Category

Metasploit

Metasploit is a penetration testing framework that helps security teams verify vulnerabilities, manage assessments, and improve security awareness.

Web External Services

ReconnaissanceInfrastructure Security

AutoRecon

AutoRecon is a network reconnaissance tool that automates service enumeration and port scanning for multiple targets.

Cloud SecurityInfrastructure SecurityReconnaissance

AzureHound

AzureHound is a BloodHound data collector for Microsoft Azure, enabling security professionals to map attack paths in Azure environments.

Cloud

Infrastructure Security

BloodHound Query Library

BloodHound Query Library appears to be a resource for pre-built queries designed for use with BloodHound, a tool for analyzing Active Directory environments.

Infrastructure SecurityRed Team OperationsReporting

Canarytokens

Canarytokens is a free tool to plant traps in your network that notify you when triggered, helping you detect breaches early.

Phishing

Infrastructure Security

Certipy

Certipy is a toolkit for enumerating and abusing Active Directory Certificate Services (AD CS) with ESC1-ESC16 attack path support.

Infrastructure Security

Chisel

Chisel: A fast TCP/UDP tunnel over HTTP, secured via SSH. Useful for firewalls, providing secure network endpoints.

Cloud SecurityInfrastructure Security

CloudFox

CloudFox helps penetration testers find exploitable attack paths in cloud infrastructure, currently supporting AWS with more on the way.

Cloud

Cloud SecurityInfrastructure Security

CloudQuery

CloudQuery provides a developer-first cloud governance platform for security, compliance, and cost visibility across multi-cloud environments.

Report Cloud

Infrastructure Security

CrackMapExec

CrackMapExec is a swiss army knife for pentesting Windows networks, automating common tasks for assessing security vulnerabilities.

Infrastructure Security

Evil-WinRM

Evil-WinRM is the ultimate WinRM shell for hacking/pentesting, offering features like in-memory script loading and AMSI bypass.