-
AutoProber
Hardware hacker’s flying probe automation stack for agent-driven target discovery, microscope mapping, safety-monitored CNC motion, probe review, and controlled pin probing.
Python ★ 308 3mo agoExplain → -
GoldenNuggets-1
Burp Extension for easily creating Wordlists
Python ★ 221 4y agoExplain → -
anti-crime-ecosystem-research
Independent research white paper by Jon “GainSec” Gaines examining the security posture of a connected public safety technology ecosystem.
★ 216 8mo agoExplain → -
TreeHouse-Wordlists
Wordlist for Hacking, Penetration Testing, Vulnerability Assessments and More
Shell ★ 85 7mo agoExplain → -
Flock-Safety-Trap-Shooter-Sniffer-Alarm
Custom firmware for the M5NanoC6 (ESP32-C6) meant to sniff and alert you of nearby Flock Safety devices. Will be integrated into a exploit tool releasing on 09/27/25 for Flock Safety devices!
C ★ 79 8mo agoExplain → -
LeakScope
An all-in-one Shodan & ZoomEye supported tool to search, browse, preview and dump data leakage across 20+ services. Pulls real exposure straight from the sources instead of guessing. Drop it into your workflow and watch it surface leaks you won't find anywhere else.
JavaScript ★ 63 7mo agoExplain → -
Dorker
CLI and Web App to automatically format dorks for all major search engines
Python ★ 22 6y agoExplain → -
PineapplePager-Themer
A web-based theme editor for the Hak5 WiFi Pineapple Pager. Create, customize, and export themes without needing to manually edit JSON files or manage image assets. By GainSec
JavaScript ★ 18 5mo agoExplain → -
Hackers-LunchBox
High level attack and finding maps for all your penetration testing, hacking, bug bounty and red teaming needs!
★ 16 2y agoExplain → -
gainsec-in-the-middle
Implementation of Man-in-the-Middle (MiTM) Router / Access Point (AP). Great for embedded, IoT, or simlar penetration tests, hacks or research. Creates all interfaces and configurations on the fly, integrates other functionality to make tls stripping, android use or burp suite use more streamlined.
Shell ★ 14 1y agoExplain → -
GainSec-Local-AI-Stack
Notes, custom scripts, workflows, etc from doing AI research / prototyping a local stack.
Python ★ 12 1y agoExplain → -
MacOS-AppleIntelligence-Harness
A macOS application for testing and experimenting with Apple's on-device Foundation Models (Apple Intelligence). Build custom prompts, create multi-step pipelines, and analyze response consistency, all running locally on your Mac with no cloud dependencies.
Swift ★ 8 5mo agoExplain → -
Wireless-Attack-Vectors-Against-Automobiles
GainSec published Whitepaper covering wireless attacks in regards to automobiles.
★ 8 2y agoExplain → -
ArcticBase
Self-hosted workbench host for AI coding agents. Each project gets a themed dashboard where the agent drops approval forms, runbooks, files, and review docs — out-of-band from chat, persistent, auditable. FastAPI + Svelte 5, single static binary or Docker, single-user.
Python ★ 7 2mo agoExplain → -
M5NanoC6-Zigbee-Sniffer
M5Stack M5NanoC6 Zigbee Sniffer instructions.
★ 6 1y agoExplain → -
CloudGoatTutorial
A complete tutorial for setting up CloudGoat using Windows 10 and Virtual Box (Ubuntu Server 20.04 LTS)
★ 6 6y agoExplain → -
Mac-OSX-Application-Fingerprint-And-Security-Tool
Quick script to automate some basic tasks done during a OSX Thick Client or Software Penetration Test. Checks for things like ARC, PIE, Canary, Codesignature Flags, NSFileProtect, Signature and more.
Python ★ 6 2y agoExplain → -
BattleReadyArmor-Slim
BRA Slim — free tier of Battle Ready Armor. AI-augmented security assessment, governed end-to-end. The operator drives; an LLM agent runs recon, captures evidence, drafts findings, and writes the report — every action gated, anonymized, and recorded by a governance layer the operator owns.
HTML ★ 5 2mo agoExplain → -
CVE-2017-16744-and-CVE-2017-16748-Tridium-Niagara
Proof of Concept (PoC) for CVE: 2017-16744 and 2017-16748
Python ★ 5 4y agoExplain → -
Little-Tikes-DreamProjector-Reverse-Engineering
Some notes/materials about reverse engineering the Little Tikes Dream Machine.
★ 5 1y agoExplain → -
M5Stack-Core2-PaxCounter-WiFi-Bluetooth-Monitor
M5Stack 'Paxcounter' without the LoRA functionality. Lists number of nearby WiFi and Bluetooth Devices.
C++ ★ 4 1y agoExplain → -
tensorflow-generic-harness
TensorFlow Generic Harness: a self-contained replay toolkit that runs OEM-style YOLO/SSD TensorFlow Lite models against live webcams, recorded footage, or extracted session directories, mirroring device pipelines with JSON reporting, session markers, and Docker/ venv automation. BYO model assets
Python ★ 4 8mo agoExplain → -
Weaponized-Mousejack-Keysniff
Weaponized the Mousejack and Keysniff Vulnerabilities
Python ★ 4 6y agoExplain → -
Base-Google-Dorks
Basic List of Google Dorks [Incomplete]
★ 4 7y agoExplain → -
flock-safety-falcon-sparrow-alpr-edl-firehose
Proper firehose to interact with Flock Safety's License Plate Readers when in EDL mode.
★ 3 1y agoExplain → -
Phrack-72-Raw-Output-V2X
Raw output, logs and other files related to my V2X Paper published in Phrack 72.
★ 3 10mo agoExplain → -
Quick-Engagement-Directory-Maker
Quick Script to create a Engagement Root and Data Directory Structure for penetration testing or other types of offensive cyber security engagements
Python ★ 3 2y agoExplain → -
crt.sh-OSX
Crt.sh Passive Enumeration Script compatiable with OSX
Shell ★ 2 4y agoExplain → -
IG-Clone-Tracker
Instagram Clone for use in labs. Can be used for researching, testing, prototyping, tracking.
JavaScript ★ 2 1y agoExplain → -
MacOS-ImagePlayground-Improved
A macOS app for testing Apple's Image Playground API with enhanced features beyond the stock Image Playground app.
Swift ★ 2 5mo agoExplain → -
karma ⑂
Find leaked emails with your passwords. demo:
Python ★ 2 4y agoExplain → -
battlereadyarmor-pilot
Direct offensive workflows through a controlled command interface built for operators, pentesters, hackers and cybersecurity professionals. Made by GainSec
TypeScript ★ 1 4mo agoExplain → -
SectorMap
SectorMap is a self-hosted, offline-first dataset browser and archive platform with a galaxy-style interface, SQLite storage, Docker deployment, CSV import/export, and multi-database support. Supports desktop and mobile web plus a native iOS app
HTML ★ 1 2mo agoExplain → -
AgentReadyArmor-Teaser
Agent Ready Armor (ARA) — a runtime substrate for AI agents. Containment for what agents do, provenance for what they produce. Built for the demands of offensive security, applicable to any agentic deployment. Second in the Ready Armor Suite, after BRA. Control in Depth.
HTML ★ 1 2mo agoExplain → -
BattleReadyArmor-PublicPreview
Public preview of Battle Ready Armor (BRA): an agentic security assessment architecture for privacy-preserving context, explicit governance state, Control-in-Depth enforcement, governed materialization, and supervised self-growth.
Python ★ 1 2mo agoExplain → -
FOSINT
Free Open Source Intelligence Resource Dump. Aka big list of OSINT.
★ 1 7y agoExplain → -
RTLOify
Quick script to create strings with RTLO characters, change single filenames or even entire directories. Meant to be used for RTLO bypasses/testing in regards to hacking, offensive cyber security and penetration testing.
Python ★ 1 2y agoExplain → -
Silk-Road-Lecture
No description.
★ 1 3y agoExplain → -
vncpwn
No description.
Python ★ 1 6y agoExplain → -
AOL-Desktop-Gold-Security-Research
Public Release of a tiny group independent security research project into AOL Desktop Gold.
HTML ★ 0 2d agoExplain → -
onvif-enum
Standalone ONVIF device enumeration tool for authorized research: service discovery, capabilities, media/PTZ/imaging/events/security checks, interactive mode, JSON output, and service URL patching for IP cameras, NVRs, and OEM physical-security devices.
Python ★ 0 14d agoExplain → -
DigitalAlly-ThermoVu-Uniview-Security-Research
Public research release for Digital Ally ThermoVu DTM-600 / Uniview OET-213H-NB analysis: findings, notes, evidence, LAPI/ONVIF tooling, test artifacts, and standalone Uniview LAPI toolkit. Excludes raw firmware, private workflow files, and personal source images.
HTML ★ 0 14d agoExplain → -
Uniview-LAPI-Research-Toolkit
Standalone Uniview/OEM LAPI research client for authorized testing: endpoint profiles, safe read-only defaults, explicit write controls, fingerprinting, low-risk audits, and DTM-600 validation data.
Python ★ 0 14d agoExplain → -
3rdParty-Carplay-AndroidAuto-Dongle-Security-Research
Public research release for Mayton/AutoPro CarPlay dongle analysis: documentation, findings, test plans, logs, configs, disclosure notes, and source-based tools for cpctl/cpcp, CarPlay shim/sink work, and offline package handling. Excludes raw firmware images and extracted filesystems.
C ★ 0 14d agoExplain → -
n8n-workflow-whisper-server
Basic N8N workflow that utilizes a file trigger for *.mp3 files uploaded to openweb-ui. It then sends the files to the whisper server and writes the transcription to a directory accessible by openweb-ui.
★ 0 1y agoExplain → -
LeakLooker-X---2022 ▣
LeakLooker-X Working 2022
JavaScript ★ 0 4y agoExplain →
No repos match these filters.