2024-06-08 06:17:32 |
🌐 FreewayA Python scapy-based tool for WiFi penetration that aim to help ethical hackers and pentesters develop their skills and knowledge in auditing and securing home or enterprise networks.• IEEE 802.11 Packet Monitoring• Deauthentication Attack• Beacon Flood• Packet Fuzzer• Network Audit• Channel Hopper• Evil Twinhttps://github.com/FLOCK4H/Freeway#cybersecurity #infosec #pentesting |
Images
|
2024-06-06 13:31:52 |
👺TotalRecallThis tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.https://github.com/xaitax/TotalRecall#cybersecurity #pentesting #redteam |
Images
|
2024-06-03 06:16:34 |
🥠 CookieKatzA project that allows operators to dump cookies from Chrome, Edge or Msedgewebview2 directly from the process memory. Chromium based browsers load all their cookies from the on-disk cookie database on startup.• Support dumping cookies from Chrome's Incogntio and Edge's In-Private processes• Access cookies of other user's browsers when running elevated• Dump cookies from webview processes• No need to touch on-disk database file• DPAPI keys not needed to decrypt the cookies• Parse cookies offline from a minidump filehttps://github.com/Meckazin/ChromeKatz#cybersecurity #pentesting #redteam |
Images
|
2024-05-30 12:15:00 |
🗃 SnafflePyThis tool works by first sending a LDAP query to the specified target to discover other domain joined machines, and then attempts to login (authenticated or not) through SMB and retrieve interesting files (currently work in progress).https://github.com/asmtlab/snafflepy#pentesting #redteam #recon |
|
2024-05-29 08:15:00 |
🔎 K8SpiderPowerful+Fast Kubernetes service discovery tools via kubernetes DNS service. Currently supported service ip-port BruteForcing / AXFR Domain Transfer Dump / Coredns WildCard Dumphttps://github.com/Esonhugh/k8spider#cybersecurity #pentesting #bugbounty |
|
2024-05-28 15:43:15 |
🤘XnlRevealA Chrome/Firefox browser extension to show alerts for reflected query params, show Wayback archive links for the current path, show hidden elements and enable disabled elements.https://github.com/xnl-h4ck3r/XnlReveal#cybersecurity #pentesting #bugbounty |
|
2024-05-28 09:42:19 |
🛠 Agentic SecurityThe open-source Agentic LLM Vulnerability Scanner• Customizable Rule Sets or Agent based attacks• Comprehensive fuzzing for any LLMs• LLM API integration and stress testing • Wide range of fuzzing and attack techniques https://github.com/msoedov/agentic_security#cybersecurity #pentesting #redteam |
|
2024-05-26 06:41:59 |
PPLSystemThis is a proof of concept implementation of the technique described in this blog post.It creates a livedump of the machine through NtDebugSystemControl to extract the COM secret and context, to then inject inside this process.https://github.com/Slowerzs/PPLSystem#cybersecurity #pentesting #redteam |
|
2024-05-21 08:07:56 |
Offensive OSINT ToolsThis repository consists of tools/links that a expert can use during Pentest/RedTeam. At the moment there are a huge number of awesome lists that contain a ton of tools, but the Offensive specialist most often doesn't need them, which is what motivated the creation of this list. These tools cover almost all the needs of the Offensive specialist and will help you get the job done well.If the tool performs multiple functions, for example collecting subdomains and URLs, it will be listed in two places.https://github.com/wddadk/Offensive-OSINT-Tools#OSINT #pentesting #redteam |
|
2024-05-21 07:06:15 |
Advanced SQL Injection for AWAEGoal is to master SQL Injection Discovery, Detection and Exploitation.https://github.com/shreyaschavhan/advanced-sql-injection-for-awae#cybersecurity #pentesting #bugbounty |
|
2024-05-20 06:48:47 |
Awesome Password SprayingA curated list of password spraying tools, projects, and resources. Note that this project primarily focuses on password-spraying tools and resources for Microsoft Office 365 and Azure Entra environments.https://github.com/puzzlepeaches/awesome-password-spraying#cybersecurity #pentesting #redteam |
|
2024-05-15 09:49:03 |
BlueToolkitA versatile Bluetooth Classic vulnerability testing framework, revealing new and old vulnerabilities in Bluetooth devices. Ideal for vulnerability research and penetration testing, we've curated and categorized Bluetooth vulnerabilities with an "Awesome Bluetooth Security" approach.https://github.com/sgxgsx/BlueToolkit#cybersecurity #pentesting #redteam |
|
2024-05-12 07:06:57 |
Omnisci3ntA powerful web reconnaissance tool designed to unravel the concealed intricacies of the online realm. With a comprehensive array of capabilities, Omnisci3nt offers users the means to delve into various aspects of a target domain, including IP lookup, domain information, SSL certificate details, DNS enumeration, subdomain enumeration, port scanning, web crawling, analysis of technologies utilized, Wayback Machine exploration, DMARC record examination, social media link discovery, and more.https://github.com/spyboy-productions/omnisci3nt#cybersecurity #bugbounty #pentesting |
|
2024-05-12 06:52:24 |
🕷🤖 Crawl4AIA powerful, free web crawling service designed to extract useful information from web pages and make it accessible for large language models (LLMs) and AI applications.• Efficient web crawling to extract valuable data from websites• LLM-friendly output formats (JSON, cleaned HTML, markdown)• Supports crawling multiple URLs simultaneously• Replace media tags with ALT.• Completely free to use and open-sourcehttps://github.com/unclecode/crawl4ai#cybersecurity #pentesting #bugbounty |
|
2024-05-08 09:52:40 |
IconJectorThis is a Windows Explorer DLL injection technique that uses the change icon dialog on Windows. https://github.com/0xda568/IconJector#cybersecurity #pentesting #redteam |
|
2024-05-07 18:00:56 |
Okta TerrifyA tool to demonstrate how passwordless solutions such as Okta Verify's FastPass or other FIDO2/WebAuthn type solutions can be abused once an authenticator endpoint has been compromised. Whilst Okta Terrify demonstrates Okta specific attacks, the same methodology would typically apply to other passwordless solutions, as generally they all leverage asymmetric cryptography.https://github.com/CCob/okta-terrify#cybersecurity #infosec #pentesting |
|
2024-05-06 07:31:23 |
Misconfig MapperA fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!https://github.com/intigriti/misconfig-mapper#cybersecurity #pentesting #bugbounty |
|
2024-05-05 18:44:55 |
SubdominatorA powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.https://github.com/RevoltSecurities/Subdominator#pentesting #redteam #bugbounty |
|
2024-05-05 07:03:08 |
SharpBruteForceSSHA simple #SSH brute force tool written in C#. It is designed to perform dictionary-based brute force attacks on SSH services. The tool takes a target IP address, a list of usernames, and a list of passwords as input. It then attempts to authenticate using each combination of username and password until a successful login is found or all combinations have been exhausted.https://github.com/HernanRodriguez1/SharpBruteForceSSH#cybersecurity #pentesting #redteam |
|
2024-05-03 05:46:26 |
CCTVClose-Circuit #Telegram Vision revolutionizes location tracking with its open-source design and Telegram API integration. Offering precise tracking within 50-100 meters, users can monitor others in real-time for logistics or safety, redefining how we navigate our surroundings.https://github.com/IvanGlinkin/CCTV#OSINT #cybersecurity #infosec |
|
2024-05-02 18:11:01 |
go-secdumpA tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk.https://github.com/jfjallid/go-secdump#cybersecurity #pentesting #redteam |
|
2024-05-02 18:10:20 |
SAP Threat Modeling ToolThis tool helps you analyze and visualize connections between your SAP systems, enabling identification of potential security risks and vulnerabilities.https://github.com/redrays-io/SAP-Threat-Modeling#cybersecurity #infosec #pentesting |
|
2024-04-30 08:11:00 |
NucleiScannerAutomates web app security testing, integrating Nuclei, Subfinder, Gau, Paramspider, and httpx. It collects subdomains, URLs, and identifies vulnerabilities using Nuclei Scanning templates. Simplifies security risk detection and mitigation for professionals and developers.https://github.com/0xKayala/NucleiScanner#cybersecurity #pentesting #redteam |
|
2024-04-29 10:50:33 |
dropperProject that generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW.https://github.com/SaadAhla/dropper#cybersecurity #pentesting #redteam |
|
2024-04-29 09:26:10 |
🕷 creepyCrawler#OSINT tool to crawl a site and extract useful recon info.https://github.com/chm0dx/creepyCrawler#cybersecurity #infosec #pentesting |
|
2024-04-29 07:09:28 |
🚀 Google Recaptcha SolverA Python script to solve Google reCAPTCHA using the DrissionPage library.https://github.com/sarperavci/GoogleRecaptchaBypass#cybersecurity #infosec #bugbounty |
|
2024-04-28 07:57:34 |
AutoAppDomainHijackTools to automate finding AppDomain hijacks and generating payloads from shellcode.https://github.com/nbaertsch/AutoAppDomainHijack#cybersecurity #pentesting #redteam |
|
2024-04-25 15:49:56 |
lsassyPython tool to remotely extract credentials on a set of hosts.https://github.com/login-securite/lsassy#infosec #pentesting #redteam |
|
2024-04-25 09:16:23 |
Ominis OSINT: Secure Web-Search 🌐🕵️♂️This Python script is an #OSINT tool. It performs online information gathering by querying Google for search results related to a user-inputted query. The tool extracts relevant information such as titles, URLs, and potential mentions of the query in the results.https://github.com/AnonCatalyst/Ominis-Osint#cybersecurity #infosec #pentesting |
|
2024-04-24 09:05:58 |
OFFATThe OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completionhttps://github.com/OWASP/OFFAT#cybersecurity #pentesting #redteam |
|
2024-04-23 06:09:00 |
DarkGPTDarkGPT is an OSINT assistant based on GPT-4-200K designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your traditional OSINT processes.https://github.com/luijait/DarkGPT#OSINT #cybersecurity #infosec |
|
2024-04-22 06:26:12 |
hauditor A tool designed to analyze the security headers returned by a web page and report dangerous configurations.https://github.com/trap-bytes/hauditor#cybersecurity #pentesting #bugbounty |
|
2024-04-01 07:17:45 |
Chiasmodon#OSINT tool designed to assist in the process of gathering information about target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials (usernames and passwords), CIDRs (Classless Inter-Domain Routing), ASNs (Autonomous System Numbers), and subdomains. the tool allows users to search by domain, CIDR, ASN, email, username, password, or Google Play application ID.https://github.com/chiasmod0n/chiasmodon#cybersecurity #infosec #pentesting |
|
2024-02-10 11:14:07 |
NTLM Relay GatA powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of functionalities from listing SMB shares to executing commands on MSSQL databases.https://github.com/ad0nis/ntlm_relay_gat#cybersecurity #pentesting #redteam |
|
2024-02-10 11:14:00 |
COATHANGERIOCs and detection script for COATHANGER #malwarehttps://github.com/JSCU-NL/COATHANGER#cybersecurity #infosec #pentesting |
|
2024-02-06 11:14:00 |
CVE-2024-23897Nuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)https://github.com/kaanatmacaa/CVE-2024-23897#cve #pentesting #bugbounty |
|
2024-02-05 11:15:00 |
MultiDumpA post-exploitation tool written in C for dumping and extracting #LSASS memory discreetly, without triggering Defender alerts, with a handler written in #Python.https://github.com/Xre0uS/MultiDump#cybersecurity #pentesting #redteam |
|
2024-02-05 11:14:05 |
📹 PantheonA GUI application that allows users to display information regarding network cameras in various countries as well as an integrated live-feed for non-protected cameras.https://github.com/josh0xA/Pantheon#OSINT #cybersecurity #recon |
|
2024-02-05 11:14:00 |
Nim-ShellReverse shell that can bypass EDR and windows defender detection.https://github.com/emrekybs/nim-shell#cybersecurity #pentesting #redteam |
|
2024-02-04 11:15:00 |
🔭 PacketSpyA powerful network packet sniffing tool designed to capture and analyze network traffic. It provides a comprehensive set of features for inspecting HTTP requests and responses, viewing raw payload data, and gathering information about network devices. With PacketSpy, you can gain valuable insights into your network's communication patterns and troubleshoot network issues effectively.https://github.com/HalilDeniz/PacketSpy#cybersecurity #pentesting #redteam |
|
2024-02-04 11:14:00 |
📟 Multi Modal LLM Powered Captcha SolverAn Multi-Modal LLM Powered Agent to automatically solve Captchas.https://github.com/AashiqRamachandran/i-am-a-bot#cybersecurity #infosec #pentesting |
|
2024-02-03 11:14:00 |
SQLi_SleepsIt is a simple script that allows to find SQLi vulnerabilities, obtaining the response time greater than 20 seconds per medium and time-based injection.https://github.com/HernanRodriguez1/SQLi_Sleeps#pentesting #redteam #bugbounty |
|
2024-02-02 11:14:07 |
MetaHubMetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.https://github.com/gabrielsoltz/metahub#cybersecurity #pentesting #bugbounty |
|
2024-02-02 11:14:00 |
Unmanaged .NET PatchingA proof-of-concept for patching managed .NET function from unmanaged codehttps://github.com/outflanknl/unmanaged-dotnet-patch#cybersecurity #infosec #pentesting |
|
2024-02-01 11:15:00 |
Frameless BITBA new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.https://github.com/waelmas/frameless-bitb#cybersecurity #pentesting #redteam |
|
2024-02-01 11:14:05 |
CVE-2023-45779A set of scripts and artifacts that demonstrate detection and exploitation of Android devices that ship APEXes signed with test keys from AOSP.https://github.com/metaredteam/rtx-cve-2023-45779Details:https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys#cybersecurity #infosec #pentesting |
|
2024-02-01 11:14:00 |
Cybersecurity RoadmapSkills and career roadmap for #cybersecurity professionals.https://github.com/jassics/cybersecurity-roadmap#infosec #pentesting #bugbounty |
|
2024-01-29 13:17:00 |
PurpleLablab solution, providing a swift setup for #cybersecurity professionals to test detection rules, simulate logs, and various security taskshttps://github.com/Krook9d/PurpleLab#infosec #pentesting #bugbounty |
|
2023-09-28 08:01:12 |
💢Battle to become the best👽‼️💣💣Create the best strategy to reach the top and win exclusive Artifacts to level up👊💪Upgrade and enhance Artifacts to unlock unimaginable power.👉Download for free:https://g.igg.com/lRk7Ia👈❗️❗️ |
|
2023-09-28 07:59:54 |
💢Strategize with a range of troop types, Hero skills, and attacking styles👽‼️Build a Shelter to protect survivors against enemies and threats👊💣💣Kill the infected, raid other Shelters, and form an alliance to fight enemies.👇Download for free👇https://g.igg.com/FsGCA3 |
|
2023-09-27 12:16:00 |
ntkrnlProtectScanOne click tool to scan all the enabled protection of current windows nt kernel.https://github.com/aaaddress1/ntkrnlProtectScan#infosec #pentesting #redteam |
|
2023-09-27 12:15:14 |
TierZeroTableTable of AD and Azure assets and whether they belong to Tier Zero.https://github.com/SpecterOps/TierZeroTable#cybersecurity #infosec #pentesting |
|
2023-09-27 12:15:13 |
CVE-2023-35793Repository contains description for CVE-2023-35793 discovered by Dodge Industrial Team for Dodge OPTIFY platfrom.https://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH#cve #cybersecurity #infosec |
|
2023-09-27 12:15:06 |
CVE-2023-43263Repository for CVE-2023-43263 vulnerability.https://github.com/b0marek/CVE-2023-43263#cve #cybersecurity #infosec |
|
2023-09-27 12:15:05 |
NtdissectorA tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.https://github.com/synacktiv/ntdissector#infosec #pentesting #redteam |
|
2023-09-27 12:15:00 |
graftcpA flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.https://github.com/hmgle/graftcp#infosec #pentesting #redteam |
|
2023-09-26 12:16:00 |
OSCP Cheatsheet 📑This cheatsheet as part of OSCP preperation.https://github.com/saisathvik1/OSCP-Cheatsheet#infosec #pentesting #redteam |
|
2023-07-25 13:17:00 |
DCOM DLL HijackingWe recently discovered the following DCOM classes that are subject to DLL hijacking. If an attacker can write to the associated path, they can move laterally by instantiating the COM object. Some classes have additional DLL hijacking opportunities that are not listed here.https://github.com/WKL-Sec/dcomhijack#infosec #pentesting #redteam |
|
2023-07-25 13:16:07 |
outlook_email_auth_bypassIn Outlook desktop and web app , "display name" of email's "From" header can manipulate the from email which is displayed to the user, that can result in more convincing phish emails.https://gitlab.com/email_bug/outlook_email_auth_bypass#infosec #pentesting #redteam |
|
2023-07-25 13:16:00 |
RICC Robust Collective Classification of Sybil Accountshttps://github.com/WSP-LAB/RICC#cybersecurity #infosec |
|
2023-07-24 11:31:58 |
Analytics & AdBlockerProtect your #privacy while browsing the web.https://github.com/con-schy1/Analytics_AdBlocker#cybersecurity #infosec |
|
2023-07-24 08:43:51 |
DeepCameraOpen-Source #AI #Camera. Empower any camera/CCTV with state-of-the-art AI, including facial recognition, person recognition(RE-ID) car detection, fall detection and more...https://github.com/SharpAI/DeepCamera |
|
2023-07-23 16:20:00 |
TokenTactics v2A fork of the great TokenTactics with support for CAE and token endpoint v2.https://github.com/f-bader/TokenTacticsV2#pentesting #redteam #bugbounty |
|
2023-07-23 16:19:05 |
combineRust in-memory dumper. Check your windows local security authority credential's safety with this awesome tool.https://github.com/m3f157O/combine_harvester#infosec #pentesting #redteam |
|
2023-07-23 16:19:00 |
HtmlSmugglingit is malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page.https://github.com/De3vil/HtmlSmuggling#infosec #pentesting #redteam |
|
2023-07-23 12:16:00 |
Cloudflare Origin ipThis Python tool compares the HTTP response of the given subdomain to HTTP responses of a list of IPs addresses. This list is based on:• subdomains supplied by the user• subdomains found on external sources• IPs found external sourceshttps://github.com/gwen001/cloudflare-origin-ip#infosec #pentesting #bugbounty |
|
2023-07-23 12:15:06 |
CVE-2023-32681Vulnerability in python-requests affects IBM InfoSphere Information Server.https://github.com/hardikmodha/POC-CVE-2023-32681#cve #poc #cybersecurity #infosec |
|
2023-07-23 12:15:05 |
CVE-2023-3519The cve_2023_3519_inspector.py is a Python-based vulnerability scanner for detecting the CVE-2023-3519 vulnerability in Citrix Gateways. It performs a passive analysis and fingerprinting of target websites to assess their vulnerability based on a series of checks.https://github.com/securekomodo/citrixInspector#cve #cybersecurity #infosec |
|
2023-07-23 12:15:00 |
MalwareREToolsA repo containing some tooling build to assist with reverse engineering malware samples.https://github.com/0x0v1/MalwareRETools/tree/main/APT37/ROKRAT#malware #cybersecurity #reverse |
|
2023-07-23 07:56:16 |
🦊 Firefox DecryptA tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles.https://github.com/unode/firefox_decrypt#infosec #pentesting #redteam |
|
2023-07-22 12:16:00 |
PowershellKerberosSome scripts to abuse kerberos using Powershell.https://github.com/MzHmO/PowershellKerberos#infosec #pentesting #redteam |
|
2023-07-22 12:15:11 |
CVE-2023-38632Async-sockets-cpp <0.3.1 TCP Packet tcpsocket.hpp Stack-based Overflowhttps://github.com/Halcy0nic/CVE-2023-38632#cve #cybersecurity #infosec |
|
2023-07-22 12:15:06 |
vala-vala-heyThis is a 0day root LPE for latest #Manjaro distro, tested on embedded ARM and x86_64 desktop installs.https://github.com/c-skills/vala-vala-hey#cve #cybersecurity #infosec |
|
2023-07-22 12:15:05 |
CVE-2023-35885Cloudpanel 0-day Exploithttps://github.com/datackmy/FallingSkies-CVE-2023-35885#cve #cybersecurity #infosec |
|
2023-07-22 12:15:00 |
Tor / Darknet LinksVerified darknet market and darknet service links on the Tor Network.https://github.com/DarkNetEye/tor-linksWeb:https://darkneteye.com/#cybersecurity #infosec #privacy |
|
2023-07-20 12:16:00 |
👺MSI SearchTo simplify this task, Mandiant’s red team created a Beacon Object File (BOF) and a PowerShell script found in msi_search to read and output relevant metadata for all MSI files cached in C:\Windows\Installer. Using this tool will allow red team operators and security teams to download relevant files to investigate local privilege escalation vulnerabilities through MSI repairs.https://github.com/mandiant/msi-searchDetails:https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers#infosec #pentesting #redteam |
|
2023-07-20 12:15:05 |
GIUDA GET a TGS on behalf of another user without password.https://github.com/foxlox/GIUDA#infosec #pentesting #redteam |
|
2023-07-20 12:15:00 |
💠 UnshackleOpen-source tool to bypass windows and linux passwords from bootable usb.https://github.com/Fadi002/unshackle#infosec #pentesting #redteam |
|
2023-07-19 12:15:00 |
Cobalt Strike BOFsBeacon object files I made to use with #CobaltStrike.https://github.com/Und3rf10w/CobaltStrikeBOFs#infosec #pentesting #redteam |
|
2023-07-18 12:16:00 |
AlcatrazA x64 binary obfuscator that is able to obfuscate various different pe files including:• .exe• .dll• .syshttps://github.com/weak1337/Alcatraz#infosec #pentesting #redteam |
|
2023-07-18 12:15:06 |
Awesome Industrial ProtocolsCompilation of industrial network protocols resources focusing on offensive security.• You are currently viewing the Awesome Industrial Protocols page.• etailed pages for protocols are available in protocols.• All data is stored in MongoDB databases in db.• Turn/IP (in srcs) is a handy tool to manipulate this data, generate the awesome list and protocol pages, and simplify the research and test process on industrial protocolshttps://github.com/Orange-Cyberdefense/awesome-industrial-protocols#cybersecurity #infosec |
|
2023-07-18 12:15:05 |
CVE-2023-32117Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints.https://github.com/RandomRobbieBF/CVE-2023-32117#cve #cybersecurity #infosec |
|
2023-07-18 12:15:00 |
Microwalk A microarchitectural leakage detection framework using dynamic instrumentation.https://github.com/microwalk-project/Microwalk#cybersecurity #infosec |
|
2023-07-18 08:30:23 |
TGSCANStreamline Your Telegram Searches: Find Channels, Groups, and Chat History Effortlessly.• Fast search results• Intuitive search interface• Ability to search chat history• Near-real-time indexing for up-to-date search resultshttps://github.com/tgscan-dev/tgscanWeb:https://tgscan.xyz/#OSINT #cybersecurity #infosec |
|
2023-07-17 16:19:15 |
SigmaTauAn extension of the sigma standard to include security metrics.https://github.com/priamai/sigmatau#cybersecurity #infosec #pentesting |
|
2023-07-17 16:19:08 |
CVE-2023-23397MS Outlook Privilege Escalation.https://github.com/Muhammad-Ali007/OutlookNTLM_CVE-2023-23397#cve #cybersecurity #infosec |
|
2023-07-17 16:19:07 |
in-app-protectionsThis repo will contain all the scripts and POCs for bypassing various in-app protection techniques.https://github.com/fatalSec/in-app-protections#cybersecurity #infosec #bugbounty |
|
2023-07-17 16:19:00 |
promptmapPrompt injection is a type of security vulnerability that can be exploited to control the behavior of a ChatGPT instance. By injecting malicious prompts into the system, an attacker can force the #ChatGPT instance to do unintended actions.https://github.com/utkusen/promptmap#infosec #pentesting #redteam |
|
2023-07-17 12:34:06 |
crt.shThis bash script makes it easy to quickly save and parse the output from https://crt.sh website. to be sent to tools like httpx!https://github.com/az7rb/crt.sh#infosec #pentesting #bugbounty |
|
2023-07-17 07:57:57 |
🥷 Awesome PrivacyA curated list of privacy & security-focused software and services.https://github.com/Lissy93/awesome-privacy#cybersecurity #infosec #privacy |
|
2023-07-15 12:16:00 |
UDP Protocol ScannerA tool for identifying UDP services running on remote hosts. This tool may be of use to those performing security testing - e.g. during penetration testing, vulnerability assessments or while pivoting.https://github.com/CiscoCXSecurity/udpy_proto_scanner#cybersecurity #infosec #pentesting |
|
2023-07-15 12:15:05 |
CVE-2023-37582Apache RocketMQ Arbitrary File Write Vulnerability #Exploit.https://github.com/Malayke/CVE-2023-37582_EXPLOIT#cybersecurity #infosec |
|
2023-07-15 12:15:00 |
CVE-2023-36884Office/Windows HTML RCE Vulnerabilityhttps://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline#cve #cybersecurity #infosec |
|
2023-07-15 11:15:03 |
DSTIKE HackheldThis versatile tool is designed for hacking and DIY enthusiasts. It features a D1 Mini, OLED display, RGB LED, and buttons for a simple and compact design. The kit comes preloaded with the latest ESP8266 Deauther software, allowing you to test WiFi networks through various attacks. Additionally, you can develop your own software using this ESP8266 development board. The kit includes a 1000mAh rechargeable battery, providing up to 10 hours of operation.Function:▫️ Deauther Attack: Disconnect 2.4G WiFi▫️ Deauther Beacon: Create fake networks▫️ Deauther Probe:Confuse wifi trackers▫️ Packet Monitor:Display wifi trafficRepository:https://github.com/SpacehuhnTech/HackheldBuy online: Original 🛒 https://bit.ly/44CeESSChinese clone 🛒 https://amzn.to/3pPLqkBChinese clone 🛒 https://bit.ly/3NLsfQY#esp8266 #wifi #dstike |
|
2023-07-15 07:30:02 |
LOLAPPS Kind of like the cousin of LOLBAS and GTFObins. Sometimes you might struggle to common binaries to exploit and LOLAPPS is meant to be a supplementary resource for identifying native functionality in applications that can be used to the hacker's advantage, both third-party and from within.https://github.com/LOLAPPS-Project/LOLAPPSWeb:https://lolapps-project.github.io/#infosec #pentesting #redteam |
|
2023-07-15 07:19:17 |
HadesLdrShellcode loader implementing indirect dynamic syscall, api hashing, fileless shellcode retrieving using winsock2.• Indirect Dynamic Syscall by resolving the SSN and the address pointing to a backed syscall instruction dynamically.• API Hashing by resolving modules & APIs base address from PEB by hashes• Fileless Chunked RC4 Shellcode retrieving using Winsock2https://github.com/CognisysGroup/HadesLdrDetails:https://labs.cognisys.group/posts/Combining-Indirect-Dynamic-Syscalls-and-API-Hashing/#infosec #pentesting #redteam |
|
2023-07-14 18:31:30 |
docleanerA web service to clean #documents from potentially privacy-invasive #metadata.https://github.com/TUD-CERT/docleaner |
|
2023-07-13 20:23:00 |
CoWitnessA powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete responses and valuable insights during your testing process.https://github.com/stolenusername/cowitness#cybersecurity #infosec #pentesting |
|
2023-07-13 16:20:00 |
⚔️ Web Hacker's WeaponsA collection of cool tools used by Web hackers.https://github.com/hahwul/WebHackersWeapons#infosec #pentesting #bugbounty |
|
2023-07-13 16:19:00 |
NavgixA multi-threaded golang tool that will check for nginx alias traversal vulnerabilities.https://github.com/hakaioffsec/navgix#infosec #pentesting #bugbounty |
|
2023-07-13 12:16:00 |
Venera FrameworkA tool for automating customized tests and attacks agaist many kinds of protocol. It relies on a scripting engine based on the Lua scripting language that makes it possible to create modules for all types of checks and exploits.https://github.com/farinap5/Venera#infosec #pentesting #redteam |
|
2023-07-13 12:15:05 |
SharpDXWebcam Utilizing the DirectX and DShowNET assemblies to record video from the host's webcam.https://github.com/snovvcrash/SharpDXWebcam#cybersecurity #infosec #pentesting |
|
2023-07-13 12:15:00 |
CVE-2023-3460Unauthorized admin access for Ultimate Member plugin POC.https://github.com/Fire-Null/CVE-2023-3460#cve #cybersecurity #infosec |
|
2023-07-13 08:38:34 |
BadZureBadZure orchestrates the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths.https://github.com/mvelazc0/BadZure#infosec #pentesting #redteam |
