This is your work, valued
kerbrute. A tool to perform Kerberos pre-auth bruteforcing
3.4kwindapsearch. Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
972impacket_static_binaries. Standalone binaries for Linux/Windows of Impacket's examples
751go-windapsearch. Utility to enumerate users, groups and computers from a Windows domain through LDAP queries
397serverless_toolkit. A collection of useful Serverless functions I use when pentesting
390go-clr. A PoC package for hosting the CLR and executing .NET from Go
228windows_sshagent_extract. PoC code to extract private keys from Windows 10's built in ssh-agent service
177xxetimes. An interactive OOB XXE data exfiltration tool
92dockerfiles. A collection of my Dockerfiles
90kerberos_windows_scripts. Collection of scripts for interacting with AD Kerberos from Linux
72pentest_charts. Some helpful Helm Charts for pentesters
38tokenstorage. Example implementations of storing tokens in vanilla JS
33opennms_hash_cracker. Python script to extract and bruteforce OpenNMS password hashes in users.xml
18impacket. Impacket is a collection of Python classes for working with network protocols.
9watchtower_vuln_webapp. Simple Vulnerable WebApp for Training
9smb. Server Message Block version 2 and 3 protocol library for Go
7CrackMapExec. A swiss army knife for pentesting networks
6gokrb5. Pure Go Kerberos library for clients and services
2Android-InsecureBankv2. Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
2blog.ropnop.com. CSS
2gorestclient. Library for creating generic REST JSON clients
2minisign. A dead simple tool to sign files and verify digital signatures.
2dd-trace-java. Datadog APM client for Java
1go-foo. Test delete me
1snyk-broker-helm. Smarty
1hcl. HCL is the HashiCorp configuration language.
1drone-snyk. Go
1terraform-provider-tls. Utility provider that works with Transport Layer Security keys and certificates. It provides resources that allow private keys, certificates and certficate requests to be created as part of a Terraform deployment.
1django-DefectDojo. DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
1go-smb2. SMB2/3 client library written in Go.
1gohugo-theme-ananke. Ananke: A theme for Hugo Sites
1go-ntlmssp. NTLM/Negotiate authentication over HTTP
1asn1-ber. ASN1 BER Encoding / Decoding Library for the GO programming language.
1pywerview. A (partial) Python rewriting of PowerSploit's PowerView
1go-ntlm. Go
1oxml_xxe. A tool for embedding XXE/XML exploits into different filetypes
1nginx_tty_docker. A Docker image that runs Nginx in front of GoTTY
1beautifulhugo. Theme for the Hugo static website generator
1Detours. Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
1bag-of-holding. An application to assist in the organization and prioritization of software security activities.
1odin. A simple theme for Ghost made for geeks, hackers and developers (forked from Casper).
1objection. 📱 objection - runtime mobile exploration
1the-blog. The best blogging platform ever!
1centos5_python27_docker. Python
1go-crypto. Fork of go/x/crypto, providing an up-to-date OpenPGP implementation
1ldap. Basic LDAP v3 functionality for the GO programming language.
1invoicer. From Securing DevOps
1smimesign. An S/MIME signing utility for use with Git
1struc. Better binary packing for Go
1virtual-environments. GitHub Actions virtual environments
1goWMIExec. Go
1ridenum. Rid_enum is a null session RID cycle attack for brute forcing domain controllers.
1