Less Googling, More Hacking!

Trending

scrcpy

Display and control your Android device

android c

Mobile

123075

View Details

Trending

sherlock

Hunt down social media accounts by username across social networks

cli cti

OSINT

65680

View Details

Trending

ghidra

Ghidra is a software reverse engineering (SRE) framework

disassembler reverse-engineering

Reverse Engineering

57261

View Details

Trending

x64dbg

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

binary-analysis ctf

Malware Analysis

46088

View Details

Trending

sqlmap

Automatic SQL injection and database takeover tool

database detection

Web Security

34233

View Details

Trending

dnSpy

.NET debugger and assembly editor

security tool

Reverse Engineering

27651

View Details

Trending

web-check

🕵️‍♂️ All-in-one OSINT tool for analysing any website

osint privacy

Web Security

25099

View Details

Trending

nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

attack-surface cve-scanner

Bug Bounty

23411

View Details

Trending

gitleaks

Find secrets with Gitleaks 🔑

ai-powered ci-cd

Bug Bounty

19975

View Details

Trending

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

docker docker-compose

Vulnerable Labs

18922

View Details

Trending

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing

Mobile

18654

View Details

Trending

frida

Clone this repo to build Frida

frida instrumentation

Mobile

17710

View Details

Trending

PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

bash batch

Red Team

17651

View Details

Trending

bytecode-viewer

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

android apk

Mobile

15038

View Details

Trending

chisel

A fast TCP/UDP tunnel over HTTP

golang http

Active Directory

14661

View Details

Trending

impacket

Impacket is a collection of Python classes for working with network protocols.

dcerpc dcom

Active Directory

14328

View Details

Trending

katana

A next-generation crawling and spidering framework.

cli crawler

Bug Bounty

13718

View Details

Trending

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

security tool

Red Team

13094

View Details

Trending

amass

In-depth attack surface mapping and asset discovery

attack-surfaces dns

Bug Bounty

13019

View Details

Trending

dex2jar

Tools to work with android .dex and java .class files

security tool

Mobile

12731

View Details

Trending

routersploit

Exploitation Framework for Embedded Devices

bruteforce creds

Red Team

12617

View Details

Trending

binwalk

Firmware Analysis Tool

security tool

Reverse Engineering

12499

View Details

Trending

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

security tool

Active Directory

12344

View Details

Trending

theZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis

Malware Analysis

11862

View Details

Trending

subfinder

Fast passive subdomain enumeration tool.

bugbounty hacking

Bug Bounty

11717

View Details

Trending

prowler

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

aws azure

Cloud Security

11650

View Details

Trending

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security

Vulnerable Labs

11282

View Details

Trending

DVWA

Damn Vulnerable Web Application (DVWA)

dvwa hacking

Vulnerable Labs

11260

View Details

Trending

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

mitre mitre-attack

Red Team

10608

View Details

Trending

Sublist3r

Fast subdomains enumeration tool for penetration testers

security tool

Bug Bounty

10371

View Details

Trending

BloodHound-Legacy

Six Degrees of Domain Admin

security tool

Active Directory

10181

View Details

Trending

sliver

Adversary Emulation Framework

adversarial-attacks adversary-simulation

Red Team

9425

View Details

Trending

Sn1per

Attack Surface Management Platform

attack-surface attack-surface-management

Web Security

8759

View Details

Trending

aws-vault

A vault for securely storing and accessing AWS credentials in development environments

aws aws-vault

Cloud Security

8735

View Details

Trending

Detect-It-Easy

Program for determining types of files for Windows, Linux and MacOS.

binary-analysis debugger

Malware Analysis

8732

View Details

Trending

pwndbg

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

binary-ninja capture-the-flag

Reverse Engineering

8682

View Details

Trending

httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

bugbounty cli

Bug Bounty

8523

View Details

Trending

bbot

The recursive internet scanner for hackers. 🧡

asm attack-surface-management

Bug Bounty

8517

View Details

Trending

objection

📱 objection - runtime mobile exploration

android framework

Mobile

8122

View Details

Trending

volatility

An advanced memory forensics framework

malware memory

Digital Forensics

7693

View Details

Trending

Havoc

The Havoc Framework

security tool

Red Team

7572

View Details

Trending

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

aws aws-security

Cloud Security

7572

View Details

Trending

WebGoat

WebGoat is a deliberately insecure application

security tool

Vulnerable Labs

7509

View Details

Trending

ScoutSuite

Multi-Cloud Security Auditing Tool

auditing aws

Cloud Security

7151

View Details

Trending

reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty

Bug Bounty

6298

View Details

Trending

voltron

A hacky debugger UI for hackers

debugger gdb

Reverse Engineering

6261

View Details

Trending

cloudmapper

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

aws cytoscape

Cloud Security

6148

View Details

Trending

osmedeus

A Workflow Engine for Offensive Security

attack-surface attack-surface-management

Bug Bounty

5606

View Details

Trending

pspy

Monitor linux processes without root permissions

ctf enumeration

Red Team

5500

View Details

Trending

capa

The FLARE team's open-source tool to identify capabilities in executable files.

binary-analysis gsoc-2025

Malware Analysis

5330

View Details

Trending

apkleaks

Scanning APK file for URIs, endpoints & secrets.

android-security apk

Mobile

5282

View Details

Trending

merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

agent c2

Red Team

5257

View Details

Trending

GhidraMCP

MCP Server for Ghidra

security tool

MCP Servers

5117

View Details

Trending

ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)

cloud-native cloudsecurity

Cloud Security

5003

View Details

Trending

scrcpy

Display and control your Android device

android c

Mobile

123075

View Details

Trending

sherlock

Hunt down social media accounts by username across social networks

cli cti

OSINT

65680

View Details

Trending

ghidra

Ghidra is a software reverse engineering (SRE) framework

disassembler reverse-engineering

Reverse Engineering

57261

View Details

Trending

x64dbg

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

binary-analysis ctf

Malware Analysis

46088

View Details

Trending

sqlmap

Automatic SQL injection and database takeover tool

database detection

Web Security

34233

View Details

Trending

dnSpy

.NET debugger and assembly editor

security tool

Reverse Engineering

27651

View Details

Trending

web-check

🕵️‍♂️ All-in-one OSINT tool for analysing any website

osint privacy

Web Security

25099

View Details

Trending

nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

attack-surface cve-scanner

Bug Bounty

23411

View Details

Trending

gitleaks

Find secrets with Gitleaks 🔑

ai-powered ci-cd

Bug Bounty

19975

View Details

Trending

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

docker docker-compose

Vulnerable Labs

18922

View Details

Trending

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing

Mobile

18654

View Details

Trending

frida

Clone this repo to build Frida

frida instrumentation

Mobile

17710

View Details

Trending

PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

bash batch

Red Team

17651

View Details

Trending

bytecode-viewer

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

android apk

Mobile

15038

View Details

Trending

chisel

A fast TCP/UDP tunnel over HTTP

golang http

Active Directory

14661

View Details

Trending

impacket

Impacket is a collection of Python classes for working with network protocols.

dcerpc dcom

Active Directory

14328

View Details

Trending

katana

A next-generation crawling and spidering framework.

cli crawler

Bug Bounty

13718

View Details

Trending

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

security tool

Red Team

13094

View Details

Trending

amass

In-depth attack surface mapping and asset discovery

attack-surfaces dns

Bug Bounty

13019

View Details

Trending

dex2jar

Tools to work with android .dex and java .class files

security tool

Mobile

12731

View Details

Trending

routersploit

Exploitation Framework for Embedded Devices

bruteforce creds

Red Team

12617

View Details

Trending

binwalk

Firmware Analysis Tool

security tool

Reverse Engineering

12499

View Details

Trending

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

security tool

Active Directory

12344

View Details

Trending

theZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis

Malware Analysis

11862

View Details

Trending

subfinder

Fast passive subdomain enumeration tool.

