Security Research

SecListsPHP

A comprehensive collection of security testing wordlists and payloads for penetration testers and security researchers.

Metasploit FrameworkRuby

An open-source penetration testing framework for developing and executing exploit code against remote targets.

Academic Resources and Grey Literature List

A curated list of amazingly awesome open source intelligence (OSINT) tools and resources for cyber threat intelligence and investigations.

radare2C

A libre, Unix-like reverse engineering framework and command-line toolset for analyzing, debugging, and modifying binaries.

fridaMeson

A dynamic instrumentation toolkit for injecting JavaScript into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX.

Bytecode ViewerJava

A lightweight Java/Android reverse engineering suite with decompilers, disassemblers, and advanced analysis tools.

PwntoolsPython

A Python CTF framework and exploit development library designed for rapid prototyping and security research.

Web Security

A curated collection of web security resources, tools, and research materials for learning penetration techniques.

theZooPython

A live malware repository providing encrypted samples and source code for educational malware analysis and research.

HoneypotsPython

A curated list of awesome honeypot resources, tools, and related components for cybersecurity research and defense.

awesome-honeypotsPython

A curated list of free and open-source honeypot resources, tools, and related components for cybersecurity research.

Awesome Threat Intelligence

A curated list of awesome open-source threat intelligence resources, including feeds, tools, platforms, and standards.

codeqlCodeQL

Standard libraries and queries for CodeQL, powering GitHub Advanced Security and static application security testing.

CTF ToolsShell

A collection of setup scripts to install and manage security research tools for CTFs and binary analysis.

android-security-awesomeMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and penetration testing.

angrPython

A platform-agnostic binary analysis framework for disassembly, symbolic execution, and program analysis.

RetDecC++

A retargetable machine-code decompiler based on LLVM, supporting multiple architectures and file formats.

retdecC++

A retargetable machine-code decompiler based on LLVM, supporting multiple architectures and file formats.

RSACTFToolPython

A multi-attack RSA tool for CTF challenges that decrypts data from weak public keys and recovers private keys.

PoisonTapJavaScript

Exploits locked computers via USB to hijack internet traffic, steal browser cookies, and install persistent web backdoors using a Raspberry Pi Zero.

Awesome bug bounty resources by EdOverflow

A community-curated collection of payloads, tools, and techniques for bug bounty hunters and security researchers.

awesome-bug-bounty

A curated list of bug bounty programs, write-ups, and resources for security researchers and ethical hackers.

LIEFC++

A cross-platform library to parse, modify, and abstract executable formats like ELF, PE, and Mach-O.

AwesomeXSSJavaScript

A curated collection of XSS resources including payloads, polyglots, bypass techniques, and tools for security researchers.

trailofbits-skillsPython

A Claude Code plugin marketplace providing AI-assisted skills for security research, vulnerability detection, and audit workflows.

Awesome Security Talks & Videos

A curated collection of security conference talks and videos from events like DEF CON, Black Hat, and BSides.

Awesome vehicle security and car hacking

A curated list of resources for learning about vehicle security, car hacking, and automotive tinkering.

EQGRPPerl

A browsable archive of decrypted NSA exploit tools and implants leaked by the Shadow Brokers in 2017.

bug-bounty-reference

A categorized collection of bug bounty write-ups organized by vulnerability type for security researchers.

ScyllaHideC++

Advanced open-source x64/x86 user mode anti-anti-debug library that hides debugging from applications.

qiraC

A QEMU-based interactive runtime analyzer for debugging and reverse engineering, serving as an alternative to strace and gdb.

QiraC

A QEMU-based interactive runtime analyzer for dynamic binary analysis and reverse engineering.

TorBotPython

An open-source intelligence (OSINT) tool for crawling and analyzing websites on the dark web and beyond.

Awesome Cellular Hacking

A curated collection of resources for 2G/3G/4G/5G cellular security research, including tools, papers, and hardware guides.

fuzz.txt

A collection of potentially dangerous file names and paths for security testing and fuzzing.

H5SCJavaScript

A comprehensive collection of HTML5-related XSS attack vectors and testing resources for web security professionals.