The following are a collection of recently-released pen test tools. I update this list every time that there is a new post and when I find a new one around the Internet. The rest of the repository has hundreds of additional cybersecurity and pen test tools.
- [Squarephish - An advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes](
- [HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites](
- [Kali Linux 2022.4 - Penetration Testing and Ethical Hacking Linux Distribution](
- [laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques](
- [ADFSRelay - Proof Of Concept Utilities Developed To Research NTLM Relaying Attacks Targeting ADFS](
- [FarsightAD - PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise](
- [Codecepticon - .NET Application That Allows You To Obfuscate C#, VBA/VB6 (Macros), And PowerShell Source Code](
- [Legitify - Detect And Remediate Misconfigurations And Security Risks Across All Your GitHub Assets](
- [Klyda - Highly Configurable Script For Dictionary/Spray Attacks Against Online Web Applications](
- [Neton - Tool For Getting Information From Internet Connected Sandboxes](
- [DomainDouche - OSINT Tool to Abuse SecurityTrails Domain Suggestion API To Find Potentially Related Domains By Keyword And Brute Force](
- [Pycrypt - Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products](
- [EvilTree - A Remake Of The Classic "Tree" Command With The Additional Feature Of Searching For User Provided Keywords/Regex In Files, Highlighting Those That Contain Matche](
- [Kubeeye - Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems](
- [Stegowiper - A Powerful And Flexible Tool To Apply Active Attacks For Disrupting Stegomalware](
- [Sandbox_Scryer - Tool For Producing Threat Hunting And Intelligence Data From Public Sandbox Detonation Output](
- [nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services](
- [TripleCross - A Linux eBPF Rootkit With A Backdoor, C2, Library Injection, Execution Hijacking, Persistence And Stealth Capabilities.](
- [Collect-MemoryDump - Automated Creation Of Windows Memory Snapshots For DFIR](
- [Appshark - Static Taint Analysis Platform To Scan Vulnerabilities In An Android App](
- [VuCSA - Vulnerable Client-Server Application - Made For Learning/Presenting How To Perform Penetration Tests Of Non-Http Thick Clients](
- [Jscythe - Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code](
- [Threatest - Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules](
- [Sandman - NTP Based Backdoor For Red Team Engagements In Hardened Networks](
- [ProtectMyTooling - Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry](
- [Shomon - Shodan Monitoring Integration For TheHive](
- [Bomber - Scans Software Bill Of Materials (SBOMs) For Security Vulnerabilities](
- [Mangle - Tool That Manipulates Aspects Of Compiled Executables (.Exe Or DLL) To Avoid Detection From EDRs](
- [Usbsas - Tool And Framework For Securely Reading Untrusted USB Mass Storage Devices](
- [PartyLoud - A Simple Tool To Generate Fake Web Browsing And Mitigate Tracking](
- [MHDDoS - DDoS Attack Script With 56 Methods](
- [JSubFinder - Searches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets](
- [xnLinkFinder - A Python Tool Used To Discover Endpoints (And Potential Parameters) For A Given Target](
- [PenguinTrace - Tool To Show How Code Runs At The Hardware Level](
- [GodGenesis - A Python3 Based C2 Server To Make Life Of Red Teamer A Bit Easier. The Payload Is Capable To Bypass All The Known Antiviruses And Endpoints](
- [FUD-UUID-Shellcode - Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness](
- [Monkey365 - Tool For Security Consultants To Easily Conduct Not Only Microsoft 365, But Also Azure Subscriptions And Azure Active Directory Security Configuration Reviews](
- [SteaLinG - Open-Source Penetration Testing Framework Designed For Social Engineering](
- [AoratosWin - A Tool That Removes Traces Of Executed Applications On Windows OS](
- [Parrot 5.1 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind](
- [Cloudfox - Automating Situational Awareness For Cloud Penetration Tests](
- [Java-Remote-Class-Loader - Tool to send Java bytecode to your victims to load and execute using Java ClassLoader together with Reflect API](
- [Pmanager - Store And Retrieve Your Passwords From A Secure Offline Database. Check If Your Passwords Has Leaked Previously To Prevent Targeted Password Reuse Attacks](
- [Psudohash - Password List Generator That Focuses On Keywords Mutated By Commonly Used Password Creation Patterns](
- [SharpNamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation](
- [SCodeScanner - Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities](
- [FISSURE - Frequency Independent SDR-based Signal Understanding and Reverse Engineering](
- [DeathSleep - A PoC Implementation For An Evasion Technique To Terminate The Current Thread And Restore It Before Resuming Execution, While Implementing Page Protection Changes During No Execution](
- [SharpImpersonation - A User Impersonation Tool - Via Token Or Shellcode Injection](
- [PersistenceSniper - Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines](
- [Gohide - Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption](
- [ForceAdmin - Create Infinite UAC Prompts Forcing A User To Run As Admin](
- [Coercer - A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods](
- [noPac - Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User](
- [ApacheTomcatScanner - A Python Script To Scan For Apache Tomcat Server Vulnerabilities](
- [Aced - Tool to parse and resolve a single targeted Active Directory principal's DACL](
- [Awesome-Password-Cracking - A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security](
- [Autodeauth - A Tool Built To Automatically Deauth Local Networks](
- [Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory](
- [System Informer - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware](
- [Concealed_Code_Execution - Tools And Technical Write-Ups Describing Attacking Techniques That Rely On Concealing Code Execution On Windows](
- [dnsReaper - Subdomain Takeover Tool For Attackers, Bug Bounty Hunters And The Blue Team!](
- [PR-DNSd - Passive-Recursive DNS Daemon](
- [Kali Linux 2022.3 - Penetration Testing and Ethical Hacking Linux Distribution](
- [Faraday Community - Open Source Penetration Testing and Vulnerability Management Platform](
- [Bpflock - eBPF Driven Security For Locking And Auditing Linux Machines](
- [Laurel - Transform Linux Audit Logs For SIEM Usage](
- [Pretender - Your MitM Sidekick For Relaying Attacks Featuring DHCPv6 DNS Takeover As Well As mDNS, LLMNR And NetBIOS-NS Spoofing](
- [TerraformGoat - "Vulnerable By Design" Multi Cloud Deployment Tool](
- [Maldev-For-Dummies - A Workshop About Malware Development](
- [PR-DNSd - Passive-Recursive DNS Daemon](
- [SilentHound - Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.](
- [Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler](
- [Cirrusgo - A Fast Tool To Scan SAAS, PAAS App Written In Go](
- [Peetch - An eBPF Playground](
- [Smap - A Drop-In Replacement For Nmap Powered By Shodan.Io](
- [MrKaplan - Tool Aimed To Help Red Teamers To Stay Hidden By Clearing Evidence Of Execution](
- [Kali Linux 2022.3 - Penetration Testing and Ethical Hacking Linux Distribution](
- [Faraday Community - Open Source Penetration Testing and Vulnerability Management Platform](
- [OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents](
- [NimGetSyscallStub - Get Fresh Syscalls From A Fresh Ntdll.Dll Copy](
- [Chisel-Strike - A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities](
- [RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check](
- [Hoaxshell - An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic](
- [Ropr - A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative](
- [Hoaxshell - An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic](
- [RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check](
- [OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents](
- [Faraday Community - Open Source Penetration Testing and Vulnerability Management Platform](
- [Faraday Community - Open Source Penetration Testing and Vulnerability Management Platform](
- [Kali Linux 2022.3 - Penetration Testing and Ethical Hacking Linux Distribution](
- [MrKaplan - Tool Aimed To Help Red Teamers To Stay Hidden By Clearing Evidence Of Execution](
- [Sealighter - Easy ETW Tracing for Security Research](
- [EmoCheck - Emotet Detection Tool For Windows OS](
- [secureCodeBox (SCB) - Continuous Secure Delivery Out Of The Box](
- [Nimc2 - A C2 Fully Written In Nim](
- [Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers](
- [SharpWSUS - CSharp tool for lateral movement through WSUS](
- [awsEnum - Enumerate AWS Cloud Resources Based On Provided Credential](
- [Dlinject - Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace](
- [Microsoft-365-Extractor-Suite - A Set Of PowerShell Scripts That Allow For Complete And Reliable Acquisition Of The Microsoft 365 Unified Audit Log](
- [DeepTraffic - Deep Learning Models For Network Traffic Classification](
- [Aiodnsbrute - DNS Asynchronous Brute Force Utility](
- [Cspparse - A Tool To Evaluate Content Security Policies](
- [CrackQL - GraphQL Password Brute-Force And Fuzzing Utility](
- [Haxx - Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 - iOS 14.8.1](
- [Pamspy - Credentials Dumper For Linux Using eBPF](
- [Secretflow - A Unified Framework For Privacy-Preserving Data Analysis And Machine Learning](
- [Tofu - Windows Offline Filesystem Hacking Tool For Linux](
- [WebView2-Cookie-Stealer - Attacking With WebView2 Applications](
- [Bypass-Url-Parser - Tool That Tests Many URL Bypasses To Reach A 40X Protected Page](
- [Trufflehog - Find Credentials All Over The Place](
- [Dumpscan - Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats](
- [Kubeaudit - Tool To Audit Your Kubernetes Clusters Against Common Security Controls](
- [Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler](
- [Pretender - Your MitM Sidekick For Relaying Attacks Featuring DHCPv6 DNS Takeover As Well As mDNS, LLMNR And NetBIOS-NS Spoofing](
- [modDetective - Tool That Chronologizes Files Based On Modification Time In Order To Investigate Recent System Activity](
- [LiveTargetsFinder - Generates Lists Of Live Hosts And URLs For Targeting, Automating The Usage Of MassDNS, Masscan And Nmap To Filter Out Unreachable Hosts And Gather Service Information](
- [Cdb - Automate Common Chrome Debug Protocol Tasks To Help Debug Web Applications From The Command-Line And Actively Monitor And Intercept HTTP Requests And Responses](
- [Trufflehog - Find Credentials All Over The Place](
- [Dumpscan - Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats](
- [Kubeaudit - Tool To Audit Your Kubernetes Clusters Against Common Security Controls](
- [Norimaci - Simple And Lightweight Malware Analysis Sandbox For macOS](
- [Authcov - Web App Authorisation Coverage Scanning](
- [Nim-Loader - WIP Shellcode Loader In Nim With EDR Evasion Techniques](
- [DFSCoerce - PoC For MS-DFSNM Coerce Authentication Using NetrDfsRemoveStdRoot Method](
- [Scout - Lightweight URL Fuzzer And Spider: Discover A Web Server'S Undisclosed Files, Directories And VHOSTs](
- [Sealighter - Easy ETW Tracing for Security Research](
- [EmoCheck - Emotet Detection Tool For Windows OS](
- [secureCodeBox (SCB) - Continuous Secure Delivery Out Of The Box](
- [Nimc2 - A C2 Fully Written In Nim](
- [Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers](
- [SharpWSUS - CSharp tool for lateral movement through WSUS](
- [awsEnum - Enumerate AWS Cloud Resources Based On Provided Credential](
- [Dlinject - Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace](
- [Microsoft-365-Extractor-Suite - A Set Of PowerShell Scripts That Allow For Complete And Reliable Acquisition Of The Microsoft 365 Unified Audit Log](
- [DeepTraffic - Deep Learning Models For Network Traffic Classification](
- [Aiodnsbrute - DNS Asynchronous Brute Force Utility](
- [Cspparse - A Tool To Evaluate Content Security Policies](
- [CrackQL - GraphQL Password Brute-Force And Fuzzing Utility](
- [Haxx - Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 - iOS 14.8.1](
- [Pamspy - Credentials Dumper For Linux Using eBPF](
- [Secretflow - A Unified Framework For Privacy-Preserving Data Analysis And Machine Learning](
- [Tofu - Windows Offline Filesystem Hacking Tool For Linux](
- [WebView2-Cookie-Stealer - Attacking With WebView2 Applications](
- [Bypass-Url-Parser - Tool That Tests Many URL Bypasses To Reach A 40X Protected Page](
- [Kubeaudit - Tool To Audit Your Kubernetes Clusters Against Common Security Controls](
- [Dumpscan - Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats](
- [Bypass-Url-Parser - Tool That Tests Many URL Bypasses To Reach A 40X Protected Page](
- [Secretflow - A Unified Framework For Privacy-Preserving Data Analysis And Machine Learning](
- [Microsoft-365-Extractor-Suite - A Set Of PowerShell Scripts That Allow For Complete And Reliable Acquisition Of The Microsoft 365 Unified Audit Log](
- [Dlinject - Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace](
- [Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers](
- [Scout - Lightweight URL Fuzzer And Spider: Discover A Web Server'S Undisclosed Files, Directories And VHOSTs](
- [MalSCCM - Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications](
- [GooFuzz - Tool To Perform Fuzzing With An OSINT Approach, Managing To Enumerate Directories, Files, Subdomains Or Parameters Without Leaving Evidence On The Target's Server With Google Dorking](
- [Naabu - A Fast Port Scanner Written In Go With A Focus On Reliability And Simplicity](
- [Msprobe - Finding All Things On-Prem Microsoft For Password Spraying And Enumeration](
- [SharpSniper - Find Specific Users In Active Directory Via Their Username And Logon IP Address](
- [Xss_Vulnerability_Challenges - This Repository Is A Docker Containing Some "XSS Vulnerability" Challenges And Bypass Examples](
- [VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing](
- [Cervantes - Collaborative Platform For Pentesters Or Red Teams Who Want To Save Time To Manage Their Projects, Clients, Vulnerabilities And Reports In One Place](
- [Nightingale - Docker Environment For Pentesting Which Having All The Required Tool For VAPT](
- [OSIPs - Gathers All Valid IP Addresses From All Text Files From A Directory, And Checks Them Against Whois Database, TOR Relays And Location](
