The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Hunt for security weaknesses in Kubernetes clusters

w3af: web application attack and audit framework, the open source web vulnerability scanner.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email

Windows Exploit Suggester - Next Generation

Awesome IoT. A collaborative list of great resources about IoT Framework, Library, OS, Platform

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

The Leading Security Assessment Framework for Android.

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, a…

Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service.

Continuously jam all wifi clients/routers

Veil 3.1.X (Check version info in Veil at runtime)

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

An implementation of a deep learning recommendation model (DLRM)

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

An all-in-one Docker image for deep learning. Contains all the popular DL frameworks (TensorFlow, Theano, Torch, Caffe, etc.)

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you

Deployment scripts & config for Sock Shop

A DNS meta-query spider that enumerates DNS records, and subdomains.

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…

Weaponized web shell

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Tool to look for several security related Android application vulnerabilities

An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.

OpenStack Compute (Nova). Mirror of code maintained at opendev.org.