Lists (25)
🌐 AppSec
Web app-based tools/notes🛡️ Blue Team
Anything that's blue🐛 Bug Bounty
🐛 Bug Bounty Oriented
👑 C2s
Aggressor Scripts and other C2 goodies🔑 Credential_Based
Credential-oriented tooling👟 Evasion
AV/EDR evasion tooling🤖 Exfil
Exfil the juicy data😈 Exploits
PoCs for exploits🐛 Fuzz
🔬 Lab_Building
Tooling focused on creating virtual environments🤖 LLM/AI
💀 Malicious Development
Everything to do with developing malicious things.❔ Misc
Useful but miscellaneous tools (security related)📱 Mobile
Mobile testing (ew gross)☁️ Offensive_Cloud
Offensive tooling for cloud infrastructure⚔️ Offensive_Security_Tools
Collection of Offensive Security Tools for Penetration Testing and Red Teaming exercises🕵🏻 OSINT
OSINT-related Tools🐟 Phishing
Phishing Resources📮 Post_Exploitation
Everything post exploitation related🍚 Rice
Everything to do with Ricing Linux🏗️ Setup
Setup scripts📖 Wikis
Repos of different tools and notes📶 Wireless
Wireless Attacking Tools🧑🏭 Workshops
Stars
Execute commands interactively on remote Windows machines using the WinRM protocol
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure and AWS environment. It features an intuitive web-based user interface built with the Python Fl…
Active Directory and Internal Pentest Cheatsheets
zimedev / certipy-merged
Forked from ly4k/CertipyTool for Active Directory Certificate Services enumeration and abuse
Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases…
An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
Chrome browser extension-based Command & Control
gsmith257-cyber / better-sliver
Forked from BishopFox/sliverAdversary Emulation Framework
Extract GraphQL operations from javascript
MailFail identifies and provides commands to exploit a large number of email-related misconfigurations for the current domain and subdomain. The extensions UI popup highlights any misconfigurations…
"Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file for…
A native SwiftUI macOS application that check's Jamf Pro, Jamf School, Jamf Now, Jamf Connect and Jamf Protect on it's state
Generic PE loader for fast prototyping evasion techniques
View HTTP/HTTPS requests made by any Linux program
Simple PowerShell HTTP Server (no dependencies, single file, PowerShell 5.1/7)
Burpsuite plugin for Interact.sh
DeepSeek-VL2: Mixture-of-Experts Vision-Language Models for Advanced Multimodal Understanding
Sample configuration to include as an Asterisk configuration to supplement automated caller ID spoofing capabilities.
Lightpanda: the headless browser designed for AI and automation
Run local LLMs like llama, deepseek-distill, kokoro and more inside your browser
A Coverage Explorer for Reverse Engineers
Hooking Windows' exception dispatcher to protect process's PML4