Offensive Security

A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Sysreptor offers a customizable reporting solution for penetration testing and red teaming activities.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.

Sysreptor offers a customizable reporting solution for offensive security assessments.

A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.

A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.

AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.

A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.

BeEF is a penetration testing framework that exploits web browsers to assess client-side security vulnerabilities and launch attacks from within the browser context.

AutoTTP automates complex attack sequences and testing scenarios for regression tests and research using frameworks like Empire, Metasploit, and Cobalt Strike.

A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.

A penetration testing tool that intercepts SSH connections by patching OpenSSH source code to act as a proxy and log plaintext passwords and sessions.

A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.

InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.

Educational repository containing RPISEC's course materials for teaching modern binary exploitation, vulnerability research, and reverse engineering at Rensselaer Polytechnic Institute.

A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.

FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.

OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).

Sysreptor offers a customizable reporting solution for offensive security assessments.

Sysreptor provides a customizable reporting platform for pentesters and red teamers to efficiently document security assessments.

Comprehensive host-survey tool for security checks in C#.