A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Interact with your documents using the power of GPT, 100% privately, no data leaks

the only cheat sheet you need

Credentials recovery project

Go ahead and axolotl questions

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

Tools & Interesting Things for RedTeam Ops

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

A discord token grabber, crypto wallet stealer, cookie stealer, password stealer, file stealer etc. app written in Python.

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

The useful exploit finder

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

onedrive user enumeration - pentest tool to enumerate valid o365 users

Overlord - Red Teaming Infrastructure Automation

An OSINT tool that helps detect members of a company with leaked credentials

Check for LDAP protections regarding the relay of NTLM authentication

BadZure orchestrates the setup of Azure AD tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack …

Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps C…

[PH0MBER]: An open source infomation grathering & reconnaissance framework!

Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory

Python3 terminal application that contains 405 Neo4j cyphers for BloodHound data sets and 388 GUI cyphers

AI-powered cybersecurity chatbot designed to provide helpful and accurate answers to your cybersecurity-related queries and also do code analysis and scan analysis.

An application to analyze the EML file

LDAP enumeration tool implemented in Python3

Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles

InfoHound is an OSINT to extract a large amount of data given a web domain name.

Just some random Red Team Scripts that can be useful