open source password manager

PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.

Comprehensive toolkit for Ghidra headless.

Identify and exploit leaked handles for local privilege escalation.

A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.

Play around with your own cluster nodes using docker containers.

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

The Rogue Access Point Framework

Open source education content for the researcher community

All in One Hacking Tool for Linux & Android

Incredibly fast crawler designed for OSINT.

Protect and discover secrets using Gitleaks 🔑

Some tools to automate recon - 003random

A collection of the solutions people wrote for the H1-212 Capture The Flag event

Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks

Crypto 101, the introductory book on cryptography.

A tiny and cute URL fuzzer

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

An offline Wi-Fi Protected Setup brute-force utility

The XSS Hunter service - a portable version of XSSHunter.com

Burp plugin able to find reflected XSS on page in real-time while browsing on site

ActiveScan++ Burp Suite Plugin

A lightweight CSRF Toolkit for easy Proof of concept

Fast subdomains enumeration tool for penetration testers

A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups.

Automated XSS Finder

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrar…