This is your work, valued
divergent thinker/breaker and researcher of stuff
fireprox. AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
2.3kCredSniper. CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
1.4kCredKing. Password spraying using AWS Lambda for IP rotation
666SharpHose. Asynchronous Password Spraying Tool in C# for Windows Environments
318python-pentesting. Just a repo of random Python scripts to get pentesters started with the Python language on engagements.
218golddigger. Python
197cloudgpt. Vulnerability scanner for AWS customer managed policies using ChatGPT
166CasperStager. PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.
152wnfexec. WNF Code Execution Library Using C#
110ShredHound. Small utility to chunk up a large BloodHound JSON file into smaller files for importing.
97DirectAI. ChatGPT queries via OpenAI API in your terminal
61tradecraft. Red Teaming Tradecraft
47CloudBurst. CloudBurst is a red team framework for interacting with cloud providers to capture, compromise, and exfil data.
37roguerdp.
32outpost. AWS Testing and Reporting Management Tool
20android-app-recovery. Scripts to parse large Android binary images and extracts deleted data from apps
15redteam-plan. Issues to consider when planning a red team exercise.
14mavd. Mobile Application Vulnerability Detection
12physical-analyzer-scripts. Cellebrite Physical Analyzer python scripts to aid analysts with extended functionality
9Awesome-Cellular-Hacking. Awesome-Cellular-Hacking
7googlerecon. Google Recon for Pentesting
6PCredz. This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
6KingOfBugBountyTips. Go
6hacktricks. Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
6Privilege-Escalation. This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
5cuddlephish. Weaponized Browser-in-the-Middle (BitM) for Penetration Testers
5pynse. NSE to launch Python Scripts
5ai-notes. notes for my AI studies, writing, and product brainstorming
4CredMaster. Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
4Nemesis. An offensive data enrichment pipeline
4injection. Windows process injection methods
4awesome-canbus. :articulated_lorry: Awesome CAN bus tools, hardware and resources for Cyber Security Researchers, Reverse Engineers, and Automotive Electronics Enthusiasts.
4XSStrike. Most advanced XSS detection suite.
4truffleHog. Searches through git repositories for high entropy strings and secrets, digging deep into commit history
4XtoTwitter. JavaScript
3awesome-flipperzero. 🐬 A collection of awesome resources for the Flipper Zero device.
3ConditionalAccessDocumentation. Azure AD Conditional Access Documentation with PowerShell
3HijackLibs. Project for tracking publicly disclosed DLL Hijacking opportunities.
3CVE-2020-1472. PoC for Zerologon - all research credits go to Tom Tervoort of Secura
3qrwifi. QRCode Wifi Generator
3AllAboutBugBounty. All about bug bounty (bypasses, payloads, and etc)
3forensicpy. Library for performing mobile device decoding for nibbles and 7-bit decoding
3oauthseeker. A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office365 users.
3pyslite. Script for performing SQLite database to Excel workbook conversions
3r0ak. r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems
3MiscTools. Miscellaneous Tools
3wig. WebApp Information Gatherer
3PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF
3MoveEdr. Permanently disable EDRs as local admin
3PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework
2DriverJack. Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
2sandbox-attacksurface-analysis-tools. Set of tools to analyze and attack Windows sandboxes.
2digraph. A digraph plotter for sequential byte visualization
2MacMalware. macOS Malware Collection
2hackaday-u. Course materials for hackaday.io Ghidra training
2tun2socks. tun2socks - powered by gVisor TCP/IP stack
2puppeteer. Headless Chrome Node API
2RedTeamCCode. Red Team C code repo
2BamboozlEDR. A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.
1