE/EDB exploits, MAC-Server L2, credential decoder, NPK analyzer, 300-thread BF, Nmap NSE aut…
An open-source low-code modding framework to create, manage and use themes/plugins for the desktop Steam Client without any low-level intern…
Mimicry is a dynamic deception tool that actively deceives an attacker during exploitation and post-exploitation.
Post-exploitation tool to extract plaintexts passwords, hashes, PIN codes, and Kerberos tickets from memory. Also performs Pass-the-Hash, Pa…
A tool to dump the login password from the current linux user
sandboxing and containment tool used in ChromeOS and Android
A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".
1. vrwatson1 - Visual Recognition with IBM Watson - Image Classification (here). 2. vrwatson2 - Visual Recognition with IBM Watson - Text Re…
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or b…
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Modules for expansion services, enrichment, import and export in MISP and other tools.
Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
MISP trainings, threat intel and information sharing training materials with source code
Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests a…
A browser extension for OSINT search
A phishing kit collector for scavengers
Automagically reverse-engineer REST APIs via capturing traffic
在安卓任何聊天软件(例如QQ或微信)中使用加密聊天,基于无障碍服务
A CTF framework to create, build, deploy and monitor challenges
Machine Learning Attack Series
A simple MobaXterm password extraction tool.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and sec…
Django application that performs SAST and Malware Analysis for Android APKs
Conteúdo em português sobre segurança em Dispositivos Móveis.
Mock an SSH server and define all commands it supports (Python, Twisted)
A comprehensive modern architecture model is proposed to integrate platform solutions and tooling to support a professional Red Team.
Flexible and powerful reverse HTTP proxy for phishing. Captures credentials and bypasses 2FA by acting as a transparent proxy between the vi…
Modlishka is an open-source penetration testing tool that acts as a man-in-the-middle proxy. It introduced a new technical approach to handl…
Utility to find hidden Linux kernel modules
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.
Subdomain Monitor A production-ready subdomain monitoring system with both API and CLI interfaces.
Monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools
Infection Monkey - An open-source adversary emulation platform
Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entr…
MoreFixes: A Large-Scale Dataset of CVE Fix Commits Mined through Enhanced Repository Discovery
Morgan is a powerful tool designed to help security researchers, developers, and security auditors identify sensitive information, vulnerabi…
This tool gives information about the phone number that you entered.
Android remote administration tool
Moxy is an open-source DAST tool designed for modern web application security testing. It provides an easy-to-use interface with agentic cap…
Master Quality Authenticated codec reverse engineering, Tool to identify MQA encoding and Master's Sample Rate
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
YARA malware query accelerator (web frontend)
Zero-dependency Linux memory forensics PoC — leverages kernel-embedded BTF and kallsyms for type-aware memory analysis without external debu…
Linux Incident Response Reporting
Nmap script to detect a Microsoft Exchange instance version with OWA enabled.
Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By foll…
Master of Science in Cybersecurity, Sapienza University of Rome.
MsfMania Payload Execution Logs …
Metasploit standalone payload generator and encoder. Creates payloads for all platforms with customizable encoders, iterations, and formats …
Deobfuscation of Semi-Linear Mixed Boolean-Arithmetic Expressions
Repo with getting started projects for the Microsoft Security Updates API (msrc.microsoft.com/update-guide)
基于mitmproxy的安全工具,支持请求自动加解密、webpack优化、流量关键字查询。
MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It employ…
Interract with Microsoft SQL Server (MS SQL | MSSQL) servers and their linked instances in restricted environments, without the need for com…
Multi Theft Auto is a game engine that turns Grand Theft Auto: San Andreas into networked multiplayer.
🧰 Multi Tool Kubernetes Pentest Image
Hide and safeguard emails from bots. Obfuscate emails in PHP and Laravel.
A literal string obfuscation library for rust projects
A multiline (and ultimate) assembler (and disassembler) plugin for x64dbg and OllyDbg. A perfect tool for modifying and extending a compiled…
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an…
Rust-native MView viewer, converter, and glTF exporter for Marmoset .mview scenes
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
Malware repository component for samples & static configuration with REST API interface.
It's a hardware emulator + OS process simulator implemented in pure rust.
mxcheck is an info and security scanner for e-mail servers.
A powerful asynchronous XSS scanner supporting up to 1,500 concurrent requests.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
This repository contains my preparation notes for CRTP and Red Teaming, focused on Active Directory attacks and defenses.
Challenges I created for CTF competitions.
A repository for CTF challenges I created. Have fun playing CTFs :sunglasses:
This repository contains a comprehensive collection of learning resources and notes that I've gathered on various topics, including cybersec…
Tools and methods that I personally use for Recon and Exploitations
The best IP Toolbox. Easy to check what's your IPs, IP geolocation, check for DNS leaks, examine WebRTC connections, speed test, ping test, …
A cli for cracking, testing vulnerabilities on Json Web Token(JWT)
shellcode loader for your evasion needs
This repo contains my full cheatsheet and code I used to pass the OSEP using Mythic C2. I've try to keep everything simple and direct and I'…
VPN server configuration software. Protocols: L2TP, PPTP, OpenVPN, WireGuard, Socks5, ShadowSocks (v2ray). | Providers: DigitalOcean, Linode…
Automated handling of data feeds for security teams
CVE-2025-68613: n8n RCE vulnerability exploit and documentation
Security automation with n8n ideas: 100+ Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks.
Script collection to bypass Network Access Control (NAC, 802.1x)
NacosExploit 一款 Nacos 综合漏洞利用工具 …
事件驱动的渗透测试扫描器 Event-driven pentest scanner
NameSeeker 是一款强大的跨平台桌面应用,可以在数百个网站上搜索用户名和邮箱,帮助你快速发现你的数字足迹。NameSeeker is a powerful cross-platform desktop application that searches hundreds …
🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 300+ other hashes ☄ Comes with a …
An OSINT employee/username enumeration tool
Nampa - FLIRT for (binary) ninjas
Rust MCP server for comprehensive code intelligence - 90 tools, 32 languages, security scanning, call graphs, and more
Modular personalized dictionary generator.
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming
Attack Surface Management since before Attack Surface Management was a thing
Linker/Compiler/Tool detector for Windows, Linux and MacOS.
Secure Jupyter Notebooks and Experimentation Environment
Feature-packed reimplementation of Netcat from the Nmap project. Adds SSL/TLS support, connection brokering, and scripting capabilities.
https://github.com/OracleNep/Nday-Exploit-Plan/assets/41804496/16a5cdd2-cc2c-4808-95ac-1f0cab09b35f
Unpack & Repack Nintendo DS Roms (.nds)
Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still wo…
Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques
AI-powered penetration testing assistant for automating recon, note-taking, and vulnerability analysis.
…
A work in progress, reimagined decompiler for Clickteam Fusion.
Adds extra security-related features in your Symfony application
NemesisTools PowerFull Hacking Tools
Exploit distribution system for A&D competitions
Neo AI integrates into the Linux terminal, capable of executing system commands and providing helpful information.
Neo4LDAP is a query and visualization tool focused on Active Directory environments. It combines LDAP syntax with graph-based data analysis …
Fast service fingerprinting CLI for 170+ protocols (TCP/UDP/SCTP) - built by Praetorian
Industry-leading vulnerability scanner with 170,000+ plugins. Identifies vulnerabilities, misconfigurations, default passwords, and complian…
Work and creds goes to elliot-bia. Twitter: Elliot58616851
GUI tool which enables you to parse nessus scan files from Tenable Nessus and Tenable Security Center, and exports results to a spreadsheet …
Centralized network visibility and continuous asset discovery. Monitor devices, detect change, and stay aware across distributed networks.
Netbyte is a Netcat-style tool that facilitates probing proprietary TCP and UDP services. It is lightweight, fully interactive and provides …
The "Swiss army knife" of networking. Reads and writes data across network connections using TCP/UDP. Used for port scanning, banner grabbin…
Easy to use DDoS mitigation with real-time traffic analysis, automatic attack pattern detection, IP blocking via iptables/blackhole routing,…
Netdis is an open-source binary analysis tool powered by Ghidra. Upload files for disassembly, decompilation, control flow graphs and more, …
🔐 点击展开登录方式详情
🚩 This is the open source repository of NetExec maintained by a community of passionate people
The maintained fork and successor to CrackMapExec. Network service exploitation Swiss army knife for Active Directory pentesting. Supports S…
A Wi-Fi penetration testing tool for ESP8266, ESP-32, and BW16
The goal of this guide is very simple - to teach anyone interested in cyber security, regardless of their knowledge level, how to make the m…
A list of dorks for the Netlas.io search engine, with which you can find millions of objects in the boundless IoE. Contains queries to searc…
An open source (GPLv3) deobfuscator and unpacker for Eziriz .NET Reactor
网络安全训练营全部资料,包括 Web 安全、网络安全、信息安全、系统防护、攻防渗透、云安全
All-in-one CLI security scanner: port scanning, web security, subdomain enumeration, network monitoring. Multi-threaded, cross-platform.
Network Forensics CLI utility that performs Network Scanning, OSINT, and Attack Detection
Каталог нетсталкерских ресурсов, команд, инструментов, источников контента.
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Network forensics analysis tool (NFAT) that captures packets and parses them to reconstruct transmitted files, certificates, images, and cre…
Hacking the Singularity. Deep learning hacking. Weaponizing AI in Offensive security
NeuroSploit is an advanced, AI-powered penetration testing framework designed to automate and augment various aspects of offensive security …
AI Powered Terminal Based Ethical Hacking Assistant
Phantasy Star Online game server, proxy, and reverse-engineering tools
A package deeply inspired by PostCSS-Obfuscator but for Next.js.
A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerabil…
NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js
A Universal Android NFC research and analysis toolkit. Made for Android security researchers and developers. Clone, analyze, and test contac…
Plugin for x64dbg Linker/Compiler/Tool detector.
A lightweight tool to score network traffic and flag anomalies
Detect common NFS server misconfigurations
WIP 1:1 Decompilation of multiple versions of NFS:MW
A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am und…
Phishing tool for Instagram, cloaked as the NGL - Anonymous question links app 😈🔗
Command Line (or minimalist GUI) usenet poster for binaries developped in C++/QT designed to be as fast as possible and offer all the main f…
Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
A showcase of Nigeria's most innovative and disruptive digital entrepreneurs. This repo catalogs the robust infrastructure hosting next-gene…
Nightingale Docker for Pentesters is a comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment. I…
🖨 NIIMBOT custom web client/app. Design and print labels with NIIMBOT printers directly from your PC or mobile web browser!
🖨 A library for the communication with NIIMBOT printers via web browser
Open-source web server scanner that checks for over 6,700 potentially dangerous files, outdated server software, version-specific problems, …
Nimbo-C2 is yet another (simple and lightweight) C2 framework
A collection of modules and scripts to help with analyzing Nim binaries
Various one-off pentesting projects written in Nim. Updates happen on a whim.
Ninja Reverse Engineering on Android APK packages
Vulnerable NodeJS Web Application
Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
Framework and collection of PowerShell scripts and payloads for offensive security and post-exploitation. Includes reverse shells, privilege…
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Discord nitro gift subscription ransomware
NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network. It applies to all linux operating systems. …
Tool set for Information security professionals and all others
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
The industry-standard network scanner. Discovers hosts, open ports, services, OS versions, and runs scriptable vulnerability checks via the …
Idiomatic nmap library for go developers
Some collected notes about nmap
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot), sqlite, excel and d2-lang. Simply put it's nmap…
Kernel Level NMI Callback Blocker
nnposter's alternate fingerprint dataset for Nmap script http-default-accounts
block game military grade radar
A secure, efficient TCP/UDP tunneling solution that delivers fast, reliable access across network restrictions using pre-established TCP/QUI…
Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.
🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Pr…
Browser Protector against various stealers, written in C# & C/C++.
The most unusual OSINT guide you've ever seen. The repository is intended for bored professionals only. PRs are welcome!
记录个人做题/学习时的笔记和一些writeup,leetcode解法记录。随着时间的推移,这个仓库的目标逐渐成为收集各个CTF的writeup。目标是一直更新,直到我不打CTF的那一天(希望这天别来)
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
The popular NoScript Security Suite browser extension.
Interactive results explorer and annotation tool for Nosey Parker
Automated NoSQL injection and database exploitation tool. Targets MongoDB, CouchDB, Redis, and Cassandra for injection attacks and retrieves…
Automated NoSQL database enumeration and web application exploitation tool.
Website for arguments against systemd and further resources
…
Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
Cross-platform secret & config manager for development and CI environments
High-performance OSINT/CTI framework for automated identity pivoting and risk analysis across 120+ sources.
A Windows AD Password Manager for ATTACKER(Redteamer/Pentester).
safely install npm packages by auditing them pre-install stage
Shell Script to download NRD(Newly Registered Domain) list for free
Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hooks.
Creates malicious files (LNK, SCF, PDF, DOCX, etc.) that force a Windows system to authenticate to an attacker's server when the file is acc…
PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.
Enumerate information from NTLM authentication enabled web endpoints 🔎
A tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints.
Windows kernel debugger for Linux hosts running Windows under KVM/QEMU
A Nintendo DS binary loader for Ghidra
Fast, template-based vulnerability scanner. Thousands of community-maintained YAML templates cover CVEs, misconfigurations, exposed panels, …
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling…
Nuclei POC,每2小时更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有41w+POC,其中3.5w+高质…
A collaborative hub for Nuclei templates. Contribute, share, and explore powerful vulnerability detection tools!
Nuclei templates for source code analysis. Detects hardcoded secrets, config leaks, debug endpoints. Also helps identify OWASP Top 10 issues…
70k+ WordPress Nuclei templates, updated daily from Wordfence intel—filter by severity/tags/CVE and scan in one line. 🚀🔒
Nucleimonst3r is a powerful vulnerability scanner that can help Bug Bounty Hunters find low hanging fruit vulnerabilities for known CVEs and…
Symbol Recovery Tool for Nuitka Binaries
Cycle accurate Mega Drive emulator
Mega Drive/Genesis core written in Verilog
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users…
Nullpoint Stealer Designed To Steal Everything, And Send To Nullpoint Panel.
[POC] Sample Remote Access Trojan with many features
🐧 Security-focused Linux distribution with 140+ tools, custom kernel 6.17.13, AI assistant | 5 editions | Cloud, AI/ML, Automotive, Hardware…
🪓 High-Speed Log Analysis & Forensics Tool - Part of NullSec Toolkit
AI agent for penetration testing. Like Claude Code, but for security. Open source, MCP-native, works with any LLM.
🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
__Important__: this repository is now partially redundant with the CVEProject/cvelist project that allows to explore the CVE®/NVD modificati…
A simple wrapper for the National Vulnerability CVE/CPE API
The D-CIPHER and NYU CTF baseline LLM Agents built for NYU CTF Bench
Nyxelf is a highly effective tool tailored for analyzing malicious Linux ELF binaries, offering comprehensive support for both static and dy…
Custom password cracking rules for Hashcat and John the Ripper
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build …
Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com
AI Powered penetration testing Platform for offensive security research
Username enumeration and password spraying tool aimed at Microsoft O365.
oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
Macro-header for compile-time C obfuscation (tcc, win x86/x64)
Open source obfuscation tool for .NET assemblies
Guaranteed compile-time string literal obfuscation header-only library for C++14
PE (and elf now!) bin2bin obfuscator
If you are interested in stronger obfuscation methods, feel free to take a look at my new project masxinlingvonta that further obfuscates ja…
A deobfuscator for scripts obfuscated by Obfuscator.io
Header-only compile-time variables obfuscation library for C++20 and later. Compiler Support: MSVC (+WDM), Clang, GCC. Architecture Support:…
Obfusheader.h is a portable header file for C++14 compile-time obfuscation.
Obfusk8: lightweight Obfuscation library based on C++17 / Header Only for windows binaries
ObfuXtreme is an advanced Python obfuscation tool for security research, reverse engineering education, and analysis of how obfuscation impa…
Obfuz:功能强大的开源 Unity 代码混淆插件。深度集成 Unity 工作流,配置简单,支持 HybridCLR、xLua 等热更新方案。A powerful open-source code obfuscation plugin for Unity. Deeply int…
A local diffing tool for decompilation projects
Experimental free and open-source PlayStation 4 kernel
Visualize Erlang/Elixir Nodes On The Command Line
These templates are suggestions of how the Obsidian notetaking tool can be used during an OSINT investigation. The example data in those fil…
CTF平台 支持docker 动态部署题目、分数统计、作弊检测,静态题目,漏洞复现,ctf platform,
Octoscan is a static vulnerability scanner for GitHub action workflows.
ODAT: Oracle Database Attacking Tool
Odinova Digital Tiger is an advanced application designed for Open-Source Intelligence (OSINT), equipped with versatile tools and a user-fri…
A penetration testing tool for odoo applications.
Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Convenient command…
OffSec OSINT Pentest/RedTeam Tools
List of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.
Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work more …
A proper approach to pentest a Web application with the mixture of all useful payloads and complete testing guidance of attacks. Designed as…
A Huge Learning Resources with Labs For Offensive Security Players
Collection of reverse shells for red team operations.
Offensive Security Python. Collection of python scripts that I created/pirated/curated to help me understand CyberSecurity. I find it helpfu…
Tricks the target into enabling content (macros) with fake messages. Once enabled, uses macros to reduce the risk of suspision from target u…
Offsec Practice Labs is a curated training arsenal for hands-on prep across eCPPTv3, OSCP, and CPTS.
