A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

[WIP] Crappy iOS app analyzer

P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Ap…

Easy to maintain open source documentation websites.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

InSpec: Auditing and Testing Framework

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

OSINT scanning tool which discovers and maps directories found in javascript files hosted on a website.

A Curated list of IoT Security Resources

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

This program show you IMSI numbers of cellphones around you.

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

A memory scanning evasion technique

A fast TCP/UDP tunnel over HTTP

Various *nix tools built as statically-linked binaries

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

🆕 The Multi-Tool Web Vulnerability Scanner.

Multi Tool Subdomain Enumeration

Download an entire website from the Wayback Machine.

Training materials crafted and publicly provided by Red Naga members

A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Security analysis toolkit for proprietary car protocols

Platform to host Capture the Flag competitions

Quick SQLMap Tamper Suggester

Reconnaissance Swiss Army Knife

Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.

SSRF (Server Side Request Forgery) testing resources

Incredibly fast crawler designed for OSINT.