This is your work, valued
How could you not be romantic about hacking and amateur radio?
neix. neix - a RSS/Atom feed reader for your terminal.
β 213flipperzero-qrcode-generator. π¬ Generates and displays QRCodes on the flipper zero.
β 14ts-timetracker. Simple interactive command line timetracker.
β 11grav-plugin-simple-cookie. The Simple Cookie Plugin is an extension for Grav. The plugin is based on the popular CookieConsent JS-library. For Advanced Opt-In/Opt-Out configurations you can use the 'Custom configuration' option.
β 7grav-plugin-password-protection. Password protection is a simple plugin which allows you to specify a uniqe password for a page. Every page can have a different password.
β 3omc. π OffensiveMalwareColletion is my personal collection of my self developed offensive malware with basic and advanced techniques. For educational purpose only.
β 1gocrt. π» gocrt is a command line client for crt.sh written in golang.
β 1ArachneC2. Decentralized C2 framework built on libp2p
β 390AetherTune. A terminal-based internet radio player with real-time audio visualization, built in Rust.
β 122BestEdrOfTheMarket. EDR Lab for Experimentation Purposes
β 1.5kSigmaPotato. SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.
β 501BusyBOF. Busybox-style Beacon Object Files for *nix post-exploitation. Reimplements common Unix utilities as BOFs for use in stripped environments (Docker containers, Kubernetes pods, minimal VMs) where no binaries exist beyond the agent / implant.
β 81perfect-loader. Load a dynamic library from memory by modifying the native Windows loader
β 305lsa-whisperer. Tools for interacting with authentication packages using their individual message protocols
β 439InfraGuard. InfraGuard is a Command & Control Redirection Proxy and Manager which protects your Red Team Infrastructure against threat attribution
β 160PolyEngine. PolyEngine is an evasive PE packer designed for CTF challenges and low-level Windows security education. It focuses on bypassing EDR and AV heuristics through a layered stack of in-memory execution and obfuscation techniques.
β 145AtomicTestHarnesses. Public Repo for Atomic Test Harness
β 289invoke-atomicredteam. Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
β 1.1katomic-red-team. Small and highly portable detection tests based on MITRE's ATT&CK.
β 12kLibGate. A Crystal Palace shared library to resolve & perform syscalls
β 60pwnlift. Easy peasy file uploads
β 36theHandler-BOF. Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
β 41Cobalt-Strike-CheatSheet. Some notes and examples for cobalt strike's functionality
β 1.1kAdaptixC2-Template-Generators. AdaptixC2 Templates
β 31EVENmonitor. Monitor the Windows Event Log with grep-like features or filtering for specific Event IDs
β 133Maverick. Adaptix C2 agent using Crystal Palace PIC linker and PICO module system
β 97crystal-palace-vsc. Language extension for Crystal Palace Specification files
β 15PICO-Implant. PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This project demonstrates that It's possible to build a multi-stage and modular C2 implant made of PICOs.
β 56Crystal-Loaders. A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
β 233ReflectiveDLLInjection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
β 3.3kLitterBox. A self-hosted sandbox for red teams to test payloads against modern detection before deployment. MCP integration lets an LLM agent drive analysis end to end.
β 1.5kDescribeNTSecurityDescriptor. A cross-platform tool to parse and describe the contents of a raw ntSecurityDescriptor structure
β 51FindGPPPasswords. A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts
β 173GoPurple. Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
β 496D-Pwn. D/Invoke standalone shellcode runners
β 40ADPulse. Active Directory Vulnerability Scanner
β 456GadgetHunter. Find jmp gadgets for call stack spoofing.
β 84lsawhisper-bof. A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory.
β 294EDRs. C
β 11Dll-Shellcode-Loader. Dll Shellcode Loader POC
β 8BloodBash. A Bloodhound alternative. BloodBash will ingest the same files bloodhound does but no server is required to use this tool. It's great for quick AD enumeration.
β 210Adaptix-StealthPalace. Crystal Palace RDLL loader for Adaptix C2 with Ekko sleep obfuscation, IAT hooking via PICO, and per-section permission restoration
β 151CobaltStrike-Linux-Beacon. Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons
β 214Simple-Crystal-Palace-RDLL-template-for-Adaptix. C
β 52CallStackSpoofer. C
β 72windows-syscalls. Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
β 2.6kCS-EDR-Enumeration. Cobalt Strike Aggressor Script for identifying security products on Windows hosts β six enumeration methods rated by noise level, from silent in-process BOF to full PowerShell/WMI.
