Stars
Scapy: the Python-based interactive packet manipulation program & library.
Extract and crack domain controller machine account password hashes via NTP MS-SNTP authentication.
Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
Generate Frida bypass scripts for Android APK root and SSL checks.
🧠 LLMFuzzer - Fuzzing Framework for Large Language Models 🧠 LLMFuzzer is the first open-source fuzzing framework specifically designed for Large Language Models (LLMs), especially for their integra…
A visual reference of 118 essential red team tools, frameworks & standards, organized like a periodic table. Includes a printable PDF version.
PowerShell & Python tools developed for CTFs and certification exams
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with comma D48D
Check vulnerablity in Website pages using LLM
Everything from my OSEP study.
Bambdas collection for Burp Suite Professional and Community.
Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound
BloodyAD is an Active Directory Privilege Escalation Framework
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
Utility program to perform multiple operations for a given subnet/CIDR ranges.
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
GenZ Shellcode Generator to execute commands with winExec API
Interract with Microsoft SQL Server (MS SQL | MSSQL) servers and their linked instances in restricted environments, without the need for complex T-SQL queries.
Automated prompt-based testing and evaluation of Gen AI applications
🧙♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications
Given a list of domains and known IP and buckets that are owned, which might be susceptible to domain hijacking?