Pentesting

A foundational C library for building operationally credible offensive capabilities

One-command security scanner. 40+ rules for secrets, OWASP and deps. Scanned React: F grade.

Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.

IOC enrichment + PE static analysis in one self-contained Windows CLI. Zero dependencies.

BruceButBetter — DIY Flipper Zero on ESP32-S3 N16R8. Downstream Bruce fork: Sub-GHz, NFC/RFID, IR, WiFi/BLE, NRF24 & Si5351 in one device. Browser flasher included.

PenTest Toolkit v2 is a fully async, plugin-based security testing framework designed specifically for real-world bug bounty hunting. Every module is independently runnable, outputs structured JSON findings, and feeds into a unified HTML report with optional AI-powered analysis.

Free web reconnaissance tool for bug bounty hunters and pentesters — by Sipar Security

Static security scanner for AI agent skill packages. Detects malicious SKILL.md files and bundled scripts before they run.

Autonomous decentralized AI OSS hardener. Core Rust/P2P/zero-trust, Python AI/ML, C++23 perf. MVP: Scanner (graph DB + GNN-ready risk/neglect scoring) + Knowledge (IPFS/RAG-ready). Permissive OSS.

Security and privacy guardrails for AI-assisted software development

Cobalt Strike BOF that extracts selected Windows registry hives directly from a raw NTFS volume by parsing NTFS metadata and reading file data straight from disk.

Payload injector and HID emulator for Android

Cacti ≤ 1.2.30 Auth RCE - Host variable injection

SoK/Whitepaper on Offensive Operations against Active Directory Certificate Service

Deep paint osint tool

Smuggling C2 comms through links previews

Activation Context Hijacking Evasion Tool

Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.

🛡️ Duolingo for Cybersecurity — Track TryHackMe progress, earn XP, unlock achievements, and follow guided learning paths.

A Claude Code skill that security-audits vibe-coded SaaS apps. 50 common ways AI-generated apps get pwned, turned into a repeatable checklist, severity scoring, and findings report!