Nidhogg – All-In-One Simple To Use Rootkit For Red Teams
Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit...
Tools
PentestGPT – A GPT-empowered Penetration Testing Tool
A GPT-empowered penetration testing tool. Common Questions Q: What is PentestGPT? A: PentestGPT is a penetration testing tool empowered by...
rebindMultiA – Tool To Perform a Multiple A Record Rebind Attack
rebindMultiA is a tool to perform a Multiple A Record rebind attack. rebindmultia.com is a domain that I've set up...
Bootlicker – A Generic UEFI Bootkit Used To Achieve Initial Usermode Execution
bootlicker is a legacy, extensible UEFI firmware rootkit targeting vmware hypervisor virtual machines. It is designed to achieve initial code...
Platbox – UEFI And SMM Assessment Tool
UEFI and SMM Assessment Tool Features Platbox is a tool that helps assessing the security of the platform: Dumps the...
Azure-AccessPermissions – Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment
Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment. Background details can be found...
GodPotato – Local Privilege Escalation Tool From A Windows Service Accounts To NT AUTHORITY\SYSTEM
Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of...
Graphcat – Generate Graphs And Charts Based On Password Cracking Result
Simple script to generate graphs and charts on hashcat (and john) potfile and ntds Install git clone https://github.com/Orange-Cyberdefense/graphcatcd graphcatpip install...
Acheron – Indirect Syscalls For AV/EDR Evasion In Go Assembly
Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be...
Hades – Go Shellcode Loader That Combines Multiple Evasion Techniques
Hades is a proof of concept loader that combines several evasion technques with the aim of bypassing the defensive mechanisms...
Dumpulator – An Easy-To-Use Library For Emulating Memory Dumps. Useful For Malware Analysis (Config Extraction, Unpacking) And Dynamic Analysis In General (Sandboxing)
Note: This is a work-in-progress prototype, please treat it as such. Pull requests are welcome! You can get your feet...
Bypass-403 – A Simple Script Just Made For Self Use For Bypassing 403
A simple script just made for self use for bypassing 403 It can also be used to compare responses on...
KoodousFinder – A Simple Tool To Allows Users To Search For And Analyze Android Apps For Potential Security Threats And Vulnerabilities
A simple tool to allows users to search for and analyze android apps for potential security threats and vulnerabilities Account...
Wafaray – Enhance Your Malware Detection With WAF + YARA (WAFARAY)
WAFARAY is a LAB deployment based on Debian 11.3.0 (stable) x64 made and cooked between two main ingredients WAF +...
RustChain – Hide Memory Artifacts Using ROP And Hardware Breakpoints
This tool is a simple PoC of how to hide memory artifacts using a ROP chain in combination with hardware...
Cbrutekrag – Penetration Tests On SSH Servers Using Brute Force Or Dictionary Attacks. Written In C
Penetration tests on SSH servers using dictionary attacks. Written in C. brute krag means "brute force" in afrikáans Disclaimer This...
ShadowSpray – A Tool To Spray Shadow Credentials Across An Entire Domain In Hopes Of Abusing Long Forgotten GenericWrite/GenericAll DACLs Over Other Objects In The Domain
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other...
PassMute – PassMute – A Multi Featured Password Transmutation/Mutator Tool
This is a command-line tool written in Python that applies one or more transmutation rules to a given password or...
Lfi-Space – LFI Scan Tool
Written by TMRSWRR Version 1.0.0 All in one tools for LFI VULN FINDER -LFI DORK FINDER Instagram: TMRSWRR Screenshots How...
TLDHunt – Domain Availability Checker
TLDHunt is a command-line tool designed to help users find available domain names for their online projects or businesses. By...
Indicator-Intelligence – Finds Related Domains And IPv4 Addresses To Do Threat Intelligence After Indicator-Intelligence Collects Static Files
Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files. Done Related domains, IPs collect...
SpiderSuite – Advance Web Spider/Crawler For Cyber Security Professionals
An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface...
Domain-Protect – OWASP Domain Protect – Prevent Subdomain Takeover
OWASP Global AppSec Dublin - talk and demo Features scan Amazon Route53 across an AWS Organization for domain records vulnerable...
Nimbo-C2 – Yet Another (Simple And Lightweight) C2 Framework
About Nimbo-C2 is yet another (simple and lightweight) C2 framework. Nimbo-C2 agent supports x64 Windows & Linux. It's written in...