- [Frostbyte - FrostByte Is A POC Project That Combines Different Defense Evasion Techniques To Build Better Redteam Payloads](
- [Admin-Panel_Finder - A Burp Suite Extension That Enumerates Infrastructure And Application Admin Interfaces (OTG-CONFIG-005)](
- [Goreplay - Open-Source Tool For Capturing And Replaying Live HTTP Traffic Into A Test Environment In Order To Continuously Test Your System With Real Data](
- [Exfilkit - Data Exfiltration Utility For Testing Detection Capabilities](
- [Blackbird - An OSINT Tool To Search For Accounts By Username In 101 Social Networks](
- [Offensive-Azure - Collection Of Offensive Tools Targeting Microsoft Azure](
- [AutoPWN Suite - Project For Scanning Vulnerabilities And Exploiting Systems Automatically](
- [Socialhunter - Crawls The Website And Finds Broken Social Media Links That Can Be Hijacked](
- [Sentinel-Attack - Tools To Rapidly Deploy A Threat Hunting Capability On Azure Sentinel That Leverages Sysmon And MITRE ATT&CK](
- [Lockc - Making Containers More Secure With eBPF And Linux Security Modules (LSM)](
- [AWS-Threat-Simulation-and-Detection - Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic](
- [Puwr - SSH Pivoting Script For Expanding Attack Surfaces On Local Networks](
- [AzureRT - A Powershell Module Implementing Various Azure Red Team Tactics](
- [Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments](
- [MITM_Intercept - A Little Bit Less Hackish Way To Intercept And Modify non-HTTP Protocols Through Burp And Others](
- [K0Otkit - Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters](
- [Hakoriginfinder - Tool For Discovering The Origin Host Behind A Reverse Proxy. Useful For Bypassing Cloud WAFs!](
- [Stunner - Tool To Test And Exploit STUN, TURN And TURN Over TCP Servers](
- [Pocsploit - A Lightweight, Flexible And Novel Open Source Poc Verification Framework](
- [Frida-Ios-Hook - A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform](
- [Tornado - Anonymously Reverse Shell Over Tor Network Using Hidden Services Without Portforwarding](
- [RedTeam-Physical-Tools - Red Team Toolkit - A Curated List Of Tools That Are Commonly Used In The Field For Physical Security, Red Teaming, And Tactical Covert Entry](
- [Fb_Friend_List_Scraper - OSINT Tool To Scrape Names And Usernames From Large Friend Lists On Facebook, Without Being Rate Limited](
- [Tetanus - Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust](
- [Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask](
- [Octopus - Open Source Pre-Operation C2 Server Based On Python And Powershell](
- [C2concealer - Command Line Tool That Generates Randomized C2 Malleable Profiles For Use In Cobalt Strike](
- [Cyph - Cryptographically Secure Messaging And Social Networking Service](
- [Kali Linux 2022.2 - Penetration Testing and Ethical Hacking Linux Distribution](
- [BirDuster - A Multi Threaded Python Script Designed To Brute Force Directories And Files Names On Webservers](
- [NodeSecurityShield - A Developer And Security Engineer Friendly Package For Securing NodeJS Applications](
- [RogueAssemblyHunter - Rogue Assembly Hunter Is A Utility For Discovering 'Interesting' .NET CLR Modules In Running Processes](
- [SSOh-No - User Enumeration And Password Spraying Tool For Testing Azure AD](
- [DuplicateDump - Dumping LSASS With A Duplicated Handle From Custom LSA Plugin](
- [Kubeclarity - Tool For Detection And Management Of Software Bill Of Materials (SBOM) And Vulnerabilities Of Container Images And Filesystems](
- [CVE-Tracker - With The Help Of This Automated Script, You Will Never Lose Track Of Recently Released CVEs](
- [Email-Prediction-Asterisks - Script That Allows You To Identify The Emails Hidden Behind Asterisks](
- [PEzor-Docker - With The Help Of This Docker Image, You Can Easily Access PEzor On Your System!](
- [Malicious-Pdf - Generate A Bunch Of Malicious Pdf Files With Phone-Home Functionality](
- [Graphql-Threat-Matrix - GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations](
- [LDAPFragger - Command And Control Tool That Enables Attackers To Route Cobalt Strike Beacon Data Over LDAP](
- [Moonwalk - Cover Your Tracks During Linux Exploitation By Leaving Zero Traces On System Logs And Filesystem Timestamps](
- [BackupOperatorToDA - From An Account Member Of The Group Backup Operators To Domain Admin Without RDP Or WinRM On The Domain Controller](
- [Dora - Find Exposed API Keys Based On RegEx And Get Exploitation Methods For Some Of Keys That Are Found](
- [Requests-Ip-Rotator - A Python Library To Utilize AWS API Gateway's Large IP Pool As A Proxy To Generate Pseudo-Infinite IPs For Web Scraping And Brute Forcing](
- [IOSSecuritySuite - iOS Platform Security And Anti-Tampering Swift Library](
- [Rip Raw - Small Tool To Analyse The Memory Of Compromised Linux Systems](
- [O365-Doppelganger - A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User](
- [VulFi - Plugin To IDA Pro Which Can Be Used To Assist During Bug Hunting In Binaries](
- [DDexec - A Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process](
- [Spring4Shell-Scan - A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities](
- [Jfscan - A Super Fast And Customisable Port Scanner, Based On Masscan And NMap](
- [Ma2Tl - macOS Forensic Timeline Generator Using The Analysis Result DBs Of Mac_Apt](
- [DumpSMBShare - A Script To Dump Files And Folders Remotely From A Windows SMB Share](
- [ADReaper - A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go](
- [Zircolite - A Standalone SIGMA-based Detection Tool For EVTX, Auditd And Sysmon For Linux Logs](
- [linWinPwn - A Bash Script That Automates A Number Of Active Directory Enumeration And Vulnerability Checks](
- [EDRSandblast - Tool That Weaponize A Vulnerable Signed Driver To Bypass EDR Detections And LSASS Protections](
- [vAPI - Vulnerable Adversely Programmed Interface Which Is Self-Hostable API That Mimics OWASP API Top 10 Scenarios Through Exercises](
- [365Inspect - A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments](
- [NimPackt-v1 - Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit](
- [EvilSelenium - A Tool That Weaponizes Selenium To Attack Chromium Based Browsers](
- [Wholeaked - A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage](
- [Uncover - Quickly Discover Exposed Hosts On The Internet Using Multiple Search Engine](
- [Cloak - A Censorship Circumvention Tool To Evade Detection By Authoritarian State Adversaries](
- [KNX-Bus-Dump - A Tool To Listen On A KNX Bus Via TPUART And The Calimero Project Suite And To Dump The Data From The Packets Into A Wireshark-Compatible File Hex Dump](
- [ScheduleRunner - A C# Tool With More Flexibility To Customize Scheduled Task For Both Persistence And Lateral Movement In Red Team Operation](
- [ICMP-TransferTools - Transfer Files To And From A Windows Host Via ICMP In Restricted Network Environments](
- [Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics](
- [Phantun - Transforms UDP Stream Into (Fake) TCP Streams That Can Go Through Layer 3 &Amp; Layer 4 (NAPT) firewalls/NATs](
- [Subdomains.Sh - A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain. This Script Is Written With The Aim To Automate The Workflow](
- [Auto-Elevate - Escalate From A Low-Integrity Administrator Account To NT AUTHORITY\SYSTEM Without An LPE Exploit By Combining A COM UAC Bypass And Token Impersonation](
- [Casper-Fs - A Custom Hidden Linux Kernel Module Generator. Each Module Works In The File System To Protect And Hide Secret Files](
- [Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose](
- [Ostorlab - A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way](
- [Factual-Rules-Generator - An Open Source Project Which Aims To Generate YARA Rules About Installed Software From A Machine](
- [ - An AD Explorer Snapshot Parser. It Is Made As An Ingestor For BloodHound, And Also Supports Full-Object Dumping To NDJSON](
- [ShellcodeTemplate - An Easily Modifiable Shellcode Template For Windows X64/X86](
- [Ghostbuster - Eliminate Dangling Elastic IPs By Performing Analysis On Your Resources Within All Your AWS Accounts](
- [PurplePanda - Identify Privilege Escalation Paths Within And Across Different Clouds](
- [RefleXXion - A Utility Designed To Aid In Bypassing User-Mode Hooks Utilised By AV/EPP/EDR Etc](
- [WMEye - A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement](
- [GoodHound - Uses Sharphound, Bloodhound And Neo4j To Produce An Actionable List Of Attack Paths For Targeted Remediation](
- [Dome - Fast And Reliable Python Script That Makes Active And/Or Passive Scan To Obtain Subdomains And Search For Open Ports](
- [DomainAlerting - Daily Alert When A New Domain Name Is Registered And Contains Your Keywords](
- [Codecat v0.56 - An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis](
- [Nivistealer - Steal Victim Images Exact Location Device Info And Much More](
- [Scanmycode-Ce - Code Scanning/SAST/Static Analysis/Linting Using Many tools/Scanners With One Report - Scanmycode Community Edition (CE)](
- [Master_Librarian - A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities](
- [Geowifi - Search WiFi Geolocation Data By BSSID And SSID On Different Public Databases](
- [GONET-Scanner - Golang Network Scanner With Arp Discovery And Own Parser](
- [Authz0 - An Automated Authorization Test Tool. Unauthorized Access Can Be Identified Based On URLs And RolesAnd Credentials](
- [IOC Scraper - A Fast And Reliable Service That Enables You To Extract IOCs And Intelligence From Different Data Sources](
- [Ocr-Recon - Tool To Find A Particular String In A List Of URLs Using Tesseract'S OCR (Optical Character Recognition) Capabilities](
- [Litefuzz - A Multi-Platform Fuzzer For Poking At Userland Binaries And Servers](
- [Checkov - Prevent Cloud Misconfigurations During Build-Time For Terraform, CloudFormation, Kubernetes, Serverless Framework And Other Infrastructure-As-Code-Languages](
- [Katoolin3 - Get Your Favourite Kali Linux Tools On Debian/Ubuntu/Linux Mint](
- [NTLMRecon - Enumerate Information From NTLM Authentication Enabled Web Endpoints](
- [openSquat - Detection Of Phishing Domains And Domain Squatting. Supports Permutations Such As Homograph Attack, Typosquatting And Bitsquatting](
- [JNDI-Injection-Exploit - A Tool Which Generates JNDI Links Can Start Several Servers To Exploit JNDI Injection Vulnerability](
- [Win-Brute-Logon - Crack Any Microsoft Windows Users Password Without Any Privilege (Guest Account Included)](
- [Scylla - The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc](
- [Chain-Reactor - An Open Source Framework For Composing Executables That Simulate Adversary Behaviors And Techniques On Linux Endpoints](
- [SSRFire - An Automated SSRF Finder. Just Give The Domain Name And Your Server And Chill! Also Has Options To Find XSS And Open Redirects](
- [Talisman - By Hooking Into The Pre-Push Hook Provided By Git, Talisman Validates The Outgoing Changeset For Things That Look Suspicious](
- [Njsscan - A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Your Node.js Applications](
- [Kali Linux 2022.1 - Penetration Testing and Ethical Hacking Linux Distribution](
- [Flare-Qdb - Command-line And Python Debugger For Instrumenting And Modifying Native Software Behavior On Windows And Linux](
- [Droopescan - A Plugin-Based Scanner That Aids Security Researchers In Identifying Issues With Several CMSs, Mainly Drupal And Silverstripe](
- [Get-RBCD-Threaded - Tool To Discover Resource-Based Constrained Delegation Attack Paths In Active Directory Environments](
- [truffleHog - Searches Through Git Repositories For High Entropy Strings And Secrets, Digging Deep Into Commit History](
- [SocialPwned - An OSINT Tool That Allows To Get The Emails, From A Target, Published In Social Networks Such As Instagram, Linkedin And Twitter To Find Possible Credentials Leaks In PwnDB Or Dehashed And Obtain Google Account Information Via GHunt](
- [Instaloctrack - An Instagram OSINT Tool To Collect All The Geotagged Locations Available On An Instagram Profile In Order To Plot Them On A Map, And Dump Them In A JSON](
- [Invoke-EDRChecker - Checks Running Processes, Process Metadata, Dlls Loaded Into Your Current Process And The Each DLLs Metadata, Common Install Directories, Installed Services, The Registry And Running Drivers For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools](
- [Espionage - A Network Packet And Traffic Interceptor For Linux. Spoof ARP And Wiretap A Network](
- [IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts](
- [SentryPeer - A Distributed Peer To Peer List Of Bad Actor IP Addresses And Phone Numbers Collected Via A SIP Honeypot](
- [SQLRecon - A C# MS SQL Toolkit Designed For Offensive Reconnaissance And Post-Exploitation](
- [wmiexec-RegOut - Modify Version Of Impacket Wmiexec.Py, Get Output(Data,Response) From Registry, Don'T Need SMB Connection, Also Bypassing Antivirus-Software In Lateral Movement Like WMIHACKER](
- [Ipsourcebypass - This Python Script Can Be Used To Bypass IP Source Restrictions Using HTTP Headers](
- [Rathole - A Lightweight, Stable And High-Performance Reverse Proxy For NAT Traversal, Written In Rust. An Alternative To Frp And Ngrok](
- [RecoverPy - Interactively Find And Recover Deleted Or Overwritten Files From Your Terminal](
- [Mininode - A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis](
- [Combobulator - Framework To Detect And Prevent Dependency Confusion Leakage And Potential Attacks](
- [Xolo - Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph](
- [FACT - A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise](
- [Http2Smugl - Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion](
- [SpoofThatMail - Bash Script To Check If A Domain Or List Of Domains Can Be Spoofed Based In DMARC Records](
- [Mandiant-Azure-AD-Investigator - PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity](
- [Pwndora - Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes, Create Your Own IoT Search Engine At Home](
- [Wireshark-Forensics-Plugin - A cross-platform Wireshark plugin that correlates network traffic data with threat intelligence, asset categorization & vulnerability data](
- [Dep-Scan - Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Container Images. Integrates With Various CI Environments Such As Azure Pipelines, CircleCI, Google CloudBuild](
- [Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities](
- [goCabrito - Super Organized And Flexible Script For Sending Phishing Campaigns](
