An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

E-mails, subdomains and names Harvester - OSINT

Credentials recovery project

DeDRM tools for ebooks

An open-source post-exploitation framework for students, researchers and developers.

📱 objection - runtime mobile exploration

Diff Match Patch is a high-performance library in multiple languages that manipulates plain text.

Multi-Cloud Security Auditing Tool

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

The Network Execution Tool

Automatically install all Kali linux tools

Automatic SSRF fuzzer and exploitation tool

A collection of custom security tools for quick needs.

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Stealing Signatures and Making One Invalid Signature at a Time

A Python based ingestor for BloodHound

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

Reverse proxies cheatsheet

Penelope Shell Handler

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

Quick SQLMap Tamper Suggester

This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010

Dumping DPAPI credz remotely

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

New generation of wmiexec.py

Active Directory Integrated DNS dumping by any authenticated user

A (partial) Python rewriting of PowerSploit's PowerView