This is a simple program to display messages to the user and get responses back. It is used to make dialogs for scripts or simply post information to be seen.

"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones

Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code.

A script that helps you understand why your E-Mail ended up in Spam

A fork of lambci/docker-lambda: Docker images and test runners that replicate the live AWS Lambda environment

A .NET Runtime for Cobalt Strike's Beacon Object Files

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.

Proof of Work with SHA256 and Bloom filter

Copy/paste anything over the network.

A simple zero-config tool to make locally trusted development certificates with any names you'd like.

Simple data persistence for your Electron app or module - Save and load user preferences, app state, cache, etc

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Azure JWT Token Manipulation Toolset

A method of bypassing EDR's active projection DLL's by preventing entry point exection

The helper class for Visual Basic for Applications (VBA) 7.0, providing access to CLR (.NET Framework) assemblies and classes.

CallBack-Techniques for Shellcode execution ported to Nim

Also known by Microsoft as Knifecoat 🌶️

Self-developed tools for Lateral Movement/Code Execution

tun2socks - powered by gVisor TCP/IP stack

Native Mac APIs for Go. Previously known as MacDriver

A protective and Low Level Shellcode Loader that defeats modern EDR systems.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🌐 Run headless Chrome/Chromium on AWS Lambda

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Little app to show all docker images

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.

A collaborative corkboard app

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A list of Domain Frontable Domains by CDN

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…