bugbounty hacking

Bug Bounty

11717

View Details

Trending

prowler

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

aws azure

Cloud Security

11650

View Details

Trending

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security

Vulnerable Labs

11282

View Details

Trending

DVWA

Damn Vulnerable Web Application (DVWA)

dvwa hacking

Vulnerable Labs

11260

View Details

Trending

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

mitre mitre-attack

Red Team

10608

View Details

Trending

Sublist3r

Fast subdomains enumeration tool for penetration testers

security tool

Bug Bounty

10371

View Details

Trending

BloodHound-Legacy

Six Degrees of Domain Admin

security tool

Active Directory

10181

View Details

Trending

sliver

Adversary Emulation Framework

adversarial-attacks adversary-simulation

Red Team

9425

View Details

Trending

Sn1per

Attack Surface Management Platform

attack-surface attack-surface-management

Web Security

8759

View Details

Trending

aws-vault

A vault for securely storing and accessing AWS credentials in development environments

aws aws-vault

Cloud Security

8735

View Details

Trending

Detect-It-Easy

Program for determining types of files for Windows, Linux and MacOS.

binary-analysis debugger

Malware Analysis

8732

View Details

Trending

pwndbg

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

binary-ninja capture-the-flag

Reverse Engineering

8682

View Details

Trending

httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

bugbounty cli

Bug Bounty

8523

View Details

Trending

bbot

The recursive internet scanner for hackers. 🧡

asm attack-surface-management

Bug Bounty

8517

View Details

Trending

objection

📱 objection - runtime mobile exploration

android framework

Mobile

8122

View Details

Trending

volatility

An advanced memory forensics framework

malware memory

Digital Forensics

7693

View Details

Trending

Havoc

The Havoc Framework

security tool

Red Team

7572

View Details

Trending

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

aws aws-security

Cloud Security

7572

View Details

Trending

WebGoat

WebGoat is a deliberately insecure application

security tool

Vulnerable Labs

7509

View Details

Trending

ScoutSuite

Multi-Cloud Security Auditing Tool

auditing aws

Cloud Security

7151

View Details

Trending

reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty

Bug Bounty

6298

View Details

Trending

voltron

A hacky debugger UI for hackers

debugger gdb

Reverse Engineering

6261

View Details

Trending

cloudmapper

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

aws cytoscape

Cloud Security

6148

View Details

Trending

osmedeus

A Workflow Engine for Offensive Security

attack-surface attack-surface-management

Bug Bounty

5606

View Details

Trending

pspy

Monitor linux processes without root permissions

ctf enumeration

Red Team

5500

View Details

Trending

capa

The FLARE team's open-source tool to identify capabilities in executable files.

binary-analysis gsoc-2025

Malware Analysis

5330

View Details

Trending

apkleaks

Scanning APK file for URIs, endpoints & secrets.

android-security apk

Mobile

5282

View Details

Trending

merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

agent c2

Red Team

5257

View Details

Trending

GhidraMCP

MCP Server for Ghidra

security tool

MCP Servers

5117

View Details

Trending

ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)

cloud-native cloudsecurity

Cloud Security

5003

View Details

Trending

scrcpy

Display and control your Android device

android c

Mobile

123075

View Details

Trending

sherlock

Hunt down social media accounts by username across social networks

cli cti

OSINT

65680

View Details

Trending

ghidra

Ghidra is a software reverse engineering (SRE) framework

disassembler reverse-engineering

Reverse Engineering

57261

View Details

Trending

x64dbg

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

binary-analysis ctf

Malware Analysis

46088

View Details

Trending

sqlmap

Automatic SQL injection and database takeover tool

database detection

Web Security

34233

View Details

Trending

dnSpy

.NET debugger and assembly editor

security tool

Reverse Engineering

27651

View Details

Trending

web-check

🕵️‍♂️ All-in-one OSINT tool for analysing any website

osint privacy

Web Security

25099

View Details

Trending

nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

attack-surface cve-scanner

Bug Bounty

23411

View Details

Trending

gitleaks

Find secrets with Gitleaks 🔑

ai-powered ci-cd

Bug Bounty

19975

View Details

Trending

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

docker docker-compose

Vulnerable Labs

18922

View Details

Trending

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing

Mobile

18654

View Details

Trending

frida

Clone this repo to build Frida

frida instrumentation

Mobile

17710

View Details

Trending

PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

bash batch

Red Team

17651

View Details

Trending

bytecode-viewer

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

android apk

Mobile

15038

View Details

Trending

chisel

A fast TCP/UDP tunnel over HTTP

golang http

Active Directory

14661

View Details

Trending

impacket

Impacket is a collection of Python classes for working with network protocols.

