Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of s…

Z-Wave Packet Interception & Injection Tool (Reloaded 2025 - Python 3, S2 Support and with a modern GUI powered by Dear ImGUI)

Beads - A memory upgrade for your coding agent

ClickForClickOnce - Generate configurable clickonce payloads

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

Modern tests to detect automated browser behavior. Cover most important leaks from Puppeteer and Playwright.

Martian is a library for building custom HTTP/S proxies

A wrapper around grep, to help you grep for things

Fetch many paths for many hosts - without killing the hosts

Identity-Aware Tunneled Reverse Proxy Server with Dashboard UI

Proximity is a MCP security scanner powered with NOVA

Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools

Windows protocol library, including SMB and RPC implementations, among others.

Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox

A collection of tips & tricks on how to escape a kiosk mode environment

Linux Kernel Rootkit for modern kernels (6x)

The dragon in the dark. A red team post exploitation framework for testing security controls during red team assessments.

Multi-architecture emulation for the modern era.

EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.

Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supported)! ☢️

A webshell and a normal file that have the same MD5

This repository contains dotNet tools to address dotNet binary bloat.

A GUI and CLI tool for removing bloat from executables

Proof of Concepts for malicious maintainers: How to Tamper with Releases built with GitHub Actions Worfklows, presented at fwd:cloudsec Europe 2025

Utilities for Sysmon

A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom.