Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Attack Surface Management Platform

Testing TLS/SSL encryption anywhere on any port

Scripted Local Linux Enumeration & Privilege Escalation Checks

Linux privilege escalation auditing tool

Replace zsh's default completion selection menu with fzf!

Linux enumeration tool for pentesting and CTFs with verbosity levels

Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡

Automatically exported from code.google.com/p/unix-privesc-check

Hacks I discovered allowing Wyze camera owners to do customizations

Some useful scripts for CobaltStrike

The Official Hak5 Shark Jack Payload Repository

Scalpel is an open source data carving tool. It is not being actively maintained.

Password cracking rules and masks for hashcat that I generated from cracked passwords.

The Official Packet Squirrel Payload Repository

A script for credentials-based attack surface enumeration and general reconnaissance of massive networks

TotalRecon installs all the recon tools you need

A POSIX-compliant, fully automated WPA PSK PMKID and handshake capture script aimed at penetration testing

The Official LAN Turtle Module Repository

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Password Hunter in Active Directory

Auto-generate an HTaccess for payload delivery -- automatically pulls ips/nets/etc from known sandbox companies/sources that have been seen before, and redirects them to a benign payload.

Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)

An automated wrapper script for patching iOS applications (IPA files) and work on non-jailbroken device

Repository of resources for configuring a Red Team SIEM using Elastic

This is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).

Kubernetes Stranger Danger

One-off scripts

Scripts for public use that we've randomly written, or have updated from other people's work.