July 3, 2026
Loupe is an open-source iOS app that reveals the device fingerprinting data any app can access, from passive signals to advanced side-channel techniques.
Discover Copy Fail, a devastating Linux kernel vulnerability (CVE-2026-31431) affecting kernels from 2017-2026. A tiny 732-byte Python script grants unprivileged users root access across Ubuntu, RHEL, SUSE, and more. Bypassing page cache protections, it corrupts setuid binaries silently without disk writes. Learn who’s affected, immediate mitigations, and why this portable LPE outclasses Dirty Pipe and Dirty Cow. Patch now for multi-tenant servers, Kubernetes, and CI runners.
Discover OneForAll, the most powerful open-source subdomain collection tool with 50+ modules including certificate transparency, DNS datasets, search engines, and brute-forcing. Collect thousands of subdomains rapidly with automatic validation, takeover detection, and export to CSV/JSON. Perfect for penetration testing, bug bounty hunters, and security researchers. Features Docker support, mass DNS resolution (350k+/sec), and multi-threaded scanning.
Discover BBOT, the recursive internet scanner that automates reconnaissance, bug bounties, and attack surface management. This Python powerhouse combines Spiderfoot's power with modern automation, finding 20-50% more subdomains than competitors. From passive API enumeration to aggressive web scanning, BBOT handles it all with presets like 'subdomain-enum', 'web-thorough', and 'kitchen-sink'. Install via pipx, output to Neo4j/Discord, and scan multiple targets effortlessly.
Discover wechat-decrypt, the ultimate open-source tool for decrypting WeChat 4.x databases across Windows, macOS, and Linux. Extract encryption keys from live process memory, decrypt SQLCipher 4 databases, and monitor real-time messages with a sleek Web UI. Features image decryption (V2 format), Claude AI integration via MCP, and low-latency message streaming. Perfect for researchers and developers needing access to WeChat's encrypted local data. Cross-platform memory scanning, WAL file handling, and rich media parsing included. Get started in minutes with one command.
Dive into 'PayloadsAllTheThings,' an invaluable open-source GitHub repository for web application security. Developed by swisskyrepo, it compiles an extensive list of payloads and bypass techniques essential for penetration testing, bug bounty hunting, and CTF challenges. This detailed resource covers a wide array of vulnerabilities from SQL injection and XSS to API key leaks and misconfigurations, offering practical examples and methodologies. Whether you're a seasoned security professional or a budding pentester, this project provides the organized knowledge and tools to enhance your offensive security skills, making it a must-have in your cybersecurity toolkit.
Discover Pydictor, a powerful open-source tool designed for cybersecurity professionals and enthusiasts. This versatile Python-based dictionary builder helps generate highly customizable wordlists for various purposes, including brute-force attacks and security testing. Learn how Pydictor can create general wordlists, content-based dictionaries, and social engineering wordlists, offering flexible options for length, character types, and encoding. With its robust configuration and cross-platform compatibility, Pydictor is an essential utility for anyone involved in penetration testing or security research. Explore its features, from basic wordlist generation to advanced filtration and plugin support, making it a comprehensive solution for your dictionary building needs.