Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Windows Exploit Suggester - Next Generation

« usbkill » is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.

The perfect emulation setup to study and develop the Linux kernel, kernel modules, QEMU, gem5 and x86_64, ARMv7 and ARMv8 userland and baremetal assembly, ANSI C, C++ and POSIX. GDB step debug and …

The Leading Security Assessment Framework for Android.

P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Framework for Man-In-The-Middle attacks

A DNS meta-query spider that enumerates DNS records, and subdomains.

Python Remote Administration Tool (RAT)

Weaponized web shell

Tool for Active Directory Certificate Services enumeration and abuse

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Detect and bypass web application firewalls and protection systems

A Python module for controlling interactive programs in a pseudo-terminal

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

Modern Honey Network

MS17-010

Parsing ELF and DWARF in Python

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

Extract credentials from lsass remotely

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.