This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. Use it to copy SYSTEM, SECURITY and SAM hives and download them back to the attacker machines.

A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls

Squatm3 is a python tool designed to enumerate available domains generated modifying the original domain name through different techniques

Jira Secret Hunter - Helps you find credentials and sensitive contents in Jira tickets

Extend wordlist by appending digits and special characters to each word.

Send a payload through TCP.

Extract valid or partially valid domain names and IPs from malicious or invalid URLs.

backdoor that uses dns to communicate

Brute force a JWT token. Script uses multithreading.

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

wmiexec2.0 is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines. It also has a handful of additional built in modules to help automate some common tasks on Red team engagements.

Not another Google searching tool.

Scrape files for sensitive information, and generate an interactive HTML report. Based on Rabin2.

Web crawler and scraper based on Scrapy and Playwright's headless browser.

Search Google Dorks like Chad. / Broken link hijacking tool.

Bypass 4xx HTTP response status codes and more. Based on PycURL and Python Requests.