- [Registry-Spy - Cross-platform Registry Browser For Raw Windows Registry Files](
- [TokenUniverse - An Advanced Tool For Working With Access Tokens And Windows Security Policy](
- [Espoofer - An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures](
- [Wifi-Framework - Wi-Fi Framework For Creating Proof-Of-Concepts, Automated Experiments, Test Suites, Fuzzers, And More...](
- [RAUDI - A Repo To Automatically Generate And Keep Updated A Series Of Docker Images Through GitHub Actions](
- [SpoofThatMail - Bash Script To Check If A Domain Or List Of Domains Can Be Spoofed Based In DMARC Records](
- [WannaRace - WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition](
- [PasteMonitor - Scrape Pastebin API To Collect Daily Pastes, Setup A Wordlist And Be Alerted By Email When You Have A Match](
- [Shellcode-Encryptor - A Simple Shell Code Encryptor/Decryptor/Executor To Bypass Anti Virus](
- [Mortar - Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)](
- [Log4J-Detect - Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading](
- [Skrull - A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR And Signature Scanning From Kernel](
- [ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan](
- [Snap-Scraper - Snap Scraper Enables Users To Download Media Uploaded To Snapchat's Snap Map Using A Set Of Latitude And Longitude Coordinates](
- [Onionservice - Manage Your Onion Services Via CLI Or TUI On Unix-like Operating System With A POSIX Compliant Shell](
- [NimHollow - Nim Implementation Of Process Hollowing Using Syscalls (PoC)](
- [Spamscanner - Spam Scanner Is The Best Anti-Spam, Email Filtering, And Phishing Prevention Service](
- [Spray365 - Makes Spraying Microsoft Accounts (Office 365 / Azure AD) Easy Through Its Customizable Two-Step Password Spraying Approach](
- [SQLbit - Just Another Script For Automatize Boolean-Based Blind SQL Injections](
- [MUI - A GUI Plugin For Binary Ninja To Easily Interact With And View The Progress Of Manticore](
- [Web Cache Vulnerability Scanner - A Go-based CLI Tool For Testing For Web Cache Poisoning](
- [Mesh-Kridik - An Open-Source Security Checker That Performs Various Security Checks On A Kubernetes Cluster With Istio Service Mesh And Is Leveraged By OPA (Open Policy Agent) To Enforce Security Rules](
- [log4j-scan - A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts](
- [Log4J-Detector - Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046](
- [Jektor - A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses](
- [CloudSpec - An Open Source Tool For Validating Your Resources In Your Cloud Providers Using A Logical Language](
- [ADenum - A Pentesting Tool That Allows To Find Misconfiguration Through The The Protocol LDAP And Exploit Some Of Those Weaknesses With Kerberos](
- [DInjector - Collection Of Shellcode Injection Techniques Packed In A D/Invoke Weaponized DLL](
- [O365Spray - Username Enumeration And Password Spraying Tool Aimed At Microsoft O365](
- [SMBeagle - Fileshare Auditing Tool That Hunts Out All Files It Can See In The Network And Reports If The File Can Be Read And/Or Written](
- [Fileless-Xec - Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk](
- [KaliIntelligenceSuite - Shall Aid In The Fast, Autonomous, Central, And Comprehensive Collection Of Intelligence By Executing Standard Penetration Testing Tools](
- [Swurg - Parse OpenAPI Documents Into Burp Suite For Automating OpenAPI-based APIs Security Assessments](
- [Toutatis - A Tool That Allows You To Extract Information From Instagrams Accounts Such As E-Mails, Phone Numbers And More](
- [IAM Vulnerable - Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground](
- [DLLHijackingScanner - This Is A PoC For Bypassing UAC Using DLL Hijacking And Abusing The "Trusted Directories" Verification](
- [ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan](
- [ZipExec - A Unique Technique To Execute Binaries From A Password Protected Zip](
- [Kit_Hunter - A Basic Phishing Kit Scanner For Dedicated And Semi-Dedicated Hosting](
- [Digital-Forensics-Lab - Free Hands-On Digital Forensics Labs For Students And Faculty](
- [DetectionLabELK - A Fork From DetectionLab With ELK Stack Instead Of Splunk](
- [Cracken - A Fast Password Wordlist Generator, Smartlist Creation And Password Hybrid-Mask Analysis Tool](
- [ELFXtract - An Automated Analysis Tool Used For Enumerating ELF Binaries](
- [goEnumBruteSpray - User Enumeration And Password Bruteforce On Azure, ADFS, OWA, O365 And Gather Emails On Linkedin](
- [Nanobrok - Web Service For Control And Protect Your Android Device Remotely](
- [Redherd Framework -A Collaborative And Serverless Framework For Orchestrating A Geographically Distributed Group Of Assets](
- [UDP-Hunter - Network Assessment Tool For Various UDP Services Covering Both IPv4 And IPv6 Protocols](
- [ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application](
- [pwnSpoof - Generates realistic spoofed log files for common web servers with customisable attack scenarios](
- [Kubernetes-Goat - Is A "Vulnerable By Design" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security](
- [Kube-Applier - Enables Automated Deployment And Declarative Configuration For Your Kubernetes Cluster](
- [Hyenae-Ng - An Advanced Cross-Platform Network Packet Generator And The Successor Of Hyenae](
- [Cumulus - Web Application Weakness Monitoring, It Would Be Working By Add Just 3 Codelines](
- [ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders](
- [Canadian Furious Beaver - A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities](
- [AzureHunter - A Cloud Forensics Powershell Module To Run Threat Hunting Playbooks On Data From Azure And O365](
- [Abaddon - Make red team operations faster, more repeatable, stealthier, while including value-added tools and bringing numerous reporting capabilities](
- [Covert-Control - Google Drive, OneDrive And Youtube As Covert-Channels - Control Systems Remotely By Uploading Files To Google Drive, OneDrive, Youtube Or Telegram](
- [FormatFuzzer - A Framework For High-Efficiency, High-Quality Generation And Parsing Of Binary Inputs](
- [RottenPotatoNG - A C++ DLL And Standalone C++ Binary - No Need For Meterpreter Or Other Tools](
- [Private Set Membership (PSM) - Cryptographic Protocol That Allows Clients To Privately Query](
- [Hashdb-Ida - HashDB API Hash Lookup Plugin For IDA Pro](
- [Certipy - Python Implementation For Active Directory Certificate Abuse](
- [Tor-Rootkit - A Python 3 Standalone Windows 10 / Linux Rootkit Using Tor](
- [PyRDP - RDP Monster-In-The-Middle (Mitm) And Library For Python With The Ability To Watch Connections Live Or After The Fact](
- [Androidqf - (Android Quick Forensics) Helps Quickly Gathering Forensic Evidence From Android Devices, In Order To Identify Potential Traces Of Compromise](
- [LDAPmonitor - Monitor Creation, Deletion And Changes To LDAP Objects Live During Your Pentest Or System Administration!](
- [ADLab - Custom PowerShell Module To Setup An Active Directory Lab Environment To Practice Penetration Testing](
- [Vimana - An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications](
- [Melting-Cobalt - A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object](
- [Web-Hacking-Toolkit - A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support](
- [Dockerized-Android - A Container-Based Framework To Enable The Integration Of Mobile Components In Security Training Platforms](
- [GC2 - A Command And Control Application That Allows An Attacker To Execute Commands On The Target Machine Using Google Sheet And Exfiltrate Data Using Google Drive](
- [Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public](
- [Http-Protocol-Exfil - Exfiltrate Files Using The HTTP Protocol Version ("HTTP/1.0" Is A 0 And "HTTP/1.1" Is A 1)](
- [HTTPUploadExfil - A Simple HTTP Server For Exfiltrating Files/Data During, For Example, CTFs](
- [Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture](
- [Webdiscover - The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits](
- [VECTR - A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios](
- [ThreadStackSpoofer - PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode'S Memory Allocation From Scanners And Analysts](
- [SubCrawl - A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing The Data With Optional Output Modules, Such As MISP](
- [PowerShx - Run Powershell Without Software Restrictions](
- [PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation](
- [Metabadger - Prevent SSRF Attacks On AWS EC2 Via Automated Upgrades To The More Secure Instance Metadata Service V2 (IMDSv2)](
- [Limelighter - A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones](
- [LazyCSRF - A More Useful CSRF PoC Generator](
- [ImpulsiveDLLHijack - C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries](
- [DorkScout - Golang Tool To Automate Google Dork Scan Against The Entiere Internet Or Specific Targets](
- [Crawlergo - A Powerful Browser Crawler For Web Vulnerability Scanners](
- [Xmap - A Fast Network Scanner Designed For Performing Internet-wide IPv6 &Amp; IPv4 Network Research Scanning](
- [PowerShx - Run Powershell Without Software Restrictions](
- [Rdesktop - Open Source Client for Microsoft's RDP protocol](
- [Shisho - Lightweight Static Analyzer For Several Programming Languages](
- [Azur3Alph4 - A PowerShell Module That Automates Red-Team Tasks For Ops On Objective](
- [Covert-Tube - Youtube As Covert-Channel - Control Systems Remotely And Execute Commands By Uploading Videos To Youtube](
- [SpoolSploit - A Collection Of Windows Print Spooler Exploits Containerized With Other Utilities For Practical Exploitation](
- [Smersh - A Pentest Oriented Collaborative Tool Used To Track The Progress Of Your Company'S Missions](
- [Scrummage - The Ultimate OSINT And Threat Hunting Framework](
- [pFuzz - Helps Us To Bypass Web Application Firewall By Using Different Methods At The Same Time](
- [BurpCrypto - A Collection Of Burpsuite Encryption Plug-Ins, Support AES/RSA/DES/ExecJs(execute JS Encryption Code In Burpsuite)](
- [Bopscrk - Tool To Generate Smart And Powerful Wordlists](
- [AutomatedLab - A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts](
- [efiXplorer - IDA Plugin For UEFI Firmware Analysis And Reverse Engineering Automation](
- [Kekeo - A Little Toolbox To Play With Microsoft Kerberos In C](
- [PKINITtools - Tools For Kerberos PKINIT And Relaying To AD CS](
- [Webstor - A Script To Quickly Enumerate All Websites Across All Of Your Organization'S Networks, Store Their Responses, And Query For Known Web Technologies, Such As Those With Zero-Day Vulnerabilities](
- [Kodex - A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code](
- [SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts](
- [StreamDivert - Redirecting (Specific) TCP, UDP And ICMP Traffic To Another Destination](
- [Cloudquery - Transforms Your Cloud Infrastructure Into SQL Database For Easy Monitoring, Governance And Security](
- [DongTai - An Interactive Application Security testing(IAST) Product That Supports The Detection Of OWASP WEB TOP 10 Vulnerabilities, Multi-Request Related Vulnerabilities (Including Logic Vulnerabilities, Unauthorized Access Vulnerabilities, Etc.), Third-Party Component Vulnerabilities, Etc.](
- [QueenSono - Golang Binary For Data Exfiltration With ICMP Protocol](
- [PoW-Shield - Project Dedicated To Fight DDoS And Spam With Proof Of Work, Featuring An Additional WA](
- [Haklistgen - Turns Any Junk Text Into A Usable Wordlist For Brute-Forcing](
- [Reconky - A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It](
- [Wordlistgen - Quickly Generate Context-Specific Wordlists For Content Discovery From Lists Of URLs Or Paths](
- [DirSearch - A Go Implementation Of Dirsearch](
- [Weakpass - Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words](
- [PyHook - An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call](
- [MailRipV2 - Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features](
- [CrowdSec - An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks](
- [PS2EXE - Module To Compile Powershell Scripts To Executables](
- [InlineExecute-Assembly - A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution](
- [BatchQL - GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations](
- [Concealed Position - Bring Your Own Print Driver Privilege Escalation Tool](
- [Ntlm_Theft - A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files](
- [On-The-Fly - Tool Which Gives Capabilities To Perform Pentesting Tests In Several Domains (IoT, ICS & IT)](
- [DNSTake - A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover](
- [Kali Linux 2021.3 - Penetration Testing and Ethical Hacking Linux Distribution](
- [Rootend - A *Nix Enumerator And Auto Privilege Escalation Tool](
- [Gokart - A Static Analysis Tool For Securing Go Code](
- [Autoharness - A Tool That Automatically Creates Fuzzing Harnesses Based On A Library](
- [ODBParser - OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing](
- [WWWGrep - OWASP Foundation Web Respository](
- [Owt - The Most Compact WiFi Auditing Tool That Works On Command Line Linux](
- [SharpStrike - A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems](
- [TREVORspray - A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API](
- [packetsifterTool - A Tool To Aid Analysts In Sifting Through A Packet Capture (Pcap) To Find Noteworthy Traffic](
- [Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface](
- [GoPurple - Yet Another Shellcode Runner Consists Of Different Techniques For Evaluating Detection Capabilities Of Endpoint Security Solutions](
- [Bugs-feed - A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities...](
- [Zuthaka - An Open Source Application Designed To Assist Red-Teaming Efforts, By Simplifying The Task Of Managing Different APTs And Other Post-Exploitation Tools](
- [MobileAudit - SAST and Malware Analysis for Android Mobile APKs](
- [KnockOutlook - A Little Tool To Play With Outlook](
- [Assless-Chaps - Crack MSCHAPv2 Challenge/Responses Quickly Using A Database Of NT Hashes](
- [403Bypasser - Automates The Techniques Used To Circumvent Access Control Restrictions On Target Pages](
- [SigFlip - A Tool For Patching Authenticode Signed PE Files (Exe, Dll, Sys ..Etc) Without Invalidating Or Breaking The Existing Signature](
- [Fpicker - A Frida-based Fuzzing Suite Supporting Various Modes (Including AFL++ In-Process Fuzzing)](
- [Keyhacks - A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They'Re Valid](
