Azure Relay Bridge - A cross-platform command line tool to create VPN-less TCP tunnels from and to anywhere

Windows protocol library, including SMB and RPC implementations, among others.

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare

Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s …

Living off the land searches for explorer and sharepoint

D2 is a modern diagram scripting language that turns text to diagrams.

Pretty PowerShell that looks good and functions almost as good as Linux terminal

A cross-platform network monitoring terminal UI tool built with Rust.

Curated list of projects, articles and more related to Offensive Security and Red Teaming. Completely written in Rust.

A next-generation HTTP stealth proxy which perfectly cloaks requests as the Chrome browser across all layers of the stack.

Advanced LLM-powered brute-force tool combining AI intelligence with automated login attacks

Weaponize DLL hijacking easily. Backdoor any function in any DLL.

The recursive internet scanner for hackers. 🧡

Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning

A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial process, takes a snapshot of the process, and injects shellc…

A blind SQL injection brute forcer

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

Python implementation of GhostPack's Seatbelt situational awareness tool

.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation

Host CLR and run .NET binaries using Rust

tiny, portable SOCKS5 server with very moderate resource usage

Extract and execute a PE embedded within a PNG file using an LNK file.

Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijack execution flow with very detailed explanation.

TypeLib persistence technique

rust library for performing remote process injection, originally written for use in Tempest c2 project

Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