Lists (32)
AD Tools
AI Tools - Software Dev
Azure Tools
BOFs
C2
Cobalt Strike
CVEs
DLL Sideloading
GitHub Attack Techniques
Linux Malware Techniques
Linux Persistence
Linux Rootkits
macOS Malware Techniques
MCP Examples
Mobile Pen Test Tools
Phishing
Pivot Tools
Rust Windows Malware
Secrets Extractors
Social Engineering Tools
Web App Tools
Windows Credential Dumping
Windows Evasion Test Tools
Windows Lateral Movement
Windows Malware Development Tools
Windows Malware Techniques
Windows Privilege Escalation
Windows Reverse Engineering Tools
Windows Shellcode Templates
Windows Tiling
Wireless Tools
Zig Windows Malware
Stars
WhisperX: Automatic Speech Recognition with Word-level Timestamps (& Diarization)
Fully automatic censorship removal for language models
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
lgandx / Responder
Forked from SpiderLabs/ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticatβ¦
A highly configurable Windows status bar written in Python.
Depix is a PoC for a technique to recover plaintext from pixelized screenshots.
Tool for Active Directory Certificate Services enumeration and abuse
File upload vulnerability scanner and exploitation tool.
A Python based ingestor for BloodHound
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
BloodyAD is an Active Directory Privilege Escalation Framework
An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
Bloodhound Reporting for Blue and Purple Teams
Active Directory Integrated DNS dumping by any authenticated user
A (partial) Python rewriting of PowerSploit's PowerView
Exchange your privileges for Domain Admin privs by abusing Exchange
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
MSDAT: Microsoft SQL Database Attacking Tool
SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.
Python version of the C# tool for "Shadow Credentials" attacks
A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE
A library for detecting known secrets across many web frameworks