Stars
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
Generate Frida bypass scripts for Android APK root and SSL checks.
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
APT Emulation tool to exfiltrate sensitive .docx, .pptx, .xlsx, .pdf files
JSSCM detects expired domains for Stored XSS exploitation during browsing.
Tool to remotely dump secrets from the Windows registry
Tools and Scripts used in CRTP
Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Provides public bug bounty programs in-scope data that offer rewards and monitors public bug bounty programs assets.
🔪 this repo contains required files for web application pentests
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Security auditing tool for Azure environments
Automating situational awareness for cloud penetration tests.
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
A tool for checking if MFA is enabled on multiple Microsoft Services
A collaborative, multi-platform, red teaming framework
A one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store
An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security v…
ScriptSentry finds misconfigured and dangerous logon scripts.
SALSA 💃⚡ - SALesforce Scanner for Aura (and beyond). Enumeration of vulnerabilities and misconfigurations against Salesforce endpoint.
GitHub Actions Pipeline Enumeration and Attack Tool