A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Write scalable load tests in plain Python 🚗💨

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

Download pictures (or videos) along with their captions and other metadata from Instagram.

The recursive internet scanner for hackers. 🧡

Multi-Cloud Security Auditing Tool

Malicious traffic detection system

Infection Monkey - An open-source adversary emulation platform

Automated Adversary Emulation Platform

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

A pretty sweet vulnerability scanner

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…

一个攻防知识仓库 Red Teaming and Offensive Security

The Network Execution Tool

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Create randomly insecure VMs

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

Offensive Software Exploitation Course

An evil RAT (Remote Administration Tool) for macOS / OS X.

The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems.

Tools & Interesting Things for RedTeam Ops

Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg

🆕 The Multi-Tool Web Vulnerability Scanner.

Command line utility for searching and downloading exploits

Remote Desktop Protocol in Twisted Python

A curated list of resources related to Industrial Control System (ICS) security.

Codebase to generate an msdt-follina payload