ZSH integration for Impacket

Bring portraits to life!

A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO

Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020

A tool for collecting RDP, web and VNC screenshots all in one place

Stage 1: Sensitive Email/Chat Classification for Adversary Agent Emulation (espionage). This project is meant to extend Red Reaper v1 which was presented at RSA San Francisco 2024.

SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.

The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

The World's Leading Cross Platform AI Engine for Edge Devices

A Lightweight Face Recognition and Facial Attribute Analysis (Age, Gender, Emotion and Race) Library for Python

Leading free and open-source face recognition system

Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)

Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!

Scan for secrets, endpoints, and other sensitive data after decompiling and deobfuscating Android files. (.apk, .xapk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab, .jadx.kts).

Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit

Reverse shell listener and payload generator designed to work on most Linux targets

SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens

The following package is the standalone wordlist-only component to flask-unsign.

The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning

EyeSpy is a PowerShell tool for finding IP Cameras and spraying credentials at the underlying RTSP streams if present.

GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.

Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available

Leak of any user's NetNTLM hash. Fixed in KB5040434

Azure DevOps Services Attack Toolkit

A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.

🌩️ Collection of BloodHound queries for Azure

Source code and examples for PassiveAggression