Security Research
Showing 36 of 142 projects
A comprehensive collection of HTML5-related XSS attack vectors and testing resources for web security professionals.
A proof-of-concept system that defeats Google's audio reCaptcha with 85% accuracy using speech recognition and browser automation.
An open-source platform for architecture-neutral dynamic analysis built on QEMU, enabling whole-system record/replay and deep analysis.
A collection of proof-of-concept (PoC) and exploit (Exp) scripts for various security vulnerabilities.
A fast semantic search tool for C/C++ codebases that uses AST pattern matching to help security researchers find interesting functionality.
A Linux Kernel Module (LKM) rootkit for hiding processes, granting root privileges, and making files invisible.
A command-line tool that finds one-gadget RCE (execve('/bin/sh')) offsets in libc binaries for CTF pwn challenges.
A suite of utilities and libraries for analyzing binary programs, supporting multiple architectures and offering symbolic execution.
A curated catalog of hardware gadgets for red team pentesters and security researchers, organized into eight categories.
A curated collection of tools, data, literature, and resources for Industrial Control System (ICS) and SCADA security.
A static binary analysis framework for automated reverse engineering and security analysis of compiled executables.
An obfuscation-neglect Android malware scoring system that analyzes APKs for malicious behavior patterns.
An interactive command-line tool for exploring and exploiting the CTF protocol on Windows systems.
A collection of real-world malware samples, analysis exercises, and training resources for cybersecurity education and research.
A binary analysis and management framework for organizing malware samples, exploits, and research scripts.
An Arduino sketch for ESP8266 that advertises hundreds of custom WiFi SSIDs via beacon frames as a fun hacking project.
A curated collection of periodic cybersecurity newsletters covering news, research, tools, vulnerabilities, and threat analysis.
A collection of technical security notes and vulnerability disclosures about Node.js, npm, Yarn, and related ecosystems.
A virtualization-based agentless black-box binary analysis system for stealthy execution tracing.
A curated collection of fascinating and bizarre Censys Search queries for discovering exposed devices and services.
A Windows toolkit for analyzing, editing, and manipulating Portable Executable (PE) files and processes.
An open dataset and toolkit for training static PE malware machine learning models, featuring extracted features from millions of Windows executable files.
A curated, vendor-neutral collection of free annual cybersecurity analysis and survey reports from trusted sources.
A collection of sorted wordlists, hashcat masks, and advanced rules for password cracking based on analysis of billions of real passwords.
A massive 82 billion entry wordlist compiled from multiple password dictionaries for security testing.
A curated collection of Android exploits, hacking tools, and resources for security research and penetration testing.
A Google Colab notebook setup for high-performance hash cracking and penetration testing tools.
A modular Linux persistence framework for security research, detection engineering, and penetration testing.
A rootkit that leverages eBPF to implement offensive security techniques like container breakouts, network scanning, and RASP bypass.
A dynamic binary analysis framework based on QEMU for whole-system taint analysis and security research.
An index of Windows binaries with download links for executables like exe, dll, and sys files from Microsoft's symbol server.
A comprehensive netlist reverse engineering and manipulation framework for hardware analysis, akin to IDA or Ghidra for hardware.
A curated collection of macOS and iOS security resources including tools, research, malware analysis, and hardening guides.
A Bluetooth experimentation framework for Broadcom and Cypress chips that enables firmware patching and packet injection.
A deobfuscator that recovers control flow from binaries compiled with the M/o/Vfuscator one-instruction compiler.
A collection of nearly 40,000 JavaScript malware samples for security research and analysis.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.