DcRat – A Simple Remote Tool Written In C#
DcRat is a simple remote tool written in C# IntroductionFeaturesTCP connection with certificate verification, stable and security Server IP port...
tools
Sx – Fast, Modern, Easy-To-Use Network Scanner
sx is the command-line network scanner designed to follow the UNIX philosophy. The goal of this project is to create...
RemotePotato0 – Just Another “Won’t Fix” Windows Privilege Escalation From User To Domain Admin
Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin. RemotePotato0 is an exploit that allows you to...
JWTweak – Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm
With the global increase in JSON Web Token (JWT) usage, the attack surface has also increased significantly. Having said that,...
Nexfil – OSINT Tool For Finding Profiles By Username
NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over...
The-Bastion – Authentication, Authorization, Traceability And Auditability For SSH Accesses
Bastions are a cluster of machines used as the unique entry point by operational teams (such as sysadmins, developers, database...
Security Scorecards – Security Health Metrics For Open Source
Security Health Metrics For Open SourceMotivationA short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and...
WFH – Windows Feature Hunter
Windows Feature Hunter (WFH) is a proof of concept python script that uses Frida, a dynamic instrumentation toolkit, to assist...
Ipa-Medit – Memory Search And Patch Tool For Resigned Ipa Without Jailbreak
Ipa-medit is a memory search and patch tool for resigned ipa without jailbreak. It was created for mobile game security...
Cariddi – Take A List Of Domains, Crawl Urls And Scan For Endpoints, Secrets, Api Keys, File Extensions, Tokens And More…
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more...PreviewInstallationYou need...
FindObjects-BOF – A Cobalt Strike Beacon Object File (BOF) Project Which Uses Direct System Calls To Enumerate Processes For Specific Loaded Modules Or Process Handles
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or...
GitDump – A Pentesting Tool That Dumps The Source Code From .Git Even When The Directory Traversal Is Disabled
GitDump dumps the source code from .git when the directory traversal is disabledRequirementsPython3 Tested onWindows Kali Linux What it doesDump...
Sharperner – Simple Executable Generator With Encrypted Shellcode
Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can...
TiEtwAgent – PoC Memory Injection Detection Agent Based On ETW, For Offensive And Defensive Research Purposes
This project was created to research, build and test different memory injection detection use cases and bypass techniques. The agent...
Salus – Security Scanner Coordinator
Salus (Security Automation as a Lightweight Universal Scanner), named after the Roman goddess of protection, is a tool for coordinating...
Backstab – A Tool To Kill Antimalware Protected Processes
Have these local admin credentials but the EDR is standing in the way? Unhooking or direct syscalls are not working...
Scour – AWS Exploitation Framework
Scour is a modern module based AWS exploitation framework written in golang, designed for red team testing and blue team...
FRIDA-DEXDump – Fast Search And Dump Dex On Memory
Featuressupport fuzzy search broken header dex. fix struct data of dex-header. compatible with all android version(frida supported). support loading as...
MacHound – An extension to audit Bloodhound collecting and ingesting of Active Directory relationships on MacOS hosts
MacHound is an extension to the Bloodhound audting tool allowing collecting and ingesting of Active Directory relationships on MacOS hosts....
GDir-Thief – Red Team Tool For Exfiltrating The Target Organization’S Google People Directory That You Have Access To, Via Google’s API
Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's People API....
Gorsair – Hacks Its Way Into Remote Docker Containers That Expose Their APIs
Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has...
Lazyrecon – Tool To Automate Your Reconnaissance Process In An Organized Fashion
Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning....
Invoke-DNSteal – Simple And Customizable DNS Data Exfiltrator
Invoke-DNSteal is a Simple & Customizable DNS Data Exfiltrator. This tool helps you to exfiltrate data through DNS protocol over...
OpenAttack – An Open-Source Package For Textual Adversarial Attack
OpenAttack is an open-source Python-based textual adversarial attack toolkit, which handles the whole process of textual adversarial attacking, including preprocessing...
