Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Nginx configuration static analyzer

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Easy & Flexible Alerting With ElasticSearch

Create *beautiful* command-line interfaces with Python

Malicious traffic detection system

Rewrite of the popular wireless network auditor, "wifite"

Infection Monkey - An open-source adversary emulation platform

SQL 审核查询平台

Automated Adversary Emulation Platform

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Magic to turn Cursor/Windsurf as 90% of Devin

Scanning APK file for URIs, endpoints & secrets.

The FLARE team's open-source tool to identify capabilities in executable files.

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Automatically install all Kali linux tools

Hunt for security weaknesses in Kubernetes clusters

Stalk your Friends. Find their Instagram, FB and Twitter Profiles using Image Recognition and Reverse Image Search.

The Network Execution Tool

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

A python script that finds endpoints in JavaScript files

Knock Subdomain Scan

Server-Side Template Injection and Code Injection Detection and Exploitation Tool

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, build your taylor-made EASM tool, co…