AWS security scanner with attack chain detection. 47 checks, Terraform remediation for every finding, scan diff. Free. pip install cloud-audit

The ultimate Red Team toolkit for phishing operations.

Runtime-first Windows thick client assessment tool. Identifies verified privilege escalation paths using Procmon and AccessCheck validation.

AI geolocation platform identifying indoor/outdoor photo locations like hotel rooms and street views with verifiable evidence for OSINT and recon.

Open-source VAPT platform for red teams to plan, collaborate, and automate reporting for penetration testing projects and vulnerability management.

End-to-end platform for AI security testing and automated red teaming. Identify vulnerabilities like prompt injection and data leakage across AI systems.

An automated, highly vulnerable Active Directory lab for practicing advanced internal penetration testing and red team attack techniques.

Neutral benchmark for evaluating prompt injection detection systems across 4,300+ inputs including jailbreaks and adversarial prompting.

Automated testing platform to secure LLM agents against prompt injection, data leaks, and hallucinations through continuous adversarial red teaming.

Rust-based Windows PE manual loader supporting x86/x64. Implements manual mapping, base relocations, and import resolution for memory-based execution.

Adversary simulation provider offering manual penetration testing, phishing assessments, offensive security training, and technical tool development.

Offensive auditor for MCP servers. Detects RCE, tool poisoning, credential leaks, and SSRF across stdio, HTTP, and SSE transports.

Self-hosted offensive security platform for managing engagements, findings, and delivery. Features on-prem AI reporting and real-time team collaboration.

Premier hardware store for offensive security, providing Flipper Zero, Proxmark, Hak5 tools, SDR equipment, and specialized RFID cloning hardware.

Convert registry exports into NTUSER.MAN hive files to stealthily inject HKCU keys without admin rights, bypassing EDR/AV registry API monitoring.

Cygeniq secures AI systems across their lifecycle with Hexashield AI, GRCortex AI, and CyberTiX AI.

Unified exposure management platform for automated vulnerability scanning, attack surface monitoring, and cloud security posture management.

NeroSwarm Deception Lab offers free cyber deception tools including honeytoken creation, honeypot script generation, and IP threat reputation checking.

DLLHijackHunter is an automated scanner that uses canary DLLs to confirm hijacking vulnerabilities, UAC bypasses, and privilege escalation on Windows.