Top Alternatives to Charlotte
Security OperationsCharlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.
483 Alternatives to Charlotte
BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.
AI agent that autonomously discovers, exploits, and documents vulnerabilities.
MCP server enabling AI agents to autonomously run 150+ security tools
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.
A specification/framework for extending default C2 communication channels in Cobalt Strike
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.
A login cracker that can be used to crack many types of authentication protocols.
A proof-of-concept Node.js tool that demonstrates automated MFA bypass techniques for Microsoft Outlook accounts using browser automation.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
MITRE Caldera™ is an automated adversary emulation platform built on the MITRE ATT&CK framework that supports red team operations and incident response activities through a modular C2 server and plugin architecture.
A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.
Subscription-based continuous red team testing across digital, physical & social
Threat emulation tool for adversary simulations and red team operations
Red teaming service that emulates real-world adversaries to test defenses
Ransomware attack simulation service to test security defenses and response
Red team service simulating nation-state threats to test defenses.
Red teaming service simulating real-world adversary attacks on organizations.
Offensive security services with penetration testing and vulnerability assessments
Online platform offering 700+ hands-on web security exercises and training
Private training course for IoT device pentesting and exploitation
DNS reconnaissance tool checking DNS records, subdomains, and third-party svcs
5-day training bootcamp on advanced persistence and data exfiltration techniques
5-day training course on advanced penetration testing techniques
5-day instructor-led training on exploit development techniques
5-day hands-on mobile app security training for Android and iOS platforms
3-day Metasploit training course focused on Ruby scripting & custom modules
Red team attack simulation service for testing security controls and IR plans
Whole-system emulation environment for software dev, debugging, testing & security
Simulated adversarial attack service to test organizational defenses
Automated hardware reversing platform using robotics for embedded device analysis
Red team exercises simulating real-world attacks to identify vulnerabilities
Managed Red Team service simulating real attacks to test security defenses
Validates EDR detection capabilities through autonomous penetration testing
FourCore ATTACK is an adversary emulation platform to manage cyber risk with evidence
Post-exploitation threat emulation platform for red team operations.
Red team toolkit for EDR evasion, initial access, and post-exploitation.
Bundled offensive security suites combining pen testing, red teaming, and VM.
Offensive security services: Red Team, Purple Team, Social Eng & Threat Hunting.
AI agent platform for automating offensive security operations and evals.
Upcoming offensive/defensive cyber intel product targeting national security agencies.
Collaborative Red & Blue Team service mapped to MITRE ATT&CK framework.
Offensive security firm offering AI pentesting, credential monitoring & compliance.
Red team service simulating real adversaries across IT/OT to test detection & response.
R&D firm providing cyber defense & operational tech for DoD and DHS.
A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.
A Python script that converts shellcode into a PE32 or PE32+ file.
An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
Hashcat is a fast and advanced password recovery utility that supports various attack modes and hashing algorithms, and is open-source and community-driven.
Tcpreplay is a suite of Open Source utilities for editing and replaying captured network traffic.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
A command that builds and executes command lines from standard input, allowing for the execution of commands with multiple arguments.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
A suite of tools for Wi-Fi network security assessment and penetration testing.
Tool for enumerating proxy configurations and generating CobaltStrike-compatible shellcode.
SharpAppLocker is a C# tool that retrieves AppLocker application control policies from Windows systems, replicating the Get-AppLockerPolicy PowerShell cmdlet functionality.
SharpEDRChecker scans system components to detect security products and tools.
SharpPrinter enables efficient discovery of network printers for security and management purposes.
SharpShares efficiently enumerates and maps network shares and resolves names within a domain.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
An Azure Function that validates and relays Cobalt Strike beacon traffic based on Malleable C2 profile authentication.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
A command line tool that generates randomized malleable C2 profiles for Cobalt Strike to vary command and control communication patterns.
C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.
Chameleon aids in evading proxy categorization to bypass internet filters.
A comprehensive guide for customizing Cobalt Strike's C2 profiles to enhance stealth and operational security.
CobaltBus integrates Cobalt Strike with Azure Service Bus to create covert C2 communication channels for red team operations.
Covenant is a collaborative .NET command and control framework designed for red team operations and offensive security engagements.
CredMaster enhances password spraying tactics with IP rotation to maintain anonymity and efficiency.
CrossC2 is a cross-platform payload generator that extends CobaltStrike's capabilities to Linux and macOS environments for red team operations.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
A reconnaissance tool that analyzes expired domains for categorization, reputation, and Archive.org history to identify candidates suitable for phishing and C2 operations.