dcerpc dcom

Active Directory

14328

View Details

Trending

katana

A next-generation crawling and spidering framework.

cli crawler

Bug Bounty

13718

View Details

Trending

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

security tool

Red Team

13094

View Details

Trending

amass

In-depth attack surface mapping and asset discovery

attack-surfaces dns

Bug Bounty

13019

View Details

Trending

dex2jar

Tools to work with android .dex and java .class files

security tool

Mobile

12731

View Details

Trending

routersploit

Exploitation Framework for Embedded Devices

bruteforce creds

Red Team

12617

View Details

Trending

binwalk

Firmware Analysis Tool

security tool

Reverse Engineering

12499

View Details

Trending

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

security tool

Active Directory

12344

View Details

Trending

theZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis

Malware Analysis

11862

View Details

Trending

subfinder

Fast passive subdomain enumeration tool.

bugbounty hacking

Bug Bounty

11717

View Details

Trending

prowler

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

aws azure

Cloud Security

11650

View Details

Trending

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security

Vulnerable Labs

11282

View Details

Trending

DVWA

Damn Vulnerable Web Application (DVWA)

dvwa hacking

Vulnerable Labs

11260

View Details

Trending

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

mitre mitre-attack

Red Team

10608

View Details

Trending

Sublist3r

Fast subdomains enumeration tool for penetration testers

security tool

Bug Bounty

10371

View Details

Trending

BloodHound-Legacy

Six Degrees of Domain Admin

security tool

Active Directory

10181

View Details

Trending

sliver

Adversary Emulation Framework

adversarial-attacks adversary-simulation

Red Team

9425

View Details

Trending

Sn1per

Attack Surface Management Platform

attack-surface attack-surface-management

Web Security

8759

View Details

Trending

aws-vault

A vault for securely storing and accessing AWS credentials in development environments

aws aws-vault

Cloud Security

8735

View Details

Trending

Detect-It-Easy

Program for determining types of files for Windows, Linux and MacOS.

binary-analysis debugger

Malware Analysis

8732

View Details

Trending

pwndbg

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

binary-ninja capture-the-flag

Reverse Engineering

8682

View Details

Trending

httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

bugbounty cli

Bug Bounty

8523

View Details

Trending

bbot

The recursive internet scanner for hackers. 🧡

asm attack-surface-management

Bug Bounty

8517

View Details

Trending

objection

📱 objection - runtime mobile exploration

android framework

Mobile

8122

View Details

Trending

volatility

An advanced memory forensics framework

malware memory

Digital Forensics

7693

View Details

Trending

Havoc

The Havoc Framework

security tool

Red Team

7572

View Details

Trending

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

aws aws-security

Cloud Security

7572

View Details

Trending

WebGoat

WebGoat is a deliberately insecure application

security tool

Vulnerable Labs

7509

View Details

Trending

ScoutSuite

Multi-Cloud Security Auditing Tool

auditing aws

Cloud Security

7151

View Details

Trending

reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty

Bug Bounty

6298

View Details

Trending

voltron

A hacky debugger UI for hackers

debugger gdb

Reverse Engineering

6261

View Details

Trending

cloudmapper

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

aws cytoscape

Cloud Security

6148

View Details

Trending

osmedeus

A Workflow Engine for Offensive Security

attack-surface attack-surface-management

Bug Bounty

5606

View Details

Trending

pspy

Monitor linux processes without root permissions

ctf enumeration

Red Team

5500

View Details

Trending

capa

The FLARE team's open-source tool to identify capabilities in executable files.

binary-analysis gsoc-2025

Malware Analysis

5330

View Details

Trending

apkleaks

Scanning APK file for URIs, endpoints & secrets.

