A tool for testing for certificate validation vulnerabilities of TLS connections made by a client device or an application.

Bash script to automate setup of Linux router useful for IoT device traffic analysis and SSL mitm

A big list of Android Hackerone disclosed reports and other resources.

A Magisk module provides static AARCH64 Tcpdump binary

Display and control your Android device

Hand-crafted Frida examples

The first open-source AI-driven tool for automatically generating system-level test cases (also known as fuzzing) for web/enterprise applications. Currently targeting whitebox and blackbox testing …

🔥 Turn entire websites into LLM-ready markdown or structured data. Scrape, crawl and extract with a single API.

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!!!)

An in-app debugging and exploration tool for iOS

Automate Active Directory Enumeration

Python script for converting obsidian md-file to html (recursively adds all link/images)

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.

Collection of cheat sheets useful for pentesting

fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere.

Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http

AI bot that translates your question to a command and executes it yolo style

A collection of custom built scan templates for automated vuln scanning (nuclei, Burp, etc.)

NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc.. Vulnerabilities in Web Applications

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

Your favorite operating systems in one place. A network-based bootable operating system installer based on iPXE.

Execute code using Azure Automation service without getting charged

Partial python implementation of SharpGPOAbuse

ScriptSentry finds misconfigured and dangerous logon scripts.

For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)

This is a collection of some of mine mindmaps abount pentesting created with Obsidian.

Low and slow password spraying tool, designed to spray on an interval over a long period of time

Ask a TGS on behalf of another user without password

Bypassing UAC with SSPI Datagram Contexts