A Fast, Modular, and Scalable TLS/SSL Security Scanner Written in Rust

PingCastle - Get Active Directory Security at 80% in 20% of the time

Penelope Shell Handler

A Go implementation of Cobalt Strike style BOF/COFF loaders.

Multiplayer pivoting solution

Linux Kernel Rootkit for modern kernels (6x)

CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocke…

Professional email templates and landing pages for employee security awareness phishing simulations using GoPhish. Ready-to-deploy campaigns with realistic scenarios, educational content, and custo…

Web and API based SMTP testing

Azure Data Exporter for BloodHound

Azure JWT Token Manipulation Toolset

CVE-2025-8088 WinRAR Proof of Concept (PoC-Exploit)

OpenBullet reinvented

Phishing Abusing Microsoft 365 OAuth Authorization Flow

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Pentesting Reporting Tool

CVE-2025-49144 PoC for security researchers to test and try.

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team p…

ransomware open-sources

Evilginx3 Phishlets version (0.2.3 & above) Only For Testing/Learning Purposes

Open-Source Phishing Toolkit

certinfo is a powerful SSL certificate scraping tool that extracts domain names from SSL certificates of arbitrary hosts. It supports both basic certificate data extraction and recursive subdomain …

Payload Obfuscation for Red Teams workshop materials

Chameleon is a polymorphic engine for x86_64 position independent shellcode that has been created out of the need to evade signature-based detections in red team environments.

Syscall proxy implant

PIC shellcode to run MessageBoxW

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.