O ESPhishing é um ataque de captive portal que é executado na placa de desenvolvimento NodeMCU com o microcontrolador ESP8266. É uma ferramenta de engenharia social que gera uma rede WiFi de um det…

M5 Stick C firmware for high-tech pranks and digital self defense

Predatory ESP32 Firmware

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Pentest scripts for abuse Bash on Windows (Cygwin/WSL) - HackLu 2018

A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

A curated list of Awesome Threat Intelligence resources

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Automatic SQL injection and database takeover tool

Python3 tool to perform password spraying using RDP

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

eBook "Bypassing AVS by C#.NET Programming" (Free Chapters only)

A collective list of public APIs for use in security. Contributions welcome

Wiki to collect Red Team infrastructure hardening resources

Search for categorized domain

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names

PwnWiki - The notes section of the pentesters mind.

Six Degrees of Domain Admin

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Perform a MitM attack and extract clear text credentials from RDP connections

Brazilian-Portuguese word list and instructions booklet for Diceware

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

IP obfuscator made to make a malicious ip a bit cuter

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

This is a collection of social engineering tricks and payloads being used for credential theft and spear phishing attacks.

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…

OWASP WebScarab

OWASP iGoat - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar