Intelligent automation and multi-agent orchestration for Claude Code

JamfHound is a python3 project designed to collect and identify attack paths in Jamf Pro tenants based on existing object permissions by outputting data as JSON for ingestion into BloodHound.

Testing TLS/SSL encryption anywhere on any port

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

Microsoft Account Enumeration Tool

Conference presentation slides

Script to check Azure Front Door WAF for insecure RemoteAddr variable

A tool for coercing and relaying Kerberos authentication over DCOM and RPC.

The personal finance app for everyone

Module that (tries) to dump clipboard history on most versions of Windows. Attempts live clipboard extraction as well.

A library for detecting known secrets across many web frameworks

top usernames from azure survey 2025

A next-generation crawling and spidering framework.

😎🏖️🐬 Your new, 𝙧𝙞𝙙𝙤𝙣𝙠𝙪𝙡𝙞𝙘𝙞𝙤𝙪𝙨𝙡𝙮 smart clipboard manager

onedrive user enumeration - pentest tool to enumerate valid o365 users

Everything and anything related to password spraying

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

Simple python tool for password spraying against a 401 endpoint (basic/ntlm) when you know a lockout policy (ie will try X number of attempts, then sleep for Y minutes)

A phonebook.cz scraper

Wordlists for creating statistically likely username lists for use in password attacks and security testing

OSINT Tool: Generate username lists for companies on LinkedIn

Exchange your privileges for Domain Admin privs by abusing Exchange

Weaponizing DCOM for NTLM Authentication Coercions

A tool for checking if MFA is enabled on multiple Microsoft Services

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

Windows remote execution multitool

This script analyzes the DCSync output file from several tools (such as Mimikatz, Secretsdump and SharpKatz...)

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications