Resources to help you get GitHub certified ✨

The Havoc Framework.

Next generation web scanner

In-depth attack surface mapping and asset discovery

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

E-mails, subdomains and names Harvester - OSINT

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

UNIX-like reverse engineering framework and command-line toolset

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

Automated Adversary Emulation Platform

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team p…

Small and highly portable detection tests based on MITRE's ATT&CK.

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s…

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

Empire is a PowerShell and Python post-exploitation agent.

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Scripts featured in the book How to Hack Like a Legend

Ctf solutions from p4 team

Grep Web pages with extra features like JS deobfuscation and OCR

Some setup scripts for security research tools.

CTFs as you need them