Umami is a modern, privacy-focused analytics platform. A better, open-source alternative to Google Analytics, Mixpanel and Amplitude.

Open-source AI agents for penetration testing

KiCAD MCP is a Model Context Protocol (MCP) implementation that enables Large Language Models (LLMs) like Claude to directly interact with KiCAD for printed circuit board design.

Modified version of PEAS client for offensive operations

SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket

A tool to play with scheduled tasks on Windows, in Rust

A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses …

Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.

🔑 Generate customized SSH public keys with VaniSSH, creating keys that start, contain, or end with your chosen strings for easy identification.

The cryptography-based networking stack for building unstoppable networks with LoRa, Packet Radio, WiFi and everything in between.

The AI coding agent built for the terminal.

This is the tool to dump the LSASS process on modern Windows 11

PoC for popping a system shell against the LnvMSRIO.sys driver

Android Kernel Exploitation

one-for-all llm powered, passive & active subdomain enumeration tool

Tool to interact with PLCs at packet level

Python script to launch burp scans automatically

clad -- automatic differentiation for C/C++

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

Scan MCP servers for potential threats & security findings.

PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads

Depix is a PoC for a technique to recover plaintext from pixelized screenshots.

User-friendly AI Interface (Supports Ollama, OpenAI API, ...)

SURF - Advanced Go HTTP client with Chrome/Firefox browser impersonation, HTTP/3 with QUIC fingerprinting, JA3/JA4 TLS emulation, and anti-bot bypass for web automation and scraping.

Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox

Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.

Tools for interacting with authentication packages using their individual message protocols

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.