Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Rockyou for web fuzzing

Database management in a single PHP file

Exploitation Framework for Embedded Devices

ICS/SCADA honeypot

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR…

This repo contains some Amsi Bypass methods i found on different Blog Posts.

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

Tool for Active Directory Certificate Services enumeration and abuse

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

A next-generation crawling and spidering framework.

All reasonably stable tools

The Network Execution Tool

A free Windows-compatible Operating System

Bypass Chromium's App-Bound Encryption via Direct Syscall-based Reflective Process Hollowing. Extract cookies, passwords, payment methods & tokens from Chrome, Edge, Brave & Avast - fileless, user-…

The swiss army knife of LSASS dumping

Credentials recovery project

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Hidden parameters discovery suite

Mimikatz implementation in pure Python

OWASP VulnerableApp Project: Break it. Scan it. Reproduce it. Improve it.

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

A little tool to play with Windows security

Trying to tame the three-headed dog.

game of active directory