30 tools and resources
A tool to escalate SSRF vulnerabilities on modern cloud environments
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A fast and reliable port scanner for attack surface discovery
A tool for analyzing pentest screenshots using a convolutional neural network
C3 is a framework for creating custom C2 channels, integrating with existing offensive toolkits.
A comprehensive collection of security assessment lists for security testers.
A specification/framework for extending default C2 communication channels in Cobalt Strike
Docker image with essential tools for Kubernetes penetration testing.
Macro_Pack is a tool used to automate obfuscation and generation of Office documents for pentest, demo, and social engineering assessments.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
Free Labs to Train Your Pentest / CTF Skills
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
Tool for setting up Glutton, a cybersecurity tool for monitoring SSH traffic.
A tool for spinning up insecure AWS infrastructure with Terraform for training and security assessment purposes.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.
Pentest active directory LAB project for practicing attack techniques.
Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.
A popular free security tool for automatically finding security vulnerabilities in web applications
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.
A security testing framework for Android with tools to search for vulnerabilities and interact with the Android Runtime.
A docker container with multiple vulnerable applications for cybersecurity training.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A simple Postgres honey pot inspired by Elastichoney.
A vulnerable web site for testing Sentinel features
A collection of SQL injection cheat sheets for various databases
Automate the search for Exploits and Vulnerabilities in important databases.
