My notes containing the Certified Red Team Professional Course

The EXCLUSIVE Collection of 45,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

A basic tool to check security headers of a website

A list of cyber-chef recipes and curated links

Living off the land searches for explorer and sharepoint

A new markup-based typesetting system that is powerful and easy to learn.

Building a modern alternative to Salesforce, powered by the community.

GPT4All: Run Local LLMs on Any Device. Open-source and available for commercial use.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

A suite for hunting suspicious targets, expose domains and phishing discovery

An intelligence gathering tool for hacking Bluetooth

Penelope Shell Handler

A multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷

Partial python implementation of SharpGPOAbuse

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by…

Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound

An ad-hoc disposable temporary mail server. Create and use ad hoc disposable mailboxes for testing or any other purpose.

My Notes about Penetration Testing

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

A vulnerability scanner for container images and filesystems

Infection Monkey - An open-source adversary emulation platform

hauditor is a tool designed to analyze the security headers returned by a web page.

FreeAskInternet is a completely free, PRIVATE and LOCALLY running search aggregator & answer generate using MULTI LLMs, without GPU needed. The user can ask a question and the system will make a mu…

C# Data Collector for BloodHound

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

A Windows CIS benchmark policy compliance auditor

PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.

A Python script to collect campaign data from Gophish and generate a report