Red Teaming Tactics and Techniques

⚠️ malware development

Bypassing File Upload Restriction using Magic Bytes

Open source C2 server created for stealth red team operations

CTF challenge (mostly pwn) files, scripts etc

CTF framework and exploit development library

Small and highly portable detection tests based on MITRE's ATT&CK.

Scripts for offensive security

Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

Arsenal is just a quick inventory and launcher for hacking programs

Bandit is a tool designed to find common security issues in Python code.

A repository with 3 tools for pwn'ing websites with .git repositories available

This is a webshell open source project

Trying to tame the three-headed dog.

Impacket is a collection of Python classes for working with network protocols.

PowerSploit - A PowerShell Post-Exploitation Framework

Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

Active Directory Auditing and Enumeration

A swiss army knife for pentesting networks

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Various *nix tools built as statically-linked binaries

Compiled Binaries for Ghostpack

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

Wordlists for creating statistically likely username lists for use in password attacks and security testing

Scan for misconfigured S3 buckets across S3-compatible APIs!

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.

hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.

The awesome document factory