|
2023-07-12 12:16:00 |
EasyScanA Python script that analyzes the security of a given website by inspecting its HTTP headers and DNS records. The script generates a security report with recommendations for addressing potential vulnerabilities.https://github.com/introvertmac/EasyScan#cybersecurity #infosec #pentesting |
|
2023-07-12 12:15:00 |
SatIntelSatIntel is an #OSINT tool for Satellites 🛰. Extract satellite telemetry, receive orbital predictions, and parse TLEs 🔭https://github.com/ANG13T/SatIntel#cybersecurity #infosec |
|
2023-07-12 06:40:48 |
🤖 supermanKill The Protected Processhttps://github.com/b1-team/superman#cybersecurity #infosec |
|
2023-07-10 12:16:00 |
ShellGhostA memory-based evasion technique which makes shellcode invisible from process start to end.https://github.com/lem0nSec/ShellGhost#infosec #pentesting #redteam |
|
2023-07-10 12:15:05 |
CVE-2023-22906A critical vulnerability that affects the Hero Qubo Smart Doorbell device running version HCD01_02_V1.38_20220125. This particular device allows Telnet access with root privileges by default, without requiring a password. https://github.com/nonamecoder/CVE-2023-22906#cve #cybersecurity #infosec |
|
2023-07-10 12:15:00 |
ShortscanAn IIS short filename enumeration tool.https://github.com/bitquark/shortscan#cybersecurity #infosec |
|
2023-07-10 07:07:15 |
Decrypt Chrome PasswordsA simple program to decrypt chrome password saved on your machine. This code has only been tested on windows, so it may not work on other OS.https://github.com/ohyicong/decrypt-chrome-passwords#cybersecurity #infosec #redteam |
|
2023-07-08 12:15:00 |
Evil QRProof-of-concept to demonstrate dynamic QR swap phishing attacks in practice.https://github.com/kgretzky/evilqr#cybersecurity #infosec |
|
2023-07-08 07:28:01 |
TakeMyRDP 2.0A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe) it operates in the background not as a console windows anymore and handles all messages in a hidden window.https://github.com/nocerainfosec/TakeMyRDP2.0#infosec #pentesting #redteam |
|
2023-07-07 12:16:00 |
route-detectFind authentication (authn) and authorization (authz) security bugs in web application routes.https://github.com/mschwager/route-detect#cybersecurity #infosec #pentesting |
|
2023-07-07 12:15:06 |
SR-IOV Network Metrics ExporterExporter that reads metrics for SR-IOV Virtual Functions and exposes them in the Prometheus format.https://github.com/k8snetworkplumbingwg/sriov-network-metrics-exporter#cybersecurity #infosec |
|
2023-07-07 12:15:05 |
CVE-2023-2868Barracuda ESG Command Injectionhttps://github.com/cfielding-r7/poc-cve-2023-2868#cve #cybersecurity #infosec |
|
2023-07-07 12:15:00 |
Useful #OSINT hints and linkshttps://github.com/seintpl/osint#cybersecurity #infosec |
|
2023-07-07 10:01:47 |
WinsockyWinsocket implementation for #CobaltStrike. Used to communicate with the victim using winsockets instead of the traditional ways.https://github.com/WKL-Sec/Winsocky#infosec #pentesting #redteam |
|
2023-07-06 12:16:00 |
bouhekiKRSI (eBPF+LSM) based Linux security auditing tool. Security events can be audited and blocked based on the container of the process, and restrictions can be applied to container environments.https://github.com/mrtc0/bouheki#cybersecurity #infosec |
|
2023-07-06 12:15:05 |
Backdoor-exploit-pythonBackdoor exploit program which helps an user to get information from any user when deployed to the target machine.https://github.com/vaibhavbais007/Backdoor-exploit-python-program#infosec #pentesting #redteam |
|
2023-07-06 12:15:00 |
CVE-2023-24488The provided script is a Ruby script used to check and detect the CVE-2023-24488 security vulnerability in Citrix Gateway and Citrix ADC.https://github.com/Abo5/CVE-2023-24488#cve #cybersecurity #infosec |
|
2023-07-04 16:20:00 |
inceptorModern Penetration testing and Red Teaming often requires to bypass common AV/EDR appliances in order to execute code on a target. With time, defenses are becoming more complex and inherently more difficult to bypass consistently. Inceptor is a tool which can help to automate great part of this process, hopefully requiring no further effort.https://github.com/klezVirus/inceptor#infosec #pentesting #redteam |
|
2023-07-04 16:19:00 |
Projectdiscovery.io Plugin for SteampipeUse SQL to query Projectdiscovery.io tools for footprinting information.https://github.com/sensepost/steampipe-plugin-projectdiscovery#cybersecurity #infosec #bugbounty |
|
2023-07-04 12:16:00 |
DOMSCANA simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.https://github.com/lauritzh/domscan#infosec #pentesting #bugbounty |
|
2023-07-04 12:15:05 |
CVE-2023-35829Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.https://github.com/ChriSanders22/CVE-2023-35829-poc#cve #cybersecurity #infosec |
|
2023-07-04 12:15:00 |
awesome-linux-attack-forensics-purplelabsThis page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.https://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs#cybersecurity #infosec #forensic |
|
2023-07-04 07:37:08 |
AuRA - Auth. Request AnalyserThis Chromium extensions aims at supporting the analysis of single sign-on implementations, by offering semi-automated analysis and attack capabilities for OAuth 2.0 and OpenID Connect 1.0 Authorization/Authentication Requests.https://github.com/lauritzh/auth-request-analyser#infosec #pentesting #bugbounty |
|
2023-07-03 12:16:00 |
CryptoTesterA utility for playing with cryptography, geared towards #ransomware analysis.https://github.com/Demonslay335/CryptoTester#cybersecurity #infosec |
|
2023-07-03 12:15:05 |
CVE-2023-24488Reversing Citrix Gateway for #XSShttps://github.com/k00kx/CVE-2023-24488#cve #cybersecurity #infosec |
|
2023-07-03 12:15:00 |
CVE-2023-2982WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass.https://github.com/H4K6/CVE-2023-2982-POC#cve #cybersecurity #infosec |
|
2023-07-03 09:48:28 |
BashfuscatorA fully configurable and extendable #Bash #obfuscation framework. This tool is intended to help both red team and blue team.https://github.com/Bashfuscator/Bashfuscator |
|
2023-07-03 08:42:38 |
powershell-backdoor-generatorReverse backdoor written in PowerShell and obfuscated with Python. It generates payloads for popular hacking devices like Flipper Zero and Hak5 USB Rubber Ducky, and changes its signature after every build for evasion.https://github.com/freeide/powershell-backdoor-generator#infosec #pentesting #redteam |
|
2023-07-03 08:07:39 |
TakeMyRDPA keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe).https://github.com/TheD1rkMtr/TakeMyRDP#infosec #pentesting #redteam |
|
2023-07-01 16:20:00 |
jsluiceExtract URLs, paths, secrets, and other interesting bits from JavaScript.https://github.com/BishopFox/jsluice#infosec #pentesting #bugbounty |
|
2023-07-01 16:19:00 |
Linux-Exploit-DetectionLinux-based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Rego/Sigma.https://github.com/Loginsoft-Research/Linux-Exploit-Detection#cybersecurity #infosec |
|
2023-07-01 12:16:00 |
Uscrapper #OSINT tool that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to extract email addresses, social media links, author names, geolocations, phone numbers, and usernames from both hyperlinked and non-hyperlinked sources on the webpage.https://github.com/z0m31en7/Uscrapper#cybersecurity #infosec |
|
2023-07-01 12:15:05 |
CVE-2023-3338Practicing different Linux kernel exploitation techniques with my DECnet vulnerability and null page mapping enabled.https://github.com/TurtleARM/CVE-2023-3338#cve #cybersecurity #infosec |
|
2023-07-01 12:15:00 |
cloudtoolkitCloud Penetration Testing Toolkithttps://github.com/404tk/cloudtoolkit#cybersecurity #infosec #pentesting |
|
2023-07-01 09:49:10 |
NetSoc #OSINTTool focused on extracting information from an account in various Social Networks.https://github.com/XDeadHackerX/NetSoc_OSINT#cybersecurity #infosec |
|
2023-07-01 07:37:10 |
🛡 eBPFShieldA high-performance security tool that utilizes eBPF and Python to provide real-time IP-Intelligence and DNS monitoring. https://github.com/sagarbhure/eBPFShield#cybersecurity #infosec |
|
2023-07-01 07:10:30 |
Nosey ParkerA command-line program that finds secrets and sensitive information in textual data and Git history.https://github.com/praetorian-inc/noseyparker#infosec #pentesting #bugbounty |
|
2023-06-29 16:20:00 |
DNS AnalyzerA #BurpSuite extension for finding DNS vulnerabilities in web applications!https://github.com/The-Login/DNS-Analyzer#infosec #pentesting #bugbounty |
|
2023-06-29 16:19:00 |
SNAPPYDetecting rogue and fake 802.11 wireless access points through fingerprinting beacon management frames.https://github.com/SpiderLabs/snappyDetails:https://bit.ly/46sGGBN#cybersecurity #infosec #wifi |
|
2023-06-29 12:16:00 |
AtlasReaperA command-line tool developed for offensive security purposes, primarily focused on reconnaissance of Confluence and Jira. It also provides various features that can be helpful for tasks such as credential farming and social engineering. The tool is written in C#.https://github.com/werdhaihai/AtlasReaper#infosec #pentesting #bugbounty |
|
2023-06-29 12:15:00 |
CRTP-NotesStudy materials for the Certified Red Team Pentesting (CRTP) exam, covering essential concepts in red teaming and penetration testing.https://github.com/0xStarlight/CRTP-Notes#infosec #pentesting #redteam |
|
