Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4-3.13. You feed it your Python app, it does a lot of clever things, and spits out an executable or exte…

HTNotes - Make your Hack The Box notes with Obsidian

A crypter written in python

An AMSI bypass script generator that generates PowerShell snippet that either disables AMSI or manipulates amsiScanBuffer function to evade Defender/EDR scans.

Real fucking shellcode encryptor & obfuscator tool

A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

Rust-based, high-concurrency web scraping engine designed to bypass modern Web Application Firewalls (WAFs) and challenge pages (like Cloudflare). It utilizes a hybrid approach, combining lightweig…

An advanced, modular Red Team payload framework featuring Hell's Gate syscalls, ETW patching, parent process spoofing, and multi-language support

AI-Driven Automated Red Team Orchestration Framework | AI驱动的自动化红队编排框架 | 101 MCP Tools | 2000+ Payloads | Full ATT&CK Coverage | MCTS Attack Planner | Knowledge Graph | Cross-platform

GregsBestFriend process injection code created from the White Knight Labs Offensive Development course

POC for CVE-2025-54918 and a technical demonstration.

A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.

SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.

EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

A lightweight GPT model, trained to discover subdomains.

Leverage the power of AI to find hard to find subdomains.

ReconX is a powerful automated reconnaissance and vulnerability scanning tool designed for ethical hackers, penetration testers, and security researchers. It effortlessly scans domains, extracts li…

DursGo - The Go-Powered Web Application Scanner - With AI-Powered Analysis

S3TakeOver

Extract subdomains from CSP headers

undust is a URL pattern generator that helps uncover archived, backup, and temporary files left behind on web servers. Given a URL, it generates the most common archive, temp and backup file name v…

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Pentest Copilot is an AI-powered browser based ethical hacking assistant tool designed to streamline pentesting workflows.

Find web directories without bruteforce

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

0dayCrawer&Collector

Tool to check for dependency confusion vulnerabilities in multiple package management systems

A Bash script to monitor the status of hosts. It allows you to add, remove, display, clean duplicate entries, and count unique IP addresses. Use long (--add, --clean) or short (a, c) command option…