A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

BloodyAD is an Active Directory Privilege Escalation Framework

Tool for Active Directory Certificate Services enumeration and abuse

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Single-file PHP shell

A pentest reporting tool written in Python. Free yourself from Microsoft Word.

A simple, fun, and interactive way to learn the PowerShell language through Pester unit testing.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Android real-time display control software

Turn (almost) any Python command line program into a full GUI application with one line

🔑 Hash type identifier (CLI & lib)

QOwnNotes is a plain-text file notepad and todo-list manager with Markdown support and Nextcloud / ownCloud integration.

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

A swiss army knife for pentesting networks

CeWL is a Custom Word List Generator

JSON Hero is an open-source, beautiful JSON explorer for the web that lets you browse, search and navigate your JSON files at speed. 🚀. Built with 💜 by the Trigger.dev team.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Open source API development ecosystem - https://hoppscotch.io (open-source alternative to Postman, Insomnia)

An evolving how-to guide for securing a Linux server.

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Self contained htaccess shells and attacks

Generates millions of keyword-based password mutations in seconds.

Comfortably monitor your Internet traffic 🕵️‍♂️

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Application Security Verification Standard

Instant, easy, and predictable development environments

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.