The Internets #1 Subdomain Takeover Tool

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

Open-source AI hackers to find and fix your app’s vulnerabilities

Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound

A tool to scrape LinkedIn without API restrictions for data reconnaissance

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

🌐 Make websites accessible for AI agents. Automate tasks online with ease.

Red Teaming & Pentesting checklists for various engagements

AuditKit - Multi-Cloud Compliance Scanner & Evidence Collection

An compiler designed to seamlessly blend the power and control of Assembly with the simplicity and readability of C-like high-level constructs

Port of the EDRSilencer tool (https://github.com/netero1010/EDRSilencer) to BOF format

A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass

Attack surface detector that identifies endpoints by static analysis

As a bug hunter, are your bug bounty reports getting rejected because you don't use a "malicious" Proof of Concept (PoC) app to exploit the vulnerabilities? I've got you covered!

This MCP server uses mobsf api's to scan and analyze the apk and ipa files.

Powerful Android pentesting toolkit running fully on rooted devices.

🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection

Open-source multi-purpose remote access tool for Microsoft Windows

Offensive tool to trigger network authentications as SYSTEM

🔥 Clone and recreate any website as a modern React app in seconds

Cybersecurity AI (CAI), the framework for AI Security

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

PoC to coerce authentication from Windows hosts using MS-WSP

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Autoswagger by Intruder - detect API auth weaknesses

syntax is hard

Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA …

Evasive Payload Delivery Server & C2 Redirector

Tool to bypass LSA Protection (aka Protected Process Light)

Azure Red Team tool for graphing Azure and Azure Active Directory objects