Penetration Testing

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.

OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).

Sysreptor offers a customizable reporting solution for offensive security assessments.

Platform for users to test cybersecurity skills by exploiting vulnerabilities.

A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.

Sysreptor provides a customizable reporting platform for pentesters and red teamers to efficiently document security assessments.

A pocket reference guide providing various options for navigating and pivoting through different environments and situations.

Tool for enumerating proxy configurations and generating CobaltStrike-compatible shellcode.

AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.

SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.

A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.

A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.

A Python script for creating a cohesive and up-to-date penetration testing framework.

High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.

Sysreptor offers a customizable reporting solution for penetration testing and red teaming.

CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.

Medium interaction SSH Honeypot with multiple virtual hosts and sandboxed filesystems.

Covenant is a collaborative .NET command and control framework designed for red team operations and offensive security engagements.

NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.

A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.

A command line tool that generates randomized malleable C2 profiles for Cobalt Strike to vary command and control communication patterns.

A Ruby framework designed to aid in the penetration testing of WordPress systems.

Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.

KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.