Security-Tools on HackyFeed

AdminHack

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: AdminHack is a script designed to identify admin login pages and assess potential EAR vulnerabilities across web applications by utilizing multi-threading and an extensive wordlist. It supports various web technologies, including PHP, ASP, and HTML, and includes features such as web crawling, custom path support, and results exportation to files. This tool is particularly useful for penetration testing and security assessments of web environments.

README

• License • Issues • Developer • Wikipedia •

Android-PIN-Bruteforce

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Android-PIN-Bruteforce is a tool that allows users to unlock Android devices by executing a brute-force attack on the lockscreen PIN. Utilizing a rooted Kali Nethunter phone connected via USB OTG, it emulates keyboard input to automatically input and retry PIN combinations, supporting lengths from 1 to 10 digits and providing features such as configurable delays, optimized PIN lists, and the ability to bypass phone pop-ups. The tool does not require the locked device to be rooted and works across various Android versions.

APISecurityBestPractices

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: GitGuardian offers a proactive solution for developers to detect and mitigate the exposure of sensitive API secrets, database credentials, and certificates in real-time within their GitHub repositories. Notable features include immediate alerts upon detecting potential leaks before the git process completes, along with comprehensive resources for best development practices and leak mitigation strategies.

README

GitGuardian Documentation and Resources

This repository provides resources for developers to keep their secrets secret.

AppVerifier

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: AppVerifier is a tool designed for verifying the authenticity of mobile applications by comparing their package names and signing certificate hashes against provided or internally stored information. Its primary use case is to ensure users can confirm the genuineness of apps and share verification results with others efficiently. Notable features include a user-friendly interface for sharing and receiving verification information and compatibility with the Accrescent app store for enhanced security during downloads.

awesome-golang-security

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The “awesome-golang-security” repository is a curated collection of security-related resources tailored specifically for the Go programming language. It includes a variety of tools, libraries, and educational materials aimed at enhancing security in Go applications, notably covering aspects such as web framework hardening, static code analysis, and vulnerability management. Key features include middleware for CSRF protection, static analysis tools to identify security vulnerabilities in code, and comprehensive lists of known vulnerabilities for Go libraries.

awesome-php-security

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The “awesome-php-security” repository is a curated collection of resources focused on enhancing security in PHP applications. Its primary use case is to provide developers with tools, educational materials, and best practices to mitigate security vulnerabilities. Notable features include sections on web framework hardening, static code analysis tools, and a comprehensive list of vulnerabilities and security advisories.

README

A curated list of awesome PHP Security related resources.

awesome-python-security

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The “awesome-python-security” repository is a curated collection of resources focused on security related to Python programming. Its primary use case is to serve developers and security professionals by aggregating tools, educational materials, and references for secure coding practices, vulnerability detection, and compliance. Notable features include a categorized list of security tools like static code analysis, frameworks for web application security, and links to vulnerability databases and educational resources.

awesome-security-hardening

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Awesome Security Hardening is a comprehensive repository that compiles best practices, guides, and resources for security hardening across various platforms including operating systems, network devices, and cloud services. Its notable features include detailed checklists, benchmarks (like CIS and ANSSI), and a curated list of tools for assessing and implementing security measures, catering to both general users and cybersecurity professionals. The project encourages community contributions to continually enhance its breadth and usability.

BLUESPAWN

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: BLUESPAWN is an active defense and endpoint detection and response tool designed for blue teams to monitor systems in real-time and identify malicious activities within a network. Its notable features include the ability to detect, identify, and eliminate malware, as well as its open-source nature, fostering community collaboration for continuous improvement. The tool emphasizes rapid detection and understanding of the Windows attack surface against advanced threats, while providing visibility into its detection capabilities aligned with the MITRE ATT&CK framework.

bundler-audit

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Bundler-audit is a vulnerability checker for Ruby applications that audits a project’s Gemfile.lock for insecure gem versions and insecure sources. It features the ability to ignore certain advisories, provides detailed advisory information, and does not require an active network connection to perform audits. Ideal for integrating into CI workflows, it enables developers to ensure their applications are secure by identifying and suggesting updates for vulnerable gems.

