Penetration Testing

WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.

A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.

A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.

A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.

Fake SSH server that sends push notifications for login attempts

A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.

w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.

A tool for analyzing and visualizing control relationships and privilege escalation paths within Active Directory environments using graph-based representations.

Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.

A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.

An open-source penetration testing framework for social engineering with custom attack vectors.

A collection of tips and tricks for container and container orchestration hacking and security testing.

Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.

TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.

A comprehensive reference guide to Nmap's scripting engine and its various options, scripts, and target specifications.

A powerful interactive packet manipulation program and library for network exploration and security testing.

Linux-based operating system intentionally vulnerable for cybersecurity practice.

A virtual machine with numerous security vulnerabilities for testing exploits with Metasploit.

A collection of Yara rules for the Burp Yara-Scanner extension that helps identify malicious software and infected web pages during web application security assessments.

iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.

A honeypot mimicking Tomcat manager endpoints to log requests and save attacker's WAR files for analysis.

PwnAuth is an open-source tool for generating and managing authentication tokens across multiple protocols, designed for penetration testing and red team exercises.

Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.

A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.