Offensive Security

A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.

DET (extensible) Data Exfiltration Toolkit is a proof of concept tool for performing Data Exfiltration using multiple channels simultaneously.

A technique for social engineering and untrusted command execution using ClickOnce technology

A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.

AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.

Detect users' operating systems and perform redirection with Apache mod_rewrite.

BeEF is a penetration testing framework that exploits web browsers to assess client-side security vulnerabilities and launch attacks from within the browser context.

AutoTTP automates complex attack sequences and testing scenarios for regression tests and research using frameworks like Empire, Metasploit, and Cobalt Strike.

FingerprintX is a standalone utility for service discovery on open ports.

A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.

Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.

Code injection library for OS X with cross-architecture support.

A penetration testing tool that intercepts SSH connections by patching OpenSSH source code to act as a proxy and log plaintext passwords and sessions.

LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.

SharpPrinter enables efficient discovery of network printers for security and management purposes.

A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.

InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.

A tool to leak git repositories from misconfigured websites

Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.

Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.

A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities

PEDA is a Python extension for GDB that enhances debugging with colorized displays and specialized commands for exploit development and binary security analysis.

SharpShares efficiently enumerates and maps network shares and resolves names within a domain.

An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.