Showcase your innovative cybersecurity solution to our dedicated audience of security professionals.
Reach out!
A lightweight and portable Docker container for penetration testers and CTF players
A penetration testing framework for identifying and exploiting vulnerabilities.
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
Automatic tool for DNS rebinding-based SSRF attacks
A tool for detecting and taking over subdomains with dead DNS records
A front-end JavaScript toolkit for creating DNS rebinding attacks
Automatic SSRF fuzzer and exploitation tool
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A DNS rebinding exploitation framework
A framework for testing and exploiting race conditions in software
A collection of scripts for Turbo Intruder, a penetration testing tool
A DNS rebinding attack framework for security researchers and penetration testers.
A subdomain enumeration tool for penetration testers and security researchers.
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
A tool that finds more information about a given URL or domain by querying multiple data sources.
A tool for enumerating and attacking GitHub Actions pipelines
Open-source Java application for creating proxies for traffic analysis & modification.
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
Hidden parameters discovery suite
A simple, fast web crawler for discovering endpoints and assets in a web application
A framework for exploiting Android-based devices and applications
A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.
A collection of Microsoft PowerShell modules for penetration testing purposes.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
A free and open source C2 and proxy for penetration testers
A lightweight, first-stage C2 implant written in Nim for remote access and control.
A Live CD and Live USB for penetration testing and security assessment
A tool for interacting with the MSBuild API, enabling malicious activities and evading detection.
Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
Adversary emulation framework for testing security measures in network environments.
Create a vulnerable active directory for testing various Active Directory attacks.
A technique for social engineering and untrusted command execution using ClickOnce technology
A penetration testing tool that focuses on web browser exploitation
A Linux-based environment for penetration testing and vulnerability exploitation
A penetration testing tool for intercepting SSH connections and logging plaintext passwords.
A proof-of-concept obfuscation toolkit for C# post-exploitation tools, designed to conceal malicious activities from detection.
Darkarmour is a Windows AV evasion tool that helps bypass antivirus software, allowing for the creation of undetectable malware.
OWASP OWTF is a penetration testing framework focused on efficiency and alignment with security standards.
Tool for enumerating proxy configurations and generating CobaltStrike-compatible shellcode.
A C#-based Command and Control Framework for remote access and control of compromised systems.
A Python script for creating a cohesive and up-to-date penetration testing framework.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
A Ruby framework designed to aid in the penetration testing of WordPress systems.
Pwndrop is a self-deployable file hosting service for red teamers, allowing easy upload and sharing of payloads over HTTP and WebDAV.
A cross-platform tool for creating malicious MS Office documents with hidden VBA macros and anti-analysis features.
A standard for conducting penetration tests, covering seven main sections from planning to reporting.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
A post-exploitation framework designed to operate covertly on heavily monitored environments.
An open source network penetration testing framework with automatic recon and scanning capabilities.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.
A C2 front flow control tool designed to evade detection by Blue Teams, AVs, and EDRs.
A comprehensive .NET post-exploitation library designed for advanced security testing.
RedWarden is a Cobalt Strike C2 Reverse proxy that evades detection by Blue Teams, AVs, EDRs, and scanners through packet inspection and malleable profile correlation.
Collection of URLs for vulnerable web applications and systems for cybersecurity practice.
A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.
A PowerShell toolkit for attacking Azure environments
Pupy is a cross-platform C2 and post-exploitation framework for remote access and control of compromised systems across various operating systems.
An open-source penetration testing framework for social engineering with custom attack vectors.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
PwnAuth is an open-source tool for generating and managing authentication tokens for penetration testing and red teaming exercises.
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
A wargaming network for penetration testers to practice their skills in a realistic environment.
Collection of penetration testing scripts for AWS with a focus on reconnaissance.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A collection of resources for practicing penetration testing
A cheat sheet providing examples of creating reverse shells for penetration testing.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
A tool for testing Cross Site Scripting vulnerabilities
A tool for automated security scanning of web applications and manual penetration testing.
Tool for attacking Active Directory environments through SQL Server access.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
