gitcomrade's Stars
netskopeoss/phish_oauth
POC code to explore phishing attacks using OAuth 2.0 authorization flows, such as the device authorization grant.
AlteredSecurity/365-Stealer
365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
aplura/Tango
Honeypot Intelligence with Splunk
zmap/zgrab2
Fast Go Application Scanner
idealeer/xmap
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
rvrsh3ll/TokenTactics
Azure JWT Token Manipulation Toolset
useful-forks/useful-forks.github.io
Improving GitHub's Forks list discoverability through automatic filtering. The project offers an online tool and a Chrome extension.
dirkjanm/ROADtools
A collection of Azure AD/Entra tools for offensive and defensive security purposes
microsoft/AttackSurfaceAnalyzer
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
salesforce/jarm
kaganisildak/malwarescarecrow
A tool designed to make physical devices detectable by malware and make system look like virtual machine.
Azure/Stormspotter
Azure Red Team tool for graphing Azure and Azure Active Directory objects
Immersive-Labs-Sec/msrc-api
A collection of tools to interact with Microsoft Security Response Center API
0xthirteen/SharpRDP
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
bats3c/shad0w
A post exploitation framework designed to operate covertly on heavily monitored environments
joshfaust/Alaris
A protective and Low Level Shellcode Loader that defeats modern EDR systems.
Rigellute/spotify-tui
Spotify for the terminal written in Rust 🚀
VSCodium/vscodium
binary releases of VS Code without MS branding/telemetry/licensing
NavyTitanium/Fake-Sandbox-Artifacts
This script allows you to create various artifacts on a bare-metal Windows computer in an attempt to trick malwares that looks for VM or analysis tools
sensepost/gowitness
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
jthuraisamy/TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
paranoidninja/Boomerang
Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal services to external/other networks
nyxgeek/ntlmscan
scan for NTLM directories
Shawn-Shan/fawkes
Fawkes, privacy preserving tool against facial recognition systems. More info at https://sandlab.cs.uchicago.edu/fawkes
SecurityRiskAdvisors/VECTR
VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
mandatoryprogrammer/CursedChrome
Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
a0rtega/pafish
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
tinkersec/scratchpad
Proofs of Concept. Just fucking around.
dirkjanm/ldapdomaindump
Active Directory information dumper via LDAP
nshalabi/SysmonTools
Utilities for Sysmon