💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp…

Dynamic unpacker based on PE-sieve

NTLM HTTP relay tool with SOCKS proxy for browser session hijacking

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

The repo is finally unlocked. enjoy the party! The fastest repo in history to surpass 100K stars ⭐. Join Discord: https://discord.gg/5TUQKqFWd Built in Rust using oh-my-codex.

Havoc C2 BOF — WFP kernel-space SYSTEM escalation + command execution with indirect syscalls, patchless AMSI/ETW bypass, and return address spoofing

Protect against malicious code installed via npm, yarn, pnpm, npx, pnpx, pip, uv and poetry with Aikido Safe Chain. Free to use, no tokens required.

Free educational content on reverse engineering and malware analysis from the FLARE team

An Ansible collection that installs an SCCM deployment with optional configurations.

Reimplementing Havoc Pro Runtime Channel Switching and Cobalt Strike UDC2 features.

Example extensions for CrystalC2

Demonstrating 3 persistence layers from a single EXE, that converts itself into proxy DLLs at runtime

Surgical UNWIND_INFO preservation for sleep masking without call stack spoofing.

A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.

InfraGuard is a Command & Control Redirection Proxy and Manager which protects your Red Team Infrastructure against threat attribution

A SAST skill that gives AI coding agents structured vulnerability detection across 34 vulnerability classes.

Open-source AI hackers to find and fix your app’s vulnerabilities.

Teams-first Multi-agent orchestration for Claude Code

Recursive downloading of files in a specific directory and its sub-directories

Langflow is a powerful tool for building and deploying AI-powered agents and workflows.

BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation

Fast, Declarative, Reproducible, and Composable Developer Environments using Nix

Fawkes is a golang Mythic C2 Agent exclusively written by AI.

Hides in your attic... I mean process

Evilginx Phishlets for the OSE Course

DarkSword webkit exploit captured ITW

Beginner, advanced, expert level Rust training material

Source code for CrystalC2's Beacon payload.

Source code for the CrystalC2 client.