A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.
EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.
Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.
A cross-platform HTTP/2 Command & Control framework written in Golang for post-exploitation activities and remote system management.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.
MSBuildAPICaller is an offensive security tool that enables interaction with the MSBuild API to execute arbitrary scripts for red teaming and penetration testing purposes.
A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.
A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
An open-source shellcode and PE packer for creating and managing portable executable files.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.
PwnAuth is an open-source tool for generating and managing authentication tokens across multiple protocols, designed for penetration testing and red team exercises.
Pwndrop is a self-deployable file hosting service for red teamers, allowing easy upload and sharing of payloads over HTTP and WebDAV.
RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.
A dynamic redirect rules generator that creates custom redirect configurations for penetration testing and security assessment scenarios.
RedWarden is a Cobalt Strike C2 reverse proxy that uses packet inspection and malleable profile correlation to evade detection by security controls during red team operations.
A C/C++ tool for remote process injection, supporting x64 and x86 operations, with system call macros generated by SysWhispers script.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A post-exploitation framework designed to operate covertly on heavily monitored environments.
SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.
A comprehensive .NET post-exploitation library designed for advanced security testing.
Skyhook is an HTTP-based file transfer tool that uses obfuscation techniques to evade detection by Intrusion Detection Systems.
Adversary emulation framework for testing security measures in network environments.
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.
A proof-of-concept tool that generates Excel BIFF8 files with embedded 4.0 macros programmatically without requiring Microsoft Excel installation.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
A customizable offensive security reporting solution for pentesters and red teamers to generate detailed reports of their findings and vulnerabilities.
Sysreptor offers a customizable reporting solution for offensive security assessments.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable reporting solution for offensive security assessments.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor provides a customizable reporting platform for pentesters and red teamers to efficiently document security assessments.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Simple C++ Encryption and Steganography tool for hiding files inside images using LSB encoding.
A hardware security validation toolkit for x86 platforms that provides bootable tools for checking platform configuration registers and managing SecureBoot keys.
Intercepts and examines mobile app connections by stripping SSL/TLS layer.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
A collection of vulnerable ARM binaries designed for educational exploit development and vulnerability research practice across different architectures and exploitation techniques.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
Pack up to 3MB of data into a tweetable PNG polyglot file.
A command line steganography tool that uses LSB technique to hide files within images without visible alteration.
FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.
Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
ROPgadget is a cross-platform command-line tool that searches for ROP gadgets in binary files across multiple architectures to facilitate exploit development and ROP chain construction.
A demonstration of a method to delete a locked executable or currently running file from disk.
A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.
Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.
Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.
DET (extensible) Data Exfiltration Toolkit is a proof of concept tool for performing Data Exfiltration using multiple channels simultaneously.
Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.
PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
A collection of tips and tricks for container and container orchestration hacking and security testing.
A fast and flexible HTTP enumerator for content discovery and credential bruteforcing
Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.
A script to enumerate Google Storage buckets and determine access and privilege escalation
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
Data exfiltration & infiltration tool using text-based steganography to evade security controls.
A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.
A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.
A webshell manager via terminal for controlling web servers running PHP or MySQL.
Open-source Java application for creating proxies for traffic analysis & modification.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A collection of precompiled Windows exploits for privilege escalation.
angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.
A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
Tcpreplay is a network traffic editing and replay tool used for testing network devices and applications.
Kiterunner is a tool for lightning-fast traditional content discovery and bruteforcing API endpoints in modern applications.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
BeEF is a penetration testing framework that exploits web browsers to assess client-side security vulnerabilities and launch attacks from within the browser context.
Script to find exploits for vulnerable software packages on Linux systems using an exploit database.
A powerful and extensible framework for reconnaissance and attacking various networks and devices.
A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.
Research project on bypassing default Falco ruleset with Dockerfile for sshayb/fuber:latest image.
A Go-based crash analysis tool that processes and reproduces crash files from fuzzing tools like AFL with multiple debugging engines and output formats.
SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.
A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.
A library of adversary emulation plans to evaluate defensive capabilities against real-world threats.
A tool that generates pseudo-malicious files to trigger YARA rules.
NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.
A virtual host scanner with the ability to detect catch-all scenarios, aliases, and dynamic default pages, presented at SecTalks BNE in September 2017.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
A vulnerable web site in NodeJS for testing security source code analyzers.
