Offensive Security

Covenant is a collaborative .NET command and control framework designed for red team operations and offensive security engagements.

NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.

A tutorial on setting up a virtual ARM environment, reversing ARM binaries, and writing basic exploits for ARM using the trafman challenge of rwthCTF as an example.

ID-spoofing NFS client

A command line tool that generates randomized malleable C2 profiles for Cobalt Strike to vary command and control communication patterns.

A Ruby framework designed to aid in the penetration testing of WordPress systems.

Kiterunner is a tool for lightning-fast traditional content discovery and bruteforcing API endpoints in modern applications.

Linux packet crafting tool for testing IDS/IPS and creating attack signatures.

A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.

A Burp extension to check JWT tokens for potential weaknesses

Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.

A powerful tool for extracting passwords and performing various Windows security operations.

PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.

Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.

Pwndrop is a self-deployable file hosting service for red teamers, allowing easy upload and sharing of payloads over HTTP and WebDAV.

iOS application for testing iOS penetration testing skills in a legal environment.

A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.

Exploiting simple stack overflow vulnerabilities using return oriented programming (ROP) to defeat data execution prevention - DEP.

EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.

Customize Empire's GET request URIs, user agent, and headers for evading detection and masquerading as other applications.

A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.

CobaltBus integrates Cobalt Strike with Azure Service Bus to create covert C2 communication channels for red team operations.