- [Speakeasy - Windows Kernel And User Mode Emulation](
- [MEAT - This Toolkit Aims To Help Forensicators Perform Different Kinds Of Acquisitions On iOS Devices](
- [Ctf-Screenshotter - A CTF Web Challenge About Making Screenshots](
- [adalanche - Active Directory ACL Visualizer and Explorer](
- [PSPKIAudit - PowerShell toolkit for auditing Active Directory Certificate Services (AD CS)](
- [Git-Secret - Go Scripts For Finding An API Key / Some Keywords In Repository](
- [LazySign - Create Fake Certs For Binaries Using Windows Binaries And The Power Of Bat Files](
- [Process-Dump - Windows Tool For Dumping Malware PE Files From Memory Back To Disk For Analysis](
- [Keimpx - Check For Valid Credentials Across A Network Over SMB](
- [Brutus - An Educational Exploitation Framework Shipped On A Modular And Highly Extensible Multi-Tasking And Multi-Processing Architecture](
- [PackageDNA - Tool To Analyze Software Packages Of Different Programming Languages That Are Being Or Will Be Used In Their Codes](
- [FisherMan - CLI Program That Collects Information From Facebook User Profiles Via Selenium](
- [REW-sploit - Emulate And Dissect MSF And *Other* Attacks](
- [Allstar - GitHub App To Set And Enforce Security Policies](
- [Jsleak - A Go Code To Detect Leaks In JS Files Via Regex Patterns](
- [AuraBorealisApp - Do You Know What's In Your Python Packages? A Tool For Visualizing Python Package Registry Security Audit Data](
- [ReverseSSH - Statically-linked Ssh Server With Reverse Shell Functionality For CTFs And Such](
- [PickleC2 - A Post-Exploitation And Lateral Movements Framework](
- [CamPhish - Grab Cam Shots From Target'S Phone Front Camera Or PC Webcam Just Sending A Link.](
- [Tko-Subs - A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records](
- [Bantam - A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems](
- [Nimplant - A Cross-Platform Implant Written In Nim](
- [jwtXploiter - A Tool To Test Security Of Json Web Token](
- [Wsh - Web Shell Generator And Command Line Interface](
- [Jarm - Active Transport Layer Security (TLS) server fingerprinting tool](
- [Karton - Distributed Malware Processing Framework Based On Python, Redis And MinIO](
- [UnhookMe - An Universal Windows API Resolver And Unhooker Addressing Problem Of Invoking Unmonitored System Calls From Within Of Your Red Teams Malware](
- [ADCSPwn - A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service](
- [Sigurlfind3R - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine](
- [Solitude - A Privacy Analysis Tool That Enables Anyone To Conduct Their Own Privacy Investigations](
- [Go-Shellcode - A Repository Of Windows Shellcode Runners And Supporting Utilities](
- [cThreadHijack - Beacon Object File (BOF) For Remote Process Injection Via Thread Hijacking](
- [WARCannon - High Speed/Low Cost CommonCrawl RegExp In Node.js](
- [ChangeTower - Tool To Help You Watch Changes In Webpages And Get Notified Of Any Changes](
- [Elpscrk - An Intelligent Common User-Password Profiler Based On Permutations And Statistics](
- [Uchihash - A Small Utility To Deal With Malware Embedded Hashes](
- [SharpLAPS - Retrieve LAPS Password From LDAP](
- [Rz-Ghidra - Deep Ghidra Decompiler And Sleigh Disassembler Integration For Rizin](
- [Domhttpx - A Google Search Engine Dorker With HTTP Toolkit Built With Python, Can Make It Easier For You To Find Many URLs/IPs At Once With Fast Time](
- [PowerShellArmoury - A PowerShell Armoury For Security Guys And Girls](
- [CSIRT-Collect - PowerShell Script To Collect Memory And (Triage) Disk Forensics](
- [Cerbrutus - Network Brute Force Tool, Written In Python](
- [Ruse - Mobile Camera-Based Application That Attempts To Alter Photos To Preserve Their Utility To Humans While Making Them Unusable For Facial Recognition Systems](
- [Rtl_433 - Program To Decode Radio Transmissions From Devices On The ISM Bands (And Other Frequencies)](
- [Sniffle - A Sniffer For Bluetooth 5 And 4.X LE](
- [CredPhish - A PowerShell Script Designed To Invoke Legitimate Credential Prompts And Exfiltrate Passwords Over DNS](
- [LoGiC.NET - A More Advanced Free And Open .NET Obfuscator Using Dnlib](
- [Dorothy - Tool To Test Security Monitoring And Detection For Okta Environments](
- [Juumla - Tool Designed To Identify And Scan For Version, Config Files In The CMS Joomla!](
- [Rconn - Rconn Is A Multiplatform Program For Creating Generic Reverse Connections](
- [Ppmap - A Scanner/Exploitation Tool Written In GO, Which Leverages Prototype Pollution To XSS By Exploiting Known Gadgets](
- [Terraguard - Create And Destroy Your Own VPN Service Using WireGuard](
- [Pathprober - Probe And Discover HTTP Pathname Using Brute-Force Methodology And Filtered By Specific Word Or 2 Words At Once](
- [In0ri - Defacement Detection With Deep Learning](
- [TeamsUserEnum - User Enumeration With Microsoft Teams API](
- [Regexploit - Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)](
- [Orbitaldump - A Simple Multi-Threaded Distributed SSH Brute-Forcing Tool Written In Python](
- [ARTIF - An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.](
- [Bughound - Static Code Analysis Tool Based On Elasticsearch](
- [Kali-Whoami - A Privacy Tool Developed To Keep You Anonymous On Kali Linux At The Highest Level](
- [Exploit_Mitigations - Knowledge Base Of Exploit Mitigations Available Across Numerous Operating Systems, Architectures And Applications And Versions](
- [Redteam-Hardware-Toolkit - Red Team Hardware Toolkit](
- [Wpscvn - Wpscvn Is A Tool For Pentesters, Website Owner To Test If Their Websites Had Some Vulnerable Plugins Or Themes](
- [Injector - Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows](
- [Whisker - A C# Tool For Taking Over Active Directory User And Computer Accounts By Manipulating Their msDS-KeyCredentialLink Attribute](
- [DNSrr - A Tool Written In Bash, Used To Enumerate All The Juicy Stuff From DNS](
- [RemotePotato0 - Just Another "Won't Fix" Windows Privilege Escalation From User To Domain Admin](
- [JWTweak - Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm](
- [Nexfil - OSINT Tool For Finding Profiles By Username](
- [Security Scorecards - Security Health Metrics For Open Source](
- [Ipa-Medit - Memory Search And Patch Tool For Resigned Ipa Without Jailbreak](
- [Cariddi - Take A List Of Domains, Crawl Urls And Scan For Endpoints, Secrets, Api Keys, File Extensions, Tokens And More...](
- [FindObjects-BOF - A Cobalt Strike Beacon Object File (BOF) Project Which Uses Direct System Calls To Enumerate Processes For Specific Loaded Modules Or Process Handles](
- [GitDump - A Pentesting Tool That Dumps The Source Code From .Git Even When The Directory Traversal Is Disabled](
- [TiEtwAgent - PoC Memory Injection Detection Agent Based On ETW, For Offensive And Defensive Research Purposes](
- [Backstab - A Tool To Kill Antimalware Protected Processes](
- [FRIDA-DEXDump - Fast Search And Dump Dex On Memory](
- [MacHound - An extension to audit Bloodhound collecting and ingesting of Active Directory relationships on MacOS hosts](
- [GDir-Thief - Red Team Tool For Exfiltrating The Target Organization'S Google People Directory That You Have Access To, Via Google's API](
- [Gorsair - Hacks Its Way Into Remote Docker Containers That Expose Their APIs](
- [Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion](
- [Invoke-DNSteal - Simple And Customizable DNS Data Exfiltrator](
- [OpenAttack - An Open-Source Package For Textual Adversarial Attack](
- [Forblaze - A Python Mac Steganography Payload Generator](
- [WAF-A-MoLE - A Guided Mutation-Based Fuzzer For ML-based Web Application Firewalls](
- [AWS Pen-Testing Laboratory - Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet](
- [Heappy - A Happy Heap Editor To Support Your Exploitation Process](
- [Mythic - A Collaborative, Multi-Platform, Red Teaming Framework](
- [HoneyCreds - Network Credential Injection To Detect Responder And Other Network Poisoners](
- [SharpHook - Tool Tath Uses Various API Hooks In Order To Give Us The Desired Credentials](
- [CamRaptor - Tool That Exploits Several Vulnerabilities In Popular DVR Cameras To Obtain Network Camera Credentials](
- [BlobHunter - Find Exposed Data In Azure With This Public Blob Scanner](
- [RomBuster - A Router Exploitation Tool That Allows To Disclosure Network Router Admin Password](
- [Fully-Homomorphic-Encryption - Libraries And Tools To Perform Fully Homomorphic Encryption Operations On An Encrypted Data Set](
- [CamOver - A Camera Exploitation Tool That Allows To Disclosure Network Camera Admin Password](
- [HashCheck - Tool To Assist In The Search For Leaked Passwords](
- [Swift-Attack - Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods](
- [Squalr - Squalr Memory Editor - Game Hacking Tool Written In C#](
- [RdpCacheStitcher - RdpCacheStitcher Is A Tool That Supports Forensic Analysts In Reconstructing Useful Images Out Of RDP Cache Bitmaps](
- [NamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation](
- [Ioccheck - A Tool For Simplifying The Process Of Researching IOCs](
- [FalconEye - Real-time detection software for Windows process injections](
- [Kconfig-Hardened-Check - A Tool For Checking The Hardening Options In The Linux Kernel Config](
- [Joern - Open-source Code Analysis Platform For C/C++/Java Based On Code Property Graphs](
- [PPLdump - Dump The Memory Of A PPL With A Userland Exploit](
- [Aggrokatz - An Aggressor Plugin Extension For Cobalt Strike Which Enables Pypykatz To Interface With The Beacons Remotely](
- [Gundog - Guided Hunting In Microsoft 365 Defender](
- [TChopper - Conduct Lateral Movement Attack By Leveraging Unfiltered Services Display Name To Smuggle Binaries As Chunks Into The Target Machine](
- [defenselessV1 - Just Another Vulnerable Web Application](
- [EmailFinder - Search Emails From A Domain Through Search Engines](
- [pyWhat - Identify Anything. Easily Lets You Identify Emails, IP Addresses, And More...](
- [Nebula - Cloud C2 Framework, Which At The Moment Offers Reconnaissance, Enumeration, Exploitation, Post Exploitation On AWS](
- [iOS Malicious Bit Hunter - A Malicious Plug-In Detection Eng ine For iOS Applications](
- [Interactsh - An OOB Interaction Gathering Server And Client Library](
- [BlueCloud - Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D](
- [Neurax - A Framework For Constructing Self-Spreading Binaries](
- [SharpWebServer - HTTP And WebDAV Server With Net-NTLM Hashes Capture Functionality](
- [Link - A Command And Control Framework Written In Rust](
- [Totp-Ssh-Fluxer - Take Security By Obscurity To The Next Level (This Is A Bad Idea, Don'T Really Use This Please)](
- [Caronte - A Tool To Analyze The Network Flow During Attack/Defence Capture The Flag Competitions](
- [Typodetect - Detect The Active Mutations Of Domains](
- [Shepard - In Progress Persistent Download/Upload/Execution Tool Using Windows BITS](
- [ARTi-C2 - A Post-Exploitation Framework Used To Execute Atomic Red Team Test Cases With Rapid Payload Deployment And Execution Capabilities Via .NET's DLR](
- [Penglab - Abuse Of Google Colab For Cracking Hashes](
- [Onelinepy - Python Obfuscator To Generate One-Liners And FUD Payloads](
- [Dent - A Framework For Creating COM-based Bypasses Utilizing Vulnerabilities In Microsoft's WDAPT Sensors](
- [magicRecon - A Powerful Shell Script To Maximize The Recon And Data Collection Process Of An Objective And Finding Common Vulnerabilities](
- [Kaiju - A Binary Analysis Framework Extension For The Ghidra Software Reverse Engineering Suite](
- [IMAPLoginTester - Script That Reads A Text File With Lots Of E-Mails And Passwords, And Tries To Check If Those Credentials Are Valid By Trying To Login On IMAP Servers](
- [AnalyticsRelationships - Get Related Domains / Subdomains By Looking At Google Analytics IDs](
- [Dystopia - Low To Medium Multithreaded Ubuntu Core Honeypot Coded In Python](
- [DNS-Black-Cat(DBC) - Multi Platform Toolkit For An Interactive DNS Shell Commands Exfiltration, By Using DNS-Cat You Will Be Able To Execute System Commands In Shell Mode Over DNS Protocol](
- [Qvm-Create-Windows-Qube - Spin Up New Windows Qubes Quickly, Effortlessly And Securely](
- [Php_Code_Analysis - San your PHP code for vulnerabilities](
- [Solr-GRAB - Steal Apache Solr Instance Queries With Or Without A Username And Password](
- [MurMurHash - Tool To Calculate A MurmurHash Value Of A Favicon To Hunt Phishing Websites On The Shodan Platform](
- [AMSITrigger - The Hunt For Malicious Strings](
- [SQLFluff - A SQL Linter And Auto-Formatter For Humans](
- [GraphQLmap - A Scripting Engine To Interact With A Graphql Endpoint For Pentesting Purposes](
- [DivideAndScan - Divide Full Port Scan Results And Use It For Targeted Nmap Runs](
- [AutoPentest-DRL - Automated Penetration Testing Using Deep Reinforcement Learning](
- [ABPTTS - TCP Tunneling Over HTTP/HTTPS For Web Application Servers](
- [Etherblob-Explorer - Search And Extract Blob Files On The Ethereum Blockchain Network](
- [IPED - Digital Forensic Tool - Process And Analyze Digital Evidence, Often Seized At Crime Scenes By Law Enforcement Or In A Corporate Investigation By Private Examiners](
- [Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture](
- [Corsair_Scan - A Security Tool To Test Cross-Origin Resource Sharing (CORS)](
- [DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection](
- [Red-Kube - Red Team K8S Adversary Emulation Based On Kubectl](
- [CIMplant - C# Port Of WMImplant Which Uses Either CIM Or WMI To Query Remote Systems](
- [Httpx - A Fast And Multi-Purpose HTTP Toolkit Allows To Run Multiple Probers Using Retryablehttp Library, It Is Designed To Maintain The Result Reliability With Increased Threads](
- [Mubeng - An Incredibly Fast Proxy Checker And IP Rotator With Ease](
- [R77-Rootkit - Fileless Ring 3 Rootkit With Installer And Persistence That Hides Processes, Files, Network Connections, Etc...](
- [3klCon - Automation Recon Tool Which Works With Large And Medium Scope](
- [Snuffleupagus - Security Module For Php7 And Php8 - Killing Bugclasses And Virtual-Patching The Rest!](
- [ByeIntegrity-UAC - Bypass UAC By Hijacking A DLL Located In The Native Image Cache](
- [APSoft-Web-Scanner-v2 - Powerful Dork Searcher And Vulnerability Scanner For Windows Platform](
- [Short story about Clubhouse user scraping and social graphs](
- [Baserunner - A Tool For Exploring Firebase Datastores](
- [DNSObserver - A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities](
