A new type of shell

Checklist for container security - devsecops practices

AWS Attack Path Management Tool - Walking on the Moon

game of active directory

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Self contained htaccess shells and attacks

Go toolkit for clean, composable, channel-based concurrency

Malicious Macro Generator for LibreOffice/OpenOffice

Squid Pivoting Open Port Scanner

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

A PowerShell Watch-Command cmdlet for repeatedly running a command or block of code until a change in the output occurs.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

🎯 XML External Entity (XXE) Injection Payload List

Swaks - Swiss Army Knife for SMTP

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

SharpUp is a C# port of various PowerUp functionality.

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.

Automatically exported from code.google.com/p/unix-privesc-check

Dredging up secrets from the depths of the file system

Veil 3.1.X (Check version info in Veil at runtime)

Powershell Scripts

sq data wrangler

The Browser Exploitation Framework Project

E-mails, subdomains and names Harvester - OSINT

A rqlite client library (API wrapper) for Janet

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)