Highlights
- Pro
PT
Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!
GraphQL automated security testing toolkit
Prototype Pollution and useful Script Gadgets
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
LLDB MCP Integration + other helpful commands
dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
OSINT tool - gets data from services like shodan, censys etc. in one app
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
Automating situational awareness for cloud penetration tests.
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Cloudflare, Sucuri, Incapsula real IP tracker.
☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud
This repository contains a collection of awesome tools and scripts for Developers and Engineers seeking to automate routine tasks on AWS Cloud.
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)
A tool to parse, deduplicate, and query multiple port scans.
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.