| C3 | Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. | 1537 | GitHub |
| CVE-2021-25374_Samsung-Account-Access | This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region. | 24 | GitHub |
| Cue-COVID-Test_Research-Files | Research artefacts accompanying the 'Faking another positive COVID test' analysis of the Cue Health COVID-19 test. | 0 | GitHub |
| FixerUpper | A Burp extension to enable modification of FIX messages when relayed from MitM_Relay | 13 | GitHub |
| IAMGraph | Models cross-account AWS IAM role trust relationships in a Neo4j graph database to identify dangerous assume-role attack paths. | 38 | GitHub |
| IAMSpy | A library that uses the Z3 prover to reason about AWS IAM policies, exposing constraints that downstream IAM tooling can build on. | 205 | GitHub |
| IceKube | Enumerates a Kubernetes cluster into a Neo4j graph database and identifies privilege-escalation paths an attacker could take. | 170 | GitHub |
| Jamf-Attack-Toolkit | Suite of tools to facilitate attacks against the Jamf macOS management platform. | 178 | GitHub |
| Jandroid | A taint-analysis tool that template-matches Android apps to identify potential logic-bug exploit chains. | 330 | GitHub |
| ORACrawl | A tool dedicated to automate discovery, traversal, and SQL command execution across daisy chained Oracle database links | 0 | GitHub |
| android-keystore-audit | Frida scripts and a reference Android app for auditing KeyStore-backed local authentication implementations. | 408 | GitHub |
| awspx | A graph-based tool for visualizing effective access and resource relationships in AWS environments. | 924 | GitHub |
| azure-service-tag-abuse | Scripts and other content to go with Aled Mehta's talk 'Tag You're Exposed' at DEF CON Cloud Village 2023 | 0 | GitHub |
| bitlocker-spi-toolkit | Tools for decoding TPM SPI transaction and extracting the BitLocker key from them. | 288 | GitHub |
| boops-boops-android-agent | A Drozer fork created to accompany CVE-2022-22288, with the agent server auto-starting on launch. | 2 | GitHub |
| boops-boops-docker-container | A Docker container for running the Boops Boops (Drozer fork) computer client, as used at Pwn2Own Austin 2021. | 0 | GitHub |
| captcha22 | CAPTCHA22 is a toolset for building, and training, CAPTCHA cracking models using neural networks. | 327 | GitHub |
| cloud-security-vm | Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments | 126 | GitHub |
| cloud-wiki | A public cloud security knowledgebase - https://www.secwiki.cloud/ | 50 | GitHub |
| damn-vulnerable-llm-agent | A deliberately vulnerable LLM ReAct agent chatbot for learning about prompt-injection attacks against agentic systems. | 184 | GitHub |
| drozer-agent | The Android Agent for the Drozer Security Assessment Framework. | 162 | GitHub |
| drozer-modules | A collection of modules for the drozer Android security assessment framework. | 150 | GitHub |
| drozer | The Leading Security Assessment Framework for Android. | 3973 | GitHub |
| encap-attack | Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols. | 21 | GitHub |
| fixit | A custom FIX-protocol client for security testing of FIX-based financial systems. | 0 | GitHub |
| freezer | Rust implementation of IceKube download functionality | 5 | GitHub |
| keywe-tooling | Tools that can be used to interact with the KeyWe Smart Lock device. | 6 | GitHub |
| leonidas | Automated Attack Simulation in the Cloud, complete with detection use cases. | 529 | GitHub |
| llama-3-prompt-injection-fine-tuning | Scripts for building a training dataset to fine-tune an LLM to be resistant to prompt injection attacks. | 1 | GitHub |
| llm-vulnerable-recruitment-app | An example vulnerable app that integrates an LLM | 14 | GitHub |
| lolcerts | A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors | 335 | GitHub |
| megafeis-palm | PoC Code for Vulnerabilities Found in MEGAFEIS-branded Smart Locks and their Mobile Companion App DBD+ | 1 | GitHub |
| needle | The iOS Security Testing Framework | 1337 | GitHub |
| peas | PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange. | 171 | GitHub |
| physmem2profit | Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely | 402 | GitHub |
| sieve | A deliberately vulnerable Android password manager, used as an introductory target for learning drozer. | 5 | GitHub |
| spikee | Spikee (Simple Prompt Injection Kit for Evaluation and Exploitation) can be used to assess the resilience of LLMs, guardrails, and application pipelines against known prompt injection and jailbreak patterns. | 54 | GitHub |
| usb-consumer-control | A Flipper Zero app for sending USB Consumer Control button presses, useful for researching how devices handle USB CCBs (e.g. kiosk breakouts). | 36 | GitHub |
| workout-planner | A sample multi-chain LLM application demonstrating how prompt injection vulnerabilities can be tested. | 1 | GitHub |