Offensive Security

A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.

MSBuildAPICaller is an offensive security tool that enables interaction with the MSBuild API to execute arbitrary scripts for red teaming and penetration testing purposes.

A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.

A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.

A collection of tools that execute programs directly in memory using various delivery methods including URL downloads and netcat connections.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

A collection of vulnerable web applications containing command injection flaws designed to test and evaluate detection and exploitation tools like commix.

A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.

Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.

A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Sysreptor offers a customizable reporting solution for penetration testing and red teaming activities.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.

Sysreptor offers a customizable reporting solution for offensive security assessments.

A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.

A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.

AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.

A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.

BeEF is a penetration testing framework that exploits web browsers to assess client-side security vulnerabilities and launch attacks from within the browser context.

AutoTTP automates complex attack sequences and testing scenarios for regression tests and research using frameworks like Empire, Metasploit, and Cobalt Strike.

A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.

A penetration testing tool that intercepts SSH connections by patching OpenSSH source code to act as a proxy and log plaintext passwords and sessions.

A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.