XBot - Advanced AI Cybersecurity Agent | Gemini system prompt for automated penetration testing and security assessments

Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers …

Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks

A comprehensive modern architecture model is proposed to integrate platform solutions and tooling to support a professional Red Team.

Contextual Content Discovery Tool

Damn Vulnerable API

A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.

The Azure Execution Tool

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

secretshunter is a penetration testing tool that uses regular expressions to search a filesystem for secrets (logins, passwords, API keys, hashes, ssh keys etc.).

An advanced AI-driven vulnerability scanner and penetration testing tool that integrates multiple AI providers (OpenAI, Grok, OLLAMA, Claude) with comprehensive security testing modules for automat…

MCP server for Atomic Red Team

Tools and Techniques for Red Team / Penetration Testing

C++ Encrypted SSL/TLS REVERSE SHELL, designed to provide secure, encrypted communication between a compromised client and an attacker, while blending seamlessly into HTTP traffic.

EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.

Nuclei-AI-Prompts

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

some KQL Queries for Advanced Hunting

Six Degrees of Domain Admin

Collection of Notes and CheatSheets used for Red teaming Certs

Collection of Cyber Threat Intelligence sources from the deep and dark web

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

BrutDroid - Android Studio Pentest Automator: Streamline mobile pentesting with automated emulator rooting, Frida, and Burp Suite integration.

Payloads for AI Red Teaming and beyond

Automating situational awareness for cloud penetration tests.

Various one-off pentesting projects written in Nim. Updates happen on a whim.

BaldHead is a modular and interactive Active Directory (AD) attack framework built for red teamers and security testers. It automates enumeration and exploitation of AD misconfigurations

An even funnier way to disable windows defender. (through WSC api)