💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh

All knowledge I gained from CTFs, real life penetration testing and learning by myself.

Penetration Testing AI Assistant based on open source LLMs.

Red Team Arsenal - a comprehensive collection of tools, scripts, and techniques for conducting red team operations and adversary simulations, including custom beacons, malleable C2 profiles, aggressor scripts, advanced payload generation methods, as well as other evasion tools, tailored for red team operations and security research.

A guide to using Kali Linux tools for web penetration testing, ethical hacking, forensics, and bug bounty. Covers setup, key tools, methodologies, and best practices. Optimized for security professionals.

ClatsCracker is a versatile Executable & Python based password-cracking tool supporting 25 hash algorithms. It offers dictionary or brute-force attacks, adjustable threads, salted hash verification, a user-friendly menu, and progress feedback—ensuring, efficient, ethical password testing. The exe version does not require Python. Just open it!

The VAPT Toolkit provides a streamlined way to install, configure, and maintain a complete penetration testing environment with 50+ security tools and custom automation frameworks organized across multiple categories.

Just like a ghost, Ghost_Dir is capable of detecting hidden subdirectories that other scanning tools may not be able to find. It acts silently, without leaving any traces, and is able to penetrate into obscure areas of the web page that usually go unnoticed.

Python tool for detecting subdomain takeover vulnerabilities by resolving CNAME records and checking for known error messages. It supports bulk domain scanning and logs detailed results for analysis.

Offensive Security Scripts (OSS) - Repository of random scripts I've written for offensive purposes.

This repository is all about the POC and Tools that can be leveraged down for initial access in red teaming engagements.

A Dockerized environment for Kali Linux, optimized for penetration testing and security research.This repository contains a Dockerfile to build and run a Kali Linux container with a graphical user interface (GUI) accessible via Remote Desktop Protocol (RDP).

JavaScript Analysis Masterclass Lab is a hands-on educational lab built to help security enthusiasts and bug bounty hunters master JavaScript-based vulnerabilities.

🕒 This repository contains the core source code and configuration files for the website. Feel free to modify, extend, and contribute to its development to improve functionality, add new features, and ensure the ongoing success of the project.

JS Source Map Extractor & Secrets Scanner

Pages documenting my Pentesting journey.

THM DESCRIPTION: Get started with Cyber Security in 24 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.

All-in-One Master ASN Processing with 0x ASN Processor | CIDR, DNS, IP & Port Scanning Made Easy!

A collection of awesome penetration testing and offensive cybersecurity resources.

LSASSExtractor is a lightweight tool designed to capture memory dumps of the LSASS process on Windows systems. By leveraging the Windows API, it locates the target process and creates a memory dump, which can be analyzed to extract sensitive information such as passwords, encryption keys, and authentication tokens.