Agent skills for solving CTF challenges - web exploitation, binary pwn, crypto, reverse engineering, forensics, OSINT, and more

db_autopwn plugin of metasploit

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.

A next-generation crawling and spidering framework.

A tool for adding new lines to files, skipping duplicates

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Cowrie SSH/Telnet Honeypot https://docs.cowrie.org/

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Simple bash script to spray known credentials against multiple services with netexec

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

E-mails, subdomains and names Harvester - OSINT

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

Domain Password Audit Tool for Pentesters

Six Degrees of Domain Admin

Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO.

Awesome Nmap Grep

Trying to tame the three-headed dog.

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

Some usefull Scripts and Executables for Pentest & Forensics

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

ADCS abuser

Tools for Kerberos PKINIT and relaying to AD CS

A wiki focusing on aggregating and documenting various SQL injection methods

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

Simple Python version management

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

All of Your Copy/Paste Belong to Us: Stealing the clipboard and using it for C2 communications