README

bundler-audit

can-i-take-over-dns

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The “Can I Take Over DNS?” tool is a resource for security researchers that identifies DNS providers and assesses their vulnerability to DNS takeover attacks. It features a comprehensive list of DNS providers, along with their statuses, fingerprints, and guidance for conducting takeover attempts, facilitating informed bug bounty reporting. The project encourages community contributions to enhance its coverage and accuracy in identifying potential vulnerabilities.

README

Can I Take Over DNS?
^{_{A list of DNS providers and whether their zones are vulnerable to DNS takeover!
^{Maintained by}}}

Inspired by the popular Can I Take Over XYZ? project by @EdOverflow this project is uniquely oriented towards DNS takeovers. DNS takeovers pose a high threat to companies, warrant high bounties, and are easy to find. We are trying to make this list comprehensive, so please contribute!

cargo-auditable

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: cargo-auditable is a Rust tool that embeds the dependency tree of a Rust executable in JSON format within the compiled binary, allowing for precise auditing of crate versions against known vulnerabilities. It facilitates vulnerability scanning in production without additional bookkeeping, supporting major operating systems and WebAssembly. Notably, it integrates seamlessly with existing Cargo commands and works in conjunction with tools like cargo-audit to enhance security practices in Rust development.

certificates

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: step-ca is an online certificate authority designed for secure and automated certificate management in DevOps environments. It features the capability to issue HTTPS and TLS certificates for various services like VMs, containers, and APIs, as well as SSH certificates, while supporting automated certificate management through ACME protocols. Its flexibility allows users to select key types and certificate lifetimes, making it an essential tool for managing cryptographic needs within modern infrastructures.

chromepass

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Chromepass is a Python-based console application designed to decrypt saved passwords and cookies from various web browsers, including Google Chrome, Chromium, and others. Its primary use case is for extracting sensitive credentials with minimal detection by antivirus software through custom build methodologies. Notable features include the ability to remotely send the recovered data, customizable error messages, and a tailored user interface.

README

Chromepass - Hacking Chrome Saved Passwords and Cookies

View Demo · Report Bug · Request Feature

cli

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: CloudGraph is an open-source tool that serves as both a GraphQL API and a Cloud Security Posture Management (CSPM) solution, providing comprehensive compliance checks and type-safe asset inventories across AWS, Azure, GCP, and Kubernetes. Key features include automatic query validation, historical data snapshots, and a unified endpoint for querying resources across multiple cloud environments. Designed for ease of use, CloudGraph allows users to quickly assess their cloud infrastructure and maintain compliance with various security standards.

ContainerSSH

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: ContainerSSH is an SSH server designed to dynamically launch containers in Kubernetes and Docker, primarily aimed at facilitating lab environments, debugging production systems, and running honeypots. Notable features include ephemeral container management with automatic cleanup, secure and logged access for developers, and comprehensive auditing capabilities that allow for monitoring and analysis of SSH attack patterns. This tool enhances security workflows by leveraging containerization to isolate user activities and preserve system integrity.

content

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: ComplianceAsCode/content is a framework designed to facilitate the creation and maintenance of security policy content for various platforms, including Linux distributions and applications like Firefox. It generates SCAP content, Ansible playbooks, and Bash scripts from easily editable YAML rule files, allowing organizations to automate compliance checks and remediations. Notable features include a powerful build system that reduces redundancy, multi-format outputs tailored to different organizational needs, and comprehensive documentation resources for users.

dpt-shell

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: dpt-shell is an Android Dex protection tool designed to hollow out method implementations within DEX files, facilitating runtime reconstruction for enhanced protection of Android applications. Primary use cases include securing APKs and AABs against reverse engineering, with notable features such as customizable protection configurations, exclusion of specific ABIs, and the ability to dump DEX code items for analysis.

