psc4re

Red-Teaming-Toolkit

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

jwt_tool

:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens

APT_CyberCriminal_Campagin_Collections

APT & CyberCriminal Campaign Collection

APTnotes

Various public documents, whitepapers and articles about APT campaigns

pwndoc

Pentest Report Generator

eaphammer

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

ROADtools

A collection of Azure AD/Entra tools for offensive and defensive security purposes

SprayingToolkit

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

TREVORspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

C2concealer

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

statistically-likely-usernames

Wordlists for creating statistically likely username lists for use in password attacks and security testing

Malware-Analysis-Training

Retired beginner/intermediate malware analysis training materials from @pedramamini and @erocarrera.

MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.

purple-team-attack-automation

Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs

api_wordlist

A wordlist of API names for web application assessments

leonidas

Automated Attack Simulation in the Cloud, complete with detection use cases.

NTLMRecon

Enumerate information from NTLM authentication enabled web endpoints 🔎

PPN

Pentester's Promiscuous Notebook

ATTACKdatamap

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

radare2-workshop-2015

awesome-bloodhound

A curated list of awesome BloodhoundAD resources

DockerPwn.py

Python automation of Docker.sock abuse

wraith

Uncover forgotten secrets and bring them back to life, haunting security and operations teams.

attack-surface-framework

Tool to discover external and internal network attack surface

MonarcAppFO

MONARC - Method for an Optimised aNAlysis of Risks by @NC3-LU

WPSpider

A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.

BOF-Template

Python template to assist with buffer overflows

attacking-and-auditing-docker-containers-and-kubernetes-clusters

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

NessusReportPraser

Python script for converting nessus report file into csv format

attack-arsenal

A collection of red team and adversary emulation resources developed and released by MITRE.