Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Claude Desktop for Debian-based Linux distributions

MCP Server for Metasploit

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

MOGWAI LABS JMX exploitation toolkit

60k+ WordPress Nuclei templates, updated daily from Wordfence intel—filter by severity/tags/CVE and scan in one line. 🚀🔒

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

PEN-300 collection to help you on your exam.

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

Run Rubeus via Rundll32

Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it w…

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

CPSA exam prep resources

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

Perfect DLL Proxying using forwards with absolute paths.

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

Mythic iOS agent.

Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel

Red Teaming Tactics and Techniques

Tools and Techniques for Red Team / Penetration Testing

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

Iceman Fork - Proxmark3

.NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.

A PowerShell script to download all files, messages and user profiles that a user has access to in slack.

Python script to decrypt passwords stored by mRemoteNG

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

My musings with PowerShell

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be r…