The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

You like pytorch? You like micrograd? You love tinygrad! ❤️

🦔 PostHog provides open-source web & product analytics, session recording, feature flagging and A/B testing that you can self-host. Get started - free.

Code for the paper "Language Models are Unsupervised Multitask Learners"

Memray is a memory profiler for Python

Main Sigma Rule Repository

📱 objection - runtime mobile exploration

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

Veil 3.1.X (Check version info in Veil at runtime)

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

Tools for managing DNS across multiple providers

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

An evil RAT (Remote Administration Tool) for macOS / OS X.

Public domain cross platform lock free thread caching 16-byte aligned memory allocator implemented in C

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Apple BLE research

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information colle…

A new Minecraft world editor and converter that supports all versions since Java 1.12 and Bedrock 1.7.

Undetectable Windows Payload Generation

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names

HTA encryption tool for RedTeams

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

IDAPython tool for creating automatic C++ virtual tables in IDA Pro

Information gathering tool - OSINT

Automated Red Team Infrastructure deployement using Docker