β 92aliasr. Aliasr is a modern, feature-rich TUI launcher for pentest commands.
β 113the-one-wsl-bof. One WSL BOF to rule them all
β 178eden. A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (Draugr)
β 130elastic-container. Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine
β 562Shellcode-Test-Harness. A lightweight test harness designed to speed up shellcode development by providing an execution environment with integrated crash diagnostics and debug output redirection.
β 45Ankou. A flexible, AI powered C2 framework built with operators in mind
β 234VX-API. Collection of various malicious functionality to aid in malware development
β 1.9kClockworkpi-uConsole. 10 things to do after you get your ClockworkPi uConsole
β 211awesome-tuis. List of projects that provide terminal user interfaces
β 20kdumpguard_bof. Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.
β 218DumpGuard. Proof-of-Concept tool for extracting credential material from protected sessions on modern Windows systems.
β 703EDR-GhostLocker. AppLocker-Based EDR Neutralization
β 338silph. Stealthy In-Memory Local Password Harvester (SILPH) tool: dump LSA, SAM and DCC2 with indirect syscall
β 137Checklists. Red Teaming & Pentesting checklists for various engagements
β 2.7kRedTeam-PenTest-Cheatsheet-Checklist. Red Teaming and Penetration Testing Checklist, Cheatsheet, Clickscript
β 144sswws. Super Simple Windows Web Server
β 47thc-tips-tricks-hacks-cheat-sheet. Various tips & tricks
β 3.9kmlwr_blogs. collection of blogs about malware development and analysis
β 76Ghostwriter. The SpecterOps project management and reporting engine
β 1.9kevil-go. A fork of the Go language with some tweaks
β 55Adrenaline. C2-agnostic BOF collection, categorized by attack chain phase. Designed to be small and modular, allowing for quick execution and automation.
β 309Kharon. Agent for AdaptixC2 with focus in evasion, capability and malleable.
β 220pybof. Python module for running BOFs
β 80Flipper-Zero-BadUSB. Repository for my flipper zero badUSB payloads. Now almost entirely plug and play.
β 6.9kinlineExecute. Cobalt Strike BOF
β 581.6-C2. Using the Counter Strike 1.6 RCON protocol as a C2 Channel.
β 95RedTeamGrimoire. π₯π Forbidden collection of Red Team sorcery ππ₯
β 396csbot. Golang Automation Framework for Cobalt Strike using the Rest API
β 59ShareHound. A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily
β 305librepods. AirPods liberated from Apple's ecosystem.
β 29kInvoke-PowerChrome. Decrypt Chromium based browser passwords with PowerShell.
β 142conquest. Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.
β 408DonPwner. Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database
β 264InlineExecuteEx. A BOF that's a BOF Loader and more
β 207toolong. A terminal application to view, tail, merge, and search log files (plus JSONL).
β 3.9kGroup3r. Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
β 929Invoke-TheHash. PowerShell Pass The Hash Utils
β 1.8kshortwave. Find and listen to internet radio stations
β 41maldev. β οΈ Malware Development training β οΈ
β 44cs2br-bof. Run Cobalt Strike BOFs in Brute Ratel C4!
β 89metasploitable3. Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
β 5.6kmetasploit-framework. Metasploit Framework
β 39kSharpGPOAbuse. SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
β 1.3kadidnsdump. Active Directory Integrated DNS dumping by any authenticated user
β 1.2kwindows-kernel-exploits. windows-kernel-exploits WindowsεΉ³ε°ζζζΌζ΄ιε
β 8.7kNetNTLMtoSilverTicket. SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
β 972msmailprobe. Office 365 and Exchange Enumeration
β 204Exchange-AD-Privesc. Exchange privilege escalations to Active Directory
β 819noPac. Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
β 1kflipper-zero-tonies. Python
β 494pth-toolkit. Modified version of the passing-the-hash tool collection made to work straight out of the box
β 617NetExec-Lab. Lab used for workshop and CTF
β 525COFFLoader. C
β 643CS-Remote-OPs-BOF. Remote operations commands implemented using Beacon Object Files
β 1.2kSnaffler. a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
β 2.9kActive-Directory-Exploitation-Cheat-Sheet. A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
β 6.7ktoken-priv. Token Privilege Research
β 884TokenPlayer. Manipulating and Abusing Windows Access Tokens.
