rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

SSL bypass check

A fast WordPress plugin enumeration tool

WEB3 notes for smart contracts auditing and development

Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection

Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement

This script automates the task of patching an apk with frida-gadget

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.

A collection of smart contract vulnerabilities along with prevention methods

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

Academic purposes only. Attack against Salesforce lightning with guest privilege.

Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.

fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.

A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO

Conference presentation slides

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information…

Tool for advanced mining for content on Github

Automated Active Directory lab running on Proxmox

Bug reports from Immunefi Bounty Boosts

Scrapts Scrapts Scrapts

An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.tag) files.

This is an AD pentest tools collection

a signal handler race condition in OpenSSH's server (sshd)

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework

Collection of methodology and test case for various web vulnerabilities.

Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator.

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)