Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks

Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions

Public repository of the Micro QuickJS Javascript Engine

Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.

Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.

🕳 godoh - A DNS-over-HTTPS C2

Stealthy In-Memory Local Password Harvester (SILPH) tool: dump LSA, SAM and DCC2 with indirect syscall

A Windows tool that converts LDIF files to BloodHound CE

Google 💚 MCP

ACE Analyzer for identifying ESC1-8 vulnerabilities (Written by AI)

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

🤖 24/7 AI agent that maximizes Claude Code Pro usage via Slack. Auto-processes tasks, manages isolated workspaces, creates Git commits/PRs, and optimizes day/night usage thresholds.

Mithra Scanner is an interactive API testing tool for prompt injection, refusal detection, and LLM security benchmarking. It supports YAML-based rule definitions, custom refusal lists, REST API int…

React2Shell exploit with multiple WAF bypass and vulnerable example application.

Advanced Exploitation Toolkit for Next.js Server Actions (CVE-2025-55182)

React Shell & Next.js RSC Exploit Tool (CVE-2025-55182)

Brute Ratel External C2 (Microsoft Teams)

Search WiFi geolocation data by BSSID and SSID on different public databases.

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Force Remove Copilot, Recall and More in Windows 11

Windows Session Hijacking via COM

A cmake template for crystal palace

x86 PC emulator and x86-to-wasm JIT, running in the browser

The awesome collection of Claude Skills and resources.

Power Automate C2 (PAC2) : Stealth living-off-the-cloud C2 framework.

A cross-platform, collaborative C2 for red-teaming. Agents are cross-compilable (e.g, you can generate Windows DLLs on Linux), cross-compatible, and built with evasion, anti-analysis and stability …

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox