A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications

Venom - A Multi-hop Proxy for Penetration Testers

Reverse Engineering Tutorials

Loki - Simple IOC and YARA Scanner

Small and highly portable detection tests based on MITRE's ATT&CK.

DNShunter is a python based module that is written for MercenaryHuntFramework & Mercenary-Linux. Currently it reads in .pcap files and extracts the DNS Queries and Answers. In addition to extractin…

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

💉 DLL/Shellcode injection techniques

Turn a normal PDF file into malicious.Use to steal Net-NTLM Hashes from windows machines.

Symbiotic is a tool for finding bugs in computer programs based on instrumentation, program slicing and KLEE

自动扫描内网常见sql、no-sql数据库脚本(mysql、mssql、oracle、postgresql、redis、mongodb、memcached、elasticsearch)，包含未授权访问及常规弱口令检测

Pop shells like a master.

Stealing Signatures and Making One Invalid Signature at a Time

LyncSniper: A tool for penetration testing Skype for Business and Lync deployments

This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/rem…

Token Privilege Research

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A Tool for Domain Flyovers

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

Pwn nginx - a nginx backdoor provides shell access, socks5 tunneling, http password sniffing.

Active Directory permissions (ACL/ACE) auditing tools

A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.

The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification

A More Comfortable (remote) SHell with full pty support and both reverse / bindport connection mode.

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

network visualization & pentest reporting

Wiki to collect Red Team infrastructure hardening resources

MSDAT: Microsoft SQL Database Attacking Tool

The Bug Hunters Methodology