2023-06-29 08:38:57 |
BOFMaskPoC for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF).https://github.com/passthehashbrowns/BOFMask#infosec #pentesting #redteam |
|
2023-06-29 08:36:58 |
Jormungandr A kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. https://github.com/Idov31/Jormungandr #infosec #pentesting #redteam |
|
2023-06-28 20:23:00 |
MaxMaximizing BloodHound with a simple suite of tools.https://github.com/knavesec/Max#infosec #pentesting #redteam |
|
2023-06-28 16:20:00 |
NvdsearchA National Vulnerability Database (NVD) API query tool.https://github.com/optiv/nvdsearch#infosec #pentesting #bugbounty |
|
2023-06-28 16:19:05 |
CVE-2023-26258Remote Code Execution in ArcServe UDP Backup.https://github.com/mdsecactivebreach/CVE-2023-26258-ArcServeDetails:https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/#cybersecurity #infosec #pentesting |
|
2023-06-28 16:19:00 |
DorkLabWeb app tool for helping compose advance search operators (aka Google dorking AKA boolean searches) for a variety of search engines.https://github.com/rtwillett/DorkLab#OSINT #dork #infosec |
|
2023-06-28 13:17:00 |
hakrevdnsSmall, fast, simple tool for performing reverse DNS lookups en masse. You feed it IP addresses, it returns hostnames. This can be a useful way of finding domains and subdomains belonging to a company from their IP addresses.https://github.com/hakluke/hakrevdns#cybersecurity #infosec |
|
2023-06-28 13:16:08 |
Meta BugBountyCollection of Facebook Bug Bounty Writeups.https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups#cybersecurity #infosec #bugbounty |
|
2023-06-28 13:16:07 |
Tele Helper#Telegram bot built with Python that provides a set of useful tools to help you.https://github.com/thesuhu/tele-helper#OSINT #cybersecurity #infosec |
|
2023-06-28 13:16:00 |
CVE-2023-34840All versions in angular-ui-notification are vulnerable to XSS due to the library not sanitizing the input provided by the user.https://github.com/Xh4H/CVE-2023-34840#cve #cybersecurity #infosec |
|
2023-06-28 10:20:39 |
Review AnalyzerA #Chrome Extension for #extracting valuable insights from reviews, generating concise summaries, sentiment analysis, and keyword extraction.https://github.com/serpapi/review-analyzer |
|
2023-06-28 10:18:58 |
Deeper Connect PicoThe ultimate all-in-one solution for privacy, security, and passive income. This compact device serves as a smart VPN router, miner, hardware firewall, and more. Enjoy true internet freedom with blockchain-powered technology. Get lifetime access to the decentralized VPN, high-speed DPN, and decentralized CDN. Protect your network from cyber threats and mine cryptocurrencies effortlessly.Buy online: 🛒 https://amzn.to/46k0JT7#VPN #router #firewall |
|
2023-06-28 07:11:28 |
🕷 VulnxAn intelligent bot auto shell injector that detects vulnerabilities in multiple types of cms.https://github.com/anouarbensaad/vulnx#infosec #pentesting #bugbounty |
|
2023-06-28 05:36:24 |
PwnDoc-ng A pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. https://github.com/pwndoc-ng/pwndoc-ng #cybersecurity #infosec #pentesting |
|
2023-06-28 05:33:28 |
PwnDoc-ngA pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. https://github.com/pwndoc-ng/pwndoc-ng#cybersecurity #infosec #pentesting |
|
2023-06-27 16:20:00 |
Google CTFThis repository lists most of the challenges used in the Google CTF since 2017, as well as most of the infrastructure that can be used to run them.https://github.com/google/google-ctf#CTF #cybersecurity #infosec |
|
2023-06-27 16:19:00 |
DeFi Attack VectorsThis Repository contains list of Common DeFi threat and Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.https://github.com/Quillhash/DeFi-Attack-Vectors#cybersecurity #infosec |
|
2023-06-27 14:09:33 |
RedWarden Lite A lightweight HTTP/HTTPS reverse proxy for efficient, policy-based traffic filtering and redirection. Tested against: Octopus C2, GoPhish & Web Browsershttps://github.com/iomoath/RedWardenLiteAuthor:https://twitter.com/Moath_0x/status/1673687831246434304#cybersecurity #infosec #github |
|
2023-06-27 13:17:00 |
Secret Fragment exploit v2This exploit is a V2 that provides clearer output, new code execution methods, and fixes a few bugs.Details:https://www.ambionics.io/blog/symfony-secret-fragment#infosec #pentesting #redteam |
|
2023-06-27 13:16:05 |
♻️ CrackMapExec (a.k.a CME) A post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.https://github.com/mpgn/CrackMapExecWiki:https://wiki.porchetta.industries/#infosec #pentesting #redteam |
|
2023-06-27 13:16:00 |
CVE-2023-35844Lightdash directory traversal.https://github.com/Szlein/CVE-2023-35844#cve #cybersecurity #infosec |
|
2023-06-27 08:29:03 |
⚡️ Sophia Script for WindowsThe largest PowerShell module on GitHub for Windows 10 & Windows 11 for fine-tuning and automating the routine tasks. It offers more than 150 unique tweaks, and shows how Windows can be configured without making any harm to it.https://github.com/farag2/Sophia-Script-for-Windows#cybersecurity #infosec #privacy |
|
2023-06-27 08:29:01 |
ESP RFID Tool Wifi readerThe ESP RFID Tool Wifi reader is a powerful data logger designed for security testing. It captures raw binary data from a 5V Wiegand Interface, allowing security researchers to analyze and assess access control systems. It logs credentials from RFID card readers and supports various card types, making it ideal for red team assessments. The tool aids in identifying and cloning badges, replaying captured data, and fuzzing access control systems. With its versatility and portability, it serves as an essential device for security professionals conducting thorough security testing and analysis.Buy online: 🛒 https://bit.ly/3PpDzVa#RFID #wifi #logger |
|
2023-06-25 13:16:06 |
Jormungandr A kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.https://github.com/Idov31/Jormungandr#infosec #pentesting #redteam |
|
2023-06-25 13:16:05 |
ThothCairo/Starknet security toolkit (bytecode analyzer, disassembler, decompiler, symbolic execution, SBMC)https://github.com/FuzzingLabs/thoth#cybersecurity #infosec |
|
2023-06-25 13:16:00 |
Dao-ExploitCryptanalysis of the DAO exploit & Multi-Stage Attack.https://github.com/demining/Dao-Exploit#cybersecurity #infosec |
|
2023-06-24 13:16:00 |
limbaCompile-time control flow obfuscation using MBA (Mixed Boolean-Arithmetic). This project is derived from another project I am working on named limbo, which is why the project files use this name. Keep in mind that this is more of a proof-of-concept rather than something ready to use in production code.https://github.com/ThatLing/limba#cybersecurity #infosec |
|
2023-06-24 09:18:24 |
PrimusC2A C2 framework built for my bachelors thesis at KEA - Københavns Erhvervsakademi - WORK IN PROGRESS - expect bugs and missing features.• Python C2 server• Nim Implant• Bypass AMSI• Powershell in unmanged runspace• GetAV - current anti-virus products installed• Powershell download cradle• Dynamic implant generation• Automated Redirector setup via Digital Ocean VPShttps://github.com/Primusinterp/PrimusC2#infosec #pentesting #redteam |
|
2023-06-23 20:23:00 |
SnafflerA tool for pentesters and red teamers to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment).https://github.com/SnaffCon/Snaffler#infosec #pentesting #redteam |
|
2023-06-23 16:20:00 |
NimExecFileless Command Execution for Lateral Movement in Nim.https://github.com/frkngksl/NimExec#infosec #pentesting #redteam |
|
2023-06-23 16:19:00 |
RPC FirewallCheck out our RPC Firewall blog post or our BlackHat talk to gain better understanding of RPC, RPC attacks and the solution: the RPC Firewall.https://github.com/zeronetworks/rpcfirewall#cybersecurity #infosec |
|
2023-06-23 12:33:14 |
Invoke-PowerExtractThis tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process.https://github.com/powerseb/PowerExtract#infosec #pentesting #redteam |
|
2023-06-23 08:04:37 |
RS-ShellA dirty PoC for a reverse shell with cool features in Rust.https://github.com/BlWasp/rs-shell#infosec #pentesting #redteam |
|
2023-06-22 17:28:53 |
Dear Yamada noriomiWe wanted to take a moment to express our sincere gratitude for your generous donation to our Telegram channel. Your support means a lot to us and will greatly contribute to the growth and improvement of our community.Thank you for believing in our mission and for your willingness to contribute. Your generosity inspires us to keep providing valuable content and services to our subscribers.Once again, we want to say a big thank you for your donation. We truly appreciate your support.Best regards, HackGit |
|
2023-06-22 16:20:00 |
kbtlsKey-Based TLS - Mutually Trusted TLS Connections Based on a Pre-Shared Connection Key.https://github.com/RedTeamPentesting/kbtls#infosec #pentesting #redteam |
|
2023-06-22 13:17:00 |
GhostFartUnhooking is performed via indirect syscalls Leveraging NTAPI to grab NTDLL for unhooking without triggering "PspCreateProcessNotifyRoutine"https://github.com/mansk1es/GhostFart#cybersecurity #infosec |
|
2023-06-22 13:16:06 |
Semgrep Rules for Android Application SecurityA collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.https://github.com/mindedsecurity/semgrep-rules-android-security#cybersecurity #infosec |
|
2023-06-22 13:16:05 |
CVE-2023-1454Jeecg Boot qurestSql SQL vulnhttps://github.com/Sweelg/CVE-2023-1454-Jeecg-Boot-qurestSql-SQLvuln#cve #cybersecurity #infosec |
