CrackMapExec. A swiss army knife for pentesting networks
9.2kMITMf. Framework for Man-In-The-Middle attacks
3.6kOffensiveNim. My experiments in weaponizing Nim (https://nim-lang.org/)
3.1kSILENTTRINITY. An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
2.3kDeathStar. Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
1.6kSprayingToolkit. Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
1.6kgcat. A PoC backdoor that uses Gmail as a C&C server
1.4kItWasAllADream. A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE
801WitnessMe. Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
763pth-toolkit. Modified version of the passing-the-hash tool collection made to work straight out of the box
617OffensiveDLR. Toolbox containing research notes & PoC code for weaponizing .NET's DLR
528Red-Baron. Automate creating resilient, disposable, secure and agile infrastructure for Red Teams
386SpamChannel. Spoof emails from any of the +2 Million domains using MailChannels (DEFCON 31 Talk)
347chrome-decrypter. Python script to decrypt saved Chrome usernames and passwords on windows
288pyMalleableC2. Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.
288arpspoof. Python clone of arpspoof that can poison hosts via arp-requests as well as arp-replies
199sslstrip2. A mirror of the original SSLstrip+ code by Leonardo Nve
184dnschef-ng. DNSChef (NG) - DNS proxy for Penetration Testers and Malware Analysts
175NimDllSideload. DLL sideloading/proxying with Nim!
175AnsiblePlaybooks. A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools
165duckhunter. Converts a USB Rubber ducky script into a Kali Nethunter friendly format for the HID attack
149Slides. Slides from various talks that I've given over the years
118DHCPShock. Spoofs a DHCP server and exploits all clients vulnerable to the 'ShellShock' bug
86BOF-Nim. Cobalt Strike BOF Files with Nim!
85BeEF-API. Python library that facilitates interfacing with BeEF via it's RESTful API
79webview_d3. Generate graphs with NetworkX, natively visualize with D3.js and pywebview
71Naga. A C# stager for SILENTTRINITY (https://github.com/byt3bl33d3r/SILENTTRINITY)
68Invoke-AutoIt. Loads the AutoIt DLL and PowerShell assemblies into memory and executes the specified keystrokes
62wifi-graper. Automatically get internetz from access points that have MAC based filtering enabled
57CME-PowerShell-Scripts. A collection of modifed PowerShell Scripts for CrackMapExec (https://github.com/byt3bl33d3r/CrackMapExec)
56toby. Recursively searches a directory for any file containing a specified string
47smbmap. SMBMap is a handy SMB enumeration tool
38UhOh365. A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.
33MemeGenerator. Modern problems require modern solutions
32pythoncookie. My Python Cookiecutter project template
32gemini-web-navigator. Experiments with Google Gemini's Vision capabilities for LLM driven/aided web navigation and desktop manipulation
30tailscalesd. Prometheus Service Discovery for Tailscale (Python Edition)
27Utinni. An async Python client library for Empire's RESTful API
26Kaliya. A cross-platform stager for SILENTTRINITY (https://github.com/byt3bl33d3r/SILENTTRINITY)
26cmd2powershell. Converts a command to a base64 powershell compatible string
26shellcode_retriever. Downloads shellcode over HTTP and executes in memory. Now with threading! Rejoice!
22Awesome-Profile-README-templates. A collection of awesome readme templates to display on your profile
20herpaderping. Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
20BloodHound-Tools. Miscellaneous tools for BloodHound
19Empire. Empire is a PowerShell and Python 3.x post-exploitation framework.
18PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework
18MITMf-opt-plugins. Optional plugins for MITMf
17PrivExchange. Exchange your privileges for Domain Admin privs by abusing Exchange
17Leek-LLM. Use a LLM to create the ultimate Leek AI for Leek Wars! 🥬
17playwright-heap-snapshot. API and CLI tool to fetch and query Chome DevTools heap snapshots (Python & Playwright)
16tmux-config. Tmux configuration, that supercharges your tmux to build cozy and cool terminal environment
14msldap. LDAP library for auditing MS AD
13dockerxxx. An 💦 orgasmic 💦 Python library for the Docker Engine API 🥵
13log4j-scan. A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
13ldapdomaindump. Active Directory information dumper via LDAP
13jamaal-re-tools. Automatically exported from code.google.com/p/jamaal-re-tools
13Seatbelt. Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
12