The Cloud Native Application Proxy

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Find, verify, and analyze leaked credentials

A fast TCP/UDP tunnel over HTTP

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Adversary Emulation Framework

The Havoc Framework

Monitor linux processes without root permissions

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

An OOB interaction gathering server and client library

Digging Deeper....

Real-time HTTP Intrusion Detection

Contextual Content Discovery Tool

ScareCrow - Payload creation framework designed around EDR bypass.

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

A wrapper around grep, to help you grep for things

A utility to safely generate malicious network traffic patterns and evaluate controls.

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

An Office365 User Attack Tool

all paths lead to clouds

IIS shortname scanner written in Go

A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.

AWS Attack Path Management Tool - Walking on the Moon

Exploit for HiveNightmare - CVE-2021–36934