pentest
Local forensic scanner that extracts credentials from AI tool conversation history. For authorized red team and DLP use only.
Local forensic scanner that extracts and verifies credentials from AI tool conversation history. Detection + verification powered by TruffleHog.
The offensive-security platform for modern teams.
Recon, scanning, exploitation, and reporting in a single workspace — whether you're a solo pentester or a global SOC.
GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.
The project collects legitimate functions of Unix-like executables that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate other post-exploitation tasks.
Related contents:
Go (formerly PowerShell) collector for adding MSSQL attack paths to BloodHound with OpenGraph.
A collector for adding MSSQL attack paths to BloodHound with OpenGraph by Chris Thompson at SpecterOps. Available as both a PowerShell script and a cross-platform Go binary (with concurrent collection, SOCKS5 proxy support, and streaming output).
Related contents:
Automated Google Dorking Tool. Generates and runs advanced search queries for exposed files. It also test Vulns, Analyzes and extracts metadata.
claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a specific attack surface — from SQLi to shellcode, EDR evasion to exploit development.
A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.
SmokedMeat is a post-exploitation framework for CI/CD pipelines. Point it at a GitHub organization, let it find vulnerable workflows, deploy an implant to a compromised runner, then pivot through cloud providers, extract secrets, and map the blast radius - all from a terminal UI.
Related contents:
Gopacket is a clean Go implementation of Impacket, a library intended for working with network protocols.
A complete Go implementation of Impacket - 63 tools and 24 library packages for Windows network protocol interaction, Active Directory enumeration, and attack execution. Built as a native Go framework so you can compile once and run anywhere without Python dependencies.
Goauld is a post-exploitation and remote access tool designed for use in restricted environments.
During penetration tests, operators may be required to work from a client-provided laptop behind VPNs, authenticated egress proxies, or restrictive network controls. In other cases, gaining remote code execution on a system still requires establishing a stable and fully interactive access channel.
Goauld solves these problems by providing a tunneling and access framework that allows operators to interact with remote agents through multiple transport protocols while maintaining a secure SSH-based architecture.
Related contents:
PentAGI: Advanced AI-Powered Penetration Testing
Fully autonomous AI Agent that performs complicated penetration testing tasks using terminal, browser, editor, and external search system.
JamfHound is a python3 project designed to collect and identify attack paths in Jamf Pro tenants based on existing object permissions by outputting data as JSON for ingestion into BloodHound.
Related contents:
Security auditing CLI for web applications.
VICE is a security auditing CLI tool that finds vulnerabilities in your web applications. It has two modes:
Remote scan gives it a URL. It crawls your site with a real browser, extracts secrets from JS bundles, tests your login for brute force and SQL injection, scans your VPS ports, checks your Supabase RLS, and more. Like an attacker would, but on your own systems.
Local audit points it at your project directory. It reads your source code, checks your .env files, runs npm audit, analyzes your Supabase migrations for missing RLS, finds SQL injections and XSS in your code, and tells you exactly what to fix.
734 Cybersecurity Skills for AI Agents. 734+ AI-Ready Skills for Claude Code & More.
The largest open-source library of structured cybersecurity skills following the agentskills.io standard. Deploy instantly to Claude Code, GitHub Copilot, Cursor, and 26+ platforms.
Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
Related contents:
Extract Windows credentials directly from VM memory snapshots and virtual disks
Lab4PurpleSec is a modular Purple Team homelab combining a vulnerable Active Directory environment (GOAD), a Docker-based web DMZ, pfSense + Suricata, and a Wazuh SIEM. It provides a realistic, open-source training environment for web exploitation, pivoting, Active Directory attacks, and Blue Team detection.
Boot-to-Breach red team lab on AWS. Mythic, Sliver, and Havoc C2 behind a production-style Apache redirector. Deployed via Terraform.
Related contents:
The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking, CAN-bus and IPv4 and IPv6 networks reconnaissance and MITM attacks.
bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, CAN-bus, wireless HID devices and Ethernet networks.
