Builds malware analysis Windows VMs so that you don't have to.

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

Binaries for the CodeQL CLI

📊 An infographics generator with 30+ plugins and 300+ options to display stats about your GitHub account and render them as SVG, Markdown, PDF or JSON!

Build your own reconnaissance system with Osmedeus Next Generation

The Swiss Army knife for automated Web Application Testing

Powershell tool to automate Active Directory enumeration.

Collection of Cyber Threat Intelligence sources from the deep and dark web

Depix is a PoC for a technique to recover plaintext from pixelized screenshots.

The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbitrary binaries and scripts using any of our nine supported cl…

Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover

Evasion kit for Cobalt Strike

Find secrets with Gitleaks 🔑

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of s…

Test your prompts, agents, and RAGs. AI Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with co…

Protection against Model Serialization Attacks

Windows protocol library, including SMB and RPC implementations, among others.

OSINT Tool: Generate username lists for companies on LinkedIn

Tools and Techniques for Red Team / Penetration Testing

An Obsidian plugin for displaying markdown notes as mind maps using Markmap.

Gather and update all available and newest CVEs with their PoC.

A fast, simple, recursive content discovery tool written in Rust.

MCP Server for Burp

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Awesome deals on Black Friday: Apps, SaaS, Books, Courses, etc.

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.