| drozer | The Leading Security Assessment Framework for Android. | 3973 | GitHub |
| C3 | Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. | 1537 | GitHub |
| needle | The iOS Security Testing Framework | 1337 | GitHub |
| awspx | A graph-based tool for visualizing effective access and resource relationships in AWS environments. | 924 | GitHub |
| leonidas | Automated Attack Simulation in the Cloud, complete with detection use cases. | 529 | GitHub |
| android-keystore-audit | None | 408 | GitHub |
| physmem2profit | Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely | 402 | GitHub |
| lolcerts | A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors | 335 | GitHub |
| Jandroid | None | 330 | GitHub |
| captcha22 | CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks. | 327 | GitHub |
| bitlocker-spi-toolkit | Tools for decoding TPM SPI transaction and extracting the BitLocker key from them. | 288 | GitHub |
| IAMSpy | None | 205 | GitHub |
| damn-vulnerable-llm-agent | None | 184 | GitHub |
| Jamf-Attack-Toolkit | Suite of tools to facilitate attacks against the Jamf macOS management platform. | 178 | GitHub |
| peas | PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange. | 171 | GitHub |
| IceKube | None | 170 | GitHub |
| drozer-agent | The Android Agent for the Drozer Security Assessment Framework. | 162 | GitHub |
| drozer-modules | None | 150 | GitHub |
| cloud-security-vm | Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments | 126 | GitHub |
| cloud-wiki | A public cloud security knowledgebase - https://www.secwiki.cloud/ | 50 | GitHub |
| IAMGraph | None | 38 | GitHub |
| usb-consumer-control | None | 36 | GitHub |
| spikee | Spikee (Simple Prompt Injection Kit for Evaluation and Exploitation) can be used to assess the resilience of LLMs, guardrails, and application pipelines against known prompt injection and jailbreak patterns. | 34 | GitHub |
| CVE-2021-25374_Samsung-Account-Access | This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region. | 24 | GitHub |
| encap-attack | Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols. | 21 | GitHub |
Showing 1 to 25 of 41 entries