Offensive Security

CloudScraper is an enumeration tool that discovers cloud storage resources including S3 buckets, Azure blobs, and DigitalOcean Spaces across target environments.

A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.

Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.

A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.

A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases through automated scanning and reporting.

A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.

A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.

A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.

ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.

A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.

A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.

A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.

A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.

A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.

A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.

Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.

InternalBlue is a Bluetooth experimentation framework that enables low-level firmware interaction with Broadcom chips for security research and attack prototype development.

C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.

Skyhook is an HTTP-based file transfer tool that uses obfuscation techniques to evade detection by Intrusion Detection Systems.

A cloud-focused attack simulation framework that provides granular, self-contained offensive techniques mapped to MITRE ATT&CK for red team exercises.

A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.

SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.

Introduction to using GScript for Red Teams

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.