Challenge handouts, source code, and solutions for UofTCTF 2026

A tool for hacking into publicly exposed network cameras, with support for targeting specific countries and regions, and visualizing the collected camera data on an interactive map. It also support…

A collection of PDF/books about the modern web application security and bug bounty.

Practical Windows Forensics Training

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

A curated list of awesome Android Reverse Engineering training, resources, and tools.

Grab cam shots & GPS location from target's phone front camera or PC webcam just sending a link.

Production-ready implementation of InvisPose - a revolutionary WiFi-based dense human pose estimation system that enables real-time full-body tracking through walls using commodity mesh routers

Drone pentesting framework console

JWT Auditor – Analyze, break, and understand your tokens like a pro.

Find XSS payloads that actually work by filtering them based on real-world constraints instead of blind payload spraying.

Manage WhatsApp .crypt12, .crypt14 and .crypt15 files.

ShadowRecon is a professional, all-in-one cybersecurity assessment framework written in Python. Designed for penetration testers, vulnerability researchers, and bug bounty hunters, it automates rec…

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

CVE-2025-55182-Exploiter Google Chrome Extension. nextjs vulnerability #nextjscve

React2Shell Ultimate - The most comprehensive CVE-2025-66478 Scanner for Next.js RSC RCE vulnerability. Multi-mode detection, WAF bypass, local scanning.

Prevent merging of malicious code in pull requests

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

তোমার নিজের প্রসেসর বানাও - শূন্য থেকে আসল চিপ তৈরি পর্যন্ত!

Vulnerable Labs - By System00 Security

An Intentionally Vulnerable Social Site (XSS)

Writeups for PortSwigger WebSecurity Academy

MCP Server for Ghidra

RedAudit is a next-generation Windows forensic and security assessment framework featuring a live cyber-operations GUI built for real investigators and red-team professionals.

Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection

file checker

Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀

Tosint (Telegram OSINT) is a powerful tool designed to extract valuable information from Telegram bots and channels. It serves as an essential resource for security researchers, investigators, and …

Whitesecross is an advanced Python-based XSS scanner designed for penetration testers and bug bounty hunters. It crawls websites, extracts parameters, and injects custom payloads to detect reflecte…