|
2023-06-22 13:16:00 |
CVE-2023-27997Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing.https://github.com/BishopFox/CVE-2023-27997-check#cve #cybersecurity #infosec |
|
2023-06-22 08:34:21 |
Spartacus DLL/COM Hijacking Toolkit.https://github.com/Accenture/Spartacus#infosec #pentesting #redteam |
|
2023-06-20 16:20:00 |
IIS Short Name ScannerLatest version of scanners for IIS short filename (8.3) disclosure vulnerability.https://github.com/irsdl/IIS-ShortName-Scanner#cybersecurity #infosec #pentesting |
|
2023-06-20 16:19:00 |
Codegate 2023 Qualifiers statementFor those who are not aware, this weekend Kalmarunionen participated in the Codegate 2023 qualifier CTF. This is a very competitive qualifier, where the top 9 teams are allowed to attend the offline finals in Seoul, South Korea, in the fall, where they will compete for a share of a >$50k prize pool.https://github.com/kalmarunionenctf/codegate-statement#CTF #cybersecurity #infosec |
|
2023-06-20 12:12:27 |
Google Calendar RATA PoC of Command&Control (C2) over Google Calendar Events, This tool has been developed for those circumstances where it is difficult to create an entire red teaming infrastructure.https://github.com/MrSaighnal/GCR-Google-Calendar-RAT#infosec #pentesting #redteam |
|
2023-06-20 11:51:43 |
WebPalmA powerful command-line tool for website mapping and web scraping. With its recursive approach, it can generate a complete tree of all webpages and their links on a website. It can also extract data from the body of each page using regular expressions, making it an ideal tool for web scraping and data extraction.https://github.com/Malwarize/webpalm#infosec #pentesting #bugbounty |
|
2023-06-20 11:24:53 |
CyberChefThe Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.https://github.com/gchq/CyberChefWeb:https://gchq.github.io/CyberChef#infosec #pentesting #bugbounty |
|
2023-06-20 07:34:11 |
ALFA AWUS036ACSCompact dual-band WiFi USB adapter that works according to 802.11ac and features data rates of up to 600Mbps. The AWUS036ACS WiFi USB adapter supports all common standards (IEEE 802.11a/b/g/n/ac) and is fully backwards compatible with the older WiFi standards.AWUS036ACS is the cheapest USB Wireless Adapter available in the market which supports dual-band 2.4 and 5Ghz. It supports both monitor mode and packet injection mode.Buy online: 🛒 https://amzn.to/3NBcFsl#wifi #adapter #alfa |
|
2023-06-19 16:20:00 |
🔑 MantraA tool used to hunt down API key leaks in JS files and pages.https://github.com/MrEmpy/Mantra#infosec #pentesting #redteam |
|
2023-06-19 16:19:00 |
Active Directory Advanced Threat HuntingIdentify vulnerabilities before others do!https://github.com/tomwechsler/Active_Directory_Advanced_Threat_Hunting#cybersecurity #infosec #pentesting |
|
2023-06-19 12:16:00 |
Scanners-BoxA powerful and open-source toolkit for hackers and security automation.https://github.com/We5ter/Scanners-Box#infosec #pentesting #redteam |
|
2023-06-19 12:15:05 |
CVE-2023-29343This is PoC for arbitrary file write bug in Sysmon version 14.14https://github.com/Wh04m1001/CVE-2023-29343#cve #cybersecurity #infosec |
|
2023-06-19 12:15:00 |
HHbackdoor v.0.3This part of the backdoor is still in development this is just a preview of the code!https://github.com/Levi-python/HHbackdoor-V0.3#infosec #pentesting #redteam |
|
2023-06-19 09:05:16 |
HacktricksWelcome to the wiki where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.https://github.com/carlospolop/hacktricksWeb:https://book.hacktricks.xyz/welcome/readme#infosec #pentesting #redteam |
|
2023-06-17 20:23:00 |
SurfEscalate your SSRF vulnerabilities on Modern Cloud Environments. surf allows you to filter a list of hosts, returning a list of viable SSRF candidates.https://github.com/assetnote/surf#pentesting #redteam #bugbounty |
|
2023-06-17 13:16:08 |
CVE-2023-32315Openfire Bypasshttps://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass#cve #cybersecurity #infosec |
|
2023-06-17 13:16:00 |
CVE-2023-23333SolarView Compact through 6.00 downloader.php commands injection (RCE) nuclei-templates.https://github.com/Mr-xn/CVE-2023-23333#cve #cybersecurity #infosec |
|
2023-06-17 06:39:12 |
HackyPiThe Ultimate DIY USB Hacking Tool for Security Professionals and Ethical Hackers. Explore data logging, encryption, and coding. Built around Raspberry Pi RP2040 microcontroller. Learn to write programs, practice ethical hacking techniques, and expand cybersecurity skills. Compatible with Windows, Mac, and Linux. Open-source hardware with Python support. Create custom programs in multiple languages. Powerful processor, onboard display, and SD card support. Ideal for learning, education, and ethical hacking.Buy online: 🛒 https://amzn.to/3NyxfJJ#USB #DIY #Raspberry |
|
2023-06-16 16:20:00 |
PHP Cookie StealerThis project is a simple PHP script used to demonstrate how an attacker can steal cookies. It captures the victim's cookie, IP address, user agent, and geographical details, and then logs this information.https://github.com/noxvix/Xss-Exploitation#infosec #pentesting #redteam |
|
2023-06-16 16:19:00 |
Vulnerability_PoCThe PoC/Exploit of some interesting vulnerabilities.https://github.com/numencyber/Vulnerability_PoC#cybersecurity #infosec |
|
2023-06-16 12:31:39 |
AirGuardProtect yourself from being tracked 🌍 by #AirTags 🏷 and Find My accessories 📍https://github.com/seemoo-lab/AirGuard |
|
2023-06-16 12:16:00 |
NucleiFuzzer A powerful automation tool for detecting xss,sqli,ssrf,open-redirect..etc vulnerabilities in web applications.https://github.com/0xKayala/NucleiFuzzer#infosec #pentesting #bugbounty |
|
2023-06-16 12:15:06 |
One-Liner-CollectionsThis Repositories contains list of One Liners with Descriptions and Installation requirements.https://github.com/thecybertix/One-Liner-Collections#infosec #pentesting #bugbounty |
|
2023-06-16 12:15:05 |
gzip-js-injectorGZIP Page Zero Overhead Injection.https://github.com/EtherDream/gzip-js-injector#infosec #pentesting #redteam |
|
2023-06-16 12:15:00 |
CVE-2022-38694An attacker with physical access to the device can overwrite a function pointer somewhere in the BootROM data section or a return address stored on the stack and execute their own code with BootROM privileges.https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader#cve #cybersecurity #infosec |
|
2023-06-16 09:24:06 |
HBSQLIAutomated tool for testing header based blind sql injection.https://github.com/SAPT01/HBSQLI#infosec #pentesting #bugbounty |
|
2023-06-15 12:16:00 |
RedTeamScriptsThis repo will contain some random Red Team Scripts that I made that can be useful for others.https://github.com/api0cradle/RedTeamScripts#infosec #pentesting #redteam |
|
2023-06-15 12:15:00 |
Python3 C2 Course Code Modules• SMTP Module• File Transfer Module• Securing Your Payload Channelshttps://github.com/dievus/Python3-C2-Course-Code-Modules#infosec #pentesting #redteam |
|
2023-06-14 12:16:00 |
InveighA cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. This repo contains the primary C# version as well as the legacy PowerShell version.https://github.com/Kevin-Robertson/Inveigh#cybersecurity #infosec #pentesting |
|
2023-06-14 12:15:06 |
KillersExploitation of process killer drivers.https://github.com/xalicex/Killers#infosec #pentesting #redteam |
|
2023-06-14 12:15:05 |
Awesome IntelligenceA collaboratively curated list of awesome Open-Source Intelligence (OSINT) Resources.https://github.com/ARPSyndicate/awesome-intelligence#OSINT #cybersecurity #infosec |
|
2023-06-14 12:15:00 |
peetchA collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections.https://github.com/quarkslab/peetch#cybersecurity #infosec #redteam |
|
2023-06-14 10:43:17 |
C2-HunterReal-time extraction of C2 traffic.https://github.com/ZeroMemoryEx/C2-Hunter#infosec #pentesting #redteam |
|
2023-06-14 06:56:42 |
CVE-2023-34965SSPanel UIM is a multi-purpose agency service sales management system specially designed for Shadowsocks / V2Ray / Trojan protocols. SSPanel-Uim version before 2023.3 does not restrict access to the /link/ interface,which can lead to a leak of user subscription information.https://github.com/AgentY0/CVE-2023-34965#cve #cybersecurity #infosec |
|
2023-06-12 12:16:00 |
SharpTerminatator Terminate AV/EDR Processes using kernel driver. SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable. https://github.com/mertdas/SharpTerminator#infosec #pentesting #redteam |
|
2023-06-12 12:15:00 |
C_revshellBasic reverse shell in C using socket() with complete explanationhttps://github.com/pwnwithlove/C_revshell#infosec #pentesting #redteam |
|
2023-06-11 16:20:00 |
onedrive_user_enum v2.00Pentest tool to enumerate valid o365 users.https://github.com/nyxgeek/onedrive_user_enum#cybersecurity #infosec #pentesting |
|
2023-06-11 12:16:00 |
toxssin Penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).This project started as (and still is) a research-based creative endeavor to explore the exploitability depth that an XSS vulnerability may introduce by using vanilla JavaScript, trusted certificates and cheap tricks.https://github.com/t3l3machus/toxssin#infosec #pentesting #redteam |
|
2023-06-11 12:15:00 |
Cloudflare Tunnel Ingress ControllerTLDR; This project simplifies exposing Kubernetes services to the internet easily and securely using Cloudflare Tunnel.https://github.com/STRRL/cloudflare-tunnel-ingress-controller#cybersecurity #infosec |
