Hardware/IOT Pentesting Wiki

Active Directory and Internal Pentest Cheatsheets

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🔪 Scan memory for secrets and more. Maybe eventually a full /proc toolkit.

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

Understand adversary tradecraft and improve detection strategies

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

A repo to automatically generate and keep updated a series of Docker images through GitHub Actions.

BloodyAD is an Active Directory Privilege Escalation Framework

Open-source symbolic execution framework: https://maat.re

Powerful Disassembler Library For x86/AMD64

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Securit…

Retrieve LAPS password from LDAP

GitHub App to set and enforce security policies

Lightweight static analyzer for several programming languages

A Network Packet Sniffing tool developed in Python 3.

🚨 rdesktop is in need of a new maintainter. Please see the home page for more details. 🚨

PeTeReport is an open-source application vulnerability reporting tool.

Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.

Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.

A Full-Featured HexEditor compatible with Linux/Windows/MacOS

Identify hardcoded secrets in static structured text

Quickly discover exposed hosts on the internet using multiple search engines.

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.