Skip to content

@NetSPI NetSPI

Change the repository type filter

All

    Repositories list

    140 repositories

    • OCISigner

      Public
      A Burp Suite extension to sign OCI HTTP requests using all supported OCI authentication mechanisms including API keys, session tokens, instance principals, & re…
      Java
      BSD 3-Clause "New" or "Revised" License
      0001Updated Mar 13, 2026Mar 13, 2026

    • oci-lexer-parser

      Public
      A utility to convert OCI IAM Policy Statements and Dynamic Group Matching Rules to serialized JSON output.
      Python
      BSD 3-Clause "New" or "Revised" License
      0100Updated Mar 5, 2026Mar 5, 2026

    • BypassFuzzer

      Public
      Fuzz 401/403/404 pages for bypasses
      Python
      50400Updated Feb 27, 2026Feb 27, 2026

    • PowerShell

      Public
      NetSPI PowerShell Scripts
      PowerShell
      11034301Updated Feb 10, 2026Feb 10, 2026

    • SQLInjectionWiki

      Public
      A wiki focusing on aggregating and documenting various SQL injection methods
      mysqlsqlwiki
      mysqlsqlwikiinjectionoraclesqlimssqlsqlservernetspi
      HTML
      14978723Updated Feb 2, 2026Feb 2, 2026

    • BOF-PE

      Public
      An example reference design for a proposed BOF PE
      redteampost-ex
      redteampost-ex
      C++
      BSD 3-Clause "New" or "Revised" License
      2920202Updated Jan 23, 2026Jan 23, 2026

    • bambdas

      Public
      Bambdas collection for Burp Suite Professional and Community.
      Java
      GNU Lesser General Public License v3.0
      84001Updated Dec 12, 2025Dec 12, 2025

    • NetSIP

      Public
      NetSIP is a Python-powered SIP repeater that lets you craft, replay, and inspect SIP traffic.
      Python
      GNU General Public License v3.0
      0200Updated Nov 6, 2025Nov 6, 2025

    • MicroBurst

      Public
      A collection of scripts for assessing Microsoft Azure security
      PowerShell
      BSD 3-Clause "New" or "Revised" License
      3352.3k41Updated Oct 29, 2025Oct 29, 2025

    • FuncoPop

      Public
      Tools for attacking Azure Function Apps
      PowerShell
      Other
      118811Updated Oct 28, 2025Oct 28, 2025

    • PXEThief

      Public
      PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager
      Python
      GNU General Public License v3.0
      67000Updated Oct 28, 2025Oct 28, 2025

    • PowerHuntShares

      Public
      PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
      PowerShell
      Other
      107987110Updated Oct 15, 2025Oct 15, 2025

    • BurpExtractor

      Public
      A Burp extension for generic extraction and reuse of data within HTTP requests and responses.
      Java
      349683Updated Oct 7, 2025Oct 7, 2025

    • whois-parser

      Public
      Whois parser for domain whois information parsing in Go(Golang).
      Go
      Apache License 2.0
      100000Updated Sep 25, 2025Sep 25, 2025

    • ATEAM

      Public
      Python
      BSD 3-Clause "New" or "Revised" License
      1514220Updated Sep 9, 2025Sep 9, 2025

    • Snaffler

      Public
      a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
      C#
      GNU General Public License v3.0
      268100Updated Sep 8, 2025Sep 8, 2025

    • egressTester

      Public
      Allows testing all egress ports, an updated version of egressbuster
      0000Updated Sep 4, 2025Sep 4, 2025

    • MSSQLHound

      Public
      PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph
      PowerShell
      GNU General Public License v3.0
      19100Updated Jul 30, 2025Jul 30, 2025

    • CVE-2025-4660

      Public
      PoC for CVE-2025-4660 demonstrating exploitation of the Forescout SecureConnector on Windows
      Python
      BSD 3-Clause "New" or "Revised" License
      41600Updated Jul 16, 2025Jul 16, 2025

    • set_sail

      Public
      SailPoint IQService - RCE via Default Encryption Key
      Python
      Other
      3100Updated Jul 8, 2025Jul 8, 2025

    • BAS-Public-Tools

      Public
      0000Updated Jun 18, 2025Jun 18, 2025

    • gcpwn

      Public
      Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @WebbinRoot
      Python
      BSD 3-Clause "New" or "Revised" License
      2729010Updated May 16, 2025May 16, 2025

    • wopper

      Public
      Automatically upload, execute, and delete a PHP file using Wordpress administrator credentials.
      Shell
      BSD 3-Clause "New" or "Revised" License
      0300Updated Apr 23, 2025Apr 23, 2025

    • test-setup-public

      Public
      0000Updated Apr 22, 2025Apr 22, 2025

    • trufflehog-integration-netspi

      Public
      NetSPi fork of the official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc) us…
      Python
      18000Updated Mar 11, 2025Mar 11, 2025

    • Challenges

      Public
      1000Updated Mar 7, 2025Mar 7, 2025

    • AWSSigner

      Public
      Burp Extension for AWS Signing
      Java
      MIT License
      409072Updated Jan 10, 2025Jan 10, 2025

    • Open-LLM-Security-Benchmark

      Public
      HTML
      Other
      42200Updated Dec 16, 2024Dec 16, 2024

    • PowerHunt

      Public
      PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.
      PowerShell
      Other
      137130Updated Dec 12, 2024Dec 12, 2024

    • PowerUpSQL

      Public
      PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
      PowerShell
      Other
      4802.7k215Updated Dec 12, 2024Dec 12, 2024