Take it like a gift

Invoke-WCMDump
Invoke-WCMDump

PowerShell script to dump Windows credentials from the Credential Manager.

4-ZERO-3
4-ZERO-3

403/401 Bypass Methods.

sub404
sub404

A fast tool to check subdomain takeover vulnerability.

RedTeam_toolkit
RedTeam_toolkit

Open source Django offensive webapp which is keeping the best tools used in the redteaming.

wmiexec-Pro
wmiexec-Pro

The new generation of wmiexec.py with all operations performed on port 135 for antivirus evasion.

Bucket Stream
Bucket Stream

Find interesting Amazon S3 Buckets by watching certificate transparency logs.

archerysec
archerysec

Automate your application security orchestration and correlation (ASOC).

Auth Analyzer
Auth Analyzer

The Burp extension helps you to find authorization bugs.

maltrail
maltrail

Malicious traffic detection system.

socialhunter
socialhunter

Crawls the website and finds broken social media links that can be hijacked

Can I take over XYZ?
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

2tearsinabucket
2tearsinabucket

Enumerate s3 buckets for a specific target.

MITRE ATT&CK
MITRE ATT&CK

Knowledge base of adversary tactics and techniques based on real-world observations.

default-http-login-hunter
default-http-login-hunter

Login hunter of default credentials for administrative web interfaces.

morphHTA
morphHTA

Morphing Cobalt Strike's evil.HTA.