CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including …

how to look for Leaked Credentials !

A simple script just made for self use for bypassing 403

Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. The tool offers concurrent scanning, allowing users to define …

Walkthrough to QBypass room by Adkali {Adam Kahlon}

Essential Guide to the OWASP Top 10; Key Vulnerabilities for Educational and Learning Purposes.

A collection of one-liners for bug bounty hunting.

Overview of LSASS Dumping Techniques; Exploring a Variety of Tools and Methods.

vgtree - a Python-based post-exploitation tool designed to assist ethical hackers and cybersecurity enthusiasts in their search for specific patterns/strings within the target system's files and di…

All about bug bounty (bypasses, payloads, and etc)

Automated Penetration Testing Agentic Framework Powered by Large Language Models

PHP 8.1.0-dev Backdoor System Shell Script

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting

PowerJoker is a Python program which generate a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

Pull Hashes Decryption From Online Sources Using Python

A creative way to evade 'Real time protection' and Windows Firewall on windows, and obtain victim key-strokes by obfuscate keylogger and using nc on remote machine.

Grabs WIFI saved password using 'netsh' command

A Python3 based C2 server to make life of red teamer a bit easier. The payload is capable to bypass all the known antiviruses and endpoints.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

It bridges my research with a functional tool. I want to provide a safe, open-source framework for hackers to test evasion and for defenders to improve detection through hands-on learning.

Ready to go Phishing Platform

Ready to go Phishing Platform