README

dpt-shell

English | 简体中文

dpt-shell is an Android Dex protection shell that hollows out Dex method implementations and reconstructs them at runtime.

ethereum-lists

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Ethereum-lists is a collaborative repository that maintains and updates lists of malicious URLs, fake token addresses, Ethereum addresses, and contract details, facilitating community contributions through pull requests. Its primary use case is to serve as a resource for users to identify and avoid phishing attempts and fraudulent tokens within the Ethereum ecosystem. Notable features include an easily accessible structure for submitting changes and clear guidelines for contributions, promoting community involvement in enhancing security awareness.

extract_otp_secrets

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The extract_otp_secrets tool is a Python script designed to extract one-time password (OTP) secrets from QR codes generated by two-factor authentication applications, such as Google Authenticator. It supports multiple input methods, including live capture from a camera, image files, and text files from external QR code readers, while allowing users to export the extracted secrets to JSON or CSV formats or print them as QR codes. Notable features include a built-in GUI for live QR code capture and flexible output options.

Facebook-BugBounty-Writeups

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The Meta(Facebook) Bug Bounty Writeups repository compiles a collection of documented vulnerabilities discovered on Facebook, showcasing varying bounty rewards ranging from account takeovers to remote code execution. Its primary use case is to serve as a resource for security researchers and ethical hackers to share and learn from reported vulnerabilities in Meta’s platforms. Notable features include a chronological organization of writeups, contributing guidelines, and links to detailed analysis articles for each reported bug.

fail2ban

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Fail2Ban is a security tool that monitors log files for multiple failed authentication attempts, automatically banning IP addresses that exceed a specified threshold by updating firewall rules. It supports various standard log files, including those from SSH and Apache, and can be configured to monitor custom log files as needed. Notable features include its capability to work with both IPv4 and IPv6 addresses, and a client-server architecture for managing configurations and interactions.

GH05T-INSTA

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: GH05T-INSTA is a cybersecurity tool designed for brute-force password recovery on Instagram accounts, suitable for both rooted and non-rooted Android devices. It features automatic IP address anonymization, error detection and resolution, and allows users to create custom password lists for enhanced effectiveness. While marketed as a hacking tool, the developers emphasize the legal implications and responsibility of ethical usage.

README

The best way to hack Instagram

New Working Tool Link : Click

Installation {Kali}

BruteForce (GH05T-INSTA)

apt install git

git clone https://github.com/GH05T-HUNTER5/GH05T-INSTA

cd GH05T-INSTA

sudo bash setup.sh

Configuring Tor server to open control port

gitleaks

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Gitleaks is a tool designed for the detection of sensitive information, such as passwords, API keys, and tokens, within Git repositories and other files. Its primary use case is to identify and prevent the accidental exposure of secrets in code, and it offers notable features such as integration with GitHub Actions and pre-commit hooks for continuous monitoring. Additionally, Gitleaks utilizes a robust detection engine based on regular expressions to analyze codebases efficiently.

Gmail-Hack

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Gmail-Hack is a Python-based tool designed for unauthorized access to Gmail accounts, primarily focused on users operating in Termux or Linux environments. It features a straightforward installation process and is intended for educational purposes, with caveats regarding its ethical use. Notably, the tool claims to facilitate hacking actions with minimal setup time, emphasizing its ease of use for individuals familiar with command-line interfaces.

README

Gmail-Hack

Easy gmail hacking in python

Я не несу ответственности за ваши действия. Скачивая программное обеспечение из этого репозитория, вы соглашаетесь с лицензией.

gosec

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: gosec is a security analysis tool designed to inspect Go source code for potential security vulnerabilities by scanning the Abstract Syntax Tree (AST) and Static Single Assignment (SSA) representation. It utilizes pattern-based rules, SSA-based analyzers, and taint analysis to identify common issues like SQL injection and XSS. Notable features include customizable rule selection, various output formats, and integration as a GitHub Action for continuous security monitoring.

README

gosec - Go Security Checker

Inspects source code for security problems by scanning the Go AST and SSA code representation.

gotestwaf

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: GoTestWAF is a versatile tool designed for simulating API and web application attacks, supporting a multitude of protocols like REST, GraphQL, and gRPC, among others. It evaluates the effectiveness of security solutions such as Web Application Firewalls and API gateways by generating malicious HTTP requests with encoded payloads, allowing for comprehensive security testing and reporting of vulnerabilities. Notable features include customizable payloads, diverse encoding options, and the ability to specify request placeholders for precise attack simulations.

