Passive JavaScript reconnaissance for penetration testers — bridging Burp Suite traffic into structured, AST-based analysis in VSCode.

NoDPI is a utility for bypassing the DPI (Deep Packet Inspection)

A tool to easily perform GitHub Device Code Phishing on red team engagements

Hunt for security weaknesses in Kubernetes clusters

CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a ski…

OSINT Framework

A.I.G (AI-Infra-Guard) is a full-stack AI Red Teaming platform developed by Tencent Zhuque Lab that secures your AI ecosystem from infrastructure to agents.

M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.

Miscellaneous stuff I create

AdaptixC2 is a highly modular advanced redteam toolkit

Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs

Windows protocol library, including SMB and RPC implementations, among others.

Bring runZero Exposure Management into BloodHound

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

BOF to steal browser cookies & credentials

The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencies.

Modular Enumeration and Password Spraying Framework

Username enumeration and password spraying tool aimed at Microsoft O365.

The fastest and more comprehensive multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷

A curated list of awesome resources related to enhancing your enterprise Email Security

A lightweight GPT model, trained to discover subdomains.

🕵️‍♂️ All-in-one OSINT tool for analysing any website

The purpose of this project is to demonstrate the Log4Shell exploit with Log4J vulnerabilities using PDF as delivery channel

Hidden parameters discovery suite

LudusHound is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via Ludus for controlled testing.

🔥 The Web Data API for AI - Turn entire websites into LLM-ready markdown or structured data

🚀 Caido releases, wiki and roadmap

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

A library for detecting known secrets across many web frameworks