A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation

SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-…

CeWLeR - Custom Word List generator Redefined. CeWL alternative in Python, based on the Scrapy framework.

Penelope Shell Handler

One Token To Rule Them All https://labs.mwrinfosecurity.com/blog/incognito-v2-0-released/

Kali Linux Fixes for Newly Imported VM's

Username enumeration and password spraying tool aimed at Microsoft O365.

Python3 tool to perform password spraying using RDP

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

A multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷

A curated list of awesome iOS application security resources.

Generate wordlists from Github repositories

DarkGPT is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your t…

hauditor is a tool designed to analyze the security headers returned by a web page.

A tool for quickly evaluating IAM permissions in AWS.

winPEAS, but for Active Directory

IoT security refers to the measures taken to protect internet-connected devices and networks from unauthorized access, data breaches, and cyber attacks. It involves securing both the hardware and s…

Sticky notes for pentesting, bug bounty, CTF.

APIsec|SCAN - Free API security testing using Github actions

A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!

📚 A Curated List of Awesome Telegram OSINT Tools, Sites & Resources

This Repo serves as a collection of shared security and penetration testing resources for the cloud.

S3 Account Search

Library that provides collection, processing, and rendering functionality for PHP code coverage information.

The Deepfake Offensive Toolkit