grapefruit

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Grapefruit is an open-source mobile security testing suite designed for runtime mobile application instrumentation, supporting both iOS and Android platforms through a web-based interface powered by Frida. It allows users to inspect, hook, and modify mobile apps with features including method hooking, cryptographic API interception, filesystem and SQLite database inspection, memory scanning, and real-time log monitoring. Additionally, it provides support for various frameworks like Flutter and React Native, as well as advanced analysis and decompilation capabilities for a comprehensive security assessment.

h2csmuggler

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: h2cSmuggler is a specialized tool that facilitates the smuggling of HTTP traffic past insecure proxy configurations by leveraging HTTP/2 cleartext (h2c) communications with compatible back-end servers. Its primary use case involves testing web servers for vulnerabilities related to improperly configured proxy_pass directives that could allow attackers to bypass access controls and proxy rules. Notable features include the ability to scan multiple endpoints concurrently, integration with popular security tools like Burp Suite, and a test environment for demonstration and experimentation with h2c smuggling techniques.

hackbar2.1.3

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Hackbar 2.1.3 is a Firefox extension designed for penetration testing that facilitates web application security assessments by allowing users to manipulate HTTP requests. The tool enables users to load specific payloads and automate tasks, making it suitable for security professionals. Notable features include compatibility with various versions of browsers, and updates that offer newer functionalities and security patches.

README

hackbar2.1.3
firefox hackbar收费前的残留版本
使用方法
打开firefox的插件目录
然后点这里
加载{4c98c9c7-fc13-4622-b08a-a18923469c1c}.xpi 即可
一定记住要关闭插件的自动更新！！！，否则浏览器会自动更新插件到收费版本！！!
设置方法如下图所示:

hardening

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Hardening Ubuntu. Systemd edition.

Hardening Ubuntu. Systemd edition.

ighack

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Ighack is a Bash-based tool designed for testing the password strength of Instagram accounts through brute-force attacks, compatible with both rooted and non-rooted Android devices using Termux. It offers features such as a stable Instagram API, support for Tor to enhance anonymity during attacks, and both auto and manual attack options for user flexibility. The tool is maintained and provides a beginner-friendly interface, allowing easy installation and usage.

Impulse

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Impulse is a modern denial-of-service toolkit designed for executing various DDoS attack methods, including SMS, email, and multiple network traffic overload techniques like SYN and UDP floods. Its notable features include a user-friendly interface and support for methods such as Slowloris and NTP amplification, allowing attackers to exploit vulnerabilities across multiple platforms including Windows, Linux, and Termux. This tool can be leveraged to stress test and demonstrate the potential impact of denial-of-service attacks on targeted systems.

insta-hack

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Insta-hack is a comprehensive tool designed for Instagram account compromise, featuring capabilities for information gathering, brute force attacks, and automated reporting. It operates on both Termux and Kali Linux without the need for root access and includes essential functionalities such as script updates and removals. The tool is intended strictly for educational use, with a clear emphasis on responsible usage.

README

About tool

All in one Instagram hacking tool available (Insta information gathering, Insta brute force, Insta account auto repoter)

Instabruteforce

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Instabruteforce is a Python-based tool designed for brute-forcing Instagram accounts using a list of proxies. Its primary use case is to test account security by attempting to crack passwords from a supplied list, with features that include proxy management, statistics tracking, and customizable bot modes for varying performance. The program also incorporates a pruning system to optimize proxy usage by removing underperforming proxies from its database.

README

Instagram Bruter

This program will brute force any Instagram account you send it its way given a list of proxies.

Instagram-Hacker

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Instagram-Hacker is a Python script designed for performing bruteforce attacks on Instagram accounts. Its primary use case is to automate the process of testing multiple password combinations for a given username using predefined password lists. Notable features include the requirement for the mechanize and requests libraries, and the option to integrate with Tor for enhanced anonymity during the attack process.

README

Instagram-Hacker

This is a script for Instagram bruteforce attacks. WARNING THIS IS A REAL TOOL!

instahack

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Instahack is a robust brute-force framework designed for testing Instagram accounts, utilizing Bash and Python for efficient password testing. It features multi-threading, Tor integration for anonymity, and customizable attack options, enabling users to conduct ethical penetration testing and OSINT gathering. The tool supports auto-resume capabilities and is optimized for high-volume password attempts.

