There are no reviews yet. Be the first to send feedback to the community and the maintainers!
ScoutSuite
Multi-Cloud Security Auditing ToolScout2
Security auditing tool for AWS environmentssobelow
Security-focused static analysis for the Phoenix FrameworkWinpayloads
Undetectable Windows Payload Generationdemiguise
HTA encryption tool for RedTeamshouse
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.PMapper
A tool for quickly evaluating IAM permissions in AWS.redsnarf
RedSnarf is a pen-testing / red-teaming tool for Windows environmentsfeatherduster
An automated, modular cryptanalysis tool; i.e., a Weapon of Math DestructionSocksOverRDP
Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktopsingularity
A DNS rebinding attack framework.exploit_mitigations
Knowledge base of exploit mitigations available across numerous operating systems, architectures and applications and versions.AutoRepeater
Automated HTTP Request Repeating With Burp Suitefuzzowski
the Network Protocol Fuzzer that we will want to use.aws-inventory
Discover resources created in an AWS account.BurpSuiteHTTPSmuggler
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniquesSniffle
A sniffer for Bluetooth 5 and 4.x LEsadcloud
A tool for standing up (and tearing down!) purposefully insecure cloud infrastructureTriforceAFL
AFL/QEMU fuzzing with full-system emulation.nmap-nse-vulnerability-scripts
NMAP Vulnerability Scanning ScriptsLoggerPlusPlus
Advanced Burp Suite Logging Extensionnccfsas
Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.freddy
Automatically identify deserialisation issues in Java and .NET applications by using active and passive scansphantap
Phantom Tap (PhanTap) - an βinvisibleβ network tap aimed at red teamsazucar
Security auditing tool for Azure environmentstracy
A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.VCG
VisualCodeGrepper - Code security scanning tool.Cyber-Defence
Information released publicly by NCC Group's Cyber Incident Response Teamscrying
A tool for collecting RDP, web and VNC screenshots all in one placeautochrome
This tool downloads, installs, and configures a shiny new copy of Chromium.wssip
Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.blackboxprotobuf
Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.idahunt
idahunt is a framework to analyze binaries with IDA Pro and hunt for things in IDA Proautopwn
Specify targets and run sets of tools against themCrossSiteContentHijacking
Content hijacking proof-of-concept using Flash, PDF and SilverlightSolitude
Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating user privacy within an app accessible for everyone.vlan-hopping---frogger
Easy 802.1Q VLAN Hoppingshocker
A tool to find and exploit servers vulnerable to ShellshockDriverBuddy
DriverBuddy is an IDA Python script to assist with the reverse engineering of Windows kernel drivers.WMIcmd
A command shell wrapper using only WMI for Microsoft WindowsacCOMplice
Tools for discovery and abuse of COM hijacksSusanRTTI
Another RTTI Parsing IDA pluginumap
The USB host security assessment toolmetasploitavevasion
Metasploit AV Evasion Toolkeimpx
Check for valid credentials across a network over SMBumap2
Umap2 is the second revision of NCC Group's python based USB host security assessment tool.depthcharge
A U-Boot hacking toolkit for security researchers and tinkerersUPnP-Pentest-Toolkit
UPnP Pentest Toolkit for WindowsGTFOBLookup
Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io), LOLBAS (https://github.com/LOLBAS-Project/LOLBAS), WADComs (https://wadcoms.github.io), and HijackLibs (https://hijacklibs.net/).G-Scout
Google Cloud Platform Security Toolasatools
Main repository to pull all NCC Group Cisco ASA-related tool projects.cisco-SNMP-enumeration
Automated Cisco SNMP Enumeration, Brute Force, Configuration Download and Password Crackingthetick
A simple embedded Linux backdoor.AWS-recipes
A number of Recipes for AWSkube-auto-analyzer
Kubernetes Auto AnalyzerTPMGenie
TPM Genie is an I2C bus interposer for discrete Trusted Platform ModulesBinProxy
BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.TriforceLinuxSyscallFuzzer
A linux system call fuzzer using TriforceAFLDetectWindowsCopyOnWriteForAPI
Enumerate various traits from Windows processes as an aid to threat huntingpybeacon
A collection of scripts for dealing with Cobalt Strike beacons in PythonBKScan
BlueKeep scanner supporting NLAtypofinder
A finder of domain typos showing country of IP addressBLESuite
BLESuite is a Python package that provides an easier way to test Bluetooth Low Energy (BLE) deviceSteppingStones
A Red Team Activity Hublibslub
tcpprox
A small command-line TCP proxy utility written in Pythonrequests-racer
Small Python library that makes it easy to exploit race conditions in web apps with Requests.LazyDroid
bash script to facilitate some aspects of an Android application assessmentchuckle
An automated SMB relay exploitation script.whalescan
Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the containergitpwnd
GitPwnd is a network penetration tool that lets you use a git repo for command and control of compromised machinesCarnivore
Tool for assessing on-premises Microsoft servers authentication such as ADFS, Skype, Exchange, and RDWebCollaboratorPlusPlus
Change-Lockscreen
Offensive tool to trigger network authentications as SYSTEMDecoder-Improved
Improved decoder for Burp SuiteOutlookLeakTest
The Outlook HTML Leak Test ProjectWubes
Qubes containerization on Windowsport-scan-automation
Automate NMAP Scans and Generate Custom Nessus Policies AutomaticallyHodor
Hodor! Fuzzer..Zulu
The Zulu fuzzerWinShareEnum
Windows Share Enumeratormemscan
Searches for strings, regex, credit card numbers of magnetic stripe card tracks in a Windows process's memory spaceebpf
eBPF - extended Berkeley Packet Filter toolingargumentinjectionhammer
A Burp Extension designed to identify argument injection vulnerabilities.cq
DroppedConnection
SCOMDecrypt
SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM serversGOATCasino
This is an intentionally vulnerable smart contract truffle deployment aimed at allowing those interested in smart contract security to exploit a wide variety of issues in a safe environment.OneLogicalMyth_Shell
A HTA shell to assist with breakout assessments.BLE-Replay
BLE-Replay is a Bluetooth Low Energy (BLE) peripheral assessment toolcloud_ip_ranges
Identify IP addresses owned by public cloud providersweb3-decoder
ccs
WindowsDACLEnumProject
A collection of tools to enumerate and analyse Windows DACLsraccoon
Salesforce object access auditorDIBF
Windows NT ioctl bruteforcer and modular fuzzergo-pillage-registries
Pentester-focused Docker registry tool to enumerate and pull imagesDatajackProxy
Datajack Proxy allows you to intercept TLS traffic in native x86 applications across platformspcap-burp
Pcap importer for Burpjwt-reauth
Love Open Source and this site? Check out how you can help us