Ansible module for OWASP ZAP using Python API to scan web targets for security issues

Kaleido network traffic forwarding tool(api-gateway).

Simple amazon alexa-top-sites xml downloads via burpsuite/alexa-downloader.

Windows kernel driver exploits

Brute-force script for finding azorult XOR key.

eBook "Bypassing AVS by C#.NET Programming" (Free Chapters only)

mosquito - Automating reconnaissance and brute force attacks

PowerShell ReverseTCP Shell - Framework

Identifies the bytes that Microsoft Defender flags on.

The new Windows Terminal and the original Windows console host, all in the same place!

A simple python tool based on Impacket that tests servers for various known NTLM vulnerabilities

A “real fake” HTTP server specially designed to support browsers tests that make HTTP requests.

Supermicro IPMI/BMC Cleartext Password Scanner

A small python script to check for Cross-Site Tracing (XST)

Windows Rregistry Linking Utility

MitM pentesting opensource toolkit (scan/sniff/exploit) -- NOT SUPORTED ANYMORE --

change mac address without using macchanger (NetworkManager9 clone bug)

NOT SUPORTED ANYMORE -- try resource_files repository (mosquito)

Transferring Backdoor Payload by BSSID and Wireless traffic

Metasploit_postgresql_database_connection_fix

My collection of metasploit auxiliary post-modules

framework to rapidly implement custom droppers for all three major operating systems

This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi penetration testing. Furthermo…

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows un…

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using scree…

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual acc…

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or an…

A Burp Suite Extender that try to find sub-domain, similar-domain and related-domain of an organization, not only a domain! 利用burp收集整个企业、组织的域名（不仅仅是单个主域名）的插件