Advanced Command and Control Framework for Authorized Red Team Operations
Testing Wi-Fi Client Isolation.
a set of attacks that enable a guest user to bypass Wi-Fi client isolation. Or put differently, it allows an adverary who can connect to your network, either as a malicious insider or by connecting to a co-located open network, to 'bypass Wi-Fi encryption'.
Related contents:
MCP security testing framework for evaluating Model Context Protocol server vulnerabilities.
A Model Context Protocol (MCP) server built with FastMCP that provides various tools including Claude AI integration, text injection capabilities, and server information utilities. It is definitely super secure, you should definitely send confidential data through it, and definitely take everything it says as fact.
Related contents:
Modern credential testing tool in pure Go.
Fast, zero-dependency credential testing tool in Go. Brute force SSH, MySQL, PostgreSQL, Redis, MongoDB, SMB, and 20+ protocols. Hydra alternative with native fingerprintx/naabu pipeline integration.
Brutus is a multi-protocol authentication testing tool designed to address a critical gap in offensive security tooling: efficient credential validation across diverse network services. While HTTP-focused tools are abundant, penetration testers and red team operators frequently encounter databases, SSH, SMB, and other network services that require purpose-built authentication testing capabilities.
Unmask the hidden before the world does.
An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
LLM Vulnerability Scanner.
Test large language models against 210+ adversarial attacks covering prompt injection, jailbreaks, encoding exploits, and data extraction.
Related contents:
(Rogue Office 365 and Azure (active) Directory tools)
A collection of Azure AD/Entra tools for offensive and defensive security purposes.
ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components, the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool.
Related contents:
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
Related contents:
LLM Service Fingerprinting Tool.
Simple LLM service identification - translate IP:Port to Ollama, vLLM, LiteLLM, or 30+ other AI services in seconds.
Julius is an LLM service fingerprinting tool for security professionals. It detects which AI server software is running on network endpoints during penetration tests, attack surface discovery, and security assessments.
Unlike model fingerprinting tools that identify which LLM generated text, Julius identifies the server infrastructure: Is that endpoint running Ollama? vLLM? LiteLLM? A Hugging Face deployment? Julius answers in seconds.
Related contents:
The bridge between Burp Suite and modern AI.
Burp AI Agent is an extension for Burp Suite that integrates AI capabilities into your security workflow.
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
Related contents:
Shannon is your fully autonomous AI pentester.
Shannon’s job is simple: break your web app before anyone else does. The Red Team to your vibe-coding Blue team. Every Claude (coder) deserves their Shannon.
Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
Related contents:
AI-powered subdomain enumeration tool with local LLM analysis via Ollama - 100% private, zero API costs.
God's Eye is a powerful, ultra-fast subdomain enumeration and reconnaissance tool written in Go. It combines multiple passive sources with active DNS brute-forcing and comprehensive security checks to provide a complete picture of a target's attack surface.
Related contents:
Scan websites for exposed Supabase JWTs, enumerate accessible tables, and detect sensitive data exposure automatically.
A Python script that scans websites for exposed Supabase JWT tokens, enumerates accessible database tables, and analyzes them for sensitive data exposure. The script automatically detects sensitive information (emails, passwords, API keys, PII, financial data, etc.) and classifies vulnerability levels to identify which tables pose security risks.
Production-ready, Dockerized MCP (Model Context Protocol) servers for offensive security tools. Enable AI assistants like Claude to perform security assessments, vulnerability scanning, and binary analysis.
Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.
Tangled is a phishing platform designed from an offensive security perspective. It automates many of the aspects of social engineering campaigns delivery and weaponizes iCalendar rendering features in Microsoft Outlook & Gmail (Google Workspace) to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction.
A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
This repository contains intentionally vulnerable implementations of Model Context Protocol (MCP) servers (both local and remote). Each server lives in its own folder and includes a dedicated README.md with full details on what it does, how to run it, and how to demonstrate/attack the vulnerability.
