Minimal out-of-band (OOB) interaction server PoC — DNS + HTTP catch-all + live dashboard, from scratch in Rust. Authorized pentest use only. - own2pwn-fr/oob-poc

Thor Firewall Smart — Production-grade eBPF/XDP security: XDP/eBPF, dashmap, flume, axum, YARA, Sigma, ONNX ML inference, SOAR engine, WebSocket real-time dashboard - mhmsdfhwhegggggggg/Thor-Firewa...

Cyanide — iOS tweak runner built on top of the DarkSword kernel r/w exploit - zeroxjf/cyanide

A Security scan analyzer for pentesters — parse nmap/nikto output, match CVEs, get exploit commands - Sombra-1/vulnmind

yellowkey bitlocker github cve download recovery key cve-2026-45585 nightmare-eclipse bypass tpm sniffing decryption tool setup guide tutorial windows 11 windows 10 error fix latest version 2026 - ...

AI Phishing Email Detector | Web Vulnerability Scanner - Tayyabjavedofficial/cybershield

Professional smart contract security auditing framework — vulnerability scanner, exploit PoCs, AI audit assistant, and audit report generator - BlockchainNooberz/Auditing-smart-contracts

Web Application Penetration Testing against OWASP Juice Shop using PTES, OWASP Top 10 and OWASP WSTG. - gfmcorrea/pentest-web-juice-shop

Deploying Sliver to an Oracle OCI compute instance via Terraform and Ansible - datboyblu3/The-Homegrown-Beacon

Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318 - BishopFox/CVE-2026-28318-check

Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230. - HalilDeniz/CVE-2026-20230-Scanner

Web Vulnerability Scanner — Flask REST API + SQLite + Security Scanning - amr-khaledd/webguard

Burp Suite Extension for auditing OAuth 2.0 implementations. Supports both Community and Professional Editions. - matiassequeira/burpsuite-oauth2.0

TryHackMe SOC Level 1 — Full kill chain analysis: HTA lure, DLL execution, credential dumping, DCSync, ransomware staging - czabatta/THM-Boogeyman3

Memory forensics automation — process analysis, injection detection, YARA scanning, IOC extraction with STIX 2.1 export. Works standalone or with Volatility3. - joemunene-by/ghostforensics

Open-source malware analysis sandbox with Docker/QEMU execution, telemetry, YARA, Suricata, threat-intel enrichment, and AI reports. - allsmog/detonate

Orchestra is the most advanced C2 framework in development. Features are beta and final version will be available commercially only to approved candidates. - t-h-i-n-k-er/orchestra

WebStrike — automated web-pentesting framework that orchestrates Kali tools (subfinder, httpx, katana, ffuf, nuclei, sqlmap, dalfox) into one phased recon→exploit→report pipeline. - FlinnZee/webstr...

An advanced Out-of-Band and In-Band SSRF fuzzing scanner with dynamic request tracking. - R0X4R/ressrf

5-layer offensive & defensive security toolkit: API scanner + payload injection (SQLi/XSS/JWT/PathTrav/SSRF) + network recon + AI prompt injection/red-team engine. Built on CL4R1T4S (29.5k ...

Reproducible Stuxnet malware-analysis lab with static and dynamic workflows, YARA/Sigma detections, and safety-first documentation. - allsmog/mlw-lab