Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and...
Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project...
InveighZero is a C# LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to...
ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This...
Use Android as Rubber Ducky against another Android device HID attack using AndroidUsing Android as Rubber Ducky against Android. This...
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx....
Boomerang is a tool to expose multiple internal servers to web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports...
A simple PoC which leverages the Outlook Application Interface (COM Interface) to execute shellcode on a system based on a...
Obfuscate (hide) the PE imports from static/dynamic analysis tools. TheoryThis's pretty forward, let's say I've used VirtualProtect and I want...
The Fastest Hash Cracking System pip3 install search-that-hash && sth Tired of going to every website to crack your hash?...
Automatically detect control-flow flattening and other state machines Author: Tim BlazytkoDescription:Scripts and binaries to automatically detect control-flow flattening and other state...
A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE...
This is a collection of tools you may like if you are interested on reverse engineering and/or malware analysis on...
Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to...
OSINT tool to get information from a github profile and find GitHub user's email addresses leaked on commits.How does this...
I created an Offensive Security Exam Report Template in Markdown so LaTeX, Microsoft Office Word, LibreOffice Writer are no longer...
Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and...
A library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but...
A golang tool that uses the dehashed.com API to search for compromised assets. Results can then be compiled into a...
PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanullHow to use:python proxylogon.py <name or IP of server> <user@fqdn> Example:python proxylogon.py...
Fast browser-based network discovery module Descriptionnetmap.js provides browser-based host discovery and port scanning capabilities to allow you to map website...
An automated web hacking framework for web applications Detailed insight about Vajra can be found athttps://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8 About Vajra Vajra is an...
Subcert is a subdomain enumeration tool, that finds all the valid subdomains from certificate transparency logs. SetupStep 1: Install Python...
A framework for identifying and exploiting out-of-band (OOB) vulnerabilities. Installation & SetupMole InstallPython >= 3.6 virtualenv -p /usr/bin/python3 venv source...