android-security apk

Mobile

5282

View Details

Trending

merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

agent c2

Red Team

5257

View Details

Trending

GhidraMCP

MCP Server for Ghidra

security tool

MCP Servers

5117

View Details

Trending

ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)

cloud-native cloudsecurity

Cloud Security

5003

View Details

Trending

scrcpy

Display and control your Android device

android c

Mobile

123075

View Details

Trending

sherlock

Hunt down social media accounts by username across social networks

cli cti

OSINT

65680

View Details

Trending

ghidra

Ghidra is a software reverse engineering (SRE) framework

disassembler reverse-engineering

Reverse Engineering

57261

View Details

Trending

x64dbg

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

binary-analysis ctf

Malware Analysis

46088

View Details

Trending

sqlmap

Automatic SQL injection and database takeover tool

database detection

Web Security

34233

View Details

Trending

dnSpy

.NET debugger and assembly editor

security tool

Reverse Engineering

27651

View Details

Trending

web-check

🕵️‍♂️ All-in-one OSINT tool for analysing any website

osint privacy

Web Security

25099

View Details

Trending

nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

attack-surface cve-scanner

Bug Bounty

23411

View Details

Trending

gitleaks

Find secrets with Gitleaks 🔑

ai-powered ci-cd

Bug Bounty

19975

View Details

Trending

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

docker docker-compose

Vulnerable Labs

18922

View Details

Trending

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing

Mobile

18654

View Details

Trending

frida

Clone this repo to build Frida

frida instrumentation

Mobile

17710

View Details

Trending

PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

bash batch

Red Team

17651

View Details

Trending

bytecode-viewer

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

android apk

Mobile

15038

View Details

Trending

chisel

A fast TCP/UDP tunnel over HTTP

golang http

Active Directory

14661

View Details

Trending

impacket

Impacket is a collection of Python classes for working with network protocols.

dcerpc dcom

Active Directory

14328

View Details

Trending

katana

A next-generation crawling and spidering framework.

cli crawler

Bug Bounty

13718

View Details

Trending

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

security tool

Red Team

13094

View Details

Trending

amass

In-depth attack surface mapping and asset discovery

attack-surfaces dns

Bug Bounty

13019

View Details

Trending

dex2jar

Tools to work with android .dex and java .class files

security tool

Mobile

12731

View Details

Trending

routersploit

Exploitation Framework for Embedded Devices

bruteforce creds

Red Team

12617

View Details

Trending

binwalk

Firmware Analysis Tool

security tool

Reverse Engineering

12499

View Details

Trending

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

security tool

Active Directory

12344

View Details

Trending

theZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis

Malware Analysis

11862

View Details

Trending

subfinder

Fast passive subdomain enumeration tool.

bugbounty hacking

Bug Bounty

11717

View Details

Trending

prowler

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

aws azure

Cloud Security

11650

View Details

Trending

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security

Vulnerable Labs

11282

View Details

Trending

DVWA

Damn Vulnerable Web Application (DVWA)

dvwa hacking

Vulnerable Labs

11260

View Details

Trending

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

mitre mitre-attack

Red Team

10608

View Details

Trending

Sublist3r

Fast subdomains enumeration tool for penetration testers

security tool

Bug Bounty

10371

View Details

Trending

BloodHound-Legacy

Six Degrees of Domain Admin

security tool

Active Directory

10181

View Details

Trending

sliver

Adversary Emulation Framework

adversarial-attacks adversary-simulation

Red Team

9425

View Details

Trending

Sn1per

Attack Surface Management Platform

attack-surface attack-surface-management

Web Security

8759

View Details

Trending

aws-vault

A vault for securely storing and accessing AWS credentials in development environments

aws aws-vault

Cloud Security

8735

View Details

Trending

Detect-It-Easy

Program for determining types of files for Windows, Linux and MacOS.

