.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

Wordlists for creating statistically likely username lists for use in password attacks and security testing

Find, verify, and analyze leaked credentials

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

OSINT Tool: Generate username lists for companies on LinkedIn

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Single-file PHP shell

Execute commands interactively on remote Windows machines using the WinRM protocol

The DCERPC only printerbug.py version

Quick scripts I developed to streamline OSCP tasks

Shellcode IDE — makes developing and analyzing shellcode much more convenient.

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

Sliver CheatSheet for OSEP

PowerShell script to automate enabling RDP, local admin user creation, and configuring firewall rules for RDP access.

Compiled UACME

Defeating Windows User Account Control

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

An OSINT tool to search for accounts by username and email in social networks.

New generation of wmiexec.py

Deception implementation through analysis of BloodHound data

sl0ppy-PrivescTaskCreator.ps1

Scrape domain names from SSL certificates of arbitrary hosts

KrbRoastParser is a tool for parsing Kerberos packets from pcap files to extract AS-REQ, AS-REP and TGS-REP hashes

PHP shells that work on Linux OS, macOS, and Windows OS.

Local Privilege Escalation to Root via Sudo chroot in Linux

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

A web CTF for training developers in bug hunting and secure coding!