|
2023-06-11 08:11:00 |
spraycharlesLow and slow password spraying tool, designed to spray on an interval over a long period of time.https://github.com/Tw1sm/spraycharles#infosec #pentesting #redteam |
|
2023-06-10 07:06:10 |
April UART SD loggerThe April logger is a versatile data logger designed for logging serial data from your projects. It supports high-capacity microSD cards and offers the option to transfer logs to a remote server via WiFi. Based on the ESP32 C3 chip, it features WiFi and USB support. The board can be easily programmed via the Type-C USB connector. Additionally, it comes with a DS1302 RTC module for real-time information. The logger provides a user-friendly experience with its preloaded firmware and offers flexible power options, including 3.3V, 5V, and USB. The board also includes a button for programming and logging configuration can be easily managed through the config.json file.Buy online: 🛒 https://bit.ly/43x3gaF#USB #logger #ESP32 #wifi |
|
2023-06-09 20:24:00 |
PhoneInfogaInformation gathering framework for phone numbers.https://github.com/sundowndev/PhoneInfoga#OSINT #infosec #recon #best |
|
2023-06-09 16:20:00 |
NODESUBA command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides flexible options for customization.https://github.com/pikpikcu/nodesub#infosec #pentesting #bugbounty |
|
2023-06-09 16:19:00 |
Ransomware MapMap tracking #ransomware ecosystem, by OCD World Watch team.https://github.com/cert-orangecyberdefense/ransomware_map#cybersecurity #infosec |
|
2023-06-09 13:41:38 |
horQRuxBy splitting a #QR code into 7 fragments, we may physically split and distribute a #secret into the real world. For example by printing the QR fragments onto transparent paper and handing them out to multiple people.https://github.com/jzck/horqrux |
|
2023-06-09 12:16:00 |
BansheeExperimental Windows x64 Kernel Rootkit.https://github.com/eversinc33/Banshee#infosec #pentesting #redteam |
|
2023-06-09 12:15:05 |
Threat hunting/detecting using KQL queriesA repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft 365 Defender.https://github.com/cyb3rmik3/KQL-threat-hunting-queries#cybersecurity #infosec |
|
2023-06-09 12:15:00 |
IndoXploit-Shell https://github.com/flux10n/IndoXploit-WebShell#infosec #pentesting #redteam |
|
2023-06-08 20:24:00 |
Shellcode PageSplitSplitting and executing shellcode across multiple pages.https://github.com/x0reaxeax/PageSplit#infosec #pentesting #redteam |
|
2023-06-08 20:23:05 |
BypassNeo-reGeorgAnti-kill version Neo-reGeorg.https://github.com/r00tSe7en/BypassNeo-reGeorg#infosec #pentesting #redteam |
|
2023-06-08 20:23:00 |
Instagram-LookupThis script allows you to search for an Instagram profile using user ID or retrieve a profile's ID by username. It utilizes the Instagram API to retrieve profile information based on the provided input.https://github.com/AyalX/Instagram-Lookup#OSINT #recon #infosec |
|
2023-06-07 17:20:00 |
DietPiLightweight justice for your single-board #computer!DietPi is an extremely lightweight #Debian-based #OS. It is highly optimised for minimal CPU and RAM resource usage, ensuring your SBC always runs at its maximum potential.https://github.com/MichaIng/DietPi |
|
2023-06-07 16:20:00 |
IRCPA robust information gathering tool for large scale reconnaissance on Internet Relay Chat servers.https://github.com/internet-relay-chat/IRCP#cybersecurity #infosec #pentesting |
|
2023-06-07 16:19:00 |
🍞 BREADBREAD (BIOS Reverse Engineering & Advanced Debugging) is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable.https://github.com/Theldus/bread#cybersecurity #infosec #reverse |
|
2023-06-07 12:28:11 |
CSRFSharkA utility for manipulating cross-site request forgery attacks. It allows to easily generate a CSRF PoC based on a given HTTP/CURL requests with further possibility to get a permanent link to the result.https://github.com/csrfshark/appWeb:https://csrfshark.github.io/app/#infosec #pentesting #bugbounty |
|
2023-06-07 12:16:00 |
Offensive BookmarksA collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics.https://github.com/kargisimos/offensive-bookmarks#infosec #pentesting #redteam |
|
2023-06-07 12:15:06 |
tun2socksPowered by gVisor TCP/IP stack.https://github.com/xjasonlyu/tun2socks#cybersecurity #infosec #privacy |
|
2023-06-07 12:15:00 |
CatSnifferCatSniffer is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things) devices. It was designed as a highly portable USB stick that integrates the new chips TI CC1352, Semtech SX1262, and Microchip SAMD21E17.https://github.com/ElectronicCats/CatSniffer#cybersecurity #infosec #pentesting |
|
2023-06-07 09:52:05 |
GrypeA vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.https://github.com/anchore/grype#cybersecurity #infosec #best |
|
2023-06-06 16:20:00 |
PowerSploit A collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.https://github.com/Dec0ne/PowerSploit#infosec #pentesting #redteam |
|
2023-06-06 12:16:00 |
TerminatorReproducing Spyboy technique to terminate all EDR/XDR/AVs processes.https://github.com/ZeroMemoryEx/Terminator#infosec #pentesting #redteam |
|
2023-06-06 12:15:05 |
CAMEbruteforcerFlipperZero Sub Files To #BruteForce CAME 12bit Gate.https://github.com/BitcoinRaven/CAMEbruteforcer#cybersecurity #infosec #pentesting |
|
2023-06-06 12:15:00 |
OWASP WrongSecretsThe game is packed with real life examples of how to not store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy.https://github.com/OWASP/wrongsecrets#cybersecurity #infosec #pentesting |
|
2023-06-05 18:29:18 |
Arts Of Get SystemThis directory is for PoCs to help learning how to get SYSTEM privilege.https://github.com/daem0nc0re/PrivFu/tree/main/ArtsOfGetSystem#infosec #pentesting #redteam |
|
2023-06-05 17:55:00 |
TorA python based module for using tor proxy/network services on windows, osx, linux with just one click.https://github.com/r0oth3x49/Tor#cybersecurity #infosec #privacy |
|
2023-06-05 17:51:53 |
DavRelayUpA universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).https://github.com/yasserbdj96/hiphp#infosec #pentesting #redteam |
|
2023-06-05 17:49:40 |
HiphpFree & Open source project for create a BackDoor to control PHP-based sites.https://github.com/yasserbdj96/hiphp#infosec #pentesting #redteam |
|
2023-06-05 12:15:00 |
msa-exploit-checkerPoC and checker tool to detect if "The Exploit" for Microsoft accounts is enabled.https://github.com/george/msa-exploit-checker#cybersecurity #infosec |
|
2023-06-05 07:58:49 |
EvilCrow KeyloggerA WiFi keylogger with a Micro SD slot, based on Atmega32U4 microcontroller and ESP32-PICO module. It is designed for hackers and cybersecurity enthusiasts.Repository:https://github.com/joelsernamoreno/EvilCrow-KeyloggerBuy online: 🛒 https://bit.ly/3OTGXaA#usb #wifi #evilcrow #keylogger |
|
2023-06-04 16:20:00 |
RegStrikeA .reg payload generator.https://github.com/itaymigdal/RegStrike#infosec #pentesting #redteam |
|
2023-06-04 16:19:00 |
2023-33381OS command injection on MitraStar GPT-2741GNAC.https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC#cve #cybersecurity #infosec |
|
2023-06-04 12:16:00 |
HackBrowserData Command-line tool for decrypting and exporting browser data ( passwords, history, cookies, bookmarks, credit cards, download records, localStorage and extension ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.https://github.com/moonD4rk/HackBrowserData#infosec #pentesting #redteam |
|
2023-06-04 12:15:00 |
CVE-2023-33733This write-up details how an RCE in Reportlab - was found and exploited. Due to the prevalence of Reportlab in HTML to PDF processing, this vulnerability may be reachable in many applications that process PDF files, making this an important one to patch and look out for.https://github.com/c53elyas/CVE-2023-33733#cve #cybersecurity #infosec |
|
2023-06-02 20:24:00 |
GeoWordlistsA tool to generate wordlists of passwords containing cities at a defined distance around the client city.https://github.com/p0dalirius/GeoWordlists#infosec #pentesting #redteam |
|
2023-06-02 16:20:00 |
Js FindingA Python tool for extracting JavaScript (JS) files from a given list of domains. This tool utilizes various utilities such as waybackurls, gauplus, and subjs to perform JS file extraction from the specified domains.https://github.com/pikpikcu/js-finding#infosec #redteam #bugbounty |
|
2023-06-02 16:19:00 |
Smart Contract Vulnerabilitieshttps://github.com/kadenzipfel/smart-contract-vulnerabilities#infosec #pentesting #bugbounty |
|
2023-06-02 12:16:00 |
ntlmscanScan for NTLM directories.Reliable targets are:• OWA servers• Skype for Business/Lync servers• Autodiscover servers (autodiscover.domain.com and lyncdiscover.domain.com)• ADFS servershttps://github.com/nyxgeek/ntlmscan#infosec #pentesting #redteam |
|
2023-06-02 12:15:00 |
MFA Bombing Tools for OktaThis GitHub repository contains a couple of tools that relate to MFA bombing on accounts in Okta, MFA Bombing is also sometimes known as "MFA Fatigue Attack", "MFA Spamming", and other names...https://github.com/authomize/mfa-bombing#cybersecurity #infosec |
|
2023-06-01 20:23:00 |
HALAHALA offers a powerful capability that enables you to identify reflected parameters within the response, providing valuable assistance in your testing and hacking endeavors.https://github.com/whalebone7/Hala#infosec #pentesting #redteam |
|
2023-06-01 16:20:00 |
