Serverless AITM Simulation Framework for Entra ID and M365

Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

sigreturn-oriented programming (SROP) based sleep obfuscation poc for Linux

KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Microsoft Sentinel environments.

Process injection alternative

Cobalt Strike BOF

An experimental project exploring the use of Large Language Models (LLMs) to solve HackTheBox machines autonomously.

Usermode exploit to bypass any AC using a 0day shatter attack.

BinaryNinja dotnet C# Bindings (Typed, Safe, Native AOT Ready)

Impacket with added MSSQL Relay server

A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.

Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow.

Extensible Position Independent Code – shellcode (C/C++) development and building toolkit designed for developer experience, predictability, and modularity.

64-bit, position-independent implant template for Windows in Rust.

Decrypt Chromium based browser passwords with PowerShell.

Red Team tools containerized

**A powerful, offline, single-file HTML tool designed for developers and security researchers to inspect and analyze JavaScript Source Map (`.js.map`) files.**

BurpSuite Extension leveraging new Montoya API to automatically sets payload positions to your inruder tab saving you time during VAPT.

Redirect any Windows/MacOS TCP and UDP traffic to HTTP/Socks5 proxy

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully…

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

A new AiTM attack framework — based on leveraging service workers — designed to conduct credential phishing campaigns. Thanks to its minimalist, robust, and highly adaptable architecture, this solu…

The best ChatGPT that $100 can buy.

Monitoring and controlling kernel API calls with stealth hook using EPT

ClickForClickOnce - Generate configurable clickonce payloads

DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering.

Local AI Model (GGUF) Management Script