binary-analysis debugger

Malware Analysis

8732

View Details

Trending

pwndbg

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

binary-ninja capture-the-flag

Reverse Engineering

8682

View Details

Trending

httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

bugbounty cli

Bug Bounty

8523

View Details

Trending

bbot

The recursive internet scanner for hackers. 🧡

asm attack-surface-management

Bug Bounty

8517

View Details

Trending

objection

📱 objection - runtime mobile exploration

android framework

Mobile

8122

View Details

Trending

volatility

An advanced memory forensics framework

malware memory

Digital Forensics

7693

View Details

Trending

Havoc

The Havoc Framework

security tool

Red Team

7572

View Details

Trending

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

aws aws-security

Cloud Security

7572

View Details

Trending

WebGoat

WebGoat is a deliberately insecure application

security tool

Vulnerable Labs

7509

View Details

Trending

ScoutSuite

Multi-Cloud Security Auditing Tool

auditing aws

Cloud Security

7151

View Details

Trending

reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty

Bug Bounty

6298

View Details

Trending

voltron

A hacky debugger UI for hackers

debugger gdb

Reverse Engineering

6261

View Details

Trending

cloudmapper

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

aws cytoscape

Cloud Security

6148

View Details

Trending

osmedeus

A Workflow Engine for Offensive Security

attack-surface attack-surface-management

Bug Bounty

5606

View Details

Trending

pspy

Monitor linux processes without root permissions

ctf enumeration

Red Team

5500

View Details

Trending

capa

The FLARE team's open-source tool to identify capabilities in executable files.

binary-analysis gsoc-2025

Malware Analysis

5330

View Details

Trending

apkleaks

Scanning APK file for URIs, endpoints & secrets.

android-security apk

Mobile

5282

View Details

Trending

merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

agent c2

Red Team

5257

View Details

Trending

GhidraMCP

MCP Server for Ghidra

security tool

MCP Servers

5117

View Details

Trending

ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)

cloud-native cloudsecurity

Cloud Security

5003

View Details

Trending

scrcpy

Display and control your Android device

android c

Mobile

123075

View Details

Trending

sherlock

Hunt down social media accounts by username across social networks

cli cti

OSINT

65680

View Details

Trending

ghidra

Ghidra is a software reverse engineering (SRE) framework

disassembler reverse-engineering

Reverse Engineering

57261

View Details

Trending

x64dbg

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

binary-analysis ctf

Malware Analysis

46088

View Details

Trending

sqlmap

Automatic SQL injection and database takeover tool

database detection

Web Security

34233

View Details

Trending

dnSpy

.NET debugger and assembly editor

security tool

Reverse Engineering

27651

View Details

Trending

web-check

🕵️‍♂️ All-in-one OSINT tool for analysing any website

osint privacy

Web Security

25099

View Details

Trending

nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

attack-surface cve-scanner

Bug Bounty

23411

View Details

Trending

gitleaks

Find secrets with Gitleaks 🔑

ai-powered ci-cd

Bug Bounty

19975

View Details

Trending

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

docker docker-compose

Vulnerable Labs

18922

View Details

Trending

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing

Mobile

18654

View Details

Trending

frida

Clone this repo to build Frida

frida instrumentation

Mobile

17710

View Details

Trending

PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

bash batch

Red Team

17651

View Details

Trending

bytecode-viewer

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

android apk

Mobile

15038

View Details

Trending

chisel

A fast TCP/UDP tunnel over HTTP

golang http

Active Directory

14661

View Details

Trending

impacket

Impacket is a collection of Python classes for working with network protocols.

dcerpc dcom

Active Directory

14328

View Details

Trending

katana

A next-generation crawling and spidering framework.

cli crawler

Bug Bounty

13718

View Details

Trending

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

security tool

Red Team

13094

View Details

Trending

amass

In-depth attack surface mapping and asset discovery

attack-surfaces dns

Bug Bounty

13019

View Details

Trending

dex2jar

Tools to work with android .dex and java .class files

security tool

Mobile

12731

View Details

Trending

routersploit

Exploitation Framework for Embedded Devices

bruteforce creds

Red Team

12617

View Details

Trending

binwalk

Firmware Analysis Tool

security tool

Reverse Engineering

12499

View Details

Trending

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

security tool

Active Directory

12344

View Details

Trending

theZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis

Malware Analysis

11862

View Details

Trending

subfinder

Fast passive subdomain enumeration tool.

