Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Driller: augmenting AFL with symbolic execution!

Grey-box Concolic Testing on Binary Code (ICSE '19)

Fast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services with the ability to add custom ones. It is easy to use and portable, and can …

A multi-platform fuzzer for poking at userland binaries, network clients and servers

iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis …

Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥

A handheld PC

M5 Stick C firmware for high-tech pranks

The Ultimate URL Masking Tool - An open-source URL masking tool designed to help you Hide Phishing URLs and make them look legit using social engineering techniques.

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), ar…

PoC for dumping and decrypting cookies in the latest version of Microsoft Teams

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.

Quicky serve files over http or https using flask.

Deserialization payload generator for a variety of .NET formatters

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Directory/File, DNS and VHost busting tool written in Go

Web application fuzzer

Telegram Monitor

Seamlessly integrate LLMs as Python functions

A curated list of GPT agents for cybersecurity

Flipper Zero POCSAG Pager receiver plugin

SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Your Swiss Army knife to analyze malicious web traffic based on the popular Fiddler web debugger.

This is a ZSH plugin that enables you to use OpenAI's Codex AI in the command line.

A Python Package for Data Exfiltration

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS.