PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).

Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

60k+ WordPress Nuclei templates, updated daily from Wordfence intel—filter by severity/tags/CVE and scan in one line. 🚀🔒

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

Macro-header for compile-time C obfuscation (tcc, win x86/x64)

A COFF loader made in Rust

Evasive shellcode loader

A swiss army knife tool for running, injecting and organizing your BOFs collection

Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE

CVE-2024-30090 - LPE PoC

Dumping DPAPI credz remotely

Windows Internals Book 7th edition Tools

Collection of PowerShell functions a Red Teamer may use in an engagement

LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission.

Retrieve and display information about active user sessions on remote computers. No admin privileges required.

Remotely Enumerate sessions using undocumented Windows Station APIs

CaveCarver - PE backdooring tool which utilizes and automates code cave technique

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization,…

Adaptive DLL hijacking / dynamic export forwarding - EAT preserve

Tunnel TCP connections through a file

A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...