Monitors Github for leaked secrets

Generates combination of domain names from the provided input.

metame is a metamorphic code engine for arbitrary executables

Remote Administration Tool for Windows

Python Remote Administration Tool (RAT)

Zepp's web fuzzer

🕸️ Use the combinatorics gem to permute the power set of slash-delimited directory names in local and network path names as a penetration testing reconnaissance technique

Pathname generator for directory brute-forcing web apps

💧 IIS CGI Environment Variable Leakage Proof-of-Concept

Web path scanner

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Most advanced XSS scanner.

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Bruteforce HTTP Authentication

Tool to communicate with RPC services and check misconfigurations on NFS shares

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Give me tfp0, I give you jelbrek

Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.

$50 Million CTF from Hackerone - Writeup

A python script that finds endpoints in JavaScript files

Identificador de Web Application Firewall

w3af: web application attack and audit framework, the open source web vulnerability scanner.

A curated list of awesome YARA rules, tools, and people.

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

Red Team Tips as posted by @vysecurity on Twitter

MemProcFS

List of Awesome Red Teaming Resources

A reviewed list of useful PHP static analysis tools