One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Tool for Active Directory Certificate Services enumeration and abuse

An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

A simple FOFA client written in JavaFX. Made by WgpSec, Maintained by f1ashine.

Automate the creation of a lab environment complete with security tooling and logging best practices

Mimikatz implementation in pure Python

✍️ A curated list of CVE PoCs.

A method of bypassing EDR's active projection DLL's by preventing entry point exection

Collection of resources about Virtualization

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

A collection of android security related resources

A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny things. Inspired by awesome-... stuff.

Top Ten Web Hacking Techniques List

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

HTTPLeaks - All possible ways, a website can leak HTTP requests

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

PoC for CVE-2020-0601- Windows CryptoAPI (Crypt32.dll)

Web path scanner

Most advanced XSS scanner.

🐱‍💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱‍💻

Defund the Police.

CVE-2020-8012, CVE-2016-10709, CVE-2017-17099, CVE-2017-18047, CVE-2019-1003000, CVE-2018-1999002

Fetch all the URLs that the Wayback Machine knows about for a domain

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Intelligent proxy pool for Humans™ to extract content from the internet and build your own Large Language Models in this new AI era

🐶 A curated list of Web Security materials and resources.