Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Community curated list of nuclei templates for finding "unknown" security vulnerabilities.

completely ridiculous API (crAPI)

Username enumeration and password spraying tool aimed at Microsoft O365.

A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

🕳 bore is a simple CLI tool for making tunnels to localhost

RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)

EAP_buster is a simple bash script that lists what EAP methods are supported by the RADIUS server behind a WPA-Enterprise access point

Evil client portion of EAP relay attack

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

ripgrep recursively searches directories for a regex pattern while respecting your gitignore

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

AndroGoat

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

DIVA Android - Damn Insecure and vulnerable App for Android

Veil 3.1.X (Check version info in Veil at runtime)

Script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes, MGT identities, interesting relations between APs, clients and it's Probes, WPS informati…

A WPA3 dictionary cracker

Impacket is a collection of Python classes for working with network protocols.

Interactive ChipWhisperer tutorials using Jupyter notebooks.