pktvisor is a dynamic network observability agent that smartly analyzes network traffic and generates opentelemetry metrics

SolarWinds Orion Account Audit / Password Dumping Utility

Mimikatz implementation in pure Python

Apache Metron

Harness and benchmarks for evaluating Django's performance over time

Only Hitting PoC [Tested on Windows Server 2008 r2]

A tool to create a JScript file which loads a .NET v2 assembly from memory.

Self contained htaccess shells and attacks

A completely free, open source and online course about Reverse Engineering iOS Applications.

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.

GyoiThon is a growing penetration test tool using Machine Learning.

Open-source pentesting management and automation platform by Salesforce Product Security

A series of python scripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

But actually for hackers

PyShell makes interacting with web-based command injection less painful, emulating the feel of an interactive shell as much as possible.

Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information.

Directory/File, DNS and VHost busting tool written in Go

Wireshark plugin to display Suricata analysis info

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

A high performance offensive security tool for reconnaissance and vulnerability scanning

A Game of Hackers (CTF Scoreboard & Game Manager)

Automated script for performing Padding Oracle attacks

Intelligent login bruteforcer.

A list of public penetration test reports published by several consulting firms and academic security groups.

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

CMS渗透测试框架-A CMS Exploit Framework