After a friend of mine had been targeted by a phishing attack, I decided to make this Python script: It flodds the phishing endpoint with thousands of seemingly valid usernames and passwords, just …

Fileless web browser information extraction

A collected list of awesome security talks

HERCULES is a special payload generator that can bypass antivirus softwares.

Loki - Simple IOC and YARA Scanner

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these s…

Search for potential frontable domains

Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.

This is an Ansible playbook to create and bootstrap a brand new DigitalOcean virtual server.

PHP Webshell with handy features

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automa…

A tool to detect and crash Cuckoo Sandbox

FruityC2 is a post-exploitation (and open source) framework based on the deployment of agents on compromised machines. Agents are managed from a web interface under the control of an operator.

Modern UI and powerful API for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools.

SIFT & Remnux deployment with ansible

OSINT Framework

Wiki to collect Red Team infrastructure hardening resources

This script emulates an Ethernet over USB device on a Raspberry Pi Zero in order to intercept packets for EVERY SINGLE IPv4 ADDRESS and EVERY HOSTNAME the target host connects to. In the current ex…

P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

A post-exploitation OS X/Linux agent written in Python 2.7

This is a GUI for the projet https://github.com/PowerShellEmpire/Empire

Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled.

Easily test your HTTP library against a local copy of httpbin.org

Master the command line, in one page

🐍🐳 Python module to manage Digital Ocean droplets

DigitalOcean API v2 client for PHP

Flask extension for python-mysql

Learn how to build a production ready web app with Flask and Docker.

Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Demo (login with guest/welc…