✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Bitor Scanning Software

A collection of notebooks/recipes showcasing some fun and effective ways of using Claude.

This repository contains a Proof of Concept (PoC) for the **CVE-2025-0108** vulnerability, which is an **authentication bypass** issue in Palo Alto Networks' PAN-OS software. The scripts provided h…

Frogy 2.0 is an automated external reconnaissance and Attack Surface Management (ASM) toolkit

psexecsvc - a python implementation of PSExec's native service implementation

10 Lessons to Get Started Building AI Agents

VMC: a Scalable, Open Source and Free Vulnerability Management Platform

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, securit…

Attack Surface Management since before Attack Surface Management was a thing

PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection rules, simulate logs, and undertake various security tasks,…

Simple hunting script for suspicious M365 OAuth Apps

Domain Password Audit Tool for Pentesters

The recursive internet scanner for hackers. 🧡

PowerShell tools to help defenders hunt smarter, hunt harder.

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

An ADCS honeypot to catch attackers in your internal network.

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Azure Service Subdomain Enumeration

C2 infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams.

M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.

HookChain: A new perspective for Bypassing EDR Solutions

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

Mind-Maps of Several Things

Proof of Concepts (PE, PDF...)

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.