Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

Compilation of the common security rules for Firebase that are often used by people in their projects.

Automated Firebase security scanner to check for unauthorized read and write access on firestore, realtime databases, storage buckets and remote configs

Firepwn is a tool made for testing the Security Rules of a firebase application.

Firebase Misconfiguration Detection Toolkit - To be presented at Blackhat EU Arsenal

Firebase Quickstart Samples for Android

Six Degrees of Domain Admin

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

A tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints.

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.

Aggregation of lists of malicious IP addresses, to be blocked in the WAN > LAN direction, integrated into firewalls: FortiGate, Palo Alto, pfSense, IPtables

Pack/Encrypt/Obfuscate ELF + SHELL scripts

This repo contains some Amsi Bypass methods i found on different Blog Posts.

Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel

Hints lets you navigate GUI applications in Linux without your mouse by displaying "hints" you can type on your keyboard to interact with GUI elements.

Vim-fork focused on extensibility and usability

😽 Open your Kitty scrollback buffer with Neovim. Ameowzing!

💥 Blazing fast terminal file manager written in Rust, based on async I/O.

sparkling thins up

Bloodhound Reporting for Blue and Purple Teams

A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)

New 0 day vulnerability allowing to leak NTLM hashes from browsers with one click

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

The hacker's browser.

The GZ::CTF project, an open source CTF platform.

CTFs as you need them

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

The Serverless Blind XSS App

An aesthetically pleasing YouTube TUI written in Rust