- [CyberBattleSim - An Experimentation And Research Platform To Investigate The Interaction Of Automated Agents In An Abstract Simulated Network Environments](
- [Lucifer - A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration And More...](
- [Waybackurls - Fetch All The URLs That The Wayback Machine Knows About For A Domain](
- [Red-Detector - Scan Your EC2 Instance To Find Its Vulnerabilities Using](
- [WordPress-Brute-Force - Super Fast Login WordPress Brute Force](
- [CANalyse - A Vehicle Network Analysis And Attack Tool](
- [Judge-Jury-and-Executable - A File System Forensics Analysis Scanner And Threat Hunting Tool](
- [Priv2Admin - Exploitation Paths Allowing You To (Mis)Use The Windows Privileges To Elevate Your Rights Within The OS](
- [Botkube - An App That Helps You Monitor Your Kubernetes Cluster, Debug Critical Deployments And Gives Recommendations For Standard Practices](
- [Botkube - An App That Helps You Monitor Your Kubernetes Cluster, Debug Critical Deployments &Amp; Gives Recommendations For Standard Practices](
- [Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell](
- [LibAFL - Advanced Fuzzing Library - Slot Your Fuzzer Together In Rust! Scales Across Cores And Machines. For Windows, Android, MacOS, Linux, No_Std, ...](
- [Evasor - A Tool To Be Used In Post Exploitation Phase For Blue And Red Teams To Bypass APPLICATIONCONTROL Policies](
- [Duplicut - Remove Duplicates From MASSIVE Wordlist, Without Sorting It (For Dictionary-Based Password Cracking)](
- [Storm-Breaker - Tool Social Engineering (Access Webcam, Microphone, OS Password Grabber And Location Finder) With Ngrok](
- [Nginxpwner - Tool to look for common Nginx misconfigurations and vulnerabilities](
- [Paragon - Red Team Engagement Platform With The Goal Of Unifying Offensive Tools Behind A Simple UI](
- [M365_Groups_Enum - Enumerate Microsoft 365 Groups In A Tenant With Their Metadata](
- [PwnLnX - An Advanced Multi-Threaded, Multi-Client Python Reverse Shell For Hacking Linux Systems](
- [Fav-Up - IP Lookup By Favicon Using Shodan](
- [Cook - A Customizable Wordlist And Password Generator](
- [Profil3r - OSINT Tool That Allows You To Find A Person'S Accounts And Emails + Breached Emails](
- [Tscopy - Tool to parse the NTFS $MFT file to locate and copy specific files](
- [SlackPirate - Slack Enumeration And Extraction Tool - Extract Sensitive Information From A Slack Workspace](
- [IPCDump - Tool For Tracing Interprocess Communication (IPC) On Linux](
- [CrossLinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping](
- [Vulnerablecode - A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities](
- [Kubesploit - A Cross-Platform Post-Exploitation HTTP/2 Command And Control Server And Agent Written In Golang](
- [Dnspeep - Spy On The DNS Queries Your Computer Is Making](
- [BetterXencrypt - A Better Version Of Xencrypt - Xencrypt It Self Is A Powershell Runtime Crypter Designed To Evade AVs](
- [KubiScan - A Tool To Scan Kubernetes Cluster For Risky Permissions](
- [Modded-Ubuntu - Run Ubuntu GUI On Your Termux With Much Features](
- [Cypheroth - Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound's Neo4j Backend And Saves Output To Spreadsheets](
- [Spraygen - Password List Generator For Password Spraying](
- [HttpDoom - A Tool For Response-Based Inspection Of Websites Across A Large Amount Of Hosts For Quickly Gaining An Overview Of HTTP-based Attack Surface](
- [Sish - HTTP(S)/WS(S)/TCP Tunnels To Localhost Using Only SSH](
- [Android-PIN-Bruteforce - Unlock An Android Phone (Or Device) By Bruteforcing The Lockscreen PIN](
- [PentestBro - Combines Subdomain Scans, Whois, Port Scanning, Banner Grabbing And Web Enumeration Into One Tool](
- [Defeat-Defender - Powerful Batch Script To Dismantle Complete Windows Defender Protection And Even Bypass Tamper Protection](
- [Swissknife - Scriptable VSCode Extension To Generate Or Manipulate Data. Stop Pasting Sensitive Data In Webpag](
- [Adfsbrute - A Script To Test Credentials Against Active Directory Federation Services (ADFS), Allowing Password Spraying Or Bruteforce Attacks](
- [Traitor - Automatic Linux Privesc Via Exploitation Of Low-Hanging Fruit E.G. GTFOBin](
- [Ronin - A Ruby Platform For Vulnerability Research And Exploit Development](
- [AzureC2Relay - An Azure Function That Validates And Relays Cobalt Strike Beacon Traffic By Verifying The Incoming Requests Based On A Cobalt Strike Malleable C2 Profile](
- [Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques](
- [Redcloud - Automated Red Team Infrastructure Deployement Using Docker](
- [NtHiM - Super Fast Sub-domain Takeover Detection](
- [Columbo - A Computer Forensic Analysis Tool Used To Simplify And Identify Specific Patterns In Compromised Datasets](
- [Scylla - The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc...](
- [Maigret - OSINT Username Checker. Collect A Dossier On A Person By Username From A Huge Number Of Sites](
- [Watson - Enumerate Missing KBs And Suggest Exploits For Useful Privilege Escalation Vulnerabilities](
- [SharpHound3 - C# Data Collector For The BloodHound Project](
- [DefenderCheck - Identifies The Bytes That Microsoft Defender Flags On](
- [SharpGPOAbuse - Tool To Take Advantage Of A User'S Edit Rights On A Group Policy Object (GPO) In Order To Compromise The Objects That Are Controlled By That GPO](
- [Tuf - A Framework For Securing Software Update Systems](
- [SecretScanner - Find Secrets And Passwords In Container Images And File Systems](
- [SharpDPAPI - A C# Port Of Some Mimikatz DPAPI Functionality](
- [Seatbelt - A C# Project That Performs A Number Of Security Oriented Host-Survey "Safety Checks" Relevant From Both Offensive And Defensive Security Perspectives](
- [Rubeus - C# Toolset For Raw Kerberos Interaction And Abuses](
- [ClearURLs - An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy](
- [Android_Hid - Use Android As Rubber Ducky Against Another Android Device](
- [KICS - Find Security Vulnerabilities, Compliance Issues, And Infrastructure Misconfigurations Early In The Development Cycle Of Your Infrastructure-As-Code](
- [Boomerang - A Tool To Expose Multiple Internal Servers To Web/Cloud](
- [CallObfuscator - Obfuscate Specific Windows Apis With Different APIs](
- [Search-That-Hash - Searches Hash APIs To Crack Your Hash Quickly, If Hash Is Not Found Automatically Pipes Into HashCat](
- [Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code](
- [cve_manager_VS - A Collection Of Python Apps And Shell Scripts To Email An Xlsx Spreadsheet Of New Vulnerabilities In The NIST CVE Database And Their Associated Products On A Daily Schedule](
- [Smogcloud - Find Cloud Assets That No One Wants Exposed](
- [Gitrecon - OSINT Tool To Get Information From A Github Profile And Find GitHub User'S Email Addresses Leaked On Commits](
- [Kraker - Distributed Password Brute-Force System That Focused On Easy Use](
- [CTF-Party - A Ruby Library To Enhance And Speed Up Script/Exploit Writing For CTF Players](
- [Godehashed - Tool That Uses The Dehashed.Com API To Search For Compromised Assets](
- [ProxyLogon - PoC Exploit for Microsoft Exchange](
- [Vajra - A Highly Customi zable Target And Scope Based Automated Web Hacking Framework To Automate Boring Recon Tasks](
- [Subcert - An Subdomain Enumeration Tool, That Finds All The Subdomains From Certificate Transparency Logs](
- [Mole - A Framework For Identifying And Exploiting Out-Of-Band Application Vulnerabilities](
- [Invoke-SocksProxy - Socks Proxy, And Reverse Socks Server Using Powershell](
- [Reverse-Shell-Generator - Hosted Reverse Shell Generator With A Ton Of Functionality](
- [OffensivePipeline - Tool To Download, Compile (Without Visual Studio) And Obfuscate C# Tools For Red Team Exercises](
- [Rafel-Rat - Android Rat Written In Java With WebPanel For Controlling Victims](
- [AnonX - An Encrypted File Transfer Via AES-256-CBC](
- [Strafer - A Tool To Detect Potential Infections In Elasticsearch Instances](
- [Turbo-Intruder - A Burp Suite Extension For Sending Large Numbers Of HTTP Requests And Analyzing The Results](
- [Lazy-RDP - Script For AutomRDPatic Scanning And Brute-Force](
- [SnitchDNS - Database Driven DNS Server With A Web UI](
- [Genisys - Powerful Telegram Members Scraping And Adding Toolkit](
- [Confused - Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems](
- [DLLHSC - DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking](
- [PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage](
- [Gitls - Enumerate Git Repository URL From List Of URL / User / Org](
- [Go-RouterSocks - Router Sock. One Port Socks For All The Others.](
- [Writehat - A Pentest Reporting Tool Written In Python](
- [HiddenEyeReborn - HiddenEye With Completely New Codebase And Better Features Set](
- [Procrustes - A Bash Script That Automates The Exfiltration Of Data Over Dns In Case We Have A Blind Command Execution On A Server Where All Outbound Connections Except DNS Are Blocked](
- [packetStrider - A Network Packet Forensics Tool For SSH](
- [uEmu - Tiny Cute Emulator Plugin For IDA Based On Unicorn.](
- [Kubestriker - A Blazing Fast Security Auditing Tool For Kubernetes](
- [CertEagle - Asset monitoring utility using real time CT log feeds](
- [PyBeacon - A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python](
- [Teatime - An RPC Attack Framework For Blockchain Nodes](
- [Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy](
- [OWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web Security Scanner](
- [StandIn - A Small .NET35/45 AD Post-Exploitation Toolkit](
- [WdToggle - A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Caching](
- [Pillager - Filesystems For Sensitive Information With Go](
- [CornerShot - Amplify Network Visibility From Multiple POV Of Other Hosts](
- [OpenWifiPass - An Open Source Implementation Of Apple's Wi-Fi Password Sharing Protocol In Python](
- [ScareCrow - Payload Creation Framework Designed Around EDR Bypass](
- [APT-Hunter - Threat Hunting Tool For Windows Event Logs Which Made By Purple Team Mindset To Provide Detect APT Movements Hidden In The Sea Of Windows Event Logs To Decrease The Time To Uncover Suspicious Activity](
- [Kali Linux 2021.1 - Penetration Testing and Ethical Hacking Linux Distribution](
- [BugBountyScanner - A Bash Script And Docker Image For Bug Bounty Reconnaissance](
- [RAT-el - An Open Source Penetration Test Tool That Allows You To Take Control Of A Windows Machine](
- [Remote-Method-Guesser - Tool For Java RMI Enumeration And Bruteforce Of Remote Methods](
- [Horusec - An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command](
- [PE-Packer - A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly](
- [SSB - A Faster And Simpler Way To Bruteforce SSH Server](
- [DirDar - A Tool That Searches For (403-Forbidden) Directories To Break It And Get Dir Listing On It](
- [SSRFuzz - A Tool To Find Server Side Request Forgery Vulnerabilities, With CRLF Chaining Capabilities](
- [Galer - A Fast Tool To Fetch URLs From HTML Attributes By Crawl-In](
- [WireBug - A Toolset For Voice-over-IP Penetration Testing](
- [Chimera - A (Shiny And Very Hack-Ish) PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions](
- [Gitlab-Watchman - Monitoring GitLab For Sensitive Data Shared Publicly](
- [OSV - Open Source Vulnerability DB And Triage Service](
- [Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook's GraphQL Technology, To Learn And Practice GraphQL Security](
- [Project iKy v2.7.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface](
- [Darkdump - Search The Deep Web Straight From Your Terminal](
- [BaphoDashBoard - Dashboard For Manage And Generate The Baphomet Ransomware](
- [ShellShockHunter - It's A Simple Tool For Test Vulnerability Shellshock](
- [Wifi-Password - Quickly Fetch Your WiFi Password And If Needed, Generate A QR Code Of Your WiFi To Allow Phones To Easily Connect](
- [Ditto - A Tool For IDN Homograph Attacks And Detection](
- [COM-Code-Helper - Two IDAPython Scripts Help You To Reconstruct Microsoft COM (Component Object Model) Code](
- [Creepy - A Geolocation OSINT Tool. Offers Geolocation Information Gathering Through Social Networking Platforms](
- [GPOZaurr - Group Policy Eater Is A PowerShell Module That Aims To Gather Information About Group Policies](
- [Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers](
- [Phpvuln - Audit Tool To Find Common Vulnerabilities In PHP Source Code](
- [Linux-Chrome-Recon - An Information Gathering Tool Used To Enumerate All Possible Data About An User From Google-Chrome Browser From Any Linux Distribution](
- [Uroboros - A GNU/Linux Monitoring And Profiling Tool Focused On Single Processes](
- [BurpMetaFinder - Burp Suite Extension For Extracting Metadata From Files](
- [Flawfinder - A Static Analysis Tool For Finding Vulnerabilities In C/C++ Source Code](
- [MOSE - Post Exploitation Tool For Configuration Management Servers.](
- [PSC - E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward](
- [SSRF-King - SSRF Plugin For Burp Automates SSRF Detection In All Of The Request](
- [Arbitrium-RAT - A Cross-Platform, Fully Undetectable Remote Access Trojan, To Control Android, Windows And Linux](
- [JWT Key ID Injector - Simple Python Script To Check Against Hypothetical JWT Vulnerability](
- [SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools](
- [Emba - An Analyzer For Linux-based Firmware Of Embedded Devices](
- [Shellex - C-shellcode To Hex Converter, Handy Tool For Paste And Execute Shellcodes In Gdb, Windbg, Radare2, Ollydbg, X64Dbg, Immunity Debugger And 010 Editor](
- [WSuspicious - A Tool To Abuse Insecure WSUS Connections For Privilege Escalations](
- [ATMMalScan - Tool for Windows which helps to search for malware traces on an ATM during the DFIR process](
- [Xnuspy - An iOS Kernel Function Hooking Framework For Checkra1N'Able Devices](
- [Zmap - A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys](
- [Sigurlx - A Web Application Attack Surface Mapping Tool](
- [MetaFinder - Search For Documents In A Domain Through Google](
- [WPCracker - WordPress User Enumeration And Login Brute Force Tool](
- [MobileHackersWeapons - Mobile Hacker's Weapons / A Collection Of Cool Tools Used By Mobile Hackers](
- [Git-Wild-Hunt - A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt](
- [BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation](
- [Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets](
- [ImHex - A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.](
- [MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)](
