Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Weaponized Browser-in-the-Middle (BitM) for Penetration Testers

AuditKit - Multi-Cloud Compliance Scanner & Evidence Collection

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Browser extension for examining SAML messages

Official NetHack Git Repository

Archive of 55 million RuneScape usernames released in 2014

Hook and simulate global keyboard events on Windows and Linux.

📁🔑 Scans given directories for files with known sensitive or credential-containing extensions.

✉️ Returns the DMARC policy and ratios of a given list of domains.

A clean, dark Visual Studio Code theme that celebrates the lights of Downtown Tokyo at night.

✨ Build a beautiful and simple website in literally minutes. Demo at https://beautifuljekyll.com

Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

Python script that performs email address validation against Office 365 without submitting login attempts.

User Enumeration of Microsoft Teams users via API

Discover and verify professional emails using names + domains

A standalone SSH server written in Go

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.

A library for detecting known secrets across many web frameworks

FizzBuzz Enterprise Edition is a no-nonsense implementation of FizzBuzz made by serious businessmen for serious business purposes.

Tool for Active Directory Certificate Services enumeration and abuse

"Golden" certificates

PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.

Offline Text To Speech synthesis for python

A big list of homoglyphs and some code to detect them

DHCP starvation attack

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports