Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version of JDK -- JDK 11. After...

Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX...

The CI/CD-Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 10 challenges, enacted against a real,...

Want to use SSH for reverse shells? Now you can using reverse_SSH. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote...

Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind()). Requirements Ruby v3 or newer. Installation Install...

Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you...

Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a...

Whids is a Open Source EDR For Windows with artifact collection driven by detection. The detection engine is built on top of a previous...

ProtectMyTooling is a script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your...

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL). Mangle can remove known Indicators of Compromise (IoC) based strings and...