A list of useful payloads and bypass for Web Application Security and Pentest/CTF

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

🕵️‍♂️ Offensive Google framework.

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…

Automated cryptocurrency trading bot

Rewrite of the popular wireless network auditor, "wifite"

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A recursive internet scanner for hackers.

Knock Subdomain Scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Mimikatz implementation in pure Python

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

Tool for Active Directory Certificate Services enumeration and abuse

Tools & Interesting Things for RedTeam Ops

Extract credentials from lsass remotely

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

Notes about attacking Jenkins servers

A collection of Azure AD/Entra tools for offensive and defensive security purposes

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

pwning IPv4 via IPv6

Codebase to generate an msdt-follina payload

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

Perform a MitM attack and extract clear text credentials from RDP connections

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.