Adversary Simulation Framework

JamfHound is a python3 project designed to collect and identify attack paths in Jamf Pro tenants based on existing object permissions by outputting data as JSON for ingestion into BloodHound.

UNIX-like reverse engineering framework and command-line toolset.

GitHub Actions Pipeline Enumeration and Attack Tool

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office365 users.

🔥 🔥 🔥 Open Source JIRA, Linear, Monday, and Asana Alternative. Plane helps you track your issues, epics, and cycles the easiest way on the planet.

Nginx module that calcuates fingerprints from the JA4+ suite

Fingerprint-aware TLS reverse proxy. Use Finch to outsmart bad traffic—collect client fingerprints (JA3, JA4 +QUIC, JA4H, HTTP/2) and act on them: block, reroute, tarpit, or deceive in real time.

MCP Monitoring with eBPF

Jsmn is a world fastest JSON parser/tokenizer. This is the official repo replacing the old one at Bitbucket

LLM powered fuzzing via OSS-Fuzz.

CLI tool for searching logs and unstructured content in Amazon S3 buckets

List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.

GO Simple Tunnel - a simple tunnel written in golang

TUI app- Give it a YouTube URL and you get a transcription with possible speaker identification and optional summary or translation, all thanks to open-source AI tooling and my lack of enough free …

Protect against malicious open source packages 🤖

Build, Manage and Deploy AI/ML Systems

A collection of MCP servers.

Python script for finding resource tags without subresource integrity.

A Flipper Zero clone, but cheapest, DIY and simply Open Source, made with Arduino IDE

Python version of the Playwright testing and automation library.

Multi-protocol passive fingerprinting library: TCP/HTTP (p0f-style) + TLS (JA4-style) analysis in Rust

gubble is a tool designed to audit Google Workspace group settings. It analyzes settings such as who can join, view membership, post messages, view conversations, and more to help identify potentia…

Kingfisher is a blazingly fast tool for secret detection and live validation across files, Git repos, S3, Docker images, Jira, Slack, and Confluence

A terraform REPL.

undust is a URL pattern generator that helps uncover archived, backup, and temporary files left behind on web servers. Given a URL, it generates the most common archive, temp and backup file name v…