GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

A list of public penetration test reports published by several consulting firms and academic security groups.

Automagically reverse-engineer REST APIs via capturing traffic

Compilation of public failure/horror stories related to Kubernetes

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Automate the creation of a lab environment complete with security tooling and logging best practices

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

Active Directory and Internal Pentest Cheatsheets

Tools, tips, tricks, and more for exploring ICS Security.

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.

*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

A Nmap XSL implementation with Bootstrap.

Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in gener…

Open-source pentesting management and automation platform by Salesforce Product Security

Post Exploitation Wiki

A library of pretexts to use on offensive phishing engagements.

A crossplatform mDNS enumeration tool.

Tool Analysis Result Sheet

A simple web app with a XXE vulnerability.

The official Wiki for the Bash Bunny

Kubernetes Auto Analyzer

Tool for tunnel (Version 2)

Neet - Network Enumeration and Exploitation Tool

Brian's Pentesting and Technical Tips for You

scan & visualize subnets

Code repository for Mastering Modern Web Penetration Testing, published by Packt