A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.
A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.
A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
A tool to profile web applications based on response time discrepancies.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
A fuzzing framework for Android that creates corrupt media files to identify potential vulnerabilities
A powerful tool for extracting passwords and performing various Windows security operations.
A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
A backend agnostic debugger frontend for debugging binaries without source code access.
A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.
A tool to dump login passwords from Linux desktop users, leveraging cleartext credentials in memory.
A debugger tool for reverse engineers, crackers, and security analysts, with a user-friendly debugging UI and custom agent support.
Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.
ILSpy is the open-source .NET assembly browser and decompiler with various decompiler frontends and features.
A comprehensive repository of open-source security tools organized by attack phases for red team operations, adversary simulation, and threat hunting purposes.
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.
A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.
JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.
A tool that simplifies the installation of tools and configuration for Kali Linux
A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.
A simple file format fuzzer for Android that can fuzz multiple readers at once
A penetration testing tool that intercepts SSH connections by patching OpenSSH source code to act as a proxy and log plaintext passwords and sessions.
Boofuzz is a network protocol fuzzing tool that aims to fuzz everything
AutoTTP automates complex attack sequences and testing scenarios for regression tests and research using frameworks like Empire, Metasploit, and Cobalt Strike.
PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.
Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ...
A JavaScript steganography module that hides encrypted secrets within text using invisible Unicode characters for covert communication across web platforms.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
An API for constructing and injecting network packets with additional functionality.
A tool that scans for accessibility tools backdoors via RDP
PEDA is a Python extension for GDB that enhances debugging with colorized displays and specialized commands for exploit development and binary security analysis.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.
OneFuzz is a self-hosted Fuzzing-As-A-Service platform developed by Microsoft that enables continuous developer-driven security testing through automated fuzzing capabilities.
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.
A powerful tool for hiding the true location of your Teamserver, evading detection from Incident Response, redirecting users, blocking specific IP addresses, and managing Malleable C2 traffic in Red Team engagements.
FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.
A WebSocket Manipulation Proxy with a user interface to capture, intercept, and send custom messages for WebSocket and Socket.IO communications.
A list of Windows privilege escalation techniques, categorized and explained in detail.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
A script to assist in creating templates for VirtualBox to enhance VM detection evasion.
Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
A Burp Suite plugin that performs intelligent content discovery by analyzing current requests to identify directories, files, and variations based on the application's structure.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
Vulnerable web application for beginners in penetration testing.
A repository containing material for Android greybox fuzzing with AFL++ Frida mode
Linux packet crafting tool for testing IDS/IPS and creating attack signatures.
Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.
A unified repository for different Metasploit Framework payloads.
A Ruby framework designed to aid in the penetration testing of WordPress systems.
LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.
A Mac OS X code injection library that enables copying code into target processes and remotely executing it through new thread creation.
A library for integrating communication channels with the Cobalt Strike External C2 server.
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
Ropper is a multi-architecture binary analysis tool that searches for ROP gadgets and displays information about executable files for exploit development.
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
InternalBlue is a Bluetooth experimentation framework that enables low-level firmware interaction with Broadcom chips for security research and attack prototype development.
A tool for interacting with Exchange servers remotely and exploiting client-side Outlook features.
A command-line tool that analyzes SPF and DMARC records to identify domains vulnerable to email spoofing attacks.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
Online Telegram bot for collecting information on individuals from various websites.
A framework for creating XNU based rootkits for OS X and iOS security research
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
DOS attack by sending fake BPDUs to disrupt switches' STP engines.
An open-source penetration testing framework for social engineering with custom attack vectors.
Metta is an information security preparedness tool for adversarial simulation.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
steg86 is a steganographic tool that hides information within x86 and AMD64 binary executables without affecting their performance or file size.
A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.
A collection of setup scripts for various security research tools with installers for tools like afl, angr, barf, and more.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.
A post-exploitation framework for attacking AWS infrastructure, enabling attacks on EC2 instances without SSH keypairs and extraction of AWS secrets and parameters.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
A cloud-focused attack simulation framework that provides granular, self-contained offensive techniques mapped to MITRE ATT&CK for red team exercises.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.
A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
Syntax highlighting for Smali (Dalvik) Assembly language in Vim.
iOS application for testing iOS penetration testing skills in a legal environment.
Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.
A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.
A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.
A featured networking utility for reading and writing data across network connections with advanced capabilities.
A VMware image for penetration testing purposes
Ophcrack is a free Windows password cracker based on rainbow tables with various features for password recovery.
A cheat sheet providing examples of creating reverse shells for penetration testing.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
A technique to encode data within DNS queries for covert communication channels.
Deliberately vulnerable web application for security professionals to practice attack techniques.
UPX is a high-performance executable packer for various executable formats.
A complete suite of tools for assessing WiFi network security with capabilities for monitoring, attacking, testing, and cracking.
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
Alpha release of External C2 framework for Cobalt Strike with enhanced data channels.
Online Java decompiler tool with support for modern Java features.
Tool for attacking Active Directory environments through SQL Server access.
Abusing DNSAdmins privilege for escalation in Active Directory
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
A tutorial on setting up a virtual ARM environment, reversing ARM binaries, and writing basic exploits for ARM using the trafman challenge of rwthCTF as an example.
A Live CD and Live USB for penetration testing and security assessment
An article in Phrack Magazine discussing the creation of shellcode for StrongARM/Linux architecture.
Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.
A powerful interactive packet manipulation program and library for network exploration and security testing.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
Firefox browser extension for displaying and editing HTTP headers.
Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.
A comprehensive collection of resources for learning ARM assembly language and shellcode development.
Exploiting simple stack overflow vulnerabilities using return oriented programming (ROP) to defeat data execution prevention - DEP.
A guide to brute forcing DVWA on the high security level with anti-CSRF tokens
Exploiting a vulnerability in HID iClass system to retrieve master authentication key for cloning cards and changing reader settings.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
A guide to bypassing RFID card reader security mechanisms using specialized hardware
Preparation process for participating in the Pacific Rim CCDC 2015.
A guide on using Apache mod_rewrite to strengthen phishing attacks and bypass mobile device restrictions
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
Detect users' operating systems and perform redirection with Apache mod_rewrite.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
Insights on Red Teaming for Pacific Rim CCDC 2016 competition, focusing on preparation, operations plan, and automation.
Using Apache mod_rewrite as a redirector to filter C2 traffic for Cobalt Strike servers.
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
Customize Empire's GET request URIs, user agent, and headers for evading detection and masquerading as other applications.
Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
Back-end component for red team operations with crucial design considerations.
A technique for social engineering and untrusted command execution using ClickOnce technology
A blog post explaining the concept of Active Directory Trusts and their enumeration and exploitation
A blog post about bypassing AppLocker using PowerShell diagnostic scripts
Utilizing Alternate Data Streams (ADS) to bypass AppLocker default policies by loading DLL/CPL binaries.
A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
A blog post about abusing exported functions and exposed DCOM interfaces for pass-thru command execution and lateral movement
A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.
An exploration of a new method to abuse DCOM for remote payload execution and lateral movement.
Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
A practical guide on NTLM relaying for Active Directory attacks.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.
A subdomain enumeration tool for penetration testers and security researchers.
A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.
A Go-based command-line tool that uses Chrome Headless to automatically capture screenshots of web pages for reconnaissance and analysis purposes.
A tool for collecting and analyzing screenshots from remote desktop protocols, web applications, and VNC connections.
An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.
FingerprintX is a standalone utility for service discovery on open ports.
A Go-based web spider tool for automated crawling and data collection from web resources across multiple protocols and formats.
A next-generation crawling and spidering framework for extracting data from websites
A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.
A golang utility to spider through a website searching for additional links.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A collection of payloads and methodologies for web pentesting.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A tool for identifying and analyzing Java serialized objects in network traffic
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
A tool to search for Sentry config on a page or in JavaScript files and check for blind SSRF
A DNS rebinding attack framework for security researchers and penetration testers.
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
A front-end JavaScript toolkit for creating DNS rebinding attacks
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
A Python library for automating time-based blind SQL injection attacks
A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A collection of XSS payloads designed to turn alert(1) into P1
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities
A collection of CLI tools and API utilities for searching and filtering GitHub repositories by various criteria including keywords, users, organizations, and repository attributes.
Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
A Burp extension to check JWT tokens for potential weaknesses
A simple Python script to test for a hypothetical JWT vulnerability
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
A list of services and how to claim (sub)domains with dangling DNS records.
A tool for detecting and taking over subdomains with dead DNS records
A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A Docker-based penetration testing toolkit that provides a portable environment with GUI support and pre-installed security tools for web application testing and CTF activities.
A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
Stay Updated with Mandos Brief
Get strategic cybersecurity insights in your inbox
