The Network Execution Tool

A dependency-free cross-platform swiss army knife for PDB files.

The repo is finally unlocked. enjoy the party! The fastest repo in history to surpass 100K stars ⭐. Join Discord: https://discord.gg/5TUQKqFWd Built in Rust using oh-my-codex.

Python version of the C# tool for "Shadow Credentials" attacks

Directory Services Internals (DSInternals) PowerShell Module and Framework

Active Directory forensic framework

Tool for viewing NTDS.dit

Password cracking research using the Have I Been Pwned (HIBP) dataset to evaluate the effectiveness of the PassGPT Large Language Model (LLM).

[ARCHIVED] Repo to coordinate archival efforts with IPFS

Latest hashcat docker for CUDA, OpenCL, and POCL. Deployed on Vast.ai

A tool to download all Pwned Passwords hash ranges and save them offline so they can be used without a dependency on the k-anonymity API

Privilege Escalation Enumeration Script for Windows

Simple Python version management

Active Directory and Internal Pentest Cheatsheets

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.

Direct Memory Access (DMA) Attack Software

An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).

SharpCoercer is a .NET 4.8 C# tool that leverages 16 different RPC-based coercion methods to force remote Windows hosts to authenticate to your listener over SMB or HTTP.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

A proof-of-concept (PoC) Python script used to hide data inside of JSON.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Small and highly portable detection tests based on MITRE's ATT&CK.

List of Awesome Red Teaming Resources

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.

Scriptable Headless Browser

Testing TLS/SSL encryption anywhere on any port