Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

A Tool for Domain Flyovers

Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.

A semi-interactive PHP shell compressed into a single file.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A list of public penetration test reports published by several consulting firms and academic security groups.

A pentest reporting tool written in Python. Free yourself from Microsoft Word.

Never ever ever use pixelation as a redaction technique

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

The recursive internet scanner for hackers. 🧡

🚀A simple & beautiful tool for pictures uploading built by vue-cli-electron-builder

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by…

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

Sniffs sensitive data from interface or pcap

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

Active Directory Integrated DNS dumping by any authenticated user

A tool to perform Kerberos pre-auth bruteforcing

Tools for Kerberos PKINIT and relaying to AD CS

Domain Password Audit Tool for Pentesters

Another Windows Local Privilege Escalation from Service Account to System

Detailed solutions for HTB-Academy Modules

Abusing impersonation privileges through the "Printer Bug"

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public expl…

SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.

Defeating Windows User Account Control

A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.

Scripted Local Linux Enumeration & Privilege Escalation Checks

A Zsh theme