Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

A curated list of various bug bounty tools

File upload vulnerability scanner and exploitation tool.

An OOB interaction gathering server and client library

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 20…

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

Community curated list of templates for the nuclei engine to find security vulnerabilities.

PatrowlHears - Vulnerability Intelligence Center / Exploits

Programmatically create an administrative user under Windows

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Arsenal is just a quick inventory and launcher for hacking programs

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Multi Vagrant environment with Active Directory

PingCastle - Get Active Directory Security at 80% in 20% of the time

Labs setup for tests & experimentations

Android_Emuroot is a Python script that allows granting root privileges on the fly to shells running on Android virtual machines that use google-provided emulator images called Google API Playstore…

The ZAP by Checkmarx Core project

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Privilege Escalation Enumeration Script for Windows

Basics on commands/tools/info on how to assess the security of mobile applications

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Python script that converts Burp Suite HTTP proxy history files to CSV or HTML

Windows Exploit Suggester - Next Generation

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.