Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Active Directory and Internal Pentest Cheatsheets

CeWL is a Custom Word List Generator

WebSocket cat

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Scripted Local Linux Enumeration & Privilege Escalation Checks

JAWS - Just Another Windows (Enum) Script

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

The Network Execution Tool

Notes in preparation for the PNPT (Practical Network Penetration Testing) Certification Exam

Fast SNMP Scanner

Various *nix tools built as statically-linked binaries

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Offensive Kubernetes Threat Matrix -- kubenomicon.com

A list of open source web security scanners

Find the remote website version based on a git repository

Arsenal is just a quick inventory and launcher for hacking programs

A Security Tool for Bug Bounty, Pentest and Red Teaming.

OSWE, OSEP, OSED, OSEE

Tunnel TCP connections through a file

OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines

My personal knowledge repository

Corelan Repository for mona.py

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

A little tool to play with Windows security

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

A tool to dump the login password from the current linux user

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.