Offensive Security

TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.

UPX is a high-performance executable packer for various executable formats.

A command that builds and executes command lines from standard input, allowing for the execution of commands with multiple arguments.

A library of PHP unserialize() payloads and a tool to generate them.

A powerful interactive packet manipulation program and library for network exploration and security testing.

Firefox browser extension for displaying and editing HTTP headers.

iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.

PwnAuth is an open-source tool for generating and managing authentication tokens across multiple protocols, designed for penetration testing and red team exercises.

A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.

LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.

A proof-of-concept tool that generates Excel BIFF8 files with embedded 4.0 macros programmatically without requiring Microsoft Excel installation.

CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.

Make any application debuggable on a device.

A blog post about bypassing AppLocker using PowerShell diagnostic scripts

A Mac OS X code injection library that enables copying code into target processes and remotely executing it through new thread creation.

RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.

A practical guide on NTLM relaying for Active Directory attacks.

A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.

A powerful tool for hiding the true location of your Teamserver, evading detection from Incident Response, redirecting users, blocking specific IP addresses, and managing Malleable C2 traffic in Red Team engagements.

A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL

A comprehensive repository of open-source security tools organized by attack phases for red team operations, adversary simulation, and threat hunting purposes.

A post-exploitation tool for pentesting Active Directory

A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.

JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.