AI Penetration Testing.
PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.
Find, analyze, and check for exposed IP cameras with open ports, known vulnerabilities, and weak login credentials.
CamXploit is a reconnaissance tool designed to help researchers and security enthusiasts check if an IP address is hosting an exposed CCTV camera. It scans common camera ports, checks for login pages, tests default credentials, and provides useful search links for further investigation.
An executable file that runs a harmless program most of the time, but will run a different, hidden code if deployed on a specific target host.
Related contents:
Sirius is an open-source comprehensive vulnerability scanner that leverages community-driven security intelligence and automated penetration testing capabilities.
The AI Penetration Testing Agent. Penetration testing done in hours, not weeks. Strix finds and fixes vulnerabilities before they reach production.
AI Red Teaming Range.
Red AI Range (RAR) is a comprehensive security platform designed specifically for AI red teaming and vulnerability assessment. It creates realistic environments where security professionals can systematically discover, analyze, and mitigate AI vulnerabilities through controlled testing scenarios.
HoneyBee. Create honeypots for cloud environments.
HoneyBee is a tool for creating misconfigured environments to test vulnerabilities in technologies like Jenkins, Jupyter Notebook, and more.
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
Related contents:
A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.
Revolutionary AI-Powered Offensive Security Framework.
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
The powerful open-source ESP32 firmware designed for offensive security and Red Team operations.
Bruce is meant to be a versatile ESP32 firmware that supports a ton of offensive features focusing on facilitating Red Team operations. It also supports m5stack products and works great with Cardputer, Sticks, M5Cores, T-Decks and T-Embeds.
A cheap alternative to FlipperZero™ based on Espressif and SBC boards.
CapibaraZero aim to be a cheap alternative to FlipperZero™. It's based on ESP32 boards especially on ESP32-S3 but we want to port firmware to all ESP family boards.
Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques.
Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password).
Have you ever seen a movie where a hacker plugs a seemingly ordinary USB drive into a computer and instantly steals data? Today, you'll be building a device that does exactly that.
Related contents:
Advanced LLM-powered brute-force tool combining AI intelligence with automated login attacks.
Related contents:
A Deep Learning Approach for Password Guessing.
Related contents:
A penetration testing tool for odoo applications.
OdooMap is a reconnaissance, enumeration, and security testing tool for Odoo applications.
Related contents:
detect API auth weaknesses.
Autoswagger is a command-line tool designed to discover, parse, and test for unauthenticated endpoints using Swagger/OpenAPI documentation. It helps identify potential security issues in unprotected endpoints of APIs, such as PII leaks and common secret exposures.
Related contents:
Cameradar hacks its way into RTSP videosurveillance cameras.
Related contents:
The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
Related contents:
Wr1t3Up d3 Hip5kull
Joueur de CTF sur diverses plateformes, l’idée de ce site est de mettre à disposition de tous, les diverses résolutions de machines effectuées. Passionné par la cybersécurité et l’IT, les CTFs me permettent d’apprendre énormément sur les failles et l’exploitation de ces dernières.
Privilege Escalation Awesome Scripts SUITE new generation.
Here you will find privilege escalation tools for Windows and Linux/Unix* and MacOS.
These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.
A fast WordPress plugin enumeration tool.
WPProbe is a fast and efficient WordPress plugin scanner that leverages REST API enumeration (?rest_route) to detect installed plugins without brute-force.
Unlike traditional scanners that hammer websites with requests, WPProbe takes a smarter approach by querying the exposed REST API. This technique allows us to identify plugins stealthily, reducing detection risks and speeding up the scan process.
Information Gatherer & Webapps Exploiter. a Python-based tool to streamline and centralize some pentesting tasks.
Lucille is a comprehensive web application security testing tool designed for cybersecurity professionals. built with Python, Lucille offers a suite of user-friendly tools, it aims to provide an efficient and practical tools streamlining pentesting tasks and centralizing various audit and exploitation techniques.