This repository started out as a learning in public project for myself and has now become a structured learning map for many in the community. We have 3 years under our belt covering all things Dev…

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Scripted Local Linux Enumeration & Privilege Escalation Checks

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Linux privilege escalation auditing tool

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

A repository with 3 tools for pwn'ing websites with .git repositories available

A collection of snippets of codes and commands to make your life easier!

HiddenVM — Use any desktop OS without leaving a trace.

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileg…

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

📖 Kubernetes CheatSheets In A4

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

venom - C2 shellcode generator/compiler/handler

AntiVirus Evasion Tool

403/401 Bypass Methods + Bash Automation + Your Support ;)

Red Team Tool Kit

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way …

uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web application…

Automation Recon tool which works with Large & Medium scopes. It performs a lot of tasks and gets back all the results in separated files.

This a collection of the code that I have written for the Poor Man's Pentest presentation.

Script for generating revshells

AutoSUID application is the Open-Source project, the main idea of which is to automate harvesting the SUID executable files and to find a way for further escalating the privileges.

A lightweight, portable, and modular tool for Linux enumeration and privilege escalation.

my kali desktop setup

Turn your Kali NetHunter phone into a brute-force PIN cracker for screen locked Android devices

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

An automation tool to install the most popular tools for bug bounty or pentesting.