Lists (12)
Sort Name ascending (A-Z)
Active Directory
Tools for use in Active Directory environments.BOFs
C2 code executionCheatsheets
Useful repos with quick hacks and checklists.Cloud Security
Useful tools for cloud security assessments.Endpoint Security
Useful tools for testing the security of physically present devices.External Network
List of useful tools for external penetration testsMobile Applications
Useful tools for testing applications on both the iOS and Android platformsOpen-Source C2s
Public Command and Control frameworksStars
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
Search for potential frontable domains
Xray panel supporting multi-protocol multi-user expire day & traffic & ip limit (Vmess & Vless & Trojan & ShadowSocks & Wireguard)
Tunnel tcp connection through http in Python
A tool to create network tunnels over HTTP/S written in Python 3
Simple SOCKS5 proxy server realization using boost::asio library
MySQL User Defined Functions Exploitation to RCE or PrivEsc Simple Cheat Sheet.
Tool to extract Kerberos tickets from Linux kernel keys.
A fully open source & end-to-end encrypted note taking alternative to Evernote.
Slack enumeration and exposed secrets detection tool
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
🎯 SQL Injection Payload List
Flipper Zero Unleashed Firmware
Playground (and dump) of stuff I make or modify for the Flipper Zero
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by…
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
Complex and extendable http messages with dynamic modifications in client and server
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
A tool for pointesters to find candies in SharePoint
This is a demo shell powered by WebAssembly, WASI, Asyncify and File System Access API.
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.