Massive Mobile Security Framework

Username tools for penetration testing

OSCP Cheatsheet by Sai Sathvik

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

Scripts for offensive security

AI-powered ffuf wrapper

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

A tool to perform Kerberos pre-auth bruteforcing

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

Ghidra is a software reverse engineering (SRE) framework

The FLARE team's open-source tool to identify capabilities in executable files.

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Windows Exploit Suggester - Next Generation

Continuous Inspection

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Program for determining types of files for Windows, Linux and MacOS.

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca…

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.

The Havoc Framework.

Defeating Windows User Account Control

Covenant is a collaborative .NET C2 framework for red teamers.

🎯 XML External Entity (XXE) Injection Payload List

Portable Executable reversing tool with a friendly GUI