Arsenal is just a quick inventory and launcher for hacking programs

A JXA script that leverages sqlite3 API calls to add items to the user's TCC database at: ~/Library/Application Support/com.apple.TCC/TCC.db

Comfortable 3-finger and 4-finger swipe gesture using Xdotool in native C++

macOS Security Compliance Project

Euli is not a computer game but a tool which helps you set up a real life treasure hunt

Pentesting/Bugbounty Dockerfiles.

Adversary Tactics - PowerShell Training

The SpecterOps project management and reporting engine

OSWE Preparation

Quick and dirty scripts that don't really belong in a larger project

Gather Open-Source Intelligence using PowerShell.

Red Team Tool Kit

Red Team Tips as posted by @vysecurity on Twitter

🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.

The cheat sheet about Java Deserialization vulnerabilities

Scripts I use during pentest engagements.

myBFF - a Brute Force Framework

Password lists for use in penetration testing situations, broken up by TLD.

SCADA StrangeLove Default/Hardcoded Passwords List

A swiss army knife for pentesting networks

A repository for large scripts from my book.

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.