The recursive internet scanner for hackers. 🧡

Six Degrees of Domain Admin

The SpecterOps project management and reporting engine

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysi…

Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project)

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Obfuscate Go builds

Load shellcode into a new process

A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.

The Havoc Framework

A tool for quickly evaluating IAM permissions in AWS.

Automating situational awareness for cloud penetration tests.

DNS Enumeration Script

This repository contains an example Python API that is vulnerable to several different web API attacks.