Stars
Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
Mass Hunting & Exploitation PoC for CVE-2025-55182 & CVE-2025-66478
A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses …
Explanation and full RCE PoC for CVE-2025-55182
RSC/Next.js RCE Vulnerability Detector & PoC Chrome Extension – CVE-2025-55182 & CVE-2025-66478
Original Proof-of-Concepts for React2Shell CVE-2025-55182
Pre-auth RCE in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0.
Inspec validation profile for CIS Microsoft Azure Foundations Benchmark v3.0.0 - 09-05-2024
The-Viper-One / hashcat-6.2.6-SCCM
Forked from hashcat/hashcathashcat fork with SCCM hash support
Make everyone in your VLAN ASRep roastable
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463
ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.
Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With buil…
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Installs a comprehensive Android pentesting toolkit on Debian-based systems. Includes tools for static and dynamic analysis, automates setup, paths, and launchers. Perfect for testers who want a co…
wspcoerce coerces a Windows computer account via SMB to an arbitrary target using MS-WSP
Pwdlyser is an all encompassing security auditing tool. This repo serves as the open-source base for the new version of Pwdlyser (previously closed-source).
A modern, web-based GUI for Hashcat that provides an intuitive interface for hash cracking operations, featuring real-time monitoring, performance metrics, drag-and-drop functionality, and detailed…