β 298C3. Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
β 1.8kkerbrute. A tool to perform Kerberos pre-auth bruteforcing
β 3.4kInveigh. .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
β 3kCrystal-Kit. Evasion kit for Cobalt Strike
β 472linkedin2username. OSINT Tool: Generate username lists for companies on LinkedIn
β 1.8kbettercap. The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
β 20ktemplates-extender. Templates for developing your own listeners and agents for AdaptixC2.
β 54PyHmmm. Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog post as a tutorial sample
β 86workshop_firmware_reverse_engineering. Workshop on firmware reverse engineering
β 435NetworkHound. Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHoundβcompatible OpenGraph JSON.
β 670phishlets. Phishlets for Evilginx2 (MITM proxy Framework)
β 179allsafe-android. Intentionally vulnerable Android application.
β 404MaldevAcademyLdr.2. RunPE implementation with multiple evasive techniques (2)
β 282powercat. netshell features all in version 2 powershell
β 2.4kFullPowers. Recover the default privilege set of a LOCAL/NETWORK SERVICE account
β 696Volumiser. C#
β 435evilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
β 15kligolo-ng. An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
β 4.7kobex. Obex β Blocking unwanted DLLs in user mode
β 278GitSync. Mobile Git client for syncing a repository between remote and a local directory
β 2.1kTaskHound. Tool to enumerate privileged Scheduled Tasks on Remote Systems
β 310ROADtools. A collection of Azure AD/Entra tools for offensive and defensive security purposes
β 2.7kbulletty. bulletty is a pretty feed reader for the terminal that stores the articles as Markdown
β 419psudohash. Generates millions of keyword-based password mutations in seconds.
β 1.4kPIC-Library. A collection of position independent coding resources
β 122wtfis. Passive hostname, domain and IP lookup tool for non-robots
β 1.8kdittobytes. Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.
β 637Memory-Mirage-Anti-Debugging-. Use of in-memory string scans to outsmart reverse engineers
β 19Shadow-Rebirth. Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique
β 21Detoured-DLL-Injection. DLL injection with Microsoft detours
β 24FrostLock-Injection. FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a target process, inject shellcode, and then seamlessly resume (thaw) it.
β 45COMouflage. COM-based DLL Surrogate Injection
β 173Extension-Kit. AdaptixFramework Extension Kit
β 522Amsi-Bypass-Powershell. This repo contains some Amsi Bypass methods i found on different Blog Posts.
β 2.2kmonsoon. Fast HTTP enumerator
β 497avred. Analyse your malware to surgically obfuscate it
β 537cinelog. Comprehensive logging of all terminal input and output for each session based on Asciinema and wild zsh + Python scripting.
β 44UserAgent-Switcher. A User-Agent spoofer browser extension that is highly configurable
β 1.5kMalDev-Analyzer-MCP. Built for red teamers, by red teamers - an MCP tool for malware development, OPSEC testing, and supporting custom loader design during red team engagements.
β 46RedTeam-Tools. Tools and Techniques for Red Team / Penetration Testing
β 9.4kcyberpunk. Cyberpunk stuff
β 96MSSQLHound. Go (formerly PowerShell) collector for adding MSSQL attack paths to BloodHound with OpenGraph
β 337sysreptor. A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.
β 2.5kCVE-2025-53770-Exploit. SharePoint WebPart Injection Exploit Tool
β 310SCShell. Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
β 1.6kCamXploit. Security reconnaissance and assessment tool for identifying potentially exposed IP cameras by analyzing open ports, service configurations, and common misconfigurations.
β 1.1kboflink. Linker for Beacon Object Files
β 191Malleable-CS-Profiles. A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
β 534Malleable-C2-Profiles. Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.
β 889Invoke-Obfuscation. PowerShell Obfuscator
β 4.3kCobalt-Strike. Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
β 329APKDeepLens. Android security insights in full spectrum.
