Exposing IDN vulnerabilities, one domain at a time. Generate homograph domain names with Cyrillic lookalikes and PunyCode for security research and phishing analysis.

An NFC research toolkit application for Android

A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily

This project is a deliberately vulnerable environment to learn about LLM-specific risks based on the OWASP Top 10 for LLM Applications.

Purple-team telemetry & simulation toolkit.

Dumping DPAPI credz remotely

Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database

Multi-Cloud Security Auditing Tool

onedrive user enumeration - pentest tool to enumerate valid o365 users

real time face swap and one-click video deepfake with only a single image

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into account…

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Drop in a screenshot and convert it to clean code (HTML/Tailwind/React/Vue)

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

Typosquatting tool that supports OSINT investigations, and designed to operate on multilingual target domains.

Collect infrastructure and permissions data from vCenter and export it as a BloodHound‑compatible graph using Custom Nodes/Edges

FT3: Fraud Tools, Tactics, and Techniques Framework

Create Entra Global Admin accounts from On-Prem

Cybersecurity AI (CAI), the framework for AI Security

LinkedIn recon the easy way

LdapWordlistHarvester but then with neo4j

Script to check Azure Front Door WAF for insecure RemoteAddr variable

All-in-one LLM CLI tool featuring Shell Assistant, Chat-REPL, RAG, AI Tools & Agents, with access to OpenAI, Claude, Gemini, Ollama, Groq, and more.

A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.

User Enumeration of Microsoft Teams users via API

Send phishing messages and attachments to Microsoft Teams users

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.

An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.