TimelineJS v3: A Storytelling Timeline built in JavaScript. http://timeline.knightlab.com

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Basic implementations of standard cryptography algorithms, like AES and SHA-1.

C++ AES implementation

Docker setup for Evilginx version 3.0. For educational purposes only!

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Attack Surface Management Platform

Adversary Emulation Framework

Dear ImGui: Bloat-free Graphical User interface for C++ with minimal dependencies

StandIn is a small .NET35/45 AD post-exploitation toolkit

Extracting Clear Text Passwords from mstsc.exe using API Hooking.

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

Cheat Engine. A development environment focused on modding

A mostly-serverless distributed hash cracking platform

A (partial) Python rewriting of PowerSploit's PowerView

Lists who can read any gMSA password blobs and parses them if the current user has access.

The Minimalistic x86/x64 API Hooking Library for Windows

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, T…

A series of increasingly complex programs demonstrating function hooking on 64 bit Windows. Culminating in a program that hooks mspaint to make it always paint orange.

Identifies the bytes that Microsoft Defender flags on.

low cost software radio platform

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

LoadLibrary for offensive operations

A post exploitation framework designed to operate covertly on heavily monitored environments

Run qemu/kvm vm's inside a docker container

Potentially dangerous files

Python script to exploit java unserialize on t3 (Weblogic)