β 994Arjun. HTTP parameter discovery suite.
β 6.4kstormy. minimal neofetch-style weather cli
β 727NTHW. Not The Hidden Wiki - The largest repository of links related to cybersecurity
β 2kbtop. A monitor of resources
β 33kAdaptixC2. AdaptixC2 is a highly modular advanced redteam toolkit
β 3.3kbofhound. Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
β 400ADSearch. A tool to help query AD via the LDAP protocol
β 637malleable-c2. Cobalt Strike Malleable C2 Design and Reference Guide
β 1.8kMalleable-C2-Profiles. Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
β 263sddm. QML based X11 and Wayland display manager
β 2.3kSharpDPAPI. SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
β 1.4kAMSITrigger. The Hunt for Malicious Strings
β 1.4kAwesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers
β 116kBitlockMove. Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
β 441CTFPacker. Shellcode packer for CTFs and pentest / red team exams aiming for AV evasion!
β 150wayBackLister. A New Approach to Directory Bruteforce with WaybackLister v1.0
β 233CRTO-Notes. Certified Red Team Operator (CRTO) Cheatsheet and Checklist
β 249ruler. A tool to abuse Exchange services
β 2.3kngrok-docs. ngrok's official documentation
β 154seeker. Accurately Locate Smartphones using Social Engineering
β 9.7kBofAllTheThings. Creating a repository with all public Beacon Object Files (BoFs)
β 656OperatorsKit. Collection of Beacon Object Files (BOF) for Cobalt Strike
β 703C2-Tool-Collection. A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
β 1.4kbof_template. A Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within a Beacon process and use internal Beacon APIs. BOFs are a way to rapidly extend the Beacon agent with new post-exploitation features.
β 276CS-Situational-Awareness-BOF. Situational Awareness commands implemented using Beacon Object Files
β 1.8kArgus. The Ultimate Information Gathering Toolkit
β 3.8kcobra. A Commander for modern Go CLI interactions
β 44khttpx. httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
β 10kRedTeaming_CheatSheet. Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
β 1.6kProtectMyTooling. Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.
β 1.1kbadusb. Flipper Zero badusb payload library
β 1.9kwendigo. Flipper Zero application for WiFi and Bluetooth scanning with a native interface. Collects all available information about detected devices. Wendigo is a creature from North American mythology that stalks and overpowers its victims.
β 48FlipperZero-MetroCard-Security. A scientific research paper analyzing the security vulnerabilities in metro card systems and the role of Flipper Zero in testing these weaknesses. The study explores RFID cloning, NFC relay attacks, cryptographic vulnerabilities in transit cards, and potential countermeasures to enhance security.
β 11PsMapExec. Dominate Active Directory with PowerShell.
β 1.2kFlipperZero-Subghz-DB. A collection of Flipper Zero sub files
β 1.3kEvilPortalGenerator. An easy script/app to create Evil Portals quickly to be used on the Flipper Zero.
β 396FlipperZeroEuropeanPortals. A repository of portals I made for the Evil Portal app on the Flipper Zero. Most portals are for European brands/companies but valid for other regions too.
β 546flipper-zero-evil-portal. Evil portal app for the flipper zero + WiFi dev board
β 2.3kflipperzero-wifi-marauder. Flipper Zero WiFi Marauder companion app
β 1.1kflipperzero-esp-flasher. Flipper Zero app to flash ESP chips from the device (no computer connection needed!)
β 629garble. Obfuscate Go builds
β 5.6kEvilWorker. A new AiTM attack framework β based on leveraging service workers β designed to conduct credential phishing campaigns. Thanks to its minimalist, robust, and highly adaptable architecture, this solution can be easily deployed on PaaS.
β 162Flipper-IRDB. A collective of different IRs for the Flipper
β 4.2kflipper-zero_authenticator. Software-based TOTP/HOTP authenticator for Flipper Zero device.
β 665flipper-paranoia. C
β 13flipper-Bleash. C
β 3BOF_Collection. Various Cobalt Strike BOFs
β 777Invisi-Shell. Hide your Powershell script in plain sight. Bypass all Powershell security features
β 1.3kflipper-application-catalog. Flipper Application Catalog
β 1.1kFlipper-iOS-App. iOS Mobile App to rule all Flipper's family
β 942