README

🚀 Instahack - Advanced Instagram Brute Force Framework

🔍 About Instahack

Instahack is a high-performance Instagram brute-force tool crafted in Bash and Python, capable of testing millions of passwords efficiently. It uses Tor routing, Instagram Android app signatures, and customizable attack logic for stealthy, anonymous operations.

IP-Tracer

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: IP-Tracer is a command-line tool designed for Termux and Linux systems that allows users to track IP addresses by retrieving detailed information through the ip-api service. Its primary use case includes identifying the geographic and network details of both the user’s own IP address and that of other targets, with straightforward command syntax for operation. Notable features include installation ease, simple command-based usage, and the ability to gather IP data quickly.

ipdrone

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Ipdrone is a Python-based tool designed for IP lookup and geolocation tracking, intended for use on both rooted and non-rooted Android devices via Termux. Notable features include real-time location tracking, ease of use for beginners, and consistent updates, enabling users to gather detailed information about specific IP addresses.

README

ABOUT TOOL :

Ipdrone is a simply python script, which can be used to Ip lookup and to get information of perticualr target Ip. This tool works on both rooted Android device and Non-rooted Android device.

IpHack

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: IpHack is a Python-based tool designed for tracking IP locations and performing network testing. Its primary use case includes determining the geographical location of IP addresses, checking proxy status, and gathering detailed device information based on IP, with notable features such as an enhanced design, the ability to search for IPs behind Cloudflare, and various inquiry methods for making requests. The tool can be easily installed via pip and offers functionalities to track both direct IP addresses and domains, as well as to verify proxies.

keychain

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Keychain is a tool designed to manage SSH and GPG keys efficiently by serving as a persistent frontend to ssh-agent and gpg-agent, allowing a single long-running instance per system. Its primary use case is to minimize the frequency of passphrase entries to once per reboot, enhancing security and convenience, especially for remote cron jobs. Notable features include seamless integration with key management, bash completion support for various command-line options, and user-friendly installation procedures.

Keylogger

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The Keylogger tool captures keyboard, mouse, screenshot, and microphone inputs on a target computer and sends the collected data to the user’s email for security testing purposes. Notable features include self-deletion capabilities if the target discovers the code and automated data transmission every 10 seconds. The tool is easy to deploy by running a single script with minimal setup requirements.

README

Inputs To Mail.

Get Keyboard,Mouse,ScreenShot,Microphone Inputs and Send to your Mail. Purpose of the project is testing the security of information systems

kubestriker

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Kubestriker is a robust security auditing tool designed specifically for Kubernetes environments, facilitating the identification and mitigation of misconfigurations that may expose clusters to attacks. It offers extensive checks across multiple platforms, including self-hosted Kubernetes, Amazon EKS, Azure AKS, and Google GKE, alongside visualized attack path analytics to enhance situational awareness. Additionally, Kubestriker supports CI/CD pipeline integrations, enabling continuous security scanning during the deployment process.

README

A Blazing fast Security Auditing tool for kubernetes!!

landrun

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Landrun is a lightweight sandboxing tool for Linux designed to run processes securely using the Landlock kernel security module, enabling fine-grained control over filesystem and network access without the need for root privileges or containerization. Notable features include kernel-level security, customizable read, write, and execution permissions for files and directories, and TCP access control, making it suitable for securely executing commands in an isolated environment. With a minimal overhead architecture, it offers a practical solution for developers needing enhanced process security.

MHDDoS

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: MHDDoS is a Python-based DDoS attack scripting tool that features 57 distinct attack methods, primarily targeting Layer 7 protocols. It offers advanced techniques such as GET and POST floods, as well as bypass mechanisms for various DDoS protection services, enabling users to perform sophisticated denial-of-service attacks while adhering to ethical guidelines. Notable capabilities include methods for random subdomains, slowloris attacks, and cookie manipulation, making it a versatile tool for testing web application resilience.

MySQL_Fake_Server

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: MySQL Fake Server is a tool designed for penetration testing, specifically emulating a MySQL server to exploit vulnerabilities related to file reading and Java deserialization in MySQL JDBC clients. Notable features include the ability to read large binary files, support for custom configuration through a JSON file, and the option to preview or save the contents of read files, all implemented in pure Python 3 without external dependencies.

Name-That-Hash

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Name-That-Hash is a modern hash identification tool designed to accurately identify various hash types, such as MD5 and NTLM. Its notable features include popularity ratings to prioritize common hashes, hash summaries for informed selection, accessible color output, and JSON-based API access for integration into other projects. The tool is intended to provide a more user-friendly and up-to-date alternative to older hash identification systems.

README

➡️ Discord | Website ⬅️

The Modern Hash Identification System
pip3 install name-that-hash && nth
Web App with no install needed

onecli

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: OneCLI is an open-source credential management gateway designed for AI agents, providing a secure method to store and inject API keys without exposing them to the agents themselves. It offers features such as AES-256-GCM encrypted secret storage, transparent credential injection, host and path matching for secret routing, and support for multiple agents with scoped permissions. The system enables easy setup via Docker and integrates with external vaults like Bitwarden for on-demand credential access, enhancing security and manageability in API interactions.

OSCE3-Complete-Guide

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The OSCE³ and OSEE Study Guide provides comprehensive resources for mastering web security concepts and techniques relevant to the Offensive Security Certified Expert (OSCE) and Offensive Security Exploitation Expert (OSEE) certifications. Its primary use case is to aid cybersecurity professionals in studying various attack vectors and methodologies, including but not limited to SQL injections, cross-site scripting, and remote code execution. Notable features include an extensive list of reference materials, as well as detailed discussions of numerous vulnerabilities and exploitation strategies.

OSCP-Exam-Report-Template

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The OSCP Exam Report Template provides structured templates for documenting OSCP Lab and Exam reports, designed to reduce the anxiety associated with report writing. Notable features include a detailed Table of Contents, machine-specific sections with links for easy navigation, and additional headers for crucial elements such as scan results and proof documentation. The template facilitates a comprehensive and organized representation of a penetration testing process following the OSCP guidelines.

OSCP-Exam-Report-Template-Markdown

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The OSCP Exam Report Template in Markdown is designed to streamline the report writing process for Offensive Security exams, eliminating the need for traditional word processors like LaTeX and Microsoft Word. It allows users to write reports in Markdown, which enhances efficiency, reduces formatting issues, and integrates version control capabilities. Notable features include a script for automatic report generation, support for various text editors, and a clean, professional layout for certification documentation.

pdfrip

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: PDFRip is a multithreaded PDF password cracking tool written in Rust, featuring advanced capabilities such as wordlist attacks, custom query builders, and structured password brute-forcing techniques. Notable features include prepared verifier hot paths for efficient password attempts, exact progress tracking, checkpointing for session resumption, and output in JSON format for automation. It supports various brute-force methods, including bounded masks, date, and number generators, making it a versatile utility for recovering PDF passwords.

penelope

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Penelope is a modern shell handler designed to replace netcat for remote code execution (RCE) exploitation, focusing on enhancing post-exploitation workflows. It supports multiple listeners, session management, and dynamic interaction with target systems through modules, facilitating features such as file transfers, logging, and shell activity management. Built entirely in Python, it offers a standalone operation mode and compatibility across Unix-like systems, thereby streamlining the exploitation process for security professionals.

personal-security-checklist

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2026

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2026

privacy.sexy

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: privacy.sexy is a cross-platform tool designed to enforce privacy and security best practices on Windows, macOS, and Linux systems. Its notable features include integration with unit, integration, and end-to-end testing workflows, as well as security checks for dependencies using Static Analysis Security Testing (SAST), ensuring a robust and secure user experience.

README

privacy.sexy — Privacy is sexy

Enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy.

raven

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Raven is a developer security tool designed to enhance the security of software projects by providing capabilities for managing and monitoring secrets, vulnerabilities, and compliance across development environments. Its primary use case is to integrate seamlessly into CI/CD pipelines, ensuring that code remains secure throughout the software development lifecycle. Notable features include real-time detection of security risks, a user-friendly interface, and integration with various popular development tools and platforms.

Search-That-Hash

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Search-That-Hash is a hash cracking automation tool that quickly queries popular online hash databases and utilizes Hashcat for local cracking when offline. It features automatic type identification through integration with Name-That-Hash, a fast search capability, extensibility for adding new hash sources, and an accessible design. Additionally, the tool offers both CLI and JSON API outputs, ensuring flexibility in usage for security professionals.

