A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily

C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.

From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

BloodyAD is an Active Directory Privilege Escalation Framework

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling

A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Version 2 of the Graphical Realism Framework for Industrial Control Simulation (GRFICS)

Automatic SQL injection and database takeover tool

This repo contains some Amsi Bypass methods i found on different Blog Posts.

Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Tool for Active Directory Certificate Services enumeration and abuse

Find domains and subdomains related to a given domain

Desktop application for Windows to read, modify and write shortcut files (.lnk) with ease.

Active Directory and Internal Pentest Cheatsheets

A JSN-SR04T ultrasonic sensor, connected to an ESP8266 to calculate the water level in a water tank.

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

A swiss army knife for pentesting networks

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

Joplin - the privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…