- [SysWhispers2 - AV/EDR Evasion Via Direct System Calls](
- [ByteDance-HIDS - A Cloud-Native Host-Based Intrusion Detection Solution Project To Provide Next-Generation Threat Detection And Behavior Audition With Modern Architecture](
- [Ssh-Mitm - Ssh Mitm Server For Security Audits Supporting Public Key Authentication, Session Hijacking And File Manipulation](
- [Stegbrute - Fast Steganography Bruteforce Tool Written In Rust Useful For CTF's](
- [K55 - Linux X86_64 Process Injection Utility | Manipulate Processes With Customized Payloads](
- [Umbrella_android - Digital And Physical Security Advice App](
- [RadareEye - A Tool Made For Specially Scanning Nearby devices [BLE, Bluetooth And Wifi] And Execute Our Given Command On Our System When The Target Device Comes In-Between Range](
- [ProtOSINT - A Python Script That Helps You Investigate Protonmail Accounts And ProtonVPN IP Addresses](
- [Sigurls - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine](
- [pongoOS - A Pre-Boot Execution Environment For Apple Boards](
- [Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go](
- [MUD-Visualizer - A Tool To Visualize MUD Files](
- [Emp3R0R - Linux Post-Exploitation Framework Made By Linux User](
- [Exif-Gps-Tracer - A Python Script Which Allows You To Parse GeoLocation Data From Your Image Files Stored In A dataset](
- [UhOh365 - A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)](
- [Sarenka - OSINT Tool - Data From Services Like Shodan, Censys Etc. In One Place](
- [Hack-Tools v0.3.0 - The All-In-One Red Team Extension For Web Pentester](
- [EvtMute - Apply A Filter To The Events Being Reported By Windows Event Logging](
- [Urlhunter - A Recon Tool That Allows Searching On URLs That Are Exposed Via Shortener Services](
- [RogueWinRM - Windows Local Privilege Escalation From Service Account To System](
- [Wynis - Audit Windows Security With Best Practice](
- [Proxify - Swiss Army Knife Proxy Tool For HTTP/HTTPS Traffic Capture, Manipulation, And Replay On The Go](
- [Social-Analyzer - API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)](
- [Aura - Python Source Code Auditing And Static Analysis On A Large Scale](
- [Vulmap - Web Vulnerability Scanning And Verification Tools](
- [Censys-Python - An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine](
- [Kenzer - Automated Web Assets Enumeration And Scanning](
- [Grawler - Tool Which Comes With A Web Interface That Automates The Task Of Using Google Dorks, Scrapes The Results, And Stores Them In A File](
- [0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)](
- [Sploit - Go Package That Aids In Binary Analysis And Exploitation](
- [Fawkes - Tool To Search For Targets Vulnerable To SQL Injection (Performs The Search Using Google Search Engine)](
- [Bheem - Simple Collection Of Small Bash-Scripts Which Runs Iteratively To Carry Out Various Tools And Recon Process](
- [Bento - A Minimal Fedora-Based Container For Penetration Tests And CTF With The Sweet Addition Of GUI Applications](
- [Ghost Framework - An Android Post-Exploitation Framework That Exploits The Android Debug Bridge To R emotely Access An Android Device](
- [APKLab - Android Reverse Engineering WorkBench For VS Code](
- [ToRat - A Remote Administation Tool Written In Go Using Tor As A Transport Mechanism And RPC For Communication](
- [WSMan-WinRM - A Collection Of Proof-Of-Concept Source Code And Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object](
- [Stegseek - Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second](
- [Slipstream - NAT Slipstreaming Allows An Attacker To Remotely Access Any TCP/UDP Services Bound To A Victim Machine, Bypassing The Victim's NAT/firewall, Just By The Victim Visiting A Website](
- [Carnivore - Tool For Assessing On-Premises Microsoft Servers Authentication Such As ADFS, Skype, Exchange, And RDWeb](
- [Sak1To-Shell - Multi-threaded C2 Server And Reverse Shell Client Written In Pure C](
- [DarkSide - Tool Information Gathering And Social Engineering](
- [RESTler - The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services](
- [Packer-Fuzzer - A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack](
- [Js-X-Ray - JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)](
- [Hijackthis - A Free Utility That Finds Malware, Adware And Other Security Threats](
- [ADSearch - A Tool To Help Query AD Via The LDAP Protocol](
- [Obfuscator - The Program Is Designed To Obfuscate The Shellcode](
- [Pytmipe - Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows](
- [Enum4Linux-Ng - A Next Generation Version Of Enum4Linux (A Windows/Samba Enumeration Tool) With Additional Features Like JSON/YAML Export](
- [Hacktory platform packed with new game-playing features](
- [Aclpwn.Py - Active Directory ACL Exploitation With BloodHound](
- [ - Automation For Javascript Recon In Bug Bounty](
- [Fast-Security-Scanners - Security Checks For Your Researches](
- [Hacktory platform packed with new game-playing features](
- [Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure](
- [OnionSearch - A Script That Scrapes Urls On Different .Onion Search Engines](
- [Fortiscan - A High Performance FortiGate SSL-VPN Vulnerability Scanning And Exploitation Tool](
- [Admin-Scanner - This Tool Is Design To Find Admin Panel Of Any Website By Using Custom Wordlist Or Default Wordlist Easily](
- [Talon - A Password Guessing Tool That Targets The Kerberos And LDAP Services Within The Windows Active Directory Environment](
- [Tracee - Container And System Event Tracing Using eBPF](
- [DNSx - A Fast And Multi-Purpose DNS Toolkit Allow To Run Multiple DNS Queries Of Your Choice With A List Of User-Supplied Resolvers](
- [N1QLMap - The Tool Exfiltrates Data From Couchbase Database By Exploiting N1QL Injection Vulnerabilities](
- [RedShell - An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server](
- [Wsb-Detect - Tool To Detect If You Are Running In Windows Sandbox ("WSB")](
- [ToothPicker - An In-Process, Coverage-Guided Fuzzer For iOS](
- [Routopsy - A Toolkit Built To Attack Often Overlooked Networking Protocols](
- [Invoke-Antivm - Powershell Tool For VM Evasion](
- [Bulwark - An Organizational Asset And Vulnerability Management Tool, With Jira Integration, Designed For Generating Application Security Reports](
- [Doctrack - Tool To Manipulate And Insert Tracking Pixels Into Office Open XML Documents (Word, Excel)](
- [Kali Linux 2020.4 - Penetration Testing and Ethical Hacking Linux Distribution](
- [MacC2 - Mac Command And Control That Uses Internal API Calls Instead Of Command Line Utilities](
- [Garud - An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters](
- [Go_Parser - Yet Another Golang Binary Parser For IDAPro](
- [FinalRecon v1.1.0 - The Last Web Recon Tool You'll Need](
- [Webshell-Analyzer - Web Shell Scanner And Analyzer](
- [DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs](
- [Feroxbuster - A Fast, Simple, Recursive Content Discovery Tool Written In Rust](
- [Brutto - Easy Brute Forcing To Whatever You Want](
- [SwiftyInsta - Instagram Unofficial Private API Swift](
- [Kraken - Cross-platform Yara Scanner Written In Go](
- [Tempomail - Generate A Custom Email Address In 1 Second And Receive Emails](
- [GWTMap - Tool to help map the attack surface of Google Web Toolkit](
- [JSMon - JavaScript Change Monitor for BugBounty](
- [Hetty - An HTTP Toolkit For Security Research](
- [PCWT - A Web Application That Makes It Easy To Run Your Pentest And Bug Bounty Projects](
- [ReconNote - Web Application Security Automation Framework Which Recons The Target For Various Assets To Maximize The Attack Surface For Security Professionals & Bug-Hunters](
- [paradoxiaRAT - Native Windows Remote Access Tool](
- [Py3Webfuzz - A Python3 Module To Assist In Fuzzing Web Applications](
- [NFCGate - An NFC Research Toolkit Application For Android](
- [Octopus WAF - Web Application Firewall Made In C Language And Use Libevent](
- [Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases](
- [FAMA - Forensic Analysis For Mobile Apps](
- [Scripthunter - Tool To Find JavaScript Files On Websites](
- [Tfsec - Security Scanner For Your Terraform Code](
- [Linux-Evil-Toolkit - A Framework That Aims To Centralize, Standardize And Simplify The Use Of Various Security Tools For Pentest Professionals](
- [Herpaderping - Process Herpaderping Bypasses Security Products By Obscuring The Intentions Of A Process](
- [JWT-Hack - Tool To En/Decoding JWT, Generate Payload For JWT Attack And Very Fast Cracking(Dict/Brutefoce)](
- [Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats](
- [CobaltStrikeScan - Scan Files Or Process Memory For CobaltStrike Beacons And Parse Their Configuration](
- [Manuka - A Modular OSINT Honeypot For Blue Teamers](
- [GitDorker - A Tool To Scrape Secrets From GitHub Through Usage Of A Large Repository Of Dorks](
- [Oregami - IDA Plugins And Scripts For Analyzing Register Usage Frame](
- [NTLMRawUnHide - A Python3 Script Designed To Parse Network Packet Capture Files And Extract NTLMv2 Hashes In A Crackable Format](
- [MalwareSourceCode - Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages](
- [Zap-Hud - The OWASP ZAP Heads Up Display (HUD)](
- [PatchChecker - Web-based Check For Windows Privesc Vulnerabilities](
- [Apk-Medit - Memory Search And Patch Tool On Debuggable Apk Without Root & Ndk](
- [SSJ - Your Everyday Linux Distribution Gone Super Saiyan](
- [RmiTaste - Allows Security Professionals To Detect, Enumerate, Interact And Exploit RMI Services By Calling Remote Methods With Gadgets From Ysoseria](
- [Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover](
- [Simple-Live-Data-Collection - Simple Live Data Collection Tool](
- [TheCl0n3r - Tool To Download And Manage Your Git Repositories](
- [HackBrowserData - Decrypt Passwords/Cookies/History/Bookmarks From The Browser](
- [Zracker - Zip File Password BruteForcing Utility Tool based on CPU-Power](
- [Mikrot8Over - Fast Exploitation Tool For Mikrotik RouterOS](
- [MEDUZA - A More Or Less Universal SSL Unpinning Tool For iOS](
- [Nuubi Tools - Information Ghatering, Scanner And Recon](
- [DamnVulnerableCryptoApp - An App With Really Insecure Crypto](
- [Wave-Share - Serverless, Peer-To-Peer, Local File Sharing Through Sound](
- [NashaVM - A Virtual Machine For .NET Files And Its Runtime Was Made In C++/CLI](
- [C41N - An Automated Rogue Access Point Setup Tool](
- [vPrioritizer - Tool To Understand The Contextualized Risk (vPRisk) On Asset-Vulnerability Relationship Level Across The Organization](
- [CSRFER - Tool To Generate CSRF Payloads Based On Vulnerable Requests](
- [GHunt - Investigate Google Accounts With Emai](
- [Offering Users More For Their Activity - Similar Items Upon Checkout](
- [Lockphish - The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode](
- [IoTMap - Research Project On Heterogeneous IoT Protocols Modelling](
- [Kube-Score - Kubernetes Object Analysis With Recommendations For Improved Reliability And Security](
- [SCREEN_KILLER - Tool To Track Progress For Reporting (Capture Screenshot, Commands And Outputs) During Pentest Engagement And OSCP](
- [OFFPORT_KILLER - This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally](
- [AdvPhishing - This Is Advance Phishing Tool! OTP PHISHING](
- [Asnap - Tool To Render Recon Phase Easier By Providing Updated Data About Which Companies Owns Which Ipv4 Or Ipv6 Addresses](
- [smbAutoRelay - Provides The Automation Of SMB/NTLM Relay Technique For Pentesting And Red Teaming Exercises In Active Directory Environments](
- [Pastego - Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)](
- [mapCIDR - Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges](
- [Lil-Pwny - Auditing Active Directory Passwords Using Multiprocessing In Python](
- [Polypyus - Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries](
- [Cooolis-ms - A Server That Supports The Metasploit Framework RPC](
- [PwnedPasswordsChecker - Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)](
- [SharpSecDump - .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket'S Secretsdump.Py](
- [Go-Dork - The Fastest Dork Scanner Written In Go](
- [Enum4Linux - A Linux Alternative To Enum.Exe For Enumerating Data From Windows And Samba Hosts](
- [Dnxfirewall - A Pure Python Next Generation Firewall Built On Top Of Linux Kernel/Netfilter](
- [GRAT2 - Command And Control (C2) Project For Learning Purpose](
- [VMPDump - A Dynamic VMP Dumper And Import Fixer](
- [Moriarty-Project - This Tool Gives Information About The Phone Number That You Entered](
- [Frp - A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet](
- [CRLFuzz - A Fast Tool To Scan CRLF Vulnerability Written In Go](
- [Winshark - A Wireshark Plugin To Instrument ETW](
- [Winshark - A Wireshark Plugin To Instrument ETW](
- [Unimap - Scan Only Once By IP Address And Reduce Scan Times With Nmap For Large Amounts Of Data](
- [CRLFMap - A Tool To Find HTTP Splitting Vulnerabilities](
- [Zin - A Payload Injector For Bugbounties Written In Go](
- [dorkX - Pipe Different Tools With Google Dork Scanner](
- [AES Finder - Utility To Find AES Keys In Running Processes](
- [Croc - Easily And Securely Send Things From One Computer To Another](
- [ActiveDirectoryEnumeration - Enumerate AD Through LDAP With A Collection Of Helpfull Scripts Being Bundled](
- [Chimera - PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions](
- [DockerENT - The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks](
- [HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware](
- [Some-Tools - Install And Keep Up To Date Some Pentesting Tools](
- [Safety - Check Your Installed Dependencies For Known Security Vulnerabilities](
- [Anchore Engine - A Service That Analyzes Docker Images And Applies User-Defined Acceptance Policies To Allow Automated Container Image Validation And Certification](
- [Rakkess - Kubectl Plugin To Show An Access Matrix For K8S Server Resources](
- [Browsertunnel - Surreptitiously Exfiltrate Data From The Browser Over DNS](
- [PurpleCloud - An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud](
- [OpenRedireX - Asynchronous Open redirect Fuzzer for Humans](
- [VPS-Docker-For-Pentest - Create A VPS On Google Cloud Platform Or Digital Ocean Easily With The Docker For Pentest](
- [Geo-Recon - An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts](
- [Bbrecon - Python Library And CLI For The Bug Bounty Recon API](
- [SpaceSiren - A Honey Token Manager And Alert System For AWS](
- [LOLBITS v2.0.0 - C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion](
