🌸 A command-line fuzzy finder

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Find, verify, and analyze leaked credentials

Ingress NGINX Controller for Kubernetes

⚠️(OBSOLETE) Curated applications for Kubernetes

Fast passive subdomain enumeration tool.

Prometheus Operator creates/configures/manages Prometheus clusters atop Kubernetes

Adversary Emulation Framework

The Havoc Framework

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

A Workflow Engine for Offensive Security

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

ScareCrow - Payload creation framework designed around EDR bypass.

Elastic Cloud on Kubernetes

Scan for misconfigured S3 buckets across S3-compatible APIs!

The Swiss Army knife for automated Web Application Testing

evilginx3 + gophish

NGINX Prometheus Exporter for NGINX and NGINX Plus

Extract URLs, paths, secrets, and other interesting bits from JavaScript

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs

RabbitMQ Cluster Kubernetes Operator

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

A high performance go implementation of Wappalyzer Technology Detection Library

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environmen…

Tool to check for dependency confusion vulnerabilities in multiple package management systems

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

mx-takeover focuses DNS MX records and detects misconfigured MX records.