bugbounty hacking

Bug Bounty

11717

View Details

Trending

prowler

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

aws azure

Cloud Security

11650

View Details

Trending

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security

Vulnerable Labs

11282

View Details

Trending

DVWA

Damn Vulnerable Web Application (DVWA)

dvwa hacking

Vulnerable Labs

11260

View Details

Trending

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

mitre mitre-attack

Red Team

10608

View Details

Trending

Sublist3r

Fast subdomains enumeration tool for penetration testers

security tool

Bug Bounty

10371

View Details

Trending

BloodHound-Legacy

Six Degrees of Domain Admin

security tool

Active Directory

10181

View Details

Trending

sliver

Adversary Emulation Framework

adversarial-attacks adversary-simulation

Red Team

9425

View Details

Trending

Sn1per

Attack Surface Management Platform

attack-surface attack-surface-management

Web Security

8759

View Details

Trending

aws-vault

A vault for securely storing and accessing AWS credentials in development environments

aws aws-vault

Cloud Security

8735

View Details

Trending

Detect-It-Easy

Program for determining types of files for Windows, Linux and MacOS.

binary-analysis debugger

Malware Analysis

8732

View Details

Trending

pwndbg

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

binary-ninja capture-the-flag

Reverse Engineering

8682

View Details

Trending

httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

bugbounty cli

Bug Bounty

8523

View Details

Trending

bbot

The recursive internet scanner for hackers. 🧡

asm attack-surface-management

Bug Bounty

8517

View Details

Trending

objection

📱 objection - runtime mobile exploration

android framework

Mobile

8122

View Details

Trending

volatility

An advanced memory forensics framework

malware memory

Digital Forensics

7693

View Details

Trending

Havoc

The Havoc Framework

security tool

Red Team

7572

View Details

Trending

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

aws aws-security

Cloud Security

7572

View Details

Trending

WebGoat

WebGoat is a deliberately insecure application

security tool

Vulnerable Labs

7509

View Details

Trending

ScoutSuite

Multi-Cloud Security Auditing Tool

auditing aws

Cloud Security

7151

View Details

Trending

reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty

Bug Bounty

6298

View Details

Trending

voltron

A hacky debugger UI for hackers

debugger gdb

Reverse Engineering

6261

View Details

Trending

cloudmapper

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

aws cytoscape

Cloud Security

6148

View Details

Trending

osmedeus

A Workflow Engine for Offensive Security

attack-surface attack-surface-management

Bug Bounty

5606

View Details

Trending

pspy

Monitor linux processes without root permissions

ctf enumeration

Red Team

5500

View Details

Trending

capa

The FLARE team's open-source tool to identify capabilities in executable files.

binary-analysis gsoc-2025

Malware Analysis

5330

View Details

Trending

apkleaks

Scanning APK file for URIs, endpoints & secrets.

android-security apk

Mobile

5282

View Details

Trending

merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

agent c2

Red Team

5257

View Details

Trending

GhidraMCP

MCP Server for Ghidra

security tool

MCP Servers

5117

View Details

Trending

ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)

cloud-native cloudsecurity

Cloud Security

5003

View Details

Trending

scrcpy

Display and control your Android device

android c

Mobile

123075

View Details

Trending

sherlock

Hunt down social media accounts by username across social networks

cli cti

OSINT

65680

View Details

Trending

ghidra

Ghidra is a software reverse engineering (SRE) framework

disassembler reverse-engineering

Reverse Engineering

57261

View Details

Trending

x64dbg

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

binary-analysis ctf

Malware Analysis

46088

View Details

Trending

sqlmap

Automatic SQL injection and database takeover tool

database detection

Web Security

34233

View Details

Trending

dnSpy

.NET debugger and assembly editor

security tool

Reverse Engineering

27651

View Details

Trending

web-check

🕵️‍♂️ All-in-one OSINT tool for analysing any website

osint privacy

Web Security

25099

View Details

Trending

nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

attack-surface cve-scanner

Bug Bounty

23411

View Details

Trending

gitleaks

Find secrets with Gitleaks 🔑

ai-powered ci-cd

Bug Bounty

19975

View Details

Trending

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

docker docker-compose

Vulnerable Labs

18922

View Details

Trending

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing

Mobile

18654

View Details

Trending

frida

Clone this repo to build Frida

frida instrumentation

Mobile

17710

View Details

Trending

PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

bash batch

Red Team

17651

View Details

Trending

bytecode-viewer

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

android apk

Mobile

15038

View Details

Trending

chisel

A fast TCP/UDP tunnel over HTTP

golang http

Active Directory

14661

View Details

Trending

impacket

Impacket is a collection of Python classes for working with network protocols.