- [Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks](
- [Mihari - A Helper To Run OSINT Queries & Manage Results Continuously](
- [SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!](
- [Iblessing - An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis](
- [Urlgrab - A Golang Utility To Spider Through A Website Searching For Additional Links](
- [Vulnerable-AD - Create A Vulnerable Active Directory That'S Allowing You To Test Most Of Active Directory Attacks In Local Lab](
- [Bluescan - A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!](
- [SharpHose - Asynchronous Password Spraying Tool In C# For Windows Environments](
- [Hack-Tools - The All-In-One Red Team Extension For Web Pentester](
- [ezEmu - Simple Execution Of Commands For Defensive Tuning/Research](
- [AWS Recon - Multi-threaded AWS Inventory Collection Tool With A Focus On Security-Relevant Resources And Metadata](
- [Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale](
- [Scan-For-Webcams - Scan For Webcams In The Internet](
- [ADBSploit - A Python Based Tool For Exploiting And Managing Android Devices Via ADB](
- [Wonitor - Fast, Zero Config Web Endpoint Change Monitor](
- [ReconSpider - Most Advanced Open Source Intelligence (OSINT) Framework For Scanning IP Address, Emails, Websites, Organizations](
- [Pagodo - Automate Google Hacking Database Scraping And Searching](
- [Kali Linux 2020.3 Release - Penetration Testing and Ethical Hacking Linux Distribution](
- [PurpleSharp - C# Adversary Simulation Tool That Executes Adversary Techniques With The Purpose Of Generating Attack Telemetry In Monitored Windows Environments](
- [Sinter - A User-Mode Application Authorization System For MacOS Written In Swift](
- [IoT-PT - A Virtual Environment For Pentesting IoT Devices](
- [PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage](
- [Spybrowse - Code Developed To Steal Certain Browser Config Files (History, Preferences, Etc)](
- [CheckXSS - Detect XSS vulnerability in Web Applications](
- [Phirautee - A PoC Crypto Virus To Spread User Awareness About Attacks And Implications Of Ransomwares](
- [DAGOBAH - Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources](
- [AWS Report - A Tool For Analyzing Amazon Resources](
- [AWS Report - A Tool For Analyzing Amazon Resources.](
- [Bastillion - A Web-Based SSH Console That Centrally Manages Administrative Access To Systems](
- [SharpChromium - .NET 4.0 CLR Project To Retrieve Chromium Data, Such As Cookies, History And Saved Logins](
- [SkyArk - Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS](
- [PE Tree - Python Module For Viewing Portable Executable (PE) Files In A Tree-View](
- [Arcane - A Simple Script Designed To Backdoor iOS Packages (Iphone-Arm) And Create The Necessary Resources For APT Repositories](
- [SharpAppLocker - C# Port Of The Get-AppLockerPolicy PS Cmdlet](
- [PhishingKitTracker - Let's Track Phishing Kits To Give To Research Community Raw Material To Stud](
- [Gtunnel - A Robust Tunelling Solution Written In Golang](
- [UEFI_RETool - A Tool For UEFI Firmware Reverse Engineering](
- [Netenum - A Tool To Passively Discover Active Hosts On A Network](
- [Cnitch - Container Snitch Checks Running Processes Under The Docker Engine And Alerts If Any Are Found To Be Running As Root](
- [Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols](
- [DeimosC2 - A Golang Command And Control Framework For Post-Exploitation](
- [CWFF - Create Your Custom Wordlist For Fuzzing](
- [Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report](
- [dazzleUP - A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS](
- [uDork - Tool That Uses Advanced Google Search Techniques To Obtain Sensitive Information In Files Or Directories, Find IoT Devices, Detect Versions Of Web Applications, And So On](
- [Kubebox - Terminal And Web Console For Kubernetes](
- [Commit Stream - OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API](
- [HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website](
- [TrustJack - Yet Another PoC For Hijacking DLLs in Windows](
- [HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website. (Python 2.X &Amp; 3.X)](
- [Sitedorks - Search Google/Bing/DuckDuckGo/Yandex/Yahoo For A Search Term With Different Websites](
- [reNgine - An Automated Reconnaissance Framework Meant For Gathering Information During Penetration Testing Of Web Applications](
- [AuthMatrix - A Burp Suite Extension That Provides A Simple Way To Test Authorization](
- [Permission Manager - A Project That Brings Sanity To Kubernetes RBAC And Users Management, Web UI FTW](
- [Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing](
- [Onex - A Library Of Hacking Tools For Termux And Other Linux Distributions](
- [Kali-Linux-Tools-Interface - Graphical Web Interface Developed To Facilitate The Use Of Security Information Tools](
- [NTLMRecon - A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints](
- [ADB-Toolkit - Tool for testing your Android device](
- [hackerEnv - An Automation Tool That Quickly And Easily Sweep IPs And Scan Ports, Vulnerabilities And Exploit Them](
- [Lazymux - A Huge List Of Many Hacking Tools And PEN-TESTING Tools](
- [Keylogger - Get Keyboard, Mouse, ScreenShot, Microphone Inputs From Target Computer And Send To Your Mail](
- [Docker for Pentest - Image With The More Used Tools To Create A Pentest Environment Easily And Quickly](
- [Steganographer - Hide Files Or Data In Image Files](
- [Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence](
- [Saferwall - A Hackable Malware Sandbox For The 21St Century](
- [WiFi Passview v4.0 - An Open Source Batch Script Based WiFi Passview For Windows!](
- [Maskprocessor - High-Performance Word Generator With A Per-Position Configureable Charset](
- [X64Dbg - An Open-Source X64/X32 Debugger For Windows](
- [Debotnet - A Tiny Portable Tool For Controlling Windows 10's Many Privacy-Related Settings And Keep Your Personal Data Private](
- [Santa - A Binary Whitelisting/Blacklisting System For macOS](
- [FinDOM-XSS - A Fast DOM Based XSS Vulnerability Scanner With Simplicity](
- [ParamSpider - Mining Parameters From Dark Corners Of Web Archives](
- [WordListGen - Super Simple Python Word List Generator For Fuzzing And Brute Forcing In Python](
- [dorkScanner - A Typical Search Engine Dork Scanner Scrapes Search Engines With Dorks That You Provide In Order To Find Vulnerable URLs](
- [Airshare - Cross-platform Content Sharing In A Local Network](
- [Git All The Payloads! A Collection Of Web Attack Payloads](
- [Faxhell - A Bind Shell Using The Fax Service And A DLL Hijack](
- [HackingTool - ALL IN ONE Hacking Tool For Hackers](
- [FastNetMon Community - Very Fast DDoS Analyzer With Sflow/Netflow/Mirror Support](
- [GoGhost - High Performance, Lightweight, Portable Open Source Tool For Mass SMBGhost Scan](
- [Behave - A Monitoring Browser Extension For Pages Acting As Bad Boys](
- [How AI and Voice Technology is Similar to a Service Dog](
- [IIS-Raid - A Native Backdoor Module For Microsoft IIS (Internet Information Services)](
- [UsoDllLoader - Windows - Weaponizing Privileged File Writes With The Update Session Orchestrator Service](
- [Basecrack - Best Decoder Tool For Base Encoding Schemes](
- [Kube-Bench - Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark](
- [Espionage - A Network Packet And Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network](
- [Cloudtopolis - Cracking Hashes In The Cloud For Free](
- [Colabcat - Running Hashcat On Google Colab With Session Backup And Restore](
- [How to Free Recover Deleted Files on Your Mac](
- [Hmmcookies - Grab Cookies From Firefox, Chrome, Opera Using A Shortcut File (Bypass UAC)](
- [Business Secure: How AI is Sneaking into our Restaurants](
- [InQL - A Burp Extension For GraphQL Security Testing](
- [SAyHello - Capturing Audio (.Wav) From Target Using A Link](
- [O.G. AUTO-RECON - Enumerate A Target Based Off Of Nmap Results](
- [Zip Cracker - Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline](
- [DroidTracker - Script To Generate An Android App To Track Location In Real Time](
- [Iox - Tool For Port Forward &Amp; Intranet Proxy](
- [OSS-Fuzz - Continuous Fuzzing Of Open Source Software](
- [Vhosts-Sieve - Searching For Virtual Hosts Among Non-Resolvable Domains](
- [SGN - Encoder Ported Into Go With Several Improvements](
- [TeaBreak - A Productivity Burp Extension Which Reminds To Take Break While You Are At Work!](
- [Digital Signature Hijack - Binaries, PowerShell Scripts And Information About Digital Signature Hijacking](
- [SecretFinder - A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT...) And Search Anything On Javascript Files](
- [Axiom - A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!](
- [Fast-Google-Dorks-Scan - Fast Google Dorks Scan](
- [URLCADIZ - A Simple Script To Generate A Hidden Url For Social Engineering](
- [ - Get Ports, Vulnerabilities, Informations, Banners, ..Etc For Any IP With Shodan (No Apikey! No Rate-Limit!)](
- [Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used](
- [EvilPDF - Embedding Executable Files In PDF Documents](
- [Needle - Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip](
- [Stegcloak - Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords](
- [URLCrazy - Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage](
- [Spyeye - Script To Generate Win32 .Exe File To Take Screenshots](
- [Words Scraper - Selenium Based Web Scraper To Generate Passwords List](
- [JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS](
- [Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public](
- [Jshole - A JavaScript Components Vulnrability Scanner, Based On RetireJS](
- [GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules](
- [Eviloffice - Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)](
- [Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters](
- [GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More](
- [Enumy - Linux Post Exploitation Privilege Escalation Enumeration](
- [Bing-Ip2Hosts - Bingip2Hosts Is A Web Scraper That Discovers Websites By IP Address](
- [Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management](
- [ADCollector - A Lightweight Tool To Quickly Extract Valuable Information From The Active Directory Environment For Both Attacking And Defending](
- [MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory](
- [Project iKy v2.6.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface](
- [RepoPeek - A Python Script To Get Details About A Repository Without Cloning It](
- [Pivotnacci - A Tool To Make Socks Connections Through HTTP Agents](
- [OhMyQR - Hijack Services That Relies On QR Code Authentication](
- [FinalRecon - The Last Web Recon Tool You'll Need](
- [Jaeles v0.9 - The Swiss Army Knife For Automated Web Application Testing](
- [Game-based learning platform provides full immersion into cybersecurity](
- [EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)](
- [S3BucketList - Firefox Plugin The Lists Amazon S3 Buckets Found In Requests](
- [Locator - Geolocator, Ip Tracker, Device Info By URL (Serveo And Ngrok)](
- [Minimalistic-offensive-security-tools - A Repository Of Tools For Pentesting Of Restricted And Isolated Environments](
- [Nishang - Offensive PowerShell For Red Team, Penetration Testing And Offensive Security](
- [Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers](
- [Spray - A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)](
- [Self-XSS - Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code](
- [Open Sesame - A Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored](
- [ParamKit - A Small Library Helping To Parse Commandline Parameters](
- [Open-Sesame - A Python Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored](
- [Evilreg - Reverse Shell Using Windows Registry Files (.Reg)](
- [URLBrute - Tool To Brute Website Sub-Domains And Dirs](
- [Lockphish - A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode](
- [DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang](
- [Kali Linux 2020.2 Release - Penetration Testing and Ethical Hacking Linux Distribution](
- [Clipboardme - Grab And Inject Clipboard Content By Link](
- [Wifipumpkin3 - Powerful Framework For Rogue Access Point Attack](
- [PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF](
- [Exegol - Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration](
- [GDBFrontend - An Easy, Flexible And Extensionable GUI Debugger](
- [Shellerator - Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages](
- [Powerob - An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements](
- [How to Set Up a VPN on Kodi in 2 Minutes or Less](
- [HiveJack - This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host](
- [Nexphisher - Advanced Phishing Tool For Linux & Termux](
- [TorghostNG - Make All Your Internet Traffic Anonymized Through Tor Network](
- [Sshprank - A Fast SSH Mass-Scanner, Login Cracker And Banner Grabber Tool Using The Python-Masscan Module](
- [Generator-Burp-Extension - Everything You Need About Burp Extension Generation](
- [Authelia - The Single Sign-On Multi-Factor Portal For Web Apps](
- [Klar - Integration Of Clair And Docker Registry](
- [Powershell-Reverse-Tcp - PowerShell Script For Connecting To A Remote Host.](
- [Thoron Framework - Tool To Generate Simple Payloads To Provide Linux TCP Attack](
- [SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS](
- [Runtime Mobile Security (RMS) - A Powerful Web Interface That Helps You To Manipulate Android Java Classes And Methods At Runtime](
- [ROADtools - The Azure AD Exploration Framework](
- [Terrier - A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes](
- [wxHexEditor - Hex Editor / Disk Editor for Huge Files or Devices on Linux, Windows and MacOSX](
- [DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes](
- [Nuclei - Nuclei Is A Fast Tool For Configurable Targeted Scanning Based On Templates Offering Massive Extensibility And Ease Of Use](
- [Print-My-Shell - Tool To Automate The Process Of Generating Various Reverse Shells](
- [S3Reverse - The Format Of Various S3 Buckets Is Convert In One Format](
- [Pwned - Simple CLI Script To Check If You Have A Password That Has Been Compromised In A Data Breach](
- [Project iKy v2.5.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface](
- [Should-I-Trust - OSINT Tool To Evaluate The Trustworthiness Of A Company](
- [Firebase-Extractor - A Tool Written In Python For Scraping Firebase Data](
