Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

A scalable overlay networking tool with a focus on performance, simplicity and security

A fast TCP/UDP tunnel over HTTP

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

In-depth attack surface mapping and asset discovery

Open-Source Phishing Toolkit

Adversary Emulation Framework

The Havoc Framework

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

Monitor linux processes without root permissions

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

Modlishka. Reverse Proxy.

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Scan for misconfigured S3 buckets across S3-compatible APIs!

The Swiss Army knife for automated Web Application Testing

A tool to abuse Exchange services

Automating situational awareness for cloud penetration tests.

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

evilginx3 + gophish

Shikata ga nai (仕方がない) encoder ported into go with several improvements

Exploit for CVE-2019-11043

Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/

SSH based reverse shell