Offensive Security OSCP+, OSEP, OSWP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA, OSIR, OSTH Exam and Lab Reporting / Note-Taking Tool
Compiled tools for internal assessments
A vast collection of security tools and resources curated by the community.
OFRAK: unpack, modify, and repack binaries.
oFx是一个开源的、开箱即用的漏洞批量验证框架。无需任何编程基础,只需一条命令即可快速验证、扫描漏洞
Open Source Link Analysis & OSINT Framework
So what is this all about? Yep, its an OSINT blog and a collection of OSINT resources and tools. Suggestions for new OSINT resources is alwa…
oisd blocklist
Bug Bounty Vps Setup Tools Installer …
Open Keylogger Hardware Implant - USB & PS2 Keyboards
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware anal…
out-of-tree llvm obfuscation pass plugin (dynamically loadable by rustc). || rust toolchain with obfuscation llvm pass.
Obfuscator-llvm Control Flow Flattening Deobfuscator
This Python application is an OSINT (Open Source Intelligence) tool called "Ominis OSINT - Web Hunter." It performs online information gathe…
A modern zero-allocation C++23 library for working with low-level Windows within user-space. Iteration over loaded modules via PEB, EAT iter…
The OSINT Omnibus (beta release)
IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare
Omnisci3nt is an open-source web reconnaissance and intelligence tool for extracting deep technical insights from domains, including subdoma…
Here we discuss how one can investigate crypto hacks and security incidents, and collect all the possible tools and manuals! PRs are welcome…
The best tool for finding one gadget RCE in libc.so.6
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
One Liner OSINT is a collection of powerful one-liner commands for Open-Source Intelligence (OSINT) gathering.
A collection of one-liners for bug bounty hunting.
Open-source credential vault, give your AI agents access to services without exposing keys.
An insane list of all dorks taken from everywhere from various different sources.
onedrive user enumeration - pentest tool to enumerate valid o365 users
👊OneForAll是一款功能强大的子域收集工具 📝English Document
Reverse engineering assistant that uses a locally running LLM to aid with pseudocode analysis.
OneLinerBounty is a collection of quick, actionable bug bounty tips in one-liner format. Perfect for bug hunters looking to boost their skil…
Wordlists for web fuzzing: curated micro, categorized short/long, and combined final lists.
OneShot-Extended (WPS penetration testing utility) is a fork of the tool with extra features
Run WPS PIN attacks (Pixie Dust and bruteforce) on your Termux
Complete open-source monitoring and observability platform.
Software back-end and services for checking the existence of Tor hidden services and retrieving their associated metadata. onion-lookup reli…
C2 writen in Rust & Go powered by Tor network.
Provide AI agents with full Tor network access and dark web data through a zero-config OpenClaw skill or standalone tool.
OnionSearch is a script that scrapes urls on different .onion search engines.
Welcome to the Complete Ethical Hacking Course repository. This comprehensive course covers a wide range of topics related to ethical hackin…
WhatsApp Hacking Learn about methods for ethical hacking of WhatsApp accounts. Facebook Hacking Explore techniques for ethical hacking of F…
Challenges for the ONLYPWNER CTF Platform
A powerful Go-based multi-shell handler for managing multiple reverse shell connections simultaneously with features like shell type detecti…
IoT pentesting tools for ONVIF-enabled devices
Open-source platform for cybersecurity Attack Surface Management (OASM).
The only OSINT tool you'll ever need (with database support!)
…
Open Source research tool to search, browse, analyze and explore large document collections by Semantic Search Engine and Open Source Text M…
A list of open-source aviation projects and data
开源项目信息泄露笔记【内容会持续更新】,博客地址:https://blog.zgsec.cn/archives/205.html,欢迎各位师傅点个Star支持和补充完善~🥰
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and…
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple ty…
Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers
A Swift package for retrieving images from Sony digital cameras
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This …
Reverse-engineered apt-X audio codec
A reimplementation of Remedy Entertainments Alan Wake Engine, in later iterations known as the Northlight Engine
openblack is an open-source game engine that supports playing Black & White (2001).
Minecraft plugin backdoor injector
Detection scripts for MDM deployment to identify OpenClaw installations on managed devices.
Open Cyber Threat Intelligence Platform
Vulnerability Intelligence Platform
OWASP WEB Directory Scanner [](https://twitter.com/intent/tweet?text=Wow:&url=https://github.com/stanislav-web/OpenDoor) ===================…
Minecraft Server (Bukkit, Spigot, Paper) backdoor, using ow2 asm
A list of all FTP servers in IPv4 that allow anonymous logins.
Open source server for the FusionFall client
Open source implementation of Geometry Dash powered by a fork of cocos2dx 4.0.
Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.
Kingdom Hearts libraries, tools, game engine and documentation
The Free and Open Source app for monitoring your AirPods on Android
The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating …
How to install different desktops via Wsl and Windows 11 - Linux - KDE - Gnome - Xfce - X410 - WSL2 - GWSL - Budgie - Windows Subsystem for …
🇳🇱🇧🇪🇸🇷 Dutch word list by OpenTaal
An Open-Source HardWare (OSHW) recreation of the original 1985 front-loading NES Motherboard
Open source re-implementation of The Sims 2 in Unity
Open-source vulnerability assessment framework. Full-featured scanner with a web interface, regularly updated Network Vulnerability Tests (N…
This script will automatically guide you to install and configure your OpenVPN server with Shapeshifter Dispatcher (obfuscation) which will …
A repo containing different tools compiled specifically for the Hak5 WiFi Pineapple MK6 and MK7.
operative framework is a rust investigation OSINT framework, you can interact with multiple targets, execute multiple modules, create links …
A list and guide of OSINT/OPSEC and some tools that I've made and or use.
Optik is a set of symbolic execution tools that assist smart-contract fuzzers
Orbital - A Custom CTF Platform
Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations
OriON is a virtual machine in Spanish that incorporates several tools for Open Source Intelligence (OSINT) on people.
Links Of Windows/Linux/OFFICE ISOs Files using official Links.
Bootstraps, cheat-sheets, and guides for the OSCP exam.
A general purpose cheat sheet for pentesting and OSCP certification
A comprehensive collection of resources, tools, tips, and guides for preparing and succeeding in the OSCP (Offensive Security Certified Prof…
OSCP Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines
Fast and efficient osquery management
Helm charts for running open source digital forensic tools in Kubernetes
Companion repo for A Complete Guide to Mastering OSINT (2025). Includes free templates ($5,000 value), latest 2025 OSINT tools, and resource…
Инструменты для пробива Телефона и поиска информации по номеру Телефона.
Инструменты для пробива Телеграм и поиска информации в Telegram.
A collection of several hundred online tools for OSINT
Comprehensive guide to AI applications in OSINT workflows and intelligence analysis
Open Source framework for anyone to work with Perplexity Sonar
A comprehensive 2026 guide to Open-Source Intelligence (OSINT): tools, methodologies, ethics, and techniques for responsible research and in…
A curated list of OSINT tools for company research, internet scanning, DNS, and Whois lookups, organized for easy access. Ideal for analysts…
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Repositório criado com intuito de reunir expressões regulares dentro do contexto Brasil
Browser Chrome extensions, to help with OSINT, OPSEC, Privacy & Obfuscation.
OSINT cheat sheet, list OSINT tools, wiki, dataset, article, book , red team OSINT for hackers and OSINT tips and OSINT branch. This reposit…
Template for new OSINT command-line tools
Search this list of OSINT Practitioners and learn about OSINT, it includes numerous, blogs and tutorials.
Custom Search Engines for OSINT
Beyond enumeration: Automated identity triangulation and cognitive profiling for modern OSINT investigations. 🕵️♂️🧠
Osint-fb is a tool for searching for information gathering on Facebook with various available methods.
OSINT resources and tools by country, structured for fact-checkers and digital profilers
🇮🇹- Qualsiasi strumento inserito, può essere usato sia per fini professionali che per fini didattici. Ai fini professionali si consiglia l'u…
OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. So…
Below is a list of useful tools for various activities.
Osint-kit is a curated collection of tools for OSINT investigations, from auditing and screen recording to aggregation. Build your ultimate …
A list of tools to search accounts by username
Another Comprehensive Collection of OSINT Tools and Notes
OSINT-SAN Framework дает возможность быстро находить информацию и деанонимизировать пользователей сети интернет.
The OSINT Framework is a powerful collection of tools and methods designed for open-source intelligence gathering. This framework covers a w…
:eyes: Some of my favorite OSINT tools.
This is a cli version of the cheat sheet for easy access. It can be navigated without using commands.
MCP server exposing multiple OSINT tools for AI assistants like Claude
A list of OSINT tools that may be useful to you when conducting investigations related to Russian Federation
It’s an OSINT reconnaissance poc powered by Local LLMs (Ollama). You can feed it an email, domain, or IP, and it automatically performs mult…
osint-X is a tool for searching phone number information and for tracking phone numbers,perhaps only a few countries whose location can be t…
OSINT GPT ⌁ Cyber Intelligence – Advanced AI assistant for OSINT, DFIR, ethical hacking, red teaming, privacy & compliance. 🚀
Creazione d'identità Fake - Impostazione Privacy Profili Social - Creazione Ambiente di Lavoro
Community-driven repository of OSINT tools and resources.
Entity graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights. This is the community plugi…
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
This is a tool for searching or osint on Instagram to find target information
OSINTinvestigation - Tecniche OSINT - Strumenti - DeepWeb - Archivio
Tool to make OSINT to phone numbers with the help of APILayer, using its api together with Number Verification API. 🕵🏽♂️
In the subdirectories of this repository you will find password-protected archives with different OSINT and geolocation quiz tasks. Follow t…
Strumenti utili per la ricerca di WebCam e Wifi di pubblico accesso - Useful tools for searching for public access webcams and Wi-Fi network…
🔍 An Easy-to-Use YouTube OSINT Tool
Cross-platform game hack for Counter-Strike 2 with Panorama-based GUI.
Workflow engine for offensive security reconnaissance. Orchestrates multiple tools (amass, subfinder, nuclei, etc.) in automated pipelines f…
A Modern Orchestration Engine for Security
Build your own reconnaissance system with Osmedeus Next Generation
Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Browser extension that protects you from malicious websites.
A repository for using osquery for incident detection and response
AV evading cross platform Backdoor and Crypter Framework with a integrated lightweight webUI
The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, ZAP, Nucle…
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Open source vulnerability DB and triage service.
Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
Polskie rozszerzenie OSINT framework - Polish extension of OSINT framework
Overlord - Red Teaming Infrastructure Automation
Uses favicon hashes to identify services and technologies on web servers. By comparing favicon hashes with known databases, it can fingerpri…
OWASP's Zed Attack Proxy — one of the world's most popular free web application security scanners. Features active/passive scanning, spideri…
The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, co…
The IoT Security Testing Guide (ISTG) provides a comprehensive methodology for penetration tests in the IoT field, offering flexibility to a…
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This pro…
AI-powered OSINT framework for multi-platform social media intelligence gathering using OpenAI-compatible APIs. Features vision analysis, ne…
OWASP based Web Application Security Testing Checklist
The OwlSint tool is a tool for searching phone number information and for tracking phone numbers,perhaps only a few countries whose location…
OwlTrack OSINT Tools | This tracking tool can provide information about the phone number you enter. Not only that, this tool is able to scan…
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact).
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org …
OXO is a security scanning orchestrator for the modern age.
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP applica…
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (de…
Create VM templates with Packer for usage with Libvirt/KVM virtualization : AlmaLinux 9, AlmaLinux 10, Centos 9, Rocky 9, Rocky 10, Fedora 4…
The Official Packet Squirrel Payload Repository
eBPF WireGuard Traffic Obfuscator (QUIC, SIP, SYSLOG, RANDOM)
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in…
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Blazing fast, advanced Padding Oracle exploit
pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
Wii U sdboot1 / devkit dual/sdio boot1 coldboot exploit.
《仙剑奇侠传三》《仙剑奇侠传三外传·问情篇》分辨率补丁 | 源代码 《仙剑三》分辨率补丁主要功能: 提高游戏分辨率(完美修正界面错位问题) 修正游戏切屏崩溃问题 解决大量游戏 BUG(例如行动条卡住、龙葵攻击卡住、武器拖影不消失等) 添加截屏功能(按 F8 键可截屏,图片存储在 …
Platform for Architecture-Neutral Dynamic Analysis
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.
A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.
PandwaRF: RF analysis tool with a sub-1 GHz wireless transceiver controlled by a smartphone or
Instantly disable Touch ID and lock your Mac with one click or keyboard shortcut.
🔍 PANO: Advanced OSINT investigation platform combining graph visualization, timeline analysis, and AI assistance to uncover hidden connecti…
IoT Camera Reconnaissance and Live Viewer
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Decompilation of Paper Mario (Nintendo 64)
Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
Keep your personal data truly personal
PaRappa the Rapper 2 (2001, PS2) decompilation
A minimum-dependency ECMAScript client library and CLI tool for Parler – a "free speech" social network that accepts real money to buy "infl…
In questo repository potrete trovare alcuni file contenenti liste di parole italiane (alcuni di provenienza ignota, recuperati da un vecchio…
A bluetooth control script for all your Bluetooth devices DoS needs.
Pivoting Frontend for Pre-Seeded Password Databases
PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using r…
Passive web vulnerability scanner for ethical diagnostics
World's most accurate password guessing AI tool. A PyTorch implementation of PassLLM (USENIX 2025) that leverages PII and LoRA fine-tuning t…
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Identify the accounts most vulnerable to dictionary attacks
A library to check for compromised passwords
Password lists with top passwords to optimize bruteforce attacks
Ensure your password safety by scanning in data breaches.
🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and …
Scrape/Parse Pastebin using GO and expression grammar (PEG)
Hacking systems with the automation of PasteJacking attacks.
Polymorphic VM and PoliCTF '17 reversing challenge.
A CLI for automatically shepherding package.json overrides 👩🏽🌾
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Guide for patching AMI Aptio V UEFI firmware to circumvent Secure Boot checks
An Interactive Binary Patching Plugin for IDA Pro
A path-normalization pentesting tool.
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
PatrowlHears - Vulnerability Intelligence Center / Exploits
Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Simple and easy Metasploit payload generator for Linux & Termux
渗透测试Payload速查平台 | Pentest Payload Quick Reference | XSS/SQLi/SSRF/RCE | React+TypeScript
…
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.
A toolset for reverse engineering and fuzzing Protobuf-based apps
PCAP Hunter is an AI threat hunting workbench. It uses Zeek and Tshark to analyze PCAPs, enriched by OSINT. Features include a world map, JA…
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification…
PDBRipper is a utility for extract an information from PDB-files.
Analyze PDFs with colors (and YARA)
A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis …
Portable Executable reversing tool with a friendly GUI
A simple crossplatform heuristic PE-analyzer
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory…
Crypter, binder & downloader with native & .NET stub, evasive by design, user friendly UI
Privilege Escalation Awesome Scripts Suite. Automatically enumerates Windows (WinPEAS) and Linux/Mac (LinPEAS) systems for privilege escalat…
Tool to analyze PE files in python 3. Current features : Show information about the file (import, exports, resources) Search for interesting…
It bridges my research with a functional tool. I want to provide a safe, open-source framework for hackers to test evasion and for defenders…
Python implementation of the Packed Executable iDentifier (PEiD)
…
Portable Executable (PE) library written in .Net
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub…
This is more of a checklist for myself. May contain useful tips and tricks.
An in-depth guide to help people who are new to penetration testing or red teaming and are looking to gain an overview of the penetration te…
Complete Roadmap for Penetration Testing
Penetration Testing notes, resources and scripts
Fully autonomous AI Agents system capable of performing complex penetration testing tasks
PentBox is a tool that allows us to create honeypot in our system this is written in ruby language.
Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.
Local penetration testing lab using docker-compose.
The most autonomous pentesting AI on the market. MCP server + Python agents with 150+ security tools, exploit chaining, and PoC validation.
Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagemen…
A collection of useful links for Pentesters
Pentest Copilot is an AI-powered browser based ethical hacking assistant tool designed to streamline pentesting workflows.
A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics als…
NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto…
Collection of Pentest Notes and Cheatsheets
A compact guide to network pivoting for penetration testings / CTF challenges.
Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, …
Suggests programs to run against services found during the enumeration phase of a Pentest
💬 🚀 告别繁琐命令行,用自然语言驱动专业级渗透测试。 ⚡ 让安全测试从未如此简单、高效。Forget complex command lines. 🛡️ Professional penetration testing, powered by natural language.
Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, exploitation, and reporting specialists with …
⚔️Windows11 Penetration Suite Toolkit 🔰 The First Windows Penetration Testing Environment on Mac M Chips
PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.
Automated Penetration Testing Agentic Framework Powered by Large Language Models
🚀 A curated collection of Pentesting and Hacking Scripts for Script Kiddie to Advanced Pentesters. 👨💻
Pentesting/Bugbounty Dockerfiles.
Pentesting Framework is a bundle of penetration testing tools, Includes - security, pentesting, hacking and many more.
Web Hacking and Red Teaming MindMap
Tools, scripts and tips useful during Penetration Testing engagements.
OWASP PTK - application security browser extension.
Awesome Pentest Tools Collection
PenText system: Easily create beautiful looking penetration test quotes, reports, and documents in many formats (PDF, text, JSON, Markdown, …
A bash script for recon and DOS attacks
Search tools to help you find people, focused towards UK resources.
PE32 (x86) and PE32+ (x64) binaries analysis tool, resources viewer/extractor.
Perfect DLL Proxying using forwards with absolute paths.
