Docker poc lab for CVE-2025-55182 / CVE-2025-66478 (React2Shell) detection and exploitation

WIP open-source, cross-platform, and feature rich iOS/tvOS sideloading application. Supporting macOS, Linux, and Windows.

Audits an AppLocker policy XML and reports weak/misconfigured/risky settings, including actual ACL checks.

A local privilege escalation exploit for Splashtop Streamer for Windows prior to version 3.5.0.0

Threadless Process Injection using remote function hooking.

A method of bypassing EDR's active projection DLL's by preventing entry point exection

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

The definitive Web UI for local AI, with powerful features and easy setup.

SSH based reverse shell

A path-normalization pentesting tool.

BloodyAD is an Active Directory Privilege Escalation Framework

Just another Powerview alternative but on steroids

A curated list of the most common and most interesting robots.txt disallowed directories.

A library for detecting known secrets across many web frameworks

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

TrollStore installer for iOS 17.0

curl-like access to AWS resources with AWS Signature Version 4 request signing.

LSPosed Framework

Virtual machines for iOS and macOS

Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

Frida's finally getting Swifty

Blind XSS Scanner is a tool that can be used to scan for blind XSS vulnerabilities in web applications.

MCP server for JADX-AI Plugin

All In One Web Recon

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.