Lists (1)
Starred repositories
Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we confi…
React2Shell is a Python-based proof-of-concept tool designed to exploit CVE-2025-55182 and CVE-2025-66478, both impacting Next.js applications using React Server Components (RSC).
The Internets #1 Subdomain Takeover Tool
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
undust is a URL pattern generator that helps uncover archived, backup, and temporary files left behind on web servers. Given a URL, it generates the most common archive, temp and backup file name v…
PwnPad is an affordable, hands-on hardware hacking platform built for practical learning. It features a range of challenges that walk users through key hardware security concepts, from PCB design t…
A visual reference of 118 essential red team tools, frameworks & standards, organized like a periodic table. Includes a printable PDF version.
Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Basic brute-force script targeting the standard Keycloak Admin/User Console browser login flow.
Self-hosted bug bounty programs that are "scammy" or unethical
Feature-rich single-binary file server for red teamers and developers. HTTP/S · WebDAV · SFTP · SMB · NTLM hash capture · DNS/SMTP callbacks · TLS · Auth · Share links. A powerful python3 -m http.s…
I <3 Shells (iv3shells) is a script that generates reverse-shells in a quick-and-easy way.
This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
Discover new target domains using Content Security Policy
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Dominate Active Directory with PowerShell.
Swagger UI >=3.14.1 < 3.38.0 XSS payload
A collection of tools that I use in CTF's or for assessments
ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminating the need for tools like accesschk.exe or other non-native …
Most Responder's configuration power in your hand.
Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs
A DNS meta-query spider that enumerates DNS records, and subdomains.
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)