README

➡️ Discord ⬅️

The Fastest Hash Cracking System
pip3 install search-that-hash && sth

Smart-Contract-Auditor-Tools-and-Techniques

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The Smart Contract Auditor Tools and Techniques repository provides a compilation of resources and tools aimed at enhancing the security and auditing processes for smart contracts. It features a variety of transaction visualization tools, educational pathways for aspiring auditors, and various miscellaneous tools for detecting vulnerabilities, simulating attacks, and analyzing smart contract behavior across Ethereum and other EVM-compatible blockchains. Notably, it includes links to web-based platforms for on-chain investigation and defense against potential exploits, making it a critical resource for both new and experienced blockchain security professionals.

SocialBox-Termux

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: SocialBox-Termux is a brute-force attack framework designed for social media platforms such as Facebook, Gmail, Instagram, and Twitter. It facilitates penetration testing by automating the login attempts using various credentials, making it useful for security professionals. Notable features include compatibility with Termux on Android, easy installation via a shell script, and the ability to run under a VPN for enhanced privacy.

README

SocialBox-Termux

SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Edit By samsesh

spicedb

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: SpiceDB is an open-source authorization database inspired by Google’s Zanzibar system, designed to provide scalable and secure permission checks for applications. It allows developers to define schemas, manage relationships, and conduct queries to assess user permissions on resources, addressing critical access control threats. Notable features include its relational-like structure for defining authorization models and its capability to handle complex permission queries for enhanced security management.

README

SpiceDB sets the standard for authorization that scales.

Scale with
Traffic • Dev Velocity • Functionality • Geography

stego-toolkit

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Stego-Toolkit is a Docker image designed for tackling steganography challenges frequently encountered in CTF platforms. It comes pre-loaded with a variety of popular tools and screening scripts that facilitate the analysis of images and audio files for hidden data, allowing users to effortlessly run command-line and GUI applications within a containerized environment. Notable features include automation scripts for file screening and support for both Linux and Windows tools via Wine, ensuring a comprehensive toolkit for steganography analysis.

Storm-Breaker

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Storm-Breaker is a versatile cybersecurity tool that enables unauthorized access to device information, including location, webcam, and microphone on smartphones, without requiring user permissions. Notable features include a revamped web user interface, the ability to operate on personal hosting environments, auto-download functionality for Ngrok, and comprehensive logging capabilities. This tool is primarily designed for penetration testing and social engineering exercises within controlled environments.

README

A Tool With Attractive Capabilities.

Swift-Keylogger

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Swift-Keylogger is a macOS tool designed to monitor and log keystrokes while providing contextual information about the applications generating those keystrokes. It utilizes low-level HID APIs to ensure stability despite Apple’s deprecation of certain high-level APIs and organizes the logged data by application and timestamps in a structured directory format. The tool can be integrated with Cocoa applications, offering both executable usage and source code incorporation, making it flexible for developers.

T-LOAD

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: T-load is a bash-based script designed for customizing the Termux terminal interface on both rooted and non-rooted Android devices. Its primary use case is to enhance the user experience by providing an attractive and engaging terminal environment, complete with sound effects and an updated layout. Notable features include an easy installation process, new interface options, and the ability to revert to the default terminal settings.

README

tabby

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: TABBY is a static code analysis tool designed for Java that rapidly identifies various types of vulnerabilities within Java applications. It utilizes the Soot framework to transform Java bytecode (JAR/WAR/CLASS files) into a code property graph (CPG), which is then stored in a Neo4j graph database, allowing for complex taint analysis and vulnerability chain detection through simple Cypher queries. Notable features include the ability to discover deserialization attack chains and common web vulnerabilities, significantly enhancing the efficiency of code audits by reducing manual search efforts.

TermuxCyberArmy

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: TermuxCyberArmy is a cybersecurity toolkit designed for Termux, primarily facilitating various hacking and scripting tasks. Notable features include compatibility with multiple Linux distributions such as Kali Linux and Parrot OS, as well as ease of installation using basic command-line operations. The tool is particularly suited for security practitioners seeking to enhance their skills in penetration testing and ethical hacking.

