Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…

This Repo serves as a collection of shared security and penetration testing resources for the cloud.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository…

SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across …

A collection of awesome penetration testing resources, tools and other shiny things

Ansible role for Debian 10 CIS hardening

The Dom amongst the Flipper Zero Firmware. Give your Flipper the power and freedom it is really craving. Let it show you its true form. Dont delay, switch to the one and only true Master today!

Helping Incident Responders hunt for potential persistence mechanisms on UNIX-based systems.

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

CVE-2023-22515: Confluence Broken Access Control Exploit

Simple PoC causing overflow

Useful resources for SOC Analyst and SOC Analyst candidates.

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

automatically tests prompt injection attacks on ChatGPT instances

A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting infor…

An Open-source LTE Downlink/Uplink Eavesdropper

A GPT-empowered penetration testing tool

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Gather and update all available and newest CVEs with their PoC.

Fast and customizable vulnerability scanner based on simple YAML based DSL.

SecretOpt1c is a Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!

A list of Free Software network services and web applications which can be hosted on your own servers

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Collection of Cyber Threat Intelligence sources from the deep and dark web

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

A collective of different IRs for the Flipper