This project demonstrates a minimalist, fully deterministic file encryption scheme built from perfect shuffle permutations
A visual reference of 118 essential red team tools, frameworks & standards, organized like a periodic table. Includes a printable PDF versio…
AI-powered security assessment SKILLS for your codebase. Multi-language (JS, Go, Python, Rust, Java, PHP, Ruby, C#). Works with Claude Code,…
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows ma…
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2026
PoC tool to coerce Windows hosts to authenticate to an attacker-controlled machine using MS-EFSRPC (EFS). Used in NTLM relay attacks against…
PE Tools - Portable executable (PE) manipulation toolkit
Command-line passphrase generator
Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR so…
Build anti-detection Frida server from source. ~90 patches covering 16 detection vectors, weekly auto-builds with random names.
Automated static analysis tools for binary programs
Modern web-based distributed hashcracking solution, built on hashcat
Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
100% working Phishing Tool (38 websites)
A curated list of known less-than-honest operators on Polkadot and Substrate networks. Includes a simple JS utility function to check any ho…
钓鱼不仅是一种户外运动,更是一种有效的网络安全攻击技术。本项目用于记录网络钓鱼攻击的相关内容,包括优秀的钓鱼技术工具技巧或优秀的钓鱼实战项目案例等。钓鱼攻击源于技术,又高于技术。钓鱼攻击源于欺骗,有高于欺骗。深入研究并积极实践社工技术,在很多实战项目中往往可以产生意想不到的结果!…
Phishing catcher using Certstream
Exposing phishing kits seen from phishunt.io
A collection of phishing samples for researchers and detection developers.
Fast, explainable phishing detection for URLs — real-time scoring, clear verdicts, full transparency.
Useful resources about phishing email analysis
Over 50 of The Most Deceptive Phishing Templates, Pages & Links for GoPhish!
Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domain…
Simulation and red team Phishing Framework
Repository of Yara rules dedicated to Phishing Kits Zip files
Yara scan Phishing Kit's Zip archive(s)
To be used with tools like GoBuster & DirBuster but these lists are specifically tailored and designed for scanning phishing < landing pages…
Generate Professional Phishing Emails Fast And Easy
Visualize networks of phishing by querying the phishstats.info API
Ares-compatible C&C Red Alert 2: Yuri's Revenge engine extension
Information gathering framework for phone numbers
PhoneIntel is an OSINT tool for retrieving detailed information about phone numbers.
A tool for remote ADB exploitation in Python3 for all Machines.
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Fast web crawler designed for OSINT. Extracts URLs, emails, social media accounts, Amazon S3 buckets, Bitcoin wallets, and files from a targ…
Incredibly fast crawler designed for OSINT.
AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.
PHP shells that work on Linux OS, macOS, and Windows OS.
A simple & straight-to-the-point PHP profiling extension with its built-in web UI
【Hello-CTF labs】PHPSerialize-labs是一个使用php语言编写的,用于学习CTF中PHP反序列化的入门靶场。旨在帮助大家对PHP的序列化和反序列化有一个全面的了解。
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Modular & Open-Source Coverage-Guided Web Application Fuzzer for PHP
Physical penetration testing is a critical aspect of security assessment that involves simulating real-world attacks to evaluate the effecti…
Picarta AI Image Geolocalization API.
Pico WiFi Duck is a project that enables the emulation of a USB Rubber Ducky over Wi-Fi using the Raspberry Pi Pico W. This functionality al…
picoCTF 2024 Writeup (Capture the Flag Competition) with the solutions for the challenges.
Pi-hole and AdguardHome Block lists updated every 24Hrs, we aim for less than 0.01% false positive rate, block malware, C&C infrastructure,…
Pikachu Volleyball reimplemented in JavaScript by reverse engineering the original game
Pikachu Volleyball peer-to-peer online via WebRTC data channels
A decompilation of Pikmin brought to you by fans of the series.
A decompilation of Pikmin 2 (USA) brought to you by fans of the series.
Pillager is a tool for exporting and decrypting useful data from target computer.
Pillage filesystems for sensitive information with Go 🔍
This is a python package for detecting copy-move attack on a digital image.
AI-powered pentesting framework with automated recon and exploitation. Multi-source subdomain discovery, active vuln testing (XSS/SQLi/SSRF/…
Reverse engineering tool for linux games
PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.
🕵️ Python project to crawl for JavaScript files and search for secrets like API keys, authorization tokens, hardcoded credentials, etc.
PIP-INTEL is an OSINT (Open Source Intelligence) tool designed using various open-source tools and pip packages.
Open-source AI agent firewall for MCP security: agent egress control, DLP, SSRF, and prompt injection defense.
A tool that shows detailed information about named pipes in Windows
A lightweight port-forwarding and socks proxy tool written in Rust 🦀
An offline Wi-Fi Protected Setup brute-force utility
Network traffic analysis tool for Attack & Defense CTF's
Keep in mind that this tool doesn't give you the full source code if the application was compiled into V8 bytecode. See How it works.
An application that utilizes fast AF_XDP Linux sockets to generate and send network packets. Used for penetration testing including Denial o…
🧟 Plants vs. Zombies multiplayer battle, developed via reverse engineering, inline hook and dynamic-link library injection. Two online playe…
Plaso (Plaso Langar Að Safna Öllu), or super timeline all the things, is a Python-based engine used by several tools for automatic creation …
Timeline creation and analysis tool. Extracts timestamps from hundreds of artifact types across Windows, Linux, and macOS to create a super-…
An Open Source CTF hosting platform
Panic Playdate reverse-engineering notes/tools - covers file formats, server API and USB commands
Plecost - Professional WordPress Security Scanner
Cloud-based pentest management and reporting platform. Features report automation, finding templates, client portal, analytics, and integrat…
Released as open source by RevEng.ai - https://reveng.ai
Released as open source by RevEng.ai - https://reveng.ai
Bloodhound Reporting for Blue and Purple Teams
An automated bitcoin wallet brute-forcer
Decompilation of Pokémon Mystery Dungeon: Red Rescue Team
A very flexible phone number wordlist generator
Proofs-of-concept
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated …
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
…
1. 状态 failing 为短期内没有更新 2. 可从 new.json 文件获取最近一次新增的CVE项目信息 3. 可从 update.json 文件获取最近一次更新的CVE项目信息 4. 可从年限目录内README.md获取当年完整信息 5. 可从dateLog目录获取当天…
Research papers on Proot-of-Concepts
Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy
Automatically Collect POC or EXP from GitHub by CVE ID.
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Disassembly of Pokémon Crystal
Decompilation of Pokémon Diamond/Pearl
Decompilation of Pokémon Emerald
Decompilation of Pokémon FireRed/LeafGreen
Disassembly of Pokémon Gold/Silver
Disassembly of the Pokémon Gold and Silver 1997 Space World demo
Decompilation of Pokemon HeartGold/SoulSilver
Disassembly of Pokémon Pinball
Decompilation of Pokémon Pinball: Ruby & Sapphire
Decompilation of Pokémon Platinum
Disassembly of Pokémon Red/Blue
Decompilation of Pokémon Ruby/Sapphire
Disassembly and decompilation of Pokémon Stadium
This will output a file named "poketcg.gbc".
You can find us on Discord (pret, #pokered).
PolarDNS is a specialized authoritative DNS server suitable for penetration testing and vulnerability research.
Modern WiFi auditing library for ESP32 using advanced 802.11 techniques. Captures WPA/WPA2/WPA3 handshakes via PMKID extraction and CSA inj…
PolyEngine is an evasive PE packer designed for CTF challenges and low-level Windows security education. It focuses on bypassing EDR and AV …
POOPAK - TOR Hidden Service Crawler
Scan publicly accessible assets on your AWS cloud environment
This script helps to avoid portscanning on Linux systems.
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
Search for sensitive data in Postman public library.
Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces
PagerDuty's Public Postmortem Documentation
PounceKey's is a Accessibility Service keylogger for Android 5 to 15! full launcher stealth. choose between receiving logs via IP, Gmail, or…
An offensive/defense security toolset for discovery, recon and ethical assessment of AI Agents
Traditional persistence methods (e.g., Registry Run keys, scheduled tasks) are often monitored or flagged by EDRs and blue teams. PowerDodde…
A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
PowerJoker is a Python program which generate a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each E…
Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL…
🧰 Various PowerShell scripts for security, sysadmins, blue and red teams👫🏼
Simple PowerShell HTTP Server (no dependencies, single file, PowerShell 5.1/7)
This repository is a collection of powershell functions every hacker should know
A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled …
An List of my Powershell scripts, commands and Blogs for windows Red Teaming.
Repository with the scripts that I have used in my blogs on https://powershellisfun.com. If you like these, please sponsor this project usin…
Collection of PowerShell modules for post-exploitation. Includes PowerView for AD recon, PowerUp for privilege escalation, Invoke-Mimikatz, …
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
The Most Advanced Client-Side Prototype Pollution Scanner
This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝
List of (automatic) protocol reverse engineering tools for network protocols
A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
PrestaScan Security is a PrestaShop module allowing you to scan your PrestaShop website to identify malware and known vulnerabilities in Pre…
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
Prevent merging of malicious code in pull requests
A matching decompilation of Metroid Prime
Curated List of Privacy Respecting Services and Software
Privacy Patches for ReVanced to disable ads, trackers and analytics, always open Gboard in incognito mode, and much more!
Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
Privilege Escalation Enumeration Script for Windows
This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
Toolkit for Playing with Wi-Fi Probe Requests
Набор инструментов и Телеграм боты для пробива, OSINT и поиск информации, а также анализа данных.
Набор Telegram-ботов и OSINT-инструментов для пробива по номеру телефона, проверки автомобиля по VIN и госномеру, поиска по фотографии, пров…
Red Team Operation's Defense Evasion Technique.
ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets by …
A static analysis tool for security
Algorithmic, Data Structures, Frontend and Pentest - Programming challenges and competitions to improve knowledge.
ProGuard Maven plugin that supports modularised ProGuard packages
Project CodeGuard is an open-source, model-agnostic security framework that embeds secure-by-default practices into AI coding agent workflow…
Your personal 'Mini Shodan'. A high-performance network reconnaissance engine designed for massive scale asset discovery. Specializes in ide…
Project Eyes On is a high-speed, multi-threaded surveillance tool by Y0oshi (@rde0) for locating open IP cameras worldwide. Unifies Google D…
A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla…
A dope AF repo of all customized plugins & configurations I use as seen on my socials / YouTube. Helpful guides and troubleshooting too.
A cross-platform desktop application for HTTP/HTTPS traffic interception and analysis, built with Go. Features modern UI, traffic manipulati…
Lua Obfuscator written in pure Lua
Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, Llama…
Wrapper for multiple packers, protectors, obfuscators, and artifact-modifying tools. Automates multi-stage tooling protection pipelines to m…
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environm…
Swiss army knife for RFID security research. Reads, writes, emulates, sniffs, and brute-forces RFID/NFC tags including HID, EM4100, Mifare C…
A toolbox to get the firsts configurations of Proxmox VE / BS done in no time
A super simple asynchronous multithreaded proxy scraper; scraping & checking ~500k HTTP, HTTPS, SOCKS4, & SOCKS5 proxies.
一款部署于云端或本地的隧道代理池中间件,可将静态代理IP灵活运用成隧道IP,提供固定请求地址,一次部署终身使用
Forces any TCP connection made by a given application through proxy servers like SOCKS4, SOCKS5, or HTTP. Essential for pivoting through com…
PRTSTRIKE 是一个轻便、小巧、快捷的轻量化 C&C 框架,由 Go 编写,最快可 1 分钟部署完成。 | 指标 | 数值 | |------|------| | C2 Server 编译大小 | ~30 MB | | Implant 编译大小 (Windows x64) …
Make your GenAI Apps Safe & Secure :rocket: Test & harden your system prompt
Playstation 2 Static Recompiler & Runtime Tool to make native PC ports
Continental OVIP firmware reverse engineering for PSA/Stellantis cars (Peugeot, Citroen, DS, Opel)
PowerShell Asynchronous TCP Reverse Shell
E2E encryption for multi-hop tty sessions or portshells + TCP/UDP port forward
Proviesec Fuzz Scanner - dir/path web scanner
Dominate Active Directory with PowerShell.
Monitor linux processes without root permissions
PowerShell Ransomware Simulator with C2 Server
Generates millions of keyword-based password mutations in seconds.
🔑 Simple secure password generator.
Process-aware, eBPF-based tcpdump
A pointer encryption library intended for Red Team implant design in Rust.
Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Community curated list of public bug bounty and responsible disclosure programs.
Generate Claude Code bug bounty skills from public HackerOne reports and GitHub writeups — 18 vuln classes, no private reports needed
🎃 PumpBin is an Implant Generation Platform.
Panthera(P.)uncia - Official CLI utility for Osprey Vision, Subdomain Center & Exploit Observer.
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entrie…
Purple Team Exercise Framework
A curated list of tools and resources that I use daily as a Purple-Team operator.
Purpleteam scripts simulation & Detection - trigger events for SOC detections
🔒command line tool checking password safety🔒
Practical Windows Forensics Training
PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
Notes about attacking Jenkins servers
pwn++ is a Windows & Linux library oriented for exploit dev but mostly used to play with modern C++ features
怎么说呢,因为一些原因今天把这个仓库临时删了,再重建,但是我忽略了一点,这个项目的star是153,fork是49,就这样没了,哈哈
(⌐■_■) - Raspberry Pi instrumenting Bettercap for Wi-Fi pwning.
Fancy reverse and bind shell handler
一开始写这个工具是因为在学习pwn的过程中,经常反复的去注释和取消注释gdb.attach(xxx)这样的语句,下不同断点的时候要不断地修改脚本,本地调通打远程的时候也要改脚本。
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main…
A collection of pwn/CTF related utilities for Ghidra
OSINT Tool for Finding Passwords of Compromised Email Addresses
A visual methodology tracking platform tailored for offensive security assessments
Hand‑curated offensive security toolkit, scripts, and writeups for ethical hackers, pentesters, and IT pros eager to level up.
pwninit - automate starting binary exploit challenges
PwNixOS - A Productivity Focused and Hacking-Oriented NixOS Flake
This tool is an automated PWN exploitation framework designed for CTF competitions and binary vulnerability exploitation. It integrates vari…
Exploit Development, Reverse Engineering & Cryptography
Docker container with all required CTF tools.
CTF framework and exploit development library for Python. Simplifies binary exploitation with process/socket interaction, shellcode generati…
CTF framework and exploit development library
Python API client library for the GitGuardian API
Python3 implementation of ADRecon with support for NTLM and Kerberos authentication querying LDAP. Generates individual CSV files and a sing…
An implementation of PyADRecon using ADWS instead of LDAP. Generates individual CSV files and a single XSLX + HTML report about your AD doma…
A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.
There are 3 different methods for unpacking PyArmor, in the methods folder in this repository you will find all the files needed for each me…
C++ python bytecode disassembler and decompiler
Protect your python script, encrypt it as .pye and decrypt when import it
Advanced Password Cracking Tool with support for Bruteforce Attacks, Dictionary Attacks, Random Attacks. This tool is capable of cracking fi…
Burp Suite extension to decrypt/encrypt any encrypted traffic (AES/RSA/Encodings and more) with custom code in any language
Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products
Write dynamic binary analysis tools in Python
A powerful and useful hacker dictionary builder for a brute-force attack
Scraping and listing text and image searches on Google, Bing, DuckDuckGo, Baidu, Yahoo japan.
A Python Package for Data Exfiltration
FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses…
CROSS PLATFORM REMOTE ACCESS TROJAN (RAT)
A Python Library for Graph Outlier Detection (Anomaly Detection)
Pyhidra is a Python library that provides direct access to the Ghidra API within a native CPython interpreter using jpype.
A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer…
A python library for reading IDA pro databases.
PyInstaCrack: Ultimate Instagram hacking suite. Python-driven, AI-enhanced, brute-force chaos. Stealth ops, ethical only. Slice through defe…
PyInstaller Extractor is a Python script to extract the contents of a PyInstaller generated executable file.
PyInstaller Extractor Next Generation
PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
Python reader of LabVIEW RSRC files (VI, CTL, LLB). File format description on the Wiki.
A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
Python decompiler for modern Python versions.
Python library for reading and writing Windows shortcut files (.lnk). Python 3 only.
A library for recording arbitrary calls to Python modules, primarily intended for Python reverse engineering and analysis.
arbitrary TCP and UDP connections and listens (Netcat for Python).
A python library to parse OneNote (.one) files
Reset the 100-day remaining limit for StartAllBack by bypassing it.
Python-based Comprehensive Network Packet Analysis Library
Python APNs and iMessage client
We took PersistenceSniper, merged it with Python, and misspelled it on purpose. Meet PyrsistenceSniper.
python dependency vulnerability scanner, written in Rust.
🐍 Scan your Python dependencies for known security vulnerabilities with Rust-powered scanner
PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. It leverages a powerful…
PoC - Exploit Delivery via Steganography and Polyglots, CVE-2014-0282
Brute Force Attack Tools Using Python
Transform regular Python code into a human-averse, yet still-functional equivalent.
Python codecs extension featuring CLI tools for encoding/decoding anything
Cheatsheet useful for solving Python-related challenges during CTFs.
Pure Python parser for Windows Event Log files (.evtx)
An ICAP Server with yara scanner for URL and content.
a rough written "guide" compiled from years of ADHD brain notes - enjoy
Predict python's random module generated values.
Remote Administration tool for Windows Systems written in pure Python
Solid Python toolkit for those in the security industry. Some by me, most by smarter people.
Devkit for quickly building CLI tools with Python
Python cross-version bytecode library and disassembler
A python 3 library which helps in using nmap port scanner. This is done by converting each nmap command into a callable python3 method or f…
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory
Python API for vFeed Vulnerability & Threat Intelligence Database Enterprise & Pro Editions
A (partial) Python rewriting of PowerSploit's PowerView
A Dynamic Binary Instrumentation framework based on LLVM.
Quarkslab Bindiffer but not only !
A True Instrumentable Binary Emulation Framework
QuorumOS is a computation layer for running applications inside Trusted Execution Environments (TEEs)
A modern, lightweight QuickPic Gallery with a fast, offline-first experience.
尽管已经经过实验验证可用,本仓库中给出的指引可能有破坏聊天记录或导致封号的风险,强烈建议在自行审查代码、评估风险后使用。
A Ghidra headless analyzer tailored for Qt binary analysis
QtREAnalyzer, a Ghidra extension to reverse-engineer Qt binaries.
All-in-One malware analysis tool.
Query Oriented Programming (QOP) gadgets for SQLite-based exploitation
Automating XSS using Bash
Unauthenticated enumeration of AWS, Azure, and GCP Principals
QuillAudits — Smart Contract Audits for DeFi, RWA, DEXs, Tokens, DeAI & DApps
Quokka: A Fast and Accurate Binary Exporter
Tool to decrypt iOS apps using r2frida
React2Shell Auto Exploit: A CLI tool to exploit prototype pollution vulnerabilities (RCE) in React Server Actions
Penetration Testing, Vulnerability Assessment and Red Team Learning
Track the GPS location of the user's smartphone or PC and capture a picture of the target, along with IP and device information.
In order to keep it simple and fast the following features will not be added:
A high performance offensive security tool for reconnaissance and vulnerability scanning
2025年开始了,我要重构此项目,在之前的项目中,该方案给我带来了几千块的收益,虽然是自动化,但是想法还是过于幼稚,希望今年重构一个更高效的自动化。 2025 年 8 月 17 日 项目早就构建完成,并运行了一段时间了,但是,漏洞的收获甚微,不比几年前,通过自动化就能得出一大堆高…
RADAR (Rapid Assessment of DNS And Reconnaissance) is an advanced DNS reconnaissance tool designed to identify technologies and services use…
Portable reversing framework that includes a hex editor, disassembler, debugger, scripting engine (r2pipe), and graphing. Supports many arch…
UNIX-like reverse engineering framework and command-line toolset
This book is an updated version maintained by the community of the original radare1 book written by pancake.
[Abandoned] Scuffed java bytecode obfuscator
RAG/LLM Security Scanner identifies critical vulnerabilities in AI-powered applications, including chatbots, virtual assistants, and knowled…
Rair is a work in progress rewrite of radare2 in rust with these goals: - Native speed. - Extremely flexible and modern analysis. - Simpler …
Autonomous Privilege Escalation using AI
Ransom0 is a open source ransomware made with Python, designed to find and encrypt user data.
Ransomwares Collection. Don't Run Them on Your Device.
For educational purposes only, samples of ransomware/wiper trojans including screenshots/ransom-notes.
Small collection of Ransomware organized by family.
A resource containing all the tools each ransomware gangs uses
RansomwareSim is a simulated ransomware
The implementation of the Rascal meta-programming language (including interpreter, type checker, parser generator, compiler and JVM based ru…
The easiest, full-featured wireless router setup for Debian-based devices. Period.
A cross platform C2 server written in Rust!
在我们日常的CTF比赛中,有时候会碰到光栅图的相关隐写(对,我就碰到了),感谢 @Phantom Engage 和 @daiowjfoaejoi 两位师傅的解惑
Ravage Framework - Powershell weaponized for offensive security professionals.
…
An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
Qt Resource Compiler and Decompiler (RccExtended)
A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application
Advanced reverse engineering platform combining traditional static analysis with AI-powered insights. Supports multiple decompilers (Ghidra,…
reverse engineering docs.
Reverse Engineering and Malware Analysis Roadmap
A project to rebuild all functionality via reverse engineering from the GOTY version of Plants VS Zombies (and expand upon it)
Reverse Engineering Tools (deobf, decompiler etc..)
An intelligent React component to obfuscate any contact link!
React2Shell Ultimate - The most comprehensive CVE-2025-66478 Scanner for Next.js RSC RCE vulnerability. Multi-mode detection, WAF bypass, lo…
Open source, full-featured, multiplatform command line toolkit to work with and analyze PE (Portable Executables) binaries.
Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.
A Realtime Phone Number Location Tracker
「💀」Proof of concept on BYOVD attack
ReARM - Release Governance Platform for the Agentic Era
Independent verification of binary packages - Reproducible Builds
The Touhou PC-98 Restoration Project
The modern Java bytecode editor
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
A full-featured web reconnaissance framework with a module system similar to Metasploit. Automates OSINT collection from dozens of data sour…
Automated Recon for Pentesting & Bug Bounty
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding o…
A Powerful Network Reconnaissance Tool for Security Professionals
Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from …
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on sched…
Interactively find and recover deleted or :point_right: overwritten :point_left: files from your terminal
A tool for forensic file system reconstruction.
All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers
The Red-book: The Art of Offensive CyberSecurity
An educational repository focused on Evil Portals: rogue captive portals designed to mimic legitimate login systems.
Offensive security toolkit for Claude Code
Wiki to collect Red Team infrastructure hardening resources
This repository contains cutting-edge open-source security notes and tools that will help you during your Red Team assessments.
Notes for red teamers - from cloud to Active Directory to many things in between.
A beginner-friendly collection of Rust notes focused on Red Team Tooling • Malware Development • Systems Programming • Rust Fundamentals
Repo containing cracked red teaming tools.
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitat…
A free and open source disassembler designed for both hobbyists and professional reverse engineers. Built on a solid, extensible core with a…
Next-generation IaC tools | 下一代基础设施管理工具
Tools to automate and/or expedite response.
Redeye is a tool intended to help you manage your data during a pentest operation
RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and ad…
NixOS-based 'distro' for cybersecurity enthusiasts
Assist reverse tcp shells in post-exploration tasks
Driver 2 Playstation game reverse engineering effort
This repo offers notes and resources on ethical hacking, covering information gathering, scanning, web hacking, exploitation, and Windows/Li…
Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.
Red Team Arsenal - a comprehensive collection of tools, scripts, and techniques for conducting red team operations and adversary simulations…
Red Team Toolkit - A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert Entry…
Collection of PoC and offensive techniques used by the BlackArrow Red Team
Collection of red team techniques.
Tools and Techniques for Red Team / Penetration Testing
🔥📜 Forbidden collection of Red Team sorcery 📜🔥
Red Teaming Tactics and Techniques
记录自己编写、修改的部分工具
A safe, optimized, and high-performance version of RedTiger-Tools, fully legal and designed exclusively for educational purposes.
A chronological and (hopefully) complete list of reentrancy attacks to date.
=REFAT-XD ONE OF THE BEST REPOSITORY FOR FACEBOOK ID CRACKING 🔥🧬=
The Binary Refinery™ is a collection of Python scripts that implement transformations of binary data such as compression and encryptio…
❤️ Free batch image geolocation and digital forensics tool. Automatically extract .jpg EXIF data, visualize GPS coordinates on maps, and rec…
Flutter Reverse Engineering Framework
An interactive disassembler for the CPU 6502, focused mostly on Commodore 8-bit computers. Features a TUI with modern features like x-ref, u…
A reverse engineering tool to interactively reconstruct structures and generate header files
CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems.
A modern Python-3-based alternative to RegRipper
Simple Powershell Http shell With WEB UI
Pentesting automation platform that combines hacking tools to complete assessments
Image-processing software for cryo-electron microscopy
Rellic produces goto-free C output from LLVM bitcode
Universal .NET Core Powered Modding Framework for any Native Game X86, X64.
Advanced native function hooks for x86, x64. Welcome to the next level!
Java RMI Vulnerability Scanner
A CLI Remote Administration Tool for administrating a network over a TCP connection. Extremely simple and modular containing over 30 command…
This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.
Currently supports DRM removal of EPUB assets. However, iBooks assets will be supported in a future release.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engi…
reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via E…
Script extender for The Binding of Isaac: Repentance
Automated Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies. Keeps you and your agen…
An autonomous LLM-agent for large-scale, repository-level code auditing
An open-source, AI-powered application using Agentic CAG to chat with any public GitHub repository or developer profile, offering deep code …
A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks
Reverse engineering software using a full system simulator
DNS resolver pools written in Go
The most exhaustive list of reliable DNS resolvers.
Classic Mac OS resource fork and application disassembler, with reverse-engineering tools for specific applications
Tools, data, and contact lists relevant to The disclose.io Project.
A list of resources for those interested in getting started in bug bounties
LLMNR, NBT-NS, and mDNS poisoner that captures NTLMv1/v2 hashes. Also runs rogue SMB, HTTP, FTP, and other servers to capture credentials on…
Rogue authentication server and LLMNR/NBT-NS/mDNS poisoner for Windows networks. Captures NTLM challenge-response hashes for offline crackin…
Most Responder's configuration power in your hand.
Open Source Incident Management tool for the cloud native ecosystem
Cross-platform tool that allows browsing and extracting C and C++ type declarations from PDB files.
ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja di…
Retargetable machine-code decompiler based on LLVM. Developed by Avast. Decompiles x86, ARM, MIPS, PIC32, and PowerPC binaries to C with met…
Detects the use of JavaScript libraries with known vulnerabilities. Available as a CLI tool, browser extension, Grunt plugin, and Burp Suite…
This is a collection of tools you may like if you are interested in reverse engineering and/or malware analysis on x86 and x64 Windows syste…
Reverse Engineering Framework for the Polyend Tracker
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.
RetroWrite -- Retrofitting compiler passes through binary rewriting
💉 ReVanced Patcher used to patch Android applications
👋🧩Template repository for ReVanced Patches
Bringing back the most advanced system and security analysis tool.
Decompiler for Move smart contracts
Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass …
👊 Discord, your way. Revenge is a client modification for Discord Android. 🧪 Experimental. Use at your own risk!
Your all-in-one toolkit for reverse engineering: Smali Grammar, DexRepair, Flutter Analysis and much more...
Windows-based AI-powered Reverse Engineering Toolkit "AIO", Built for Security (Malware analysis, Pentesting) & Educational purposes.
(Art credit to https://www.instagram.com/smart.hedgehog.art/)
Claude engineer that captures traffic, writes documentation and automatically generates API clients. Reverse engineer APIs!
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit/64-bit ARM, 8-bit AVR and 32-bit RISC-V architectures.
MCP server for reverse engineering tasks in Ghidra 👩💻
Intercepting Bluetooth device communication and simulating packet responses of an iPhone from a Raspberry Pi 3
A reverse engineering of Linear's sync engine. Endorsed by Linear CTO.
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
Resources for reverse engineering “unofficial APIs”.
A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves a…
Welcome to the official ReversingLabs YARA rules repository! The repository will be updated continuously, as we develop rules for new threat…
Reverse shell generator written in Python 3.
Mission Control for Your Operations
🚀 A powerful multi-platform RF toolbox that deploys specialized radio, hardware, and other security tools in seconds on Linux, Windows, and …
Full Build Guide for making your own RFID Gooseneck Long Range Reader!
Vulnerability research assistant that locates calls to potentially insecure API functions in a binary file.
Windows tool for low-level access to any floppy disks, and comfortable high-level access to some legacy filesystems (ZX Spectrum, MS-DOS, et…
Rifiuti2 is a for analyzing Windows Recycle Bin INFO2 file. Analysis of Windows Recycle Bin is usually carried out during Windows computer f…
A modern re-implementation of the classic DOS game Duke Nukem II
Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.
This folder contains the VM host (rv64i interpreter).
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
This is a Python implementation of the man-in-the-middle attack described by Charlie Clark (@exploitph) in his post, New Attack Paths? AS Re…
Deterministic research MCP server on FastMCP 3 — 5-engine web search, 9-platform social search, 6 academic DBs, news aggregation, entity pro…
UNIX-like reverse engineering framework and command-line toolset.
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
¿Quieres empezar en el mundo hacking? En esta revista te enseño a instalar Kali Linux desde cero y a manipular herramientas esenciales en el…
AI-Powered Dark Web OSINT Tool
Robinhood API Docs — CLI reference browser for Robinhood Trade unofficial private REST API documentation with endpoint exploration, authenti…
A simple lua injector made specifically for roblox. (Windows Only)
Robofinder retrieves historical #robots.txt files from #Archive.org, allowing you to collect old directories and paths for any domain which …
Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.
…
An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team …
Automated web vulnerability scanning with LLM agents
RomBuster is a router exploitation tool that allows to disclosure network router admin password.
A powerful and delightful PHP WebShell
Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribu…
A Ruby micro-framework for writing and running exploits
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side …
Scraped and performed analytics on Roobet's Crash casino game
This is the list of all rootkits found so far on github and other sites.
RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.
A Game of Hackers (CTF Scoreboard & Game Manager)
ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).
This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on…
Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/…
A blazing fast™ multithreaded ROP Gadget finder. ropper / ropgadget alternative (currently x86 only)
RPC Monitor tool based on Event Tracing for Windows
RPL attacks framework for simulating WSN with a malicious mote based on Contiki
Obtain the passphrase of a private key (id_rsa), this tool uses the ssh-keygen binary to perform a brute force attack until a successful col…
Powerful RSA cracker for CTFs. Supports RSA, X509, OPENSSH, PKCS#12, PKCS#7, and CSR in PEM and DER formats.
CLI tools: encoders/decoders, CTF and reverse engineering helpers.
TCP connection hijacker, Rust rewrite of shijack
Rust implementation of SPIR-V module processing functionalities
Real-Time Corruptor, Vanguard, CorruptCore, NetCore2 https://redscientist.com/rtc
dll劫持、dll hijack、Bypass Antivirus、Red Team
A fast and flexible data logging/tracing toolkit for software testing, debugging, and visualization. Features minimally intrusive C/C++ code…
My ESP32-Deauther ported to the RTL8720dn, allowing users to deauthenticate on 5GHz now!
Send raw 802.11 WiFi frames using an RTL8720dn
Realtek RTL88x2BU v5.13.1 (2021-07-02) Wireless Lan Driver for Linux
Advanced Command and Control Framework for Authorized Red Team Operations
C# toolset for raw Kerberos interaction and abuse. Performs Kerberoasting, AS-REP Roasting, Pass-the-Ticket, Golden/Silver Ticket attacks, t…
It is an automated phishing tool that includes more than 30 phishing templates.
RUDY is an acronym used to describe a Denial of Service (DoS) tool used by hackers to perform slow-rate a.k.a. “Low and slow” attacks.
A tool to abuse Exchange services
Lastest Hashcat rules for password cracking
RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
Run a program as TrustedInstaller (SYSTEM)
This repo is just a collection of Rust tips and tricks useful to interact with the Windows API and develop offensive security tools for that…
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
A collection of malware families and malware samples which use the Rust programming language.
A Rust template for writing Beacon Object Files (BOFs)
Earn RTC crypto by contributing to the RustChain ecosystem. Bounties from 1-150 RTC. Star, code, write tutorials, find bugs.
Host CLR and run .NET binaries using Rust
Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀
64-bit, position-independent implant template for Windows in Rust.
A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.
Cross-platform EDR in Rust for Windows ETW and Linux eBPF, with Sigma, YARA, and IOC detection.
LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and remo…
Template-based shellcode packer written in Rust, with indirect syscall support. Made with
A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI …
RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust
➡️ [Discord][discord] | [Installation Guide][toc-install] | [Usage Guide][usage-guide] ⬅️
A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and ind…
A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
Some Rust program I wrote while learning Malware Development
π RuView: WiFi DensePose turns commodity WiFi signals into real-time human pose estimation, vital sign monitoring, and presence detection — …
Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool
Deep ghidra decompiler and sleigh disassembler integration for rizin
simple recon tool to help you for searching vulnerability on web server
S2E: A platform for multi-path program analysis with selective symbolic execution.
Chrome and Firefox extension that lists Amazon S3 Buckets while browsing
Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern
Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.
Attack & Defense CTF Farm based on DestructiveFarm
A decompilation and port of Sonic Advance 1 & 2 - GameBoy Advance game's written in C
SaaS Zero - Network Traffic Monitor Professional network traffic monitoring and security analysis platform
Markdown to HTML using marked and DOMPurify. Safe by default.
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#, C…
Problems for Samsung Research Institute, India - 3 hours Online Test.
SandBlaster is a tool for reversing (decompiling) binary Apple sandbox profiles. Apple sandbox profiles are written in SBPL (Sandbox Profile…
Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives out…
Sandfly Security Agentless Compromise and Intrusion Detection System For Linux
Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
Security & License Compliance For Your App's Dependencies 🪱
rewrite constructor arguments, call DOMPurify, profit
MikroTik RouterOS Security Inspector
IDA Plugins & IDAPython Scripting Library.
OSINT web scraper for SatNow to extract details about satellite components and subsystem specs for in-depth reconnaissance 🛸
saucerframe是一个基于python3的开源批量POC检测框架,默认使用协程异步请求,支持多线程并发,支持多种指定目标方式,可用于批量POC检测,也可根据需要扩展功能。欢迎star和pr
Automatically capture and surface your team's tribal knowledge
sbomqs: The Comprehensive SBOM Quality & Compliance Tool
🎭 SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused …
Documentation related to the implementation of Maxis' game, SimCity 2000.
Blocklist for newly created scam, phishing, and other malicious domains automatically retrieved daily using Google Search API, automated det…
A database of over 24000 scam links used for Discord, Steam and more.
Open-source intelligence archive of crypto scam operations — internal chats, admin panels, victim records, and infrastructure data for resea…
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Po…
A script for credentials-based attack surface enumeration and general reconnaissance of massive networks
ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commi…
A Golang package for scanning private and public IPs for open TCP ports 👁️
A Web Vulnerability Scanner and Patcher
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
ScanPro - NMap Scanning Scripts ~ Network Mapper
ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )
Websites Vulnerability Scanner
Scapy: the Python-based interactive packet manipulation program & library.
Payload creation framework focused on EDR bypass. Creates loaders using a variety of techniques including side-loading, binary padding, expi…
If these strings are in your code, you might have a problem!
Free database schema discovery and comprehension tool
Database documentation built easy
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files fro…
Scoop bucket for reverse engineering tools
Scoop bucket for Penetration Testing and Cybersecurity related tools. 用于渗透测试和网络安全相关工具下载、安装和自动更新的Scoop软件仓库。
An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/…
ScopeHunter is a command-line tool for finding in scope targets for bug bounty programs.
ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed n…
Sandia Cyber Omni Tracker (SCOT)
🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
🚀 SRE incident response playbooks for AWS & Kubernetes. Step-by-step troubleshooting guides to help on-call engineers resolve infrastructure…
This Python script is used to scrape all the video links from a youtube channel.
ScreenConnect AuthBypass(cve-2024-1709) --> RCE!!!
A VSCode Workspace based hacking environment utils. Starting your Note-Driven Hacking experience.
PS / Bash / Python / Other scripts For FUN!
A collection of scripts for Agent. Feel free to submit a pull request to add your script.
A Holistic OSINT and Threat Hunting Platform
Enumerate Subdomains Through Google Dorks (Bypassed Page Filter)
sdlc 是一个基于 Go 语言构建的安全漏洞示范平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识,除了可以用于devsecops以外,还可以用于安全行业从事者学习漏洞知识或者渗透知识,代码审计,提供了一个实践…
sdlc_python 是一个基于python语言构建的devsecops平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识(对应sdlc中对开发人员的安全培训),并且使用了大模型进行代码安全审计(对应sdlc中…
Decompilation of sead: the standard C++ library for first-party Nintendo games
SEAL 911 is a project designed to give users, developers, and security researchers an accessible way to connect with a small group of highly…
A modular tool to search for known vulnerabilities, exploits and more across various data sources
A list of Search Engines that will be useful for different aspect of your work, OSINT, Privacy & OPSEC.
Web wrapper of niklasb/libc-database
🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
Welcome to SearchMyName! This tool allows you to enumerate usernames across many websites! OSINT Tool!
𝐒𝐞𝐚𝐫𝐜𝐡 𝐏𝐡𝐨𝐧𝐞 is a tool for looking up linked phone number information, which uses the Phone Number Analyzer API from the RAPIDAPI website, d…
SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive in…
Cyber Security Notes, Methodology, Resources and Tips
secator - the pentester's swiss knife
恶意IP全自动封禁平台。支持收集如下安全设备告警:长亭WAF社区版(SafeLine)、微步蜜罐HFish、奇安信天眼、奇安信椒图、绿盟WAF、天融信WAF、科来网络安全分析审计系统、深信服态势感知、启明星辰全网安全态势感知系统。支持如下设备联动封禁:RouterOS、OPNse…
An automation tool to install the most popular tools for bug bounty or pentesting.
The perfect butler for pentesters, bug-bounty hunters and security researchers
Provide powerful tools for seccomp analysis
My useful files for penetration tests, security assessments, bug bounty and other security related stuff
Library-Level eBPF Sandbox for Python (Linux & macOS): syscall-level control per module.
Wiki漏洞库管理系统&网络安全知识库-渗透测试常见漏洞知识库文档-该网站收集了Web应用层漏洞、中间件安全缺陷、系统配置不当、移动端(Android)安全问题、权限提升、RCE、网络设备及IOT安全。
SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supports …
Second-order subdomain takeover scanner
Security operations toolkit for AI coding agents. Give Claude Code 25+ skills to catch vulnerabilities, scan containers, detect secrets, and…
ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。
SecretOpt1c is a Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accurac…
SecretPixel is a cutting-edge steganography tool designed to securely conceal sensitive information within images. It stands out in the real…
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
Open-source security reports — no paywalls, just actionable insights.
Open source templates you can use to bootstrap your security programs
Cybersecurity tool repository / Wiki 收录常用 / 前沿 的CTF和渗透工具以及其 官方/使用 文档,致力于让每个工具都能发挥作用ww,不管你是萌新还是领域从业者希望你都能在这里找到适合你的工具或者获得一定的启发。
A Modern Bug Bounty and Security Research Management Platform
Free diagnostic security tool for Windows endpoints, featuring network utilities and device OPSEC analysis, all in one
Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Dja…
Orchestrate GitHub Actions Security
secureCodeBox (SCB) - continuous secure delivery out of the box
Powerful, secure, modern way to keep your files protected.
👮 Security advisories of Nextcloud
Hands-on projects for beginners to learn and practice essential cybersecurity skills through security assessments.
🛡️ The Ultimate Cybersecurity Library | 160+ curated books, guides & resources covering Ethical Hacking, Penetration Testing, Bug Bounty, Re…
PHP Security Checker ====================
A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular to…
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps a…
My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
Repository for the Open Security Reference Architecture
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own inter…
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
搜集大量网络安全行业开源项目,旨在提供安全测试工具,提升渗透测试效率。 项目收集的思路: 一个是以攻击/漏洞视角出发的开源项目,经网络安全爱好者实践总结出的经验。 一个是从渗透测试流程出发,沿着信息收集到内网渗透的思路,总结出漏洞扫描、漏洞利用、后/域渗透等。 这个收集是一个长期…
Secutils.dev is an open-source, versatile, yet simple security toolbox for engineers and researchers
Accurately Locate Smartphones using Social Engineering
A multi-purpose OSINT toolkit with a neat web-interface.
Complete static recompilation of Virtua Racing for the Sega 32X (optimization in progress)
This repository is prepared especially for the participants of the Polish training course "Can you hack everything with Python?". It offers …
a stealthy browser automation framework
Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload exe…
Built to learn ethical hacking on your own
SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create represen…
symbolic execution plugin for binary ninja
Sentient Enclaves Framework for Confidential AI & Crypto Apps
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
AI-Powered Autonomous Binary Reverse Engineering CLI — the native reverse engine from Innora-Sentinel. Local LLM inference (MLX), MPS GPU ac…
Protect your SIP Servers from bad actors at https://sentrypeer.org
A single file container/archive that can be reconstructed even after total loss of file system structures
Penetration testing report generation tool built in Ruby. Stores findings and reusable recommendations, generates Word DOCX reports, and sup…
Hashtopolis - distributed password cracking with Hashcat
This is a versatile collection of scripts designed for OSINT, ethical hacking, and web application security testing. With a focus on automat…
Legend of Dragoon decompiled, reverse engineered, and ported to PC/Mac/Linux/Steam Deck
İçerisinde 100'den fazla modül ve özelliği barındıran çok amaçlı bir siber güvenlik aracı.
All knowledge I gained from CTFs, real life penetration testing and learning by myself.
This utility is designed to allow you to apply skins to the modern Steam client
Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and ha…
Signing-key abuse and update exploitation framework
Open-source intelligence for the global theater. Track everything from the corporate/private jets of the wealthy, and spy satellites, to sei…
ShadowClone allows you to distribute your long running tasks dynamically across thousands of serverless functions and gives you the results …
ShadowPhish is an advanced APT awareness toolkit designed to simulate real-world phishing, malware delivery, deepfakes, smishing/vishing, an…
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts,…
Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors…
Scripts, plugins, and information for working with Samsung's Shannon baseband.
SHAREM is a shellcode analysis framework, capable of emulating more than 45,000 WinAPIs and virutally all Windows syscalls. It also contains…
The Official Hak5 Shark Jack Payload Repository
Youtube as C2 channel - Control Windows systems uploading QR videos to Youtube
Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol
C# ingestor for BloodHound. Collects Active Directory data including group memberships, ACLs, trust relationships, sessions, and local admin…
A C# tool for extracting information from SCCM PXE boot media.
This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.
Shellcode IDE — makes developing and analyzing shellcode much more convenient.
Open repository for learning dynamic shellcode loading (sample in many programming languages)
Script for generating revshells
Dynamic shellcode injection tool designed to inject shellcode into native Windows applications (PE files). Randomly modifies the PE file's e…
Hunt down social media accounts by username across social networks
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublis…
Hunt down social media accounts by username across social networks
SherlockElf is a powerful tool designed for both static and dynamic analysis of Android ELF binaries and dynamic iOS Macho-O binaries (exper…
Distribución para OSINT basada en Debian 12 / OSINT Distribution based in Debian 12
Sherlock Project's homepage
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
CLI security scanner built for the agentic era. Detects CI/CD misconfigs, agent permission risks, MCP tool injection, hardcoded secrets, and…
A custom ELF linker/loader for installing ET_REL binary patches at runtime
Search engine for internet-connected devices. Finds exposed servers, webcams, ICS/SCADA systems, databases, and more. Offers a CLI and REST …
Yet another one Golang implementation of Shodan REST API client. This library is inspired by amazing Nikita Safonov's go-shodan library, but…
This GitHub repository provides a range of search queries, known as "dorks," for Shodan, a powerful tool used to search for Internet-connect…
An auto-updating list of shodan dorks with info on the amount of results they return!
Shodan Monitoring integration for TheHive.
A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
An IIS short filename enumeration tool
a recon tool that finds sensitive data inside the screenshots uploaded to prnt.sc
An advanced tool for checking GitHub repositories, with star statistics, including fake star analysis and data visualization.
Web interface to explore Suricata EVE outputs
MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering an…
SICAT - The useful vulnerability and exploit finder …
A powerful utility for Among Us designed to enrich your game experience with custom features!
Search Index Database Reporter
SIEM Tactics, Techiques, and Procedures
the blazing-fast pentesting suite.
Salt States for Configuring the SIFT Workstation
An OSINT search engine for mapping real-world infrastructure from OpenStreetMap data
SIGIT - Simple Information Gathering Toolkit
Function signature matching and signature generation plugin for Binary Ninja
A pySigma wrapper and langchain toolkit for automatic rule creation/translation
Enhanced IDA Pro signature generator plugin.
✨ Modern C++ 20 signature match / search library
A tool for collecting function selectors quickly and decoding signatures from EVM bytecode.
Personal intelligence agent powered by Claude Code. Describe what to watch, it collects, analyzes, and learns — with extensible sensors and …
AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)
Traces, schematics, and general infos about custom chips reverse-engineered from silicon
A simple cryptor for .NET/Native files with Injection and obfuscation
基于污点追踪的灰盒漏洞扫描工具,实时识别并展示 Java Web 应用中的常见安全漏洞。
Simple multilingual lemmatizer for Python, especially useful for speed and efficiency
Efficient general mixed boolean-arithmetic (MBA) simplifier
Web Extension for saving a faithful copy of a complete web page in a single HTML file
SingleFile version compatible with Manifest V3
A tool for extracting contents (assemblies, configuration, etc.) from a single-file application to a directory, suitable for purposes like m…
Sinister is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info
Set of tools to audit SIP based VoIP Systems
SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. …
Site-Scanner - Web application vulnerability assessment tool.
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom col…
A comprehensive framework for analyzing and defending against attacks targeting Software Development Life Cycle Infrastructure.
Skater .NET Obfuscator is an obfuscation tool for .NET code protection. It implements all known software protection techniques and obfuscati…
SketchCrapp - Crack your Sketch.app in seconds :) Supports MacOS Big Sur. With respect from 1337 leet xnu crackers original founders: @elija…
Public production-ready obfuscator using the MapleIR framework designed by cts
A collection of java reverse engineering tools and informational links
A suite of tools for creating disassemblies of ZX Spectrum games.
SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
Your Skyfall Infrastructure Pack
Reverse engineering a DOS game with no source code using Codex 5.4
…
Slack enumeration and exposed secrets detection tool
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
Slash is Automated Osint Tool that allows you to OSINT people by their username.
Unofficial CMake build for Ghidra's C++ SLEIGH code
Collection of command-line tools and C library for analyzing disk images. Supports NTFS, FAT, Ext2/3/4, HFS+, and more. Foundation for Autop…
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file syst…
A modern Java reverse engineering tool for the web.
Open-source C2 framework from BishopFox. Supports mTLS, WireGuard, HTTP/S, and DNS C2 channels. Features implant generation, pivoting, BOF s…
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform secu…
the only php webshell you need.
Low bandwidth DoS tool. Slowloris rewrite in Python.
Asynchronous Python implementation of SlowLoris DoS attack
Language-agnostic SLSA provenance generation for Github Actions
Decompilation of Sly Cooper and the Thievius Raccoonus for PS2
Samsung modem commands over USB serial connection and secret dialer codes extracted from system packages
Collection of tools for Super Mario 64 ROM hacking
This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors …
Allows users to enumerate SMB shares across a domain, list share permissions, check drive access, and execute remote commands via authentica…
SMDA is a minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps.
A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.
System Management RAM analysis tool
This script in python allows to send messages anonymously
A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.
SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality.
A rapid HTTP downgrade smuggling scanner written in Go.
Protection against HTML smuggling attacks.
Semi-automatic OSINT framework and package manager
Attack Surface Management Platform
Parses Snaffler output file and generate beautified outputs.
Articles and tools related to research in the Apple environment (mainly macOS).
API-Based Snapchat Brute-Force Tool [POC]
Download all Snap Map content from a specific location.
Blue Hammer by Nightmare-Eclipse Vulnerability Documentation & Reimplementation.
A 5G Sniffer and Downlink Injector Framework on steroids... And yes, Wireshark supported!!!
SniperPhish - The Web-Email Spear Phishing Toolkit
Snoop — инструмент разведки на основе открытых данных (OSINT world)
A modern syscall tracer built on eBPF. Think strace, but with a real TUI, smart filters, TLS decryption, and output that's actually readable…
CTF平台 | CTF竞赛 | CTF | CTF Platform | SCTF 是一个基于 Django 构建的开源 CTF(Capture The Flag)竞赛平台,支持二次元竞赛模板
Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
SQL optimizer and rewriter(assisted SQL tuning). - SQL 优化器和重写器(辅助 SQL 调优)。
Comprehensive SOC Analyst notes covering incident response, threat hunting, SOC workflows, and cybersecurity concepts—perfect for exam prep …
Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC a…
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Open-source penetration testing framework designed for social engineering attacks. Features phishing attacks, credential harvesting, spear-p…
A powerful collection of tools designed for social engineering research, penetration testing, and security awareness training. These tools h…
Social Media OSINT collection containing - tools, techniques & tradecraft.
A collection of most useful osint tools for SOCINT.
SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Edit By samsesh for termux …
Phishing Tool & Information Collector
Social Links API: description, examples, trial access
A rust osint tool for getting emails, from a target, published in social networks like Instagram, Linkedin and Twitter for finding the possi…
Advanced phishing tool | Automated Self-Hosting | SSH tunneling | 32+ Templates | Remastered version of xHak9x. (The only one you will find…
Python library for accurately querying username and email usage on online platforms
⛏️ Extract accounts info from personal pages on various sites for OSINT purpose
Identificazione profili, relazioni, organizzazioni e tracciare reti
SOFA | A MacAdmin's Simple Organized Feed for Apple Software Updates
…
Learn to audit Solana programs and help secure the ecosystem. Take your security practices to the next level and get certified by Ackee Bloc…
:heavy_check_mark: My solutions for CTF & wargame challenges
The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
A practical client for ADWS in Golang.
A Frida-based utility for dynamically extracting native (.so) libraries from Android applications.
Distributed Multi-INT Fusion Center designed for decentralized situational awareness.
Custom SpamAssassin rules I and others have made and contributed with - To mitigate spam mails and phishing mails now also with cool Phishta…
Windows kernel and user mode emulation.
Lovingly referred to as the Swiss Army Knife of PC gaming, Special K does a bit of everything.
Tool designed to allow quick and effective phishing exercises. Automates target gathering, email generation, website cloning, and credential…
Spell whisperer is a prompt injection challenges platform based on Grok API.
Framework for rapid development of offensive security tools
Reverse engineer and rewrite real mode DOS programs!
Open Source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data
Kubernetes controller for managing instances of SpiceDB
A light-weight password manager with a focus on simplicity and security
…
Automated OSINT tool that queries 200+ data sources to gather intelligence on IP addresses, domain names, email addresses, and usernames. In…
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
SpiderSuite releases, wiki and roadmap
Spirit - Network Pentest Tools
spk aka spritzgebaeck: A small OSINT/Recon tool to find CIDRs that belong to a specific organization.
🏴☠️ Hacking Guides, Demos and Proof-of-Concepts 🥷
Harness the power of Splunk for your investigations
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Track Spotify friends' music activity in real time with auto-playback, skipped tracks detection and instant notifications
Track Spotify profile, follower and playlist changes in real time
Read and extract data from macOS spotlight databases
Password spraying tool for Active Directory environments. Designed to avoid account lockouts by spraying a single password across many accou…
最好用最智能最可控的目录Fuzz工具 | The most powerful, user-friendly, intelligent, and precise HTTP Fuzzer.
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
Open Source Intelligence Browser Extension
Intelligent Malware that takes screenshots for entire monitors and exfiltrate them through Trusted Channel Slack to the C2 server that's usi…
Spyder OSINT GUI — Graphical open-source intelligence research tool for phone number lookup, IP geolocation, social media reconnaissance, em…
Spydi ThreatIntel Feed is built on open-source threat intelligence, community-maintained blocklists, and public security research.
_Spyre_ is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this proje…
Get started with SQL database programming. This beginner's guide provides step-by-step tutorials, practical examples, exercises, and resourc…
This repository is a comprehensive collection of SQL Injection Payloads designed for educational, research, and testing purposes. It include…
The most comprehensive SQL guide from a real-world expert! Learn everything from basics to advanced queries, optimizations, and real-world S…
SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with…
SQL Injection Vulnerability Scanner made with Python
Automatic SQL injection and database takeover tool. Supports detection and exploitation of all major SQL injection types across MySQL, MSSQL…
Automatic SQL injection and database takeover tool
基于官版本 SQLMAP 进行人工汉化,并提供GUI界面及多个自动化脚本
SQLMap with Autonomous AI, phased workflows, RAG memory, and MCP Agent Tools
GitBook 页面: [sqlmap.highlight.ink][host]
Official Kali Linux tool to check all urls of a domain for SQL injections :)
SQLMutant is a powerful SQL injection testing tool that includes both passive and active reconnaissance processes for any given domain. It f…
Discovering Typo Squatting on your domains!
Telling tales on you for leaking secrets!
A free SSH KaliLinux server (Segfault) without limited time,You can use this for test any tool or using kali linux tools or anything else.
SSH-MITM - ssh audits made simple
brute force SSH public-key authentication
SSHD Based implant supporting tunneling mecanisms to reach the C2 (DNS, ICMP, HTTP Encapsulation, HTTP/Socks Proxies, UDP...)
In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learni…
安全运维工具箱是一款面向安全运维场景的集成化利器,融合了资产管理、资产测绘、漏洞检测、配置核查、弱口令检测、批量化运维、漏洞跟踪、报告生成以及日志审计等核心功能模块。
C++ Encrypted SSL/TLS REVERSE SHELL, designed to provide secure, encrypted communication between a compromised client and an attacker, while…
an exploit of Server-side request forgery (SSRF)
SSRF (Server Side Request Forgery) testing resources
Automatic SSRF (Server-Side Request Forgery) fuzzer and exploitation tool. Tests for SSRF vulnerabilities and exploits them to reach interna…
Automatic SSRF fuzzer and exploitation tool
Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF
Automatic SSTI detection tool with interactive interface
Red Kite, the Extensible Attack Surface Management tool.
StalkPhish-OSS - The Phishing kits stalker, harvesting phishing kits for investigations.
Github stargazers information gathering tool
Reverse engineered game Starflight (1986)
Starkiller is a Frontend for PowerShell Empire.
A collection of static files maintained by the Sublime team, primarily used for phishing defense.
SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool
The SteaLinG is an open-source penetration testing framework designed for social engineering
This tool will help you find a mutual friend
Parser for appinfo.vdf and packageinfo.vdf files used by the Steam client
SteamKit2 is a .NET library designed to interoperate with Valve's Steam network. It aims to provide a simple, yet extensible, interface to p…
🕵 Tracking things, so you don't have to
Least Significant Bit Steganography for bitmap images (.bmp and .png), WAV sound files, and byte sequences. Simple LSB Steganalysis (LSB ext…
Fast Steganography bruteforce tool written in Rust useful for CTF's
Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
The ultimate steganography and digital forensics toolkit. Hide and extract data across images, audio, video, documents, and network packets,…
A web-based, accessible and open-source port of StegSolve.
A hub for Red Team activity to aid in record keeping, situational awareness and reporting. Stepping Stones provides a web based UI for the t…
This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results …
Social engineering tool [Access Webcam & Microphone & Location Finder] With {Py,JS,PHP}
👻Stowaway -- Multi-hop Proxy Tool for pentesters
A little tool to filter the stranger strings from a binary so you can analyze the good ones
Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network.
simple type recognition in decompiled executables
Android library to reveal or obfuscate strings and assets at runtime
A tool to inject strings into a game using low level code
Find multi-byte-encoded strings in binary data (Gitlab mirror).
A machine learning tool that ranks strings based on their relevance for malware analysis.
Open-source AI hackers to find and fix your app’s vulnerabilities.
Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest
Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis
one-stop resource for all things offensive security.
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
A docker image which will enumerate, sort, unique and resolve the results of various subdomains enumeration tools.
The Internets #1 Subdomain Takeover Tool
SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty
An Automated Subdomain Enumeration Tool
subfalcon is a subdomain enumeration tool that allows you to discover and monitor subdomains for a given list of domains or a single domain.…
Fast passive subdomain enumeration tool from ProjectDiscovery. Uses passive online sources including certificate transparency logs, DNS data…
Fast passive subdomain enumeration tool.
正规子群.AI Agent | SubgroupX: A high-performance AI Agent for offensive security, Coding, CTF operations, and active defense protocols. Archite…
A fast subdomain takeover tool
DNS Takeover tool written in Go
A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and control,…
Sublime rules for email attack detection, prevention, and threat hunting.
🚀 A DNS automated scanner and tool 🖱️ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).
Subdomain and target enumeration tool built for offensive security testing
SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.
武器
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific m…
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunti…
Obtain a user's system password, this tool uses the su binary to perform a brute force attack until a successful collision occurs.
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binari…
Windows rootkit designed to work with BYOVD exploits
📡 SPR: Open Source, secure, user friendly and fast wifi routers for your home. One wifi password per device. Ad Blocking & Privacy Blocklist…
A massive, curated collection of information security books, study guides, cheat sheets, and resources. This library is intended for educati…
🤖 Kill The Protected Process 🤖
Real fucking shellcode encryptor & obfuscator tool
Single file php webshell scanner to detect potentially malicious backdoor based on token and hash with web interface
Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.
SVG Analysis and generation tools for commonly seen SVG attachment phishing
A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN
My ongoing primer on reversing Swift
Swift literals obfuscator to defend against static reverse engineering.
List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland
Minimalistic intuitive search engine switcher
A self-hosted "Stealth VPN" implementation, forked from xray-core and WireGuard. It makes your traffic look like normal TLS traffic but litt…
A cross-platform desktop client for the jailbroken New Bing AI Copilot (Sydney ver.) built with Go and Wails (previously based on Python and…
Simplify the link between social and real identities
Your target's phone's front and back cameras📸 can be accessed by sending a link🔗.
Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB
Implementation of CCS'2022 paper "SymLM: Predicting Function Names in Stripped Binaries via Context-Sensitive Execution-Aware Code Embedding…
A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving conten…
SysCaller: SDK for WindowsAPI via syscalls. Dynamic Resolution, Obfuscation, Multi-Language Bindings, & more!
syser debugger x32/x64 ring3 with source level debugging/watch view/struct view
A repository of sysmon configuration modules
A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate y…
A roadmap to teach myself compiler dev, malware reverse engineering, exploitation and kernel dev fundamentals
system3, Samsung's worst nightmare for a 3rd time!
📡🐧 Linux kernel syscall implementation tracker
🐧 SysWarden is an ultra-lightweight Host-based Security Orchestrator for Linux.
syzkaller is an unsupervised coverage-guided kernel fuzzer
A CAT called tabby ( Code Analysis Tool )
Modern tactical exploitation toolkit.
select * from logs; Tailpipe is an open source SIEM for instant log insights, powered by DuckDB. Analyze millions of events in seconds, righ…
支持MCP调用的ARM Trace污点追踪与条件搜索工具,集成可视化UI、ARM64污点追踪分析与大文件Trace搜索。
A Kotlin library for reconciling multiple obfuscation mapping files from multiple versions of Minecraft: JE.
TangGo测试平台是无糖信息技术有限公司集多年渗透测试实战经验设计和开发的国产化综合性测试平台,为软件测试、网络安全从业人员提供强大且易用的测试工具及多人协同的工作环境,主要用于Web站点的功能测试、安全测试和安全评估。
Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.
PoCs and tools for investigation of Windows process execution techniques
Tantō slices functions into more consumable chunks
Turns any rooted phone into the legendary USB Rubber Ducky. Android USB HID Keystroke Injector
Taranis AI is an advanced Open-Source Intelligence (OSINT) tool, leveraging Artificial Intelligence to revolutionize information gathering a…
Collection of past CTFs to play and practice locally.
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Python resource library for creating security related tooling
TCP/IP packet demultiplexer. Download from:
Intercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic
User Enumeration of Microsoft Teams users via API
Advanced Telegram x Discord C2, great for data Exfitration and Network evasion 🔷
In-depth repository of Telegram OSINT resources covering, tools, techniques & tradecraft.
The package connects to Telegram's API to generate JSON files containing data for channels, including information and posts. It allows you t…
TelegramDB is a service that allows you to search for channels, groups and their members.
A curated collection of tools, bots, and resources for Open Source Intelligence (OSINT) investigations on Telegram. Includes chat analysis m…
Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions
MTProxy for Telegram on Rust + Tokio
You will find helpful telephone number OSINT tools on this page. Telephone OSINT can be tricky as there are not that many open databases. …
teler-waf is a Go HTTP middleware that protects local web services from OWASP Top 10 threats, known vulnerabilities, malicious actors, botne…
🔭TeleSpot OSINT lookup from Telephone number using DDGR + BING + GOOGLE + DEHASHED and uses pattern recognition correlations. NOW with Teles…
🦀 A version of Telespot in RUST - a tool that searches telephone numbers across Google, Bing, DuckDuckGo, and Dehashed for phone numbers and…
Temodar Agent is an AI-powered WordPress plugin and theme security analysis platform built for security researchers, product security teams,…
Web application acceleration, advanced DDoS protection and web security
为了方便打包, 大部分情况下, 会将这些配置文件转为json后压缩, 生成为templates.go文件, 进行加载.
Reverse engineering, getting root access to Tenda MW6 wifi mesh router
A prompt injection game to collect data for robust ML research
RCE PoC for Tensorflow using a malicious Lambda layer
Tenzir is the data pipeline engine for security teams.
TerminatorZ is a highly sophisticated and efficient Offensive CVE Exploitation Framework that scans for top potential vulnerabilities with k…
Install Kali NetHunter Rootless on Android.
All in One Termux Os..!! (New)
An integrated tool and a collection of snippets which helps in the various aspects of the terminal.
Android app that indexes Termux tools from metadata.
OSINT Tool on Twitter and Instagram.
Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configurat…
Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foun…
Fetch detailed Telegram user and chat info using this Python script with Telethon. Download profile pictures and more!
Decompilation of 東方紅魔郷 ~ the Embodiment of Scarlet Devil (1.02h)
Th3Inspector 🕵️ Best Tool For Information Gathering 🔎
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
THC-IPV6-ATTACK-TOOLKIT (c) 2005-2022 vh@thc.org https://github.com/vanhauser-thc/thc-ipv6
My public notes about offensive security
A high-risk archive of historical malware, exploit kits, crypters, and webshells for educational and cybersecurity research purposes. None o…
The Black Tiger is all in one OSINT Tool, which has the best methods to collect Information about something or someone just by few mouse cli…
An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
Nuclei templates written by geeknik. Claude is my co-pilot. 🤖
The Big Brother V4.0 is a weaponized OSINT platform featuring username enumeration (473+ platforms), quad-vector visual intelligence, Sky Ra…
Taint Analysis Engine and Trace Exploration : Overcome Obfuscation
A Content Discovery and Development Platform. Empowering Cybersecurity, AI, Marketing, and Finance professionals and researchers to discover…
Welcome to TheCyberHUB, a community-driven platform for hackers, cybersecurity enthusiasts, and IT professionals. Our platform provides a va…
An osint tool that uses Ahmia.fi to get hidden services and descriptions that match with the users query.
Gathers emails, subdomains, hosts, employee names, open ports, and virtual hosts from public sources including Google, Bing, LinkedIn, Shoda…
E-mails, subdomains and names Harvester - OSINT
thehive4py the de facto Python API client of TheHive …
Static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
ThePhish: an automated phishing email analysis tool
Creating a pocket-sized network pentesting device, offering standalone power, an LCD touch display, and flexibility to conduct on-the-go hac…
Scrape emails, phone numbers and social media accounts from a website.
The Tick is the next evolution in covert access control system implants for simulating adversary-in-the-middle attacks.
Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open an…
A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.
Process Injection using Thread Name
A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums…
Comprehensive domain blocklists for 🚨 threats (🕷malware, 🎣phishing, 🕵️spyware, 🤖botnets). Ideal for DNS-based filtering tools like Pi-Hole, …
Jupyter notebooks for threat hunting
Threat-Intel repository. API: https://github.com/davidonzo/apiosintDS
🔥 一个集成多源威胁情报的聚合平台,为安全研究人员和运维团队提供实时威胁情报查询和播报服务;集成阿里云WAF主动拦截威胁IP,钓鱼邮件实时监测,集成AI等多项常用安全类工具🔧
Threat-Surface helps with daily tracking of exposed servers, open ports, and infrastructure used by threat actors.
Machine-readable .txt IP blocklist from ThreatFox by Abuse.ch, updated every hour.
Awesome list of keywords and artifacts for Threat Hunting sessions
yara detection rules for hunting with the threathunting-keywords project
Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports
This repository contains Malicious Indicator of Compromise (IOC) blocklist for MISP, firewall which is vital for cybersecurity professionals…
Open Source Cloud Native Application Protection Platform (CNAPP)
ThreatTracer - A tool to identify CVE by name & version and more by @FR13ND0x7F
Python low-interaction honeyclient
macOS上的小而美【Fofa、Shodan、Hunter、Zoomeye、Quake网络空间搜索引擎】闪电搜索器;GUI图形化(Mac/Windows)渗透测试信息搜集工具;资产搜集引擎;hw红队工具hvv
Your Advanced Twitter stalking tool
A lightweight Command and Control (C2) framework built for offensive security research and red teaming (Post Exploitation).
A command-line tool for combining and cleaning large word list files.
A Python command-line tool designed to collect TikTok data using SerpAPI for Google search results and Apify for TikTok data extraction.
Binary Code Similarity Analysis (BCSA) Tool
This Is A Simple Undetected Tool That Can Mass Report Tiktok Accounts & Videos Aggressively
TikTok Social Media Open Source Intellegence Tool
Reverse engineering TikTok's JavaScript VM - 77 opcodes mapped, string deobfuscation, bytecode disassembly, and crypto function identificati…
TikTok User Info Scraper allows you to fetch detailed information about TikTok users by their username or user ID, without requiring logins …
…
Collaborative forensic timeline analysis
A Pin Tool for tracing API calls etc
A tiny educational decompiler that helps people understand how decompilation works.
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
Cooler/cuter riser for Lenovo 8th/9th gen Tiny5 PCs
Technical information about small 1L Lenovo, Dell, HP and Acer PCs
Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable G…
tirreno is an open-source security framework. Event tracking, threat detection, and risk scoring for any application.
### THIS TOOL DOESN'T PROMOTE ANT TYPE OF ILLEGAL ACTIVITY ITS MADE ONLY FOR EDUCATIONAL PURPOSE AND TESTING.I DO NOT TAKE ANY RESPONSABILIT…
High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential vali…
TLDSweep is a domain intelligence OSINT tool that sweeps 800+ TLDs to find registered variants of a domain, flag newly registered lookalikes…
An advanced tool for working with access tokens and Windows security policy.
A webshell application and interactive shell for pentesting Apache Tomcat servers.
Tookie is a advanced OSINT information gathering tool that finds social media accounts based on inputs.
Strumenti VATINT - Intelligence sui veicoli e sui trasporti
Tool-X works on any of the following operating systems: • Android (Using the Termux App) • Linux (Debian Based Systems) • Unix
Docker toolbox for pentest of web based application.
This is a local search engine to search for cybersecurity tools. It has 3000+ tools in it's database.
The essential toolkit for reversing, malware analysis, and cracking
Set of tools to manage and modify files from many various games.
跨平台密码学工具箱。包含编解码,编码转换,加解密, 哈希,MAC,签名,大数运算,压缩,二维码功能,CTF等功能。
Secure Wireless Data-Transfer over BLE and USB for Passwords, Pentesting and Media Control.
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
🌐 List of free and downloadable top 1M domain list (alexa alternatives) 📊
Most common sentences and words for all languages in the OpenSubtitles2018 corpus with Python code
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
████████╗ ██████╗ ██████╗ ██████╗ ██████╗ ████████╗ ╚══██╔══╝██╔═══██╗██╔══██╗ ██╔══██╗██╔═████╗╚══██╔══╝ ██║ ██║ ██║██████╔╝ ██████╔╝██║██╔…
Crawl and extract (regular or onion) webpages through TOR network
Tor Iptables script is an anonymizer that sets up iptables and tor to route all services and traffic including DNS through the Tor network.
Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more
Touti Cracker is a cross-platform ethical hacking toolkit for educational purposes, featuring password cracking, WiFi auditing, and reverse …
Decentralised P2P botnet using toxcore.
An XSS exploitation command-line interface and payload generator.
ToyBattlesHQ serves as the central public repository for the server used by ToyBattles - the first (ever!) open-source server emulator for M…
A CTF online judge platform developed by Tp0t.
Digital forensic analysis tool that provides a user-friendly interface for investigating disk images.
Deep Linux runtime visibility meets Wireshark
TraceEye Multitool Join our discord : discord.gg/traceeye TraceEye is centered around discord and osint This project is free Please Support …
Hacking IKEA TRÅDFRI products, such as light bulbs, window blinds and other accessories.
People tracker on the Internet: OSINT analysis and research tool by Jose Pino
PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.
Osint tool for track ip adress
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
Some Useful Tricks for Pentest Android and iOS Apps
Web Application Penetration Testing
Software reverse engineering tool for Java
A graphing library for Control Flow Graphs
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software veri…
Comprehensive vulnerability and misconfiguration scanner for containers, Kubernetes, code repositories, and cloud infrastructure. Supports D…
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Kubernetes-native security toolkit
Trivy Operator Dashboard: A comprehensive tool for Trivy Operator. Offers various dashboards and interactive pages where you can browse and …
Reverse engineering, menu and patches for Tomb Raider Anniversary, Legend and Underworld.
An open-source, lightweight, fully offline, cross-platform toolbox.
Searches git repositories, S3 buckets, filesystems, and more for high-entropy strings and patterns that indicate secrets such as API keys an…
Find, verify, and analyze leaked credentials
TruffleHog Explorer, a user-friendly web-based tool to visualize and analyze data extracted using TruffleHog.
🔐 AI decoding Trump's posts × stock market | AI 解碼川普推文 × 美股 | AIでトランプ投稿×株式市場を解読 — 31.5M models, 61.3% hit rate, open source
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
Open source re-implementation of Tomb Raider I and Tomb Raider II, along with additional enhancements and bugfixes
Master cybersecurity skills with this TryHackMe free path, includes a collection of my write-ups, solutions and progress tracking.
TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
a list of 350+ Free TryHackMe rooms to start learning cybersecurity with THM
Hello, aspiring hackers! 🕵️♂️ Here’s a list of 500+ Free TryHackMe rooms to kickstart your cybersecurity journey. These rooms are absolutel…
TryHackMe walkthroughs and CTF writeups created for self-practice and to help others understand web exploitation, privilege escalation, and …
A list of 350+ free TryHackMe rooms💻 to kick off your cybersecurity learning, organized by topics for easy exploration and practical skill-b…
أداة (استخبارات المصادر المفتوحة-OSINT (Open-Source Intelligence
TSUKUYOMI is an advanced modular intelligence framework designed for the democratization of Intelligence Analysis via systematic analysis, p…
Time Travel Debugging IDA plugin
密码生成 flexible and scriptable password dictionary generator which can support brute-force、combination、complex rule mode etc...
Red Team Tactics, Techniques, and Procedures
TugaRecon is an advanced subdomain reconnaissance and intelligence framework built for security researchers, penetration testers and OSINT p…
Network analysis tool for Attack Defence CTF
Automation and Scaling of Digital Forensics Tools
A turbo traffic generator pentesting tool to generate random traffic with random MAC and IP addresses in addition to random sequence numbers…
A port scanner and service detection tool that uses 1000 goroutines at once to scan any hosts IP or FQDN with the sole purpose of testing yo…
A tiny web auditor with strong opinions.
TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains, I…
A domain name permutation and enumeration library powered by Rust.
A bot that helps you to get more followers on Twitch
This is a mirror of https://codeberg.org/katze/tx2hax
Open Source Threat Intelligence Platform
pyjail (python jail) 绕过 一把梭 CTF 工具
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It aut…
Tool for viewing and extracting files from an UBIFS image
Cross-platform library for binary debugging and memory hacking written in Rust
Unicorn Emulator Debug Server - Written in Rust, with bindings for C, Go, Java and Python
Urls de-duplication tool for better recon.
A simple tool that helps to find assets/domains based on the Google Analytics ID.
Exploit for the Wii U's USB Host Stack
uforall is a fast url crawler this tool crawl all URLs number of different sources, alienvault,WayBackMachine,urlscan,commoncrawl
For educational purposes only, exhaustive samples of 500+ classic/modern trojan builders including screenshots.
Ultimate-Termux-Linux-Installer
📚 An ultimate collection wordlists of the best-known CMS
Library containing Anti-RE and Anti-Debug methods.
Declarative specification and drawing of UML diagrams
项目包含1 、FTP 未授权访问(21) 2 、LDAP 未授权访问(389) 3 、Rsync 未授权访问(873) 4 、ZooKeeper 未授权访问(2181) 5 、Docker 未授权访问(2375) 6 、Docker Registry未授权(5000) 7 、Ki…
未授权检测的命令行版V1.0,支持批量检测,导出结果,项目参考sqlmap使用随机user-agent。本项目有两个版本,一个是带有GUI界面的,一个是命令行版本,未授权检测目前不包括默认密码检测
Unbrowse — api native browser skill/cli for any agent. Auto-discovers APIs from browser traffic, generates skills on the fly to call APIs di…
A tool to find redirection chains in multiple URLs
Quickly discover exposed hosts on the internet using multiple search engines.
PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads
A guide that explains how programs transform from source code to executables. Deep dive into ELF format, linking processes, and binary optim…
Static analyzer for Flutter/Dart AOT snapshots
A modern, all-in-one Governance, Risk & Compliance (GRC) solution designed for privacy, security, and compliance teams. As an open-source al…
Simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Works with Metasploit payloads and custom she…
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)
基于 Unicorn 引擎的轻量级 ARM64 动态追踪模拟工具。支持 IDA Pro、生成 Tenet 日志、本地代码模拟、内存转储、寄存器状态追踪和指令级日志记录。
A parser for Unified logging tracev3 files
FOSS re-implementation of the Logitech Unifying protocol
Automatic and platform-independent unpacker for Windows binaries based on emulation
Instalador hacking para termux
Shell script to check for simple privilege escalation vectors on Unix systems. Checks file permissions, sudo rights, SUID binaries, cron job…
An Android Gradle plugin to remove all Kotlin Metadata annotations from the build output.
remove all Kotlin Metadata and DebugMetadata annotations from .class files
Unofficial balancing patch installer for Stronghold Crusader 1
Dynamic Themida unpacker and import fixer for Themida/WinLicense 2.x and 3.x.
Decompiler for Unreal package files (.upk, .u, .uasset; etc), with support for Unreal Engine 1, 2, and 3
To perform OSINT on an instagram profile
A social engineering tool designed to seamlessly locate profiles using usernames while offering convenient reverse image search functionalit…
The unofficial Official FirmWare, a complete latest PSP firmware reverse engineering project
This is a simple Go web server that allows users to upload files and view a list of the uploaded files. The server can be run locally or dep…
Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation…
A comprehensive, high-quality URL shorteners domain list for whitelist/allowlist or blacklist/blocklist purposes, utilized by NextDNS, Contr…
Status Checker is a Python tool for swiftly checking the status of URLs. It categorizes responses by HTTP status codes, offering clear insig…
Change monitoring app that checks the content of web pages in different periods.
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.
a recon tool that allows searching on URLs that are exposed via shortener services
Trigram database written in C++, suited for malware indexing
Extracts URLs from OSINT Archives for Security Insights
USB mouse traffic packet forensic tool, mainly used to draw mouse movements and dragging trajectories
USB WiFi Adapter Information for Linux
The Official USB Rubber Ducky Payload Repository
Expose USB activity on the fly
Uscrapper Vanta: Dive deeper into the web with this powerful open-source tool. Extract valuable insights with ease and efficiency, from both…
Useful Youtube Channels for Electronics and Mechanical
🕵️♂️ (2-in-1) Email & Username OSINT suite. Analyzes 195+ scan vectors (95+ email / 100+ username) for security research, investigations, a…
Username tools for penetration testing
A definitive guide to generating usernames for OSINT purposes
Network scanner, LAN discovery & port audit tool for IPv4 networks
Easily remove Unity splash screen & watermark.
Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.
Rust library for call stack spoofing on Windows, allowing you to execute arbitrary functions with a forged call stack that evades analysis, …
🦄 🦄 🦄 Peripheral smart contracts for interacting with Uniswap v3
(NO LONGER WORKS)
Valthrunner's Script 🚀 - The script for Valthrun.
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
All-in-One Toolkit: Choose your favourite Warning: 🔒Encrypted script. Password required…
Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit
Tool to decompile & extract Android Dex bytecode from Vdex files
Testing platform for covert data exfiltration techniques where sensitive documents are embedded into vector representations and tunneled out…
在 Ubuntu20.04(Python3.8及以上)完整安装可能需要几个小时。如果担心破坏本地环境,可以使用虚拟机,具体请看 dev。
Tool designed to generate Metasploit payloads that bypass common antivirus solutions. Supports multiple programming languages for payload ge…
VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data exf…
Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.
A modular exploitation framework extensible with Lua
A ring0 Loadable Kernel Module (Linux) for latest kernels 6.x
Instagram bruteforce attack tool with 10,000,000 passwords, custom password attack and string attack. Fast cooldown helps to bypass instagra…
Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution
A Visual Studio Code Extension agent for Mythic C2
1、无效页面的过滤不精准,类似状态码200,实际内容返回404的这种情况,以及泛页面情况的出现,如何准确过滤掉是个问题。
VerifyVision-Pro是一个全面的图像伪造篡改检测解决方案,利用深度学习(deep learning)和计算机视觉技术(cv)精确识别各类图像篡改,包括deepfake、AI生成内容、拼接操作和复制-移动篡改。基于PyTorch实现,集成了从数据处理、模型训练到部署的完…
Linux post exploitation tool for info gathering and exfiltration 🐧📡💀
API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs
Extendable Visualization & Exploitation tool for glibc heap
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, alias…
Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls …
A comprehensive security checklist for vibe coders
VICE is a security auditing CLI tool that finds vulnerabilities in your web applications.
ViDi Visual Disassembler (experimental)
Compiling a list of Vietnamese WiFi passwords for use with aircrack-ng
Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
ASP.NET View State Decoder ==========================
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality wi…
Aggregate vulnerability scans from multiple container image scanners to identify discrepancies and get comprehensive exposure analysis.
Source code for the book "Violent Python" by TJ O'Connor. The code has been fully converted to Python 3, reformatted to comply with PEP8 sta…
Adversary simulation and Red teaming platform with AI
🛡️ VIPER: Stay ahead of threats with AI-driven vulnerability intelligence. Prioritize CVEs effectively using NVD, EPSS, CISA KEV, and Google…
A VBA parser and emulation engine to analyze malicious macros.
Virus - Trojans - Worms - Malwares
Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs fo…
A Python library to interact with the public VirusTotal v3 and v2 APIs.
yep full list of virustotal machines, OG REPO
A script to track malware IOCs with OSINT on Twitter.
vm_str.hpp is a header only string obfuscator.
Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.
Extract Windows credentials directly from VM memory snapshots and virtual disks
A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
Tiny RISC-V machine code monitor written in RISC-V assembly.
The goal of this project is to build and provide all possible Volatility3 profiles for the main Linux distributions in x86_64 version only.
Framework for extracting digital artifacts from volatile memory (RAM) dumps. Supports Windows, Linux, and macOS memory images. Extracts proc…
Free GUI front-end for Volatility 3 memory forensics framework on Windows. Simplifies memory analysis workflow with dropdown plugin selectio…
Volatility is the world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction tec…
一款用于自动化处理内存取证的Python脚本,并提供GUI界面
VOODOO is a Man in the browser attack framework for macOS. It comes with built-in keylogging, and scripting capabilities. VOODOO is highly e…
Voyage is a stateful subdomain enumeration tool that combines passive and active techniques, user-specific databases, and fine-grained contr…
VPNStatus, a replacement for macOS builtin VPN Status
lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.
Next-Gen Stealer written in Go. Stealing from Chromium-Based & Firefox-Based Browsers, Crypto Wallets and more, from every user on every dis…
[VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本,端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具,批量快速检测网站安全隐患。An open-source, cross-platform website v…
Unofficial frida extension for VSCode
Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝
A clean room reverse engineering project for the VST 2.x interface.
Binary Ninja plugin for loading VTIL routines and lifting VTIL instructions to LLIL for analysis.
Safe replacement for the v-html directive
vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞,发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式,可以持续利用漏洞
Vulnerability detection framework by Binarly's REsearch team
A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code r…
API Security Vulnerability Scanner designed to help you secure your APIs.
Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers.
Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamline…
Scans SBOMs for vulnerabilities with Grype
一个基于 docsify 快速部署 Awesome-POC 漏洞文档的项目。Deploying the Awesome-POC repository via docsify.
vulnerable drivers for windows machines.
A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Spons…
Vulnerability (CVE) scanner for Nix/NixOS [maintainer=@henrirosten]
Vulnogram is the tool for reserving, managing, and publishing CVEs. Get started at vulnogram.org or deploy Docker edition for full enterpris…
Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)
VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, impo…
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Extensible framework for analyzing publicly available information about vulnerabilities
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Advanced vulnerability scanning with Nmap NSE
Reverse engineering Volkswagen car radios
protector & obfuscator & code virtualizer
VySecator Is a Python Script Obfuscation Tool, Which can be used to Obfuscate your hand written Malwares and your Hand Written Scripts!
binary instrumentation, analysis, and patching framework
元豚科技 - 基于日志安全分析做切入,做最好用的「云原生安全运维工作台」
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
WhatsApp Crash With one Message
wacat - Challenge Your Web App with Cat Chaos and AI-Driven Testing!
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used again…
Check your WAF before an attacker does
Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
🔪📦 Javascript decompiler for modern frontend
A web assembly (WASM) phishing lure generator based on pre-built templates and written in Rust with some GenAI assistance. W.A.L.K. aims at …
Recolored Kali Linux wallpapers
🌐 Global Infection Map
…
Security scanner built for Laravel, detects misconfigurations, vulnerabilities, and exposed secrets with a beautiful TUI.
A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending …
If you found this, you are among the truly lucky, to be given providence to my curated and often custom wordlists. Enjoy, buddy, you've ear…
Watcher - Open Source AI-powered Cyber Threat Intelligence & Hunting Platform. Developed with Django & React JS.
AML/CTF/KYC/OFAC Search of global watchlist and sanctions
Watchtower is a simple AI-powered penetration testing automation CLI tool that leverages LLMs and LangGraph to orchestrate agentic workflows…
AIShield Watchtower: Dive Deep into AI's Secrets! 🔍 Open-source tool by AIShield for AI model insights & vulnerability scans. Secure your AI…
Assembler/Disassembler for the Dreamcast VMU
Watermark KTP is a free and secure web-based tool that allows you to add a watermark to your scanned KTP (Indonesian ID card).
Wayback Machine Downloader for webmasters, OSINT researchers, and SEO specialists
A passive way to find backups/ sensitive information.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
These playbooks install and configure Wazuh agent, manager and indexer and dashboard.
Wazuh API is an open source RESTful API to interact with Wazuh from your own application or with a simple web browser or tools like cURL.
The wazuh/wazuh-docker repository provides resources to deploy the Wazuh cybersecurity platform using Docker containers. This setup enables …
Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response…
Wazuh - Tools for packages creation
This module installs and configure Wazuh agent and manager.
This repository is in read-only mode and no longer used. Now, all the Wazuh ruleset related content is located at wazuh/ruleset.
Watcom Disassembly Tool (wcdatool) - Tool to aid disassembling DOS applications created with the Watcom Toolchain
WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode. You just have to write a py…
Fully automated windows credentials dumper, for SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a …
Weakpass collection of tools for bruteforce and hashcracking
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackma…
🕵️♂️ All-in-one OSINT tool for analysing any website
🩻 Web Check API - Xray Vision for any Website
(效果同 )
Common Web Managers Fuzz Wordlists
Web Fuzzing Box - Web 模糊测试字典与一些Payloads
Mike North's Web Security Course
WEB-Wordlist-Generator creates related wordlists after scanning your web applications.
Automate converting webshells into reverse shells.
18 Claude Code skill files for smart contract security — built from 2,749 Immunefi reports, 681 DeFiHack reproductions, and real hunt experi…
Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains …
Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vul…
Deobfuscate obfuscator.io, unminify and unpack bundled javascript
A Python tool to automate some dorking stuff to find information disclosures.
WebExtractor is a powerful OSINT and ethical hacking tool developed in Python. It is used to extract email addresses, phone numbers, and lin…
WEBFANG, is my first CLI, a modular OSINT & Reconnaissance toolkit curated for Ethical Hackers and Red-Teamers. Sink fangs into web targets …
WebHashcat is a very simple but efficient web interface for hashcat password cracking tool. It hash the following features: Distributed crac…
WebMap-Nmap Web Dashboard and Reporting
…
Computer vision assisted tool to extract numerical data from plot images.
A powerfull websites compiler/obfuscator for optimization or intellectual property protection purposes.
Scripts for solving WebSecurity Academy labs of PortSwigger using Python
A collection of advanced PHP and ASPX web shells designed to bypass security measures.
通过获取到的webshell流量、url、key来还原攻击者使用webshell所做的操作。
WebSift is an OSINT ethical hacking tool designed to scrape and extract emails, phone numbers, and social media links or other URLs from web…
You will find a wealth of resources to help with your Website investigations.
This is a learning created by Omar Santos (@santosomar) for different Cybersecurity training sessions. It includes many intentionally vulner…
一个可在线运行的微信视频号加密视频解密工具和 API 服务,基于逆向工程分析实现。本项目使用微信官方的 WebAssembly (WASM) 模块来生成 Isaac64 PRNG 密钥流,并通过 XOR 运算完成视频解密。
:keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Windows Exploit Suggester - Next Generation
Web application fuzzer that replaces any reference to the FUZZ keyword with a payload value. Supports multiple encoders, filters, iterators,…
A easy to use WireGuard dashboard and management tool
WireGuard Obfuscator - simple obfuscator for WireGuard. Useful if your ISP/government blocks WireGuard traffic.
Complete WireGuard VPN management made easy. Zero-touch deployment with beautiful TUI & Web UI. One script = full VPN appliance.
Program to reverse Docker images into Dockerfiles
OSINT tool to find breached emails, databases, pastes, and relevant information
Log what files are accessed by any Linux process
WhatsApp spy - logs online/offline events from ANYONE in the world
A Script to Crash WhatsApp With Just a Single Text And Inject a Payload In App Format to Hack and Extract All WhatsApp Media Files.
A patcher that decompiles WhatsApp APK, patches the smali, recompiles and signs it.
Herramienta de OSINT para WhatsApp que permite obtener fotos de perfil, verificar cuentas Business, consultar estado e información de usuari…
This repository has the JSON file required to perform user enumeration on various websites.
As a regular contributor to Project WhatsMyName, this is a script I made for myself to check sites are working
View data of a WhatsApp number, including its status, photo, etc. 🕵🏽♂️
Web scanner that identifies web technologies including CMS, blogging platforms, analytics packages, JavaScript libraries, server frameworks,…
Developed by Andrew Horton urbanadventurer and Brendan Coles bcoles
Identify hardcoded secrets in static structured text (version 2)
A multi-vault secret injection tool for safely injecting secrets into app environment
This is a simple python tool to automatically deface webdav vulnerable websites.
A collection of AI-powered tools for phishing detection, adversarial machine learning, and cybersecurity research. Includes Streamlit/Flask …
用于Linux应急响应,快速排查异常用户登录情况和入侵信息排查,准确定位溯源时间线,高效辅助还原攻击链。
This is a Whomrx GPT which is related to the worm GPT and the natural enemy of the chat GPT {UPDATE 2025}
Keep an eye on who and when something is connected to your network
Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
Wi-Fi-Jammer Using Python Script As BlackHat
An IoT Integrated Fully Automatic WIreless PHIshing System / Advanced Wifi Pineapple
automate wifi hacking with wicker
Wi-Fi Attack Automation Tool for Kali Linux and Termux automates Wi-Fi attacks like Deauthentication, Evil Twin, and WPA Handshake Capture. …
A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)
…
Wifi-crackerX is a tool for hacking a WPS/WPA/WPA2 Networks
Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz), WPA3 also supported (PMF not tested)
⚡Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES) hack…
Cyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES) hacki…
Helpful resources regarding the cheap DIY Wi-Fi Pineapple, AKA Wi-Fi Mangoapple to help with supported chipsets, configurations, errors, etc…
An open source batch script based WiFi Passview for Windows!
Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password).
This is more of a checklist for myself. May contain useful tips and tricks.
Port WiFi Pineapple NANO/TETRA in generic hardware
Virtualized Wi-Fi pentesting laboratory without the need for physical Wi-Fi cards, using mac80211_hwsim. Docker version of WiFiChallenge Lab…
WifiForge is a tool developed by Black Hills InfoSec to help train Pentesters on different Wi-Fi attack vectors and Wireless capabilities.
The Rogue Access Point Framework
Tool for Wifi Network Attacks
Automated wireless attack tool that attacks multiple WEP/WPA/WPA2/WPS encrypted networks in sequence. Runs airodump-ng, aireplay-ng, and air…
Rewrite of the popular wireless network auditor, "wifite"
This bash script will install wifite2 and its other tools Pyrit, bully, wireshark, hcxtools, hcxdumptool, macchanger
Wii Menu Decompilation brought to you by fans.
Various info regarding the hard-/software of the Xbox One gaming console family.
A Golang implant that uses Discord as a C2 team server
Windows Forensics Environment Builder
Scan/Exploit - EternalBlue MS17-010 - Windows 7 32/64 Bits
What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under …
Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS.
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with v…
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!
Windows Local Privilege Escalation Cookbook
🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engineerin…
Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test. Contribution…
Rapidly initialize Windows Sandbox for malware analysis and reverse engineering
WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
Windsurf-to-OpenAI compatible API proxy
一个自由强大跨平台的十六进制编辑器 / A free, powerful, cross-platform hex editor
Automation for internal Windows Penetrationtest / AD-Security
windows debug and exploit toolset for both user and kernel mode
Wipe files and drives securely with random ASCII dicks
Hack wifi using termux (rooted).
CPlay2Air / Carlinkit Wireless Apple CarPlay Dongle reverse engineering
World's foremost network protocol analyzer. Captures and interactively browses traffic on a computer network. Supports hundreds of protocols…
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact proven…
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to mak…
wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures fro…
Wordfence malware and vulnerability scanner command line utility.
Custom wordlist, updated regularly
All cyclone wordlists are frequency sorted by probability.
Wordlist para auditoria de senhas, construída com foco em usuários Brasileiros.
This tool helps to create a unique wordlist which can crack more than 50% of passwords using brute-force attack, so on social media sites s…
Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utilized by…
Real-world infosec wordlists, updated regularly
A curated list of wordlists for discovery, enumeration, fuzzing, and exploitation.
Various wordlists FR & EN - Cracking French passwords
Infosec Wordlists and more.
📜 Yet another collection of wordlists
[Custom || Automated] Curation & Collection of BugBounty Wordlists
Wordlists in German for Diceware, BIP39 and Monero.
WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a Wo…
Collection of malware files found on hacked WordPress sites
Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
You can Support me by register or use digitalocean
Real-time global intelligence dashboard. AI-powered news aggregation, geopolitical monitoring, and infrastructure tracking in a unified situ…
Worm-AI uses a reverse-engineered Grok API wrapper originally developed here:
High-performance C++ execution engine for LLM red-teaming and prompt engineering. Deploy dynamic jailbreak payloads, bypass alignment guardr…
A full-featured open-source Wi-Fi fuzzer
A plugin for IDA that can help to analyze binary file, it can be based on commonly used AI big models such as OpenAI and DeepSeek.
A proof-of-concept WordPress plugin fuzzer
A fast WordPress plugin enumeration tool
WordPress security scanner. Enumerates WordPress installations for vulnerable plugins, themes, and configurations. Checks usernames, timthum…
CTF write-ups written by me. Mostly crypto and blockchain!
Dans une tentative un peu vaine d'organiser le chaos, de donner une forme toute temporaire à tout ça, voici un index... (-----
This is a useful Python script for extracting bug bounty or any other write-ups from every RSS.
This repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Official Writeups for DIVER OSINT CTF
CTF writeups from The Flat Network Society
Wiki-like CTF write-ups repository by ByteBandits
Vulnerable app with examples showing how to not use secrets
Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Collect CTFs related to evm, and provide solutions, using Foundry. 收集 EVM 类的 CTF 挑战,并提供解决方案。
The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
OWASP Foundation Threat Dragon Project Web Repository
A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem …
跨平台微信小程序反编译 GUI 工具,.wxapkg 文件扫描 + 解密 + 解包工具
Turn your android into a dangerous hacking machine
This is a tool that has social media & camera hacking & WhatsApp virus & SMS bombing functions and much more
社区版: - 每个用户节点限制为3个 - 模块列表: 域名采集,指纹识别,资产分析 - 队列管理 - 定时任务 - 资产提醒
This is an Open source intelligent framework ie an osint tool which gathers valid information about a phone number, user's email address, pe…
A utility for detecting webpage inputs and conducting XSS scans.
X-snifer is a versatile tool designed for scanning and gathering information from a website and simplifying various website analysis and net…
This is a tool for sending a Trojan virus to the victim's cellphone using the victim's telephone number on the victim's cellphone
X-ZIGZAG is a lightweight RAT engineered for stealth, operating exclusively in RAM.
Open-source x64/x32 debugger for Windows. Actively maintained with a plugin ecosystem, scriptable, and designed to replace OllyDbg. Excellen…
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Hidden parameters discovery suite
An online assembly editor, emulator and debugger for the x86-64 architecture
Xalgorix - The Most Powerful Open-Source AI Pentesting Agent
APK/DEX detector for Windows, Linux and MacOS.
XArchiver 是一款基于大数据的压缩包密码破解软件,它并不穷举所有可能性,而仅遍历那些网上经常出现的解压密码,在大幅提升破解效率的同时成功率也远高于传统的暴力破解方式。
A tool to change the libc environment of running files(一个在CTF比赛中用于切换题目运行libc环境的工具)
All the strings from Xcode's binaries
A command-line utility designed to recursively spider webpages for URLs. It works by actively traversing websites - following links embedded…
Easy tools for deauthentication attack wifi
ELF file viewer/editor for Windows, Linux and MacOS.
XENA is an innovative C2 made fully in Go. With hacking automation features.
A Python-based tool for scanning, auditing, and performing penetration tests on Wi-Fi networks and connected devices.
Xbox 360 Low Level Emulator written for the purpose of researching on the Xenon Game Console hardware internals.
Helper script for spawning a minimal Ubuntu 16.04 container ready for building kernel exploits (~4.x)
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask
Android Penetration Tool [ RAT for Android ]
Compilation of autoexec scripts and mods for Xiaomi Yi camera after reverse engineering of firmware.
渗透测试C2、支持Lua插件扩展、域前置/CDN上线、自定义profile、前置sRDI、文件管理、进程管理、内存加载、截图、反向代理、分组管理
Open-source attack surface management and authorized security automation platform for asset discovery, service probing, scan orchestration, …
X Intelligence CLI — search, monitor, analyze, and engage on X/Twitter. TypeScript + Bun. AI agent skill. Using xAPI & xAI api keys
xkInfoScan 是一款集成化的网络信息收集与安全扫描工具,支持 IP / 域名 / URL /信息追踪多维度目标探测,涵盖目录扫描、CMS 识别、漏洞检测、信息泄露挖掘、CDN 检测等核心功能,适用于渗透测试前期信息收集、网络资产测绘及安全风险评估场景。
xLEAPP - Merging of iLEAPP/RLEAPP/vLEAPP, ALEAPP, cLEAPP
xless …
Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
A Superfast SMS & Call bomber for Linux And Termux !
XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS
Firmware patcher for Xiaomi routers
Multi-threaded XMLRPC brute forcer using amplification attacks targeting WordPress installations prior to version 4.4.
eXtensiable Malware Toolkit: Full Featured Golang C2 Framework with Awesome Features
.NetCore常用工具库(常用正则表达式、日期时间常用方法、XML快速遍历、动态扩展对象、图片验证码生成、阿里/腾讯短信发送、发送邮件、Json配置文件解析、加密解密、OSS文件上传等,持续继承中...)
Opcode calculator / ASM calculator
A reimplementation of BioWare's Aurora engine (and derivatives). Pre-pre-alpha :P
PE file viewer/editor for Windows, Linux and MacOS.
Xploitra is a powerful reverse shell payload generator for educational and security testing. It offers customizable payloads with advanced o…
XposedOrNot: Open-source API for real-time alerts on domain data breaches. Protects your online identity with user-friendly monitoring and i…
Elite Cyber Intelligence & Digital Forensics Platform - Next-gen OSINT framework for cybersecurity professionals and ethical hackers🔥 with w…
Live Memory Browser for Apps & Xcode
一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Tool to generate ROP gadgets for ARM, AARCH64, x86, MIPS, PPC, RISCV, SH4 and SPARC
Herramienta avanzada de escaneo XSS (Cross-Site Scripting) para auditorías de seguridad web, con capacidades de evasión de WAF y generación …
XSS Exploitation Tool (XET) is a penetration testing tool designed to exploit Cross-Site Scripting vulnerabilities.
🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.
This project aims to provide a comprehensive resource for understanding and testing Cross-Site Scripting (XSS) vulnerabilities, one of the O…
:star: Star us on GitHub — it motivates a lot! :star:
This repository holds all the list of advanced XSS payloads that can be used in penetration testing. These payloads can be loaded into XSS s…
修改 docker-compose.yml 里面的 environment 成想要的配置
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.
🚀 XSSFUZZ - A tool for detecting XSS vulnerabilities in web applications.
Find XSS payloads that actually work by filtering them based on real-world constraints instead of blind payload spraying.
XSSRecon automates the process of testing URL parameters for reflection of a test payload rix4uni and further checks how special characters …
XSSRocket it is a tool designed for offensive security and XSS (Cross-Site Scripting) attacks.
Advanced XSS detection and exploitation suite. Features a crawler, fuzzer, a context-aware analysis engine, and a payload generator that cra…
XSStrike …
A command-line utility designed to discover subdomains for a given domain in a simple, efficient way. It works by gathering information from…
Iptables WireGuard obfuscation extension. Windows/Mac/BSDs see the fully compatible cross-platform CLI rs-wgobfs.
Xteam All in one Instagram,Android,phishing osint and wifi hacking tool available
Xtrack is a tracking tool that can be used to track IP addresses, telephone numbers and usernames.
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a var…
A command-line tool for manipulating Xbox One XVD & XVC files.
🚀 Bring your favorite shell wherever you go through the ssh. Xonsh shell, fish, zsh, osquery and so on.
XZ backdoor reverse engineering
Yet Another Ghidra Integration for IDA
Cyber Security ALL-IN-ONE Platform
A programming language exclusively designed for cybersecurity
Free, Open Source, Published under the MIT License.
Yet Another Not So Obfuscated LLVM
Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小
Visually inspect and force decode YARA and regex matches found in both binary and text data with colors. Lots of colors.
yarGen is a generator for YARA rules
OSINT for YouTube made simple.
Simple OSINT script to find Instagram profiles by name and e-mail/phone
Automation script to download missing tools and configurate kali linux for various cybersecurity categories
The open-source Java obfuscation tool working with Ant and Gradle by yWorks - the diagramming experts
😈Scripts or demo projects on iOS development or reverse engineering
Exploitation and Mitigation Slides
Download YouTube comments from numerous videos, playlists, and channels for archiving, general search, and showing activity.
Web-tool to search YouTube for geographically tagged videos by channel, topic, and location. Videos are viewable in a map and exportabled to…
A quick way to gather all the metadata about a video, playlist, or channel from the YouTube API.
Mainly YouTube, tools, techniques & tradecraft OSINT resources.
Downloads videos and playlists from YouTube
Abstraction layer over YouTube's internal API
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
「渊照」是一款功能强大的专业暗链扫描工具,专注于检测网站、HTML文件或目录中的隐蔽链接、隐藏元素和恶意代码。该工具能够智能识别扫描目标类型(本地文件/目录、内网URL、公网URL),并自动调整扫描策略以获得最佳效果,是安全人员进行网站安全审计和应急响应的理想工具。
A lightweight active and passive scanner that combines the advantages of local and distributed models, supports dynamic external plugin impo…
WhatsApp Desktop Live Forensics - Decryption&Extraction Technique
x86-64 Assembler based on Zydis
Official command-line tool for managing SpiceDB
Zeek-Formatted Threat Intelligence Feeds
Zehef is an osint tool to track emails
grabber token, malware, trojan
🛡⚔️AI-Powered Penetration Testing Framework with automated vulnerability scanning, multi-agent system, and compliance reporting🛡⚔️
Zero-attacker is an multipurpose hacking tool with over 15+ multifunction tools
Lightweight, cross-platform process sandboxing powered by OpenAI Codex's runtime. Sandbox any command with file, network, and credential con…
Dumping App Bound Protected Credentials & Cookies Without Privileges.
Dumping App Bound Protected Credentials & Cookies Without Privileges.
🔒 Modern C2 Platform with Cloudflare Tunnel Integration | WinRM & SSH Remote Management | Real-time Terminal & Remote Desktop | Built with F…
ZeroTrace is a powerful ethical hacking tool for anonymization, routing all your system network traffic through the Tor network, making it v…
Zeuris is bash based script with 10+ pages which can be used in Termux No root.
Zeus-Grabber (GUI) Reverse IP, IP Generator, Google Search Dork & SQli, Zone-H
【iOS代码混淆】ZFJObsLib主要是通过Python写的混淆工具,具体功能有方法混淆、属性混淆、类名混淆、添加垃圾代码、自动创建垃圾类、删除注释、修改资源文件Hash值、加密字符串、翻新资源名、模拟人工混淆、混淆文件名、混淆文件目录、混淆词库、混淆日志、映射列表、敏感词过滤…
unified io lib for pwning development written in python
Find the password of protected ZIP files.
ZipCracker是Hx0战队出品的一款功能强大的Zip密码破解工具。它集成了字典攻击、掩码攻击、短明文 CRC32 枚举恢复、已知明文攻击等多种破解模式,并能自动修复伪加密文件。凭借其高性能与多功能的特点,ZipCracker已成为CTF比赛中的一把利器。(ZipCracke…
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
Static analysis for GitHub Actions
zkBank is the most secure banking system in the world, powered by ZK, gnark, and GKR!
最强大的密码爆破/喷洒工具 | The most powerful bruteforcer / sprayer Artifact
Bringing back the functionality of the Internet Games, included in Windows 7 and XP/ME.
An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misus…
【iOS安全】高效Tweak工具函数集,基于theos、monkeyDev。(含方法调用链追踪、递归获取任意层级view、拦截并修改全局请求、清除keyChain数据、block还原、打印类的属性和方法、数据转换、数据存储、添加轮询、网络请求、加密解密等各种协助逆向分析函数)-仅…
Fast and lightweight x86/x86-64 disassembler and code generation library
Using Zygisk to dump il2cpp data at runtime
ZYPHERON CLI Powerful command-line interface for automated security testing. Integrate ZYPHERON into your DevSecOps pipeline. Get CLI
ZYRA: Your Runtime Armor. ZYRA is an Zig-written obfuscator/packer for executable binaries.
Try adjusting your search or filters.