Offensive Security

A Go-based crash analysis tool that processes and reproduces crash files from fuzzing tools like AFL with multiple debugging engines and output formats.

A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.

A bash-based framework for discovering and extracting exposed .git repositories from web servers during penetration testing and bug bounty activities.

Docker image with essential tools for Kubernetes penetration testing.

Tcpreplay is a suite of Open Source utilities for editing and replaying captured network traffic.

A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.

OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.

SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.

A project developed for pentesters to practice SQL Injection concepts in a controlled environment.

Syntax highlighting for Smali (Dalvik) Assembly language in Vim.

A simple file format fuzzer for Android that can fuzz multiple readers at once

SharpAppLocker is a C# tool that retrieves AppLocker application control policies from Windows systems, replicating the Get-AppLockerPolicy PowerShell cmdlet functionality.

Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.

A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.

A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.

angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.

Ophcrack is a free Windows password cracker based on rainbow tables with various features for password recovery.

A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence

A post-exploitation framework for attacking AWS infrastructure, enabling attacks on EC2 instances without SSH keypairs and extraction of AWS secrets and parameters.

A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.

A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.

Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.

Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.

A customizable offensive security reporting solution for pentesters and red teamers to generate detailed reports of their findings and vulnerabilities.