A rapid API for the Project Sonar dataset

Issues with WebSocket reverse proxying allowing to smuggle HTTP requests

Open-Source Shellcode & PE Packer

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Hand-crafted Frida examples

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

A tool for passive data capture and reconnaissance of serial flash chips. It is used in conjunction with a Saleae logic analyzer to reconstruct flash memory contents and extract contextual informat…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

A Go port of the awesome jsbeautifier tool

A Tool for Domain Flyovers

Runs frida-server on boot as root with magisk.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

CTF Writeups

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Adversary Emulation Framework

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR…

A tool to perform Kerberos pre-auth bruteforcing

Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

hostapd-mana - build-files, and installation-files for OpenWRT

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

List of Awesome Red Teaming Resources

Smart Meter Security Testing Framework

Cheat that uses a driver instead WinAPI for Reading / Writing memory.

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca…

Porting for Metasploit of the infamous Esteemaudit RDP Exploit