README

Update 19/06/2024

thug

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Thug is a low-interaction honeyclient developed in Python that emulates the behavior of a web browser to detect and analyze client-side attacks by allowing malicious content to exploit its simulated environment. Its primary use case is research and detection of vulnerabilities in client applications, akin to a honeypot but focused on the client side. Notable features include its ability to mimic user interactions and support for detailed analysis of malicious payloads in a controlled setting.

tripwire-open-source

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Open Source Tripwire® is a file integrity monitoring tool designed to detect and alert users about unauthorized changes to files and directories by comparing the current filesystem state against a predefined baseline. It features a highly configurable policy file system for specifying which attributes to monitor, the capability to sign configuration and report files for added security, and the ability to generate and manage cryptographic keys for multiple machines. Users can utilize it to establish secure baselines and automate periodic checks, enhancing overall system integrity and security.

v3-periphery

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Uniswap V3 Periphery is a collection of smart contracts designed to facilitate interactions with the Uniswap V3 Protocol, providing essential functionalities such as token swaps and liquidity operations. Its primary use case involves integrating these periphery functions into decentralized applications, enabling developers to leverage the protocol’s capabilities. Notable features include the ability to import Solidity interfaces for seamless contract interactions and comprehensive local deployment options for testing against mainnet bytecode.

VAmPI

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: VAmPI is a vulnerable API built on Flask that includes the OWASP Top 10 vulnerabilities for APIs, designed to assess the efficacy of security tools in detecting API-related security issues. It features a global toggle to enable or disable vulnerabilities during testing, along with token-based authentication and a Swagger UI for direct interaction. The tool serves both educational and practical purposes, allowing users to practice security testing and improve their understanding of API vulnerabilities.

zizmor

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: zizmor is a static analysis tool designed specifically for GitHub Actions, aimed at identifying common security vulnerabilities within CI/CD workflows. It detects issues such as template injection vulnerabilities, accidental credential leakage, excessive permission grants, and misleading git references, among others. The tool’s primary use case is to enhance the security posture of automated workflows by providing insights and recommendations for remediation.

README

🌈 zizmor

zizmor is a static analysis tool for GitHub Actions.

Security-Tools on HackyFeed

AdminHack

README

Android-PIN-Bruteforce

APISecurityBestPractices

README

GitGuardian Documentation and Resources

AppVerifier

awesome-golang-security

awesome-php-security

README

awesome-python-security

awesome-security-hardening

BLUESPAWN

bundler-audit

README

bundler-audit

can-i-take-over-dns

README

Can I Take Over DNS?A list of DNS providers and whether their zones are vulnerable to DNS takeover! Maintained by

cargo-auditable

certificates

chromepass

README

Chromepass - Hacking Chrome Saved Passwords and Cookies

cli

ContainerSSH

content

dpt-shell

README

dpt-shell

ethereum-lists

extract_otp_secrets

Facebook-BugBounty-Writeups

fail2ban

GH05T-INSTA

README

New Working Tool Link : Click

Installation {Kali}

BruteForce (GH05T-INSTA)

gitleaks

Gmail-Hack

README

Gmail-Hack

Easy gmail hacking in python

gosec

README

gosec - Go Security Checker

gotestwaf

grapefruit

h2csmuggler

hackbar2.1.3

README

hackbar2.1.3

加载{4c98c9c7-fc13-4622-b08a-a18923469c1c}.xpi 即可

一定记住要关闭插件的自动更新！！！，否则浏览器会自动更新插件到收费版本！！!

hardening

ighack

Impulse

insta-hack

README

About tool

Instabruteforce

README

Instagram Bruter

Instagram-Hacker

README

Instagram-Hacker

instahack

README

🚀 Instahack - Advanced Instagram Brute Force Framework

🔍 About Instahack

IP-Tracer

ipdrone

README

ABOUT TOOL :

IpHack

keychain

Keylogger

README

Can I Take Over DNS?
^{_{A list of DNS providers and whether their zones are vulnerable to DNS takeover!
^{Maintained by}}}

SpiceDB sets the standard for authorization that scales.

Scale with
Traffic • Dev Velocity • Functionality • Geography