Automated Adversary Emulation Platform

CTFs as you need them

the LLM vulnerability scanner

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Open Source Vulnerability Management Platform

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Scanning APK file for URIs, endpoints & secrets.

The FLARE team's open-source tool to identify capabilities in executable files.

Scalable fuzzing infrastructure.

GRR Rapid Response: remote live forensics for incident response

Hunt for security weaknesses in Kubernetes clusters

The Network Execution Tool

Windows Exploit Suggester - Next Generation

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, a…

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

A python script that finds endpoints in JavaScript files

Knock Subdomain Scan

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Arsenal is just a quick inventory and launcher for hacking programs

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +100 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PC…