- [Lulzbuster - A Very Fast And Smart Web Directory And File Enumeration Tool Written In C](
- [Nullscan - A Modular Framework Designed To Chain And Automate Security Tests](
- [githubFind3r - Fast Command Line Repo/User/Commit Search Tool](
- [Httpgrep - Scans HTTP Servers To Find Given Strings In URIs](
- [Flux-Keylogger - Modern Javascript Keylogger With Web Panel](
- [RS256-2-HS256 - JWT Attack To Change The Algorithm RS256 To HS256](
- [Pwndrop - Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV](
- [DNSProbe - A Tool Built On Top Of Retryabledns That Allows You To Perform Multiple DNS Queries Of Your Choice With A List Of User Supplied Resolvers](
- [Crescendo - A Swift Based, Real Time Event Viewer For macOS - It Utilizes Apple's Endpoint Security Framework](
- [Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions](
- [crauEmu - An uEmu Extension For Developing And Analyzing Payloads For Code-Reuse Attacks](
- [Htbenum - A Linux Enumeration Script For Hack The Box](
- [Lollipopz - Data Exfiltration Utility For Testing Detection Capabilities](
- [Sherloq - An Open-Source Digital Image Forensic Toolset](
- [Privacy Badger - A Browser Extension That Automatically Learns To Block Invisible Trackers](
- [Audix - A PowerShell Tool To Quickly Configure The Windows Event Audit Policies For Security Monitoring](
- [Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions](
- [Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory](
- [Ps-Tools - An Advanced Process Monitoring Toolkit For Offensive Operations](
- [Tentacle - A POC Vulnerability Verification And Exploit Framework](
- [Tails 4.5 - Live System to Preserve Your Privacy and Anonymity](
- [MSOLSpray - A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)](
- [Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System](
- [DNSteal v2.0 - DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests](
- [Angrgdb - Use Angr Inside GDB - Create An Angr State From The Current Debugger State](
- [SSHPry v2.0 - Spy and Control os SSH Connected client's TTY](
- [HikPwn - A Simple Scanner For Hikvision Devices](
- [Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice Graphs](
- [Frida API Fuzzer - This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing](
- [DigiTrack - Attacks For $5 Or Less Using Arduino](
- [FProbe - Take A List Of Domains/Subdomains And Probe For Working HTTP/HTTPS Server](
- [MSSQLi-DUET - SQL Injection Script For MSSQL That Extracts Domain Users From An Active Directory Environment Based On RID Bruteforcing](
- [Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments](
- [R00Kie-Kr00Kie - PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability](
- [One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More](
- [Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface](
- [Project iKy v2.4.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface](
- [SauronEye - Search Tool To Find Specific Files Containing Specific Words, I.E. Files Containing Passwords](
- [Mssqlproxy - A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse](
- [ConEmu - Customizable Windows Terminal With Tabs, Splits, Quake-Style, Hotkeys And More](
- [Ninja - Open Source C2 Server Created For Stealth Red Team Operations](
- [FinalRecon v1.0.2 - OSINT Tool For All-In-One Web Reconnaissance](
- [ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions](
- [HTTPS Everywhere - A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections](
- [XXExploiter - Tool To Help Exploit XXE Vulnerabilities](
- [Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.](
- [Sshuttle - Transparent Proxy Server That Works As A Poor Man'S VPN. Forwards Over SSH](
- [Lazydocker - The Lazier Way To Manage Everything Docker](
- [Pypykatz - Mimikatz Implementation In Pure Python](
- [Token-Reverser - Word List Generator To Crack Security Tokens](
- [shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains](
- [Pickl3 - Windows Active User Credential Phishing Tool](
- [Betwixt - Web Debugging Proxy Based On Chrome DevTools Network Panel](
- [Dirble - Fast Directory Scanning And Scraping Tool](
- [Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing](
- [Sifter - A OSINT, Recon And Vulnerability Scanner](
- [FuzzBench - Fuzzer Benchmarking As A Service](
- [SSRF Sheriff - A Simple SSRF-testing Sheriff Written In Go](
- [Evil SSDP - Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response](
- [Proton Framework - A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework](
- [NTLMRecon - A Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints](
- [Entropy Toolkit - A Set Of Tools To Exploit Netwave And GoAhead IP Webcams](
- [Ghost Framework - An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device](
- [Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs](
- [Phonia Toolkit - One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources](
- [XCTR Hacking Tools - All in one tools for Information Gathering](
- [WiFi Passview v2.0 - An Open Source Batch Script Based WiFi Passview For Windows!](
- [BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects](
- [Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites](
- [Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...](
- [IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt](
- [Mouse Framework - An iOS And macOS Post Exploitation Surveillance Framework That Gives You A Command Line Session With Extra Functionality Between You And A Target Machine Using Only A Simple Mouse Payload](
- [Multi-Juicer - Run Capture The Flags And Security Trainings With OWASP Juice Shop](
- [Faraday presents the latest version of their Security Platform for Vulnerability Management Automation](
- [Wifi-Hacker - Shell Script For Attacking Wireless Connections Using Built-In Kali Tools](
- [get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN](
- [Faraday presents the latest version of their Security Platform for Vulnerability Management Automation](
- [Gadgetinspector - A Byte Code Analyzer For Finding Deserialization Gadget Chains In Java Applications](
- [OWASP D4N155 - Intelligent And Dynamic Wordlist Using OSINT](
- [TaskManager-Button-Disabler - Simple Way To Disable/Rename Buttons From A Task Manager](
- [SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo](
- [Adama - Searches For Threat Hunting And Security Analytics](
- [Metabigor - Intelligence Tool But Without API Key](
- [Rabid - A CLI Tool And Library Allowing To Simply Decode All Kind Of BigIP Cookies](
- [CVE Api - Parse & filter the latest CVEs from](
- [NekoBot - Auto Exploiter With 500+ Exploit 2000+ Shell](
- [DecryptTeamViewer - Enumerate And Decrypt TeamViewer Credentials From Windows Registry](
- [DrSemu - Malware Detection And Classification Tool Based On Dynamic Behavior](
- [Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS](
- [Fuzzowski - The Network Protocol Fuzzer That We Will Want To Use](
- [BurpSuite Random User-Agents - Burp Suite Extension For Generate A Random User-Agents](
- [OpenRelayMagic - Tool To Find SMTP Servers Vulnerable To Open Relay](
- [XSS-Freak - An XSS Scanner Fully Written In Python3 From Scratch](
- [IPv6Tools - A Robust Modular Framework That Enables The Ability To Visually Audit An IPv6 Enabled Network](
- [Pytm - A Pythonic Framework For Threat Modeling](
- [InjuredAndroid - A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style](
- [Re2Pcap - Create PCAP file from raw HTTP request or response in seconds](
- [Misp-Dashboard - A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances](
- [Jaeles v0.4 - The Swiss Army Knife For Automated Web Application Testing](
- [Nfstream - A Flexible Network Data Analysis Framework](
- [WhatTheHack - A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates](
- [GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat](
- [Project-Black - Pentest/BugBounty Progress Control With Scanning Modules](
- [MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)](
- [Obfuscapk - A Black-Box Obfuscation Tool For Android Apps](
- [Kali Linux 2020.1 Release - Penetration Testing and Ethical Hacking Linux Distribution](
- [PythonAESObfuscate - Obfuscates A Python Script And The Accompanying Shellcode](
- [ApplicationInspector - A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question 'What'S In It' Using Static Analysis With A Json Based Rules Engine](
- [CredNinja - A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter](
- [Mimir - Smart OSINT Collection Of Common IOC Types](
- [Socialscan - Check Email Address And Username Availability On Online Platforms With 100% Accuracy](
- [Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security](
- [Memhunter - Live Hunting Of Code Injection Techniques](
- [AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)](
- [Check-LocalAdminHash - A PowerShell Tool That Attempts To Authenticate To Multiple Hosts Over Either WMI Or SMB Using A Password Hash To Determine If The Provided Credential Is A Local Administrator](
- [SharpStat - C# Utility That Uses WMI To Run "cmd.exe /c netstat -n", Save The Output To A File, Then Use SMB To Read And Delete The File Remotely](
- [KsDumper - Dumping Processes Using The Power Of Kernel Space](
- [YARASAFE - Automatic Binary Function Similarity Checks with Yara](
- [TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries](
- [TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)](
- [Grouper2 - Find Vulnerabilities In AD Group Policy](
- [Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals](
- [AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat](
- [Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless](
- [LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol](
- [Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application](
- [Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions](
- [Andriller - Software Utility With A Collection Of Forensic Tools For Smartphones](
- [Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware](
- [WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website](
- [XposedOrNot - Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords](
- [RFCpwn - An Enumeration And Exploitation Toolkit Using RFC Calls To SAP](
- [Findomain v0.9.3 - The Fastest And Cross-Platform Subdomain Enumerator](
- [BetterBackdoor - A Backdoor With A Multitude Of Features](
- [Spraykatz - A Tool Able To Retrieve Credentials On Windows Machines And Large Active Directory Environments](
- [Shelly - Simple Backdoor Manager With Python (Based On Weevely)](
- [huskyCI - Performing Security Tests Inside Your CI](
- [AttackSurfaceMapper - A Tool That Aims To Automate The Reconnaissance Process](
- [Pylane - An Python VM Injector With Debug Tools, Based On GDB](
- [PAKURI - Penetration Test Achieve Knowledge Unite Rapid Interface](
- [Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References](
- [Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System](
- [nmapAutomator - Tool To Automate All Of The Process Of Recon/Enumeration](
- [RansomCoin - A DFIR Tool To Extract Cryptocoin Addresses And Other Indicators Of Compromise From Binaries](
- [Pown.js - A Security Testing An Exploitation Toolkit Built On Top Of Node.js And NPM](
- [Top 20 Most Popular Hacking Tools in 2019](
- [Turbolist3r - Subdomain Enumeration Tool With Analysis Features For Discovered Domains](
- [Kamerka GUI - Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool](
- [SysWhispers - AV/EDR Evasion Via Direct System Calls](
- [S3Tk - A Security Toolkit For Amazon S3](
- [WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts](
- [AWS Report - Tool For Analyzing Amazon Resources](
- [Tishna - Complete Automated Pentest Framework For Servers, Application Layer To Web Security](
- [RedPeanut - A Small RAT Developed In .Net Core 2 And Its Agent In .Net 3.5/4.0](
- [DetectionLab - Vagrant And Packer Scripts To Build A Lab Environment Complete With Security Tooling And Logging Best Practices](
- [Andor - Blind SQL Injection Tool With Golang](
- [WinPwn - Automation For Internal Windows Penetrationtest / AD-Security](
- [Ddoor - Cross Platform Backdoor Using Dns Txt Records](
- [Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests](
- [SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command](
- [Ultimate Facebook Scraper - A Bot Which Scrapes Almost Everything About A Facebook User'S Profile Including All Public Posts/Statuses Available On The User'S Timeline, Uploaded Photos, Tagged Photos, Videos, Friends List And Their Profile Photos](
- [FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation](
- [DNCI - Dot Net Code Injector](
- [RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking](
- [Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets](
- [Glances - An Eye On Your System. A Top/Htop Alternative For GNU/Linux, BSD, Mac OS And Windows Operating Systems](
- [Sshtunnel - SSH Tunnels To Remote Server](
- [RE:TERNAL - Repo Containing Docker-Compose Files And Setup Scripts Without Having To Clone The Individual Reternal Components](
- [Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit](
- [Flan - A Pretty Sweet Vulnerability Scanner By CloudFlare](
- [Corsy - CORS Misconfiguration Scanner](
- [Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution](
- [ATFuzzer - Dynamic Analysis Of AT Interface For Android Smartphones](
- [Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines](
- [BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything](
- [Attack Monitor - Endpoint Detection And Malware Analysis Software](
- [Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From](
- [Tool-X - A Kali Linux Hacking Tool Installer](
- [Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information](
- [Aztarna - A Footprinting Tool For Robots](
- [Killcast - Manipulate Chromecast Devices In Your Network](
- [bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records](
- [WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack](
- [H8Mail - Email OSINT And Password Breach Hunting](
- [Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters](
- [Metasploit 5.0 - The World’s Most Used Penetration Testing Framework](
- [Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support](
- [Twifo-Cli - Get User Information Of A Twitter User](
- [Sitadel - Web Application Security Scanner](
- [Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)](
- [Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To](
- [Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies](