Search All Cybersecurity Tools

Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.

A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.

An open-source shellcode and PE packer for creating and managing portable executable files.

Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.

A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.

A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.

A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.

A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.

A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.

A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.

MSBuildAPICaller is an offensive security tool that enables interaction with the MSBuild API to execute arbitrary scripts for red teaming and penetration testing purposes.

Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.

Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.

A cross-platform HTTP/2 Command & Control framework written in Golang for post-exploitation activities and remote system management.

Macro_Pack automates the generation and obfuscation of Office documents and scripts for penetration testing and security assessments.

A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.

An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.

InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.

A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.

A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.

An open-source phishing toolkit for businesses and penetration testers.

A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.