dcerpc dcom

Active Directory

14328

View Details

Trending

katana

A next-generation crawling and spidering framework.

cli crawler

Bug Bounty

13718

View Details

Trending

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

security tool

Red Team

13094

View Details

Trending

amass

In-depth attack surface mapping and asset discovery

attack-surfaces dns

Bug Bounty

13019

View Details

Trending

dex2jar

Tools to work with android .dex and java .class files

security tool

Mobile

12731

View Details

Trending

routersploit

Exploitation Framework for Embedded Devices

bruteforce creds

Red Team

12617

View Details

Trending

binwalk

Firmware Analysis Tool

security tool

Reverse Engineering

12499

View Details

Trending

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

security tool

Active Directory

12344

View Details

Trending

theZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

malware malware-analysis

Malware Analysis

11862

View Details

Trending

subfinder

Fast passive subdomain enumeration tool.

bugbounty hacking

Bug Bounty

11717

View Details

Trending

prowler

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

aws azure

Cloud Security

11650

View Details

Trending

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security

Vulnerable Labs

11282

View Details

Trending

DVWA

Damn Vulnerable Web Application (DVWA)

dvwa hacking

Vulnerable Labs

11260

View Details

Trending

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

mitre mitre-attack

Red Team

10608

View Details

Trending

Sublist3r

Fast subdomains enumeration tool for penetration testers

security tool

Bug Bounty

10371

View Details

Trending

BloodHound-Legacy

Six Degrees of Domain Admin

security tool

Active Directory

10181

View Details

Trending

sliver

Adversary Emulation Framework

adversarial-attacks adversary-simulation

Red Team

9425

View Details

Trending

Sn1per

Attack Surface Management Platform

attack-surface attack-surface-management

Web Security

8759

View Details

Trending

aws-vault

A vault for securely storing and accessing AWS credentials in development environments

aws aws-vault

Cloud Security

8735

View Details

Trending

Detect-It-Easy

Program for determining types of files for Windows, Linux and MacOS.

binary-analysis debugger

Malware Analysis

8732

View Details

Trending

pwndbg

Exploit Development and Reverse Engineering with GDB & LLDB Made Easy

binary-ninja capture-the-flag

Reverse Engineering

8682

View Details

Trending

httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

bugbounty cli

Bug Bounty

8523

View Details

Trending

bbot

The recursive internet scanner for hackers. 🧡

asm attack-surface-management

Bug Bounty

8517

View Details

Trending

objection

📱 objection - runtime mobile exploration

android framework

Mobile

8122

View Details

Trending

volatility

An advanced memory forensics framework

malware memory

Digital Forensics

7693

View Details

Trending

Havoc

The Havoc Framework

security tool

Red Team

7572

View Details

Trending

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

aws aws-security

Cloud Security

7572

View Details

Trending

WebGoat

WebGoat is a deliberately insecure application

security tool

Vulnerable Labs

7509

View Details

Trending

ScoutSuite

Multi-Cloud Security Auditing Tool

auditing aws

Cloud Security

7151

View Details

Trending

reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty

Bug Bounty

6298

View Details

Trending

voltron

A hacky debugger UI for hackers

debugger gdb

Reverse Engineering

6261

View Details

Trending

cloudmapper

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

aws cytoscape

Cloud Security

6148

View Details

Trending

osmedeus

A Workflow Engine for Offensive Security

attack-surface attack-surface-management

Bug Bounty

5606

View Details

Trending

pspy

Monitor linux processes without root permissions

ctf enumeration

Red Team

5500

View Details

Trending

capa

The FLARE team's open-source tool to identify capabilities in executable files.

binary-analysis gsoc-2025

Malware Analysis

5330

View Details

Trending

apkleaks

Scanning APK file for URIs, endpoints & secrets.

android-security apk

Mobile

5282

View Details

Trending

merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

agent c2

Red Team

5257

View Details

Trending

GhidraMCP

MCP Server for Ghidra

security tool

MCP Servers

5117

View Details

Trending

ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)

cloud-native cloudsecurity

Cloud Security

5003

View Details