Skip to content
Change the repository type filter

All

    Repositories list

    • WebVerse

      Public
      Open-source web & API security training platform with curated, modular labs and progress tracking.
      Python
      7000Updated Jan 29, 2026Jan 29, 2026
    • Open Source Implementation of Cobalt Strike's Malleable C2
      C
      12000Updated Jan 27, 2026Jan 27, 2026
    • aliasr

      Public
      Aliasr is a modern, feature-rich TUI launcher for penetration testing commands inspired by Arsenal, but with significantly improved functionality.
      Python
      7000Updated Jan 26, 2026Jan 26, 2026
    • Audiodg.exe DLL hijacking for LPE with reboot-free restart primitive. Executes code as LOCAL SERVICE, escalates to SYSTEM via Scheduled Tasks.
      C++
      15000Updated Jan 24, 2026Jan 24, 2026
    • TInjector_Symbi

      Public
      更稳定的劫持Zygote在App启动前注入so
      C++
      45000Updated Jan 22, 2026Jan 22, 2026
    • Just another EDR killer
      C
      20000Updated Jan 21, 2026Jan 21, 2026
    • A TUI for Active Directory collection.
      Go
      6000Updated Jan 20, 2026Jan 20, 2026
    • skill-threat-modeling

      Public
      Code-First Deep Risk Analysis Skill for Claude Code - 8-Phase Workflow with Security design review, STRIDE Threat modeling, PenTest and attack chain analysis, S…
      Python
      20100Updated Jan 19, 2026Jan 19, 2026
    • corptrace

      Public
      Automate Scoping, OSINT and Recon assessments.
      Shell
      14000Updated Jan 18, 2026Jan 18, 2026
    • A standalone C implementation of a "Beacon Object File" (BOF) loader designed for Linux x86-64 environments.
      C
      2000Updated Jan 17, 2026Jan 17, 2026
    • Proxy system that routes traffic through Cloudflare Workers for IP rotation and anonymity
      Go
      53000Updated Jan 16, 2026Jan 16, 2026
    • MPET

      Public
      MPET (Multi-Protocol Exploitation Toolkit) 是一款专业的多协议安全测试工具,基于 Wails 框架构建的现代化桌面应用。它提供了对 25+ 种主流服务协议的连接测试、未授权访问检测、弱口令检测和漏洞利用能力,是安全研究人员和渗透测试工程师的得力助手。
      Go
      14000Updated Jan 16, 2026Jan 16, 2026
    • medusa

      Public
      AI-first security scanner with 74+ analyzers, 180+ AI agent security rules, intelligent false positive reduction. Supports all languages. CVE detection for Reac…
      Python
      30000Updated Jan 15, 2026Jan 15, 2026
    • Agentic AI tool for offensive security and pentesting
      Python
      32000Updated Jan 12, 2026Jan 12, 2026
    • Guardian is a production-ready AI-powered penetration testing automation CLI tool that leverages Google Gemini and LangChain to orchestrate intelligent, step-by…
      Python
      259000Updated Jan 10, 2026Jan 10, 2026
    • An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard history.
      C
      5000Updated Jan 9, 2026Jan 9, 2026
    • 该工具用于导出正在运行中的微信进程的 key 并自动解密所有微信数据库文件以及导出 key 后数据库文件离线解密。
      Rust
      412000Updated Jan 9, 2026Jan 9, 2026
    • Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chr…
      C
      82000Updated Jan 7, 2026Jan 7, 2026
    • A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.
      Python
      142000Updated Jan 7, 2026Jan 7, 2026
    • Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.
      C
      23000Updated Jan 6, 2026Jan 6, 2026
    • DbgNexum

      Public
      Shellcode injection using the Windows Debugging API
      C
      36000Updated Jan 4, 2026Jan 4, 2026
    • PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin
      C
      25000Updated Jan 4, 2026Jan 4, 2026
    • XSSNow

      Public
      Find XSS payloads that actually work by filtering them based on real-world constraints instead of blind payload spraying.
      JavaScript
      43000Updated Jan 4, 2026Jan 4, 2026
    • Abusing DDMA alongside Copy On Write for Cross Process Code Execution for a 3000$ Bug Bounty
      C++
      15000Updated Jan 3, 2026Jan 3, 2026
    • MSFinger

      Public
      Microsoft Network Service Fingerprinting Tool
      Python
      6000Updated Jan 2, 2026Jan 2, 2026
    • Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
      C
      5000Updated Jan 2, 2026Jan 2, 2026
    • xingrin-2

      Public
      src资产管理漏洞扫描平台,子域名爆破,端口扫描,站点发现,目录扫描,爬虫,漏洞扫描
      TypeScript
      60000Updated Dec 30, 2025Dec 30, 2025
    • darkdump

      Public
      Open Source Intelligence Interface for Deep Web Scraping
      Python
      287000Updated Dec 29, 2025Dec 29, 2025
    • xingrin

      Public
      src资产管理漏洞扫描平台,子域名爆破,端口扫描,站点发现,目录扫描,爬虫,漏洞扫描
      TypeScript
      60000Updated Dec 28, 2025Dec 28, 2025
    • "Web-Cache-Deception-Scanner" Extension for BurpSuite
      Java
      2000Updated Dec 27, 2025Dec 27, 2025