Inspiration for when you're stuck. Inspired by Brian Eno's Oblique Strategies.

Red team or blue team?

Kind of like the whacks of Heraclitus.

Tools, scripts and tips useful during Penetration Testing engagements.

The Capsulecorp Pentest is a small virtual network managed by Vagrant and Ansible. It contains five virtual machines, including one Linux attacking system running Xubuntu and 4 Windows 2019 servers configured with various vulnerable services. This project can be used to learn network penetration testing as a stand-alone environment but is ultimatly designed to complement my book The Art of Network Penetration Testing.

Drafts of the ebook Pentesting Hardware: A Practical Guide by Mark Carney.

Repository containing useful links for all things Physical Security.

Orc is a post-exploitation framework for Linux written in Bash.

The best hacker's gadgets for Red Team pentesters and security researchers.

A wireless auditing tool implemented as a shell script that uses other tools to do the job.

A collection of open source and commercial tools that aid in red team operations.

An OSINT collection utility which gathers information about domains. Hunts for subdomains, searches SHODAN for hits, grabs banners and headers, web UI. Don't know if there's an API yet.

A tool which digs up OSINT on a target. Domain names, usernames, phones, credentials API keys, and correlates them. Performs active scans to collect data. Generates HTML, JSON, plain text reports.

A development library which makes it easier to develop and package your own shellcode for remote exploits. It even includes an ncurses-based front end.

An application designed to assist in exploiting SQL injection attacks against applications based upon Microsoft SQL Server. Written in Perl. Fingerprints server, can bruteforce the password on the "sa" account, escalate privileges, create custom stored procedures to wreak havoc.

A next-generation brute-force login cracker for many different applications and operating systems. Runs as a multi-threaded application for efficiency. Uses a modular system to implement new authentication protocols and application connectors.

A utility capable of fingerprinting back-end SQL databases, pulling authentication credentials and schemas, enumerating databases, and generating SQL injection attacks against web applications. Can handle MySQL, Oracle, Postgres, SQL Server, DB2, and other systems.

An open source web server and web application scanner that tests for misconfigurations, bugs, and missing patches. Not designed to be subtle, it's a pen tester's auditing tool through and through.

A handy cheatsheet for crafting SQL injection attacks against web applications.