Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…

Multi-Cloud Security Auditing Tool

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

A Microsoft Windows® USB installation media preparer for GNU+Linux

Collection of Offensive C# Tooling

Detours with just single dependency - NTDLL

Security Auditor Utility for GraphQL APIs

GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections…

ScriptSentry finds misconfigured and dangerous logon scripts.

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown

Collection of methodology and test case for various web vulnerabilities.

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...

Bloodhound Reporting for Blue and Purple Teams

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

Reverse proxies cheatsheet

hauditor is a tool designed to analyze the security headers returned by a web page.

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting

A recursive internet scanner for hackers.

Python tool to Check running WebClient services on multiple targets based on @leechristensen

Kooky cURL-powered replacement for reverse shell via /dev/tcp

This project aims to compare and evaluate the telemetry of various EDR products.

PowerShell MachineAccountQuota and DNS exploit tools

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.