CRTERA command-line tool for fetching subdomains using the CRT.SH certificate search engine. It allows you to provide a list of domain names or fully-qualified domain names (FQDNs) and retrieve the associated subdomains. The tool fetches the subdomains from CRT.SH and saves them to an output file.https://github.com/Micro0x00/CRTER#infosec #pentesting #bugbounty |
|
2023-06-01 16:19:00 |
CVE-2023-23638Apache Dubbo Vulnerability Exploitation Engineering Practice, covering Dubbo 3.x from service discovery to vulnerability exploitation and reverse display. https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp#cve #poc #cybersecurity #infosec |
|
2023-06-01 12:35:09 |
Offensive-Resources V3A Huge Learning Resources with Labs For Offensive Security Players.https://github.com/Zeyad-Azima/Offensive-Resources#infosec #pentesting #redteam |
|
2023-06-01 12:16:00 |
WordlistsReal-world infosec wordlists, updated regularly! These wordlists are based on the source code of the CMSes/servers/frameworks listed here. The current wordlists include:• Wordpress• Joomla• Drupal• Magento• Ghost• Tomcat https://github.com/trickest/wordlists#infosec #pentesting #bugbounty |
|
2023-06-01 12:15:00 |
CVE-2023-3009Stored #XSS on item name - Bypassing CVE-2023-2516 in TeamPass < 3.0.9 - by M Nadeem Qazi.https://github.com/mnqazi/CVE-2023-3009#cve #cybersecurity #infosec |
|
2023-05-31 20:23:00 |
ScrapingKitScraping Kit is made up of several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if you have popped a user's desktop and their outlook client.https://github.com/LaresLLC/ScrapingKit#infosec #pentesting #redteam |
|
2023-05-31 16:19:00 |
APKLeaksScanning APK file for URIs, endpoints & secrets.https://github.com/dwisiswant0/apkleaks#pentesting #infosec #bugbounty |
|
2023-05-31 12:15:00 |
AnalyticsRelationshipsThis script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First search for ID of Google Analytics in the webpage and then request to builtwith and hackertarget with the ID.https://github.com/Josue87/AnalyticsRelationships#pentesting #redteam #bugbounty |
|
2023-05-31 09:13:04 |
DNSMORPHA domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs.https://github.com/netevert/dnsmorph#infosec #pentesting #redteam |
|
2023-05-30 12:16:00 |
Red Teaming & Pentesting checklists for various engagementsEven though, a penetration test is a creative process most people maintain private checklists to ensure that they will not forget to test networks, systems and applications against various scenarios and maintain the overall quality of the assessment.https://github.com/netbiosX/Checklistsinfosec #pentesting #redteam |
|
2023-05-30 12:15:00 |
CVE-2023-33246Apache rocketmq remote code execution vulnerability.https://github.com/I5N0rth/CVE-2023-33246#cve #cybersecurity #infosec |
|
2023-05-29 20:23:00 |
SshimpanzeeA reverse shell based on sshd supporting DNS and ICMP Tunnelling as well as HTTP and Socks Proxies.https://github.com/lexfo/sshimpanzee#infosec #pentesting #redteam |
|
2023-05-29 16:20:00 |
Cymulate FrameworkA framework to help #redteam construct fully customizable and automated APT attacks easily.https://github.com/opabravo/cymulate-framework#cybersecurity #infosec #pentesting |
|
2023-05-29 16:19:07 |
amd-lm32-smu-exploitGeneric #exploit for all version 7 (maybe others) LM32-based AMD SMU's used in APUs (and probably works on GPUs too)https://github.com/jevinskie/amd-lm32-smu-exploit#cybersecurity #infosec |
|
2023-05-29 16:19:00 |
RepeaterSearchThis #burpsuite plugin adds a search bar to Repeater that allows you to search Requests and/or Responses for a string. Regex is also supported.https://github.com/Static-Flow/RepeaterSearch#infosec #infosec #bugbounty |
|
2023-05-29 12:16:00 |
Cookie-Graber-BOFC or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for #CobaltStrike.https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF#infosec #pentesting #redteam |
|
2023-05-29 12:15:05 |
OSINT QuickStartIncludes quick start guides for #Shodan and Censys #OSINT search engines.https://github.com/utilsec/osint#cybersecurity #infosec |
|
2023-05-29 12:15:00 |
CVE-2023-32315Administration Console authentication bypass in openfire xmppserver.https://github.com/advisories/GHSA-gw42-f939-fhvm#cve #cybersecurity #infosec |
|
2023-05-28 16:20:00 |
Storm-BreakerSocial engineering tool [Access Webcam & Microphone & Location Finder] With Python.https://github.com/ultrasecurity/Storm-Breaker#infosec #pentesting #redteam |
|
2023-05-28 16:19:00 |
Link-X A Hack-Via-Link ToolKit. Including: Camera, Voice, Location Etc*4https://github.com/Toxic-Noob/Link-X#infosec #pentesting #redteam |
|
2023-05-28 12:16:00 |
SQLiDetectorSimple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.https://github.com/eslam3kl/SQLiDetector#infosec #pentesting #bugbounty |
|
2023-05-28 12:15:05 |
433Screen-SignalHackerFull duplex 433 MHz Signal jammer, recorder, decoder and hacking multitool device based on ESP32 microcontroller and RFM69HW radios. This version of the device provides an OLED screen and simple UI to navigate menus and different hacks/modes/settings.https://github.com/luispl77/433Screen-SignalHacker#cybersecurity #infosec #pentesting |
|
2023-05-28 12:15:00 |
websurfxAn open source alternative to searx which provides a modern-looking, lightning-fast, privacy respecting, secure, self-hostable meta search engine with ad free clean results, high level of customizability and many other features while keeping privacy and security in mind.https://github.com/neon-mmd/websurfx#cybersecurity #infosec #privacy |
|
2023-05-28 08:01:00 |
Presentation SlidesCollections of Dhiyaneshwaran public presentation slides.https://github.com/DhiyaneshGeek/My-Presentation-Slides#cybersecurity #infosec #pentesting |
|
2023-05-27 16:20:00 |
google-dorkshttps://github.com/CorrieOnly/google-dorks#infosec #pentesting #bugbounty |
|
2023-05-27 16:19:00 |
ChameleonChameleon provides better content discovery by using wappalyzer's set of technology fingerprints alongside custom wordlists tailored to each detected technologies. The tool is highly customizable and allows users to add in their own custom wordlists, extensions or fingerprints.https://github.com/iustin24/chameleon#infosec #pentesting #bugbounty |
|
2023-05-27 12:16:00 |
TypewriterA subdomain permutation tool written in Rust and heavily based on Gotator.• Permutations with the - character!• Unlimited depth, limited only by your computer!• Deduplication by default!https://github.com/projectmonke/typewriter#infosec #pentesting #bugbounty |
|
2023-05-27 12:15:00 |
Awesome-anti-forensicTools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.https://github.com/shadawck/awesome-anti-forensic#cybersecurity #infosec #forensic |
|
2023-05-27 09:12:29 |
x8Hidden parameters discovery suite written in Rust.The tool aids in identifying hidden parameters that could potentially be vulnerable or reveal interesting functionality that may be missed by other testers. Its high accuracy is achieved through line-by-line comparison of pages, comparison of response codes, and reflections.https://github.com/Sh1Yo/x8#infosec #pentesting #bugbounty |
|
2023-05-26 12:16:00 |
Hidden Desktop BOFHidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved, but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++.https://github.com/WKL-Sec/HiddenDesktop#infosec #pentesting #redteam |
|
2023-05-26 12:15:06 |
WhatMailA command-line tool that analyzes the header of an email and provides detailed information about various fields.https://github.com/z0m31en7/WhatMail#OSINT #cybersecurity #infosec |
|
2023-05-26 12:15:05 |
CVE-2023-30145Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.https://github.com/paragbagul111/CVE-2023-30145#cve #cybersecurity #infosec |
|
2023-05-26 12:15:00 |
codeexplain.nvimA nvim plugin Powered by GPT4ALL for Real-time Code Explanation and Vulnerability Detection (no internet necessary).https://github.com/mthbernardes/codeexplain.nvim#cybersecurity #infosec |
|
2023-05-25 20:24:00 |
LOOBinsLiving Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.https://github.com/infosecB/LOOBinsWeb:https://www.loobins.io/#infosec #cybersecurity #blueteam |
|
2023-05-25 20:23:00 |
Top25 Parameter For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual #recon.https://github.com/lutfumertceylan/top25-parameter#infosec #pentesting #bugbounty |
|
2023-05-25 16:20:00 |
Logger++ A multithreaded logging extension for #BurpSuite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.https://github.com/nccgroup/LoggerPlusPlus#infosec #pentesting #bugbounty |
|
2023-05-25 16:19:00 |
Jira-ScanProvide a list of websites to test with out the http or https and this will test each one for the SSRF vun.https://github.com/random-robbie/Jira-Scan#infosec #pentesting #bugbounty |
|
2023-05-25 12:16:00 |
ROPfuscatorROPfuscator is a fine-grained code obfuscation framework for LLVM-supported languages using ROP (return-oriented programming). ROPfuscator obfuscates a program at the assembly code level by transforming regular instructions into ROP chains, thwarting our natural conception of normal control flow.https://github.com/ropfuscator/ropfuscator#cybersecurity #infosec |
|
2023-05-25 12:15:06 |
Geekworm PiKVM-A3 Kit for Raspberry Pi 4 Open-source KVM Over IPThe PiKVM-A3 kit is designed and based on Raspberry Pi 4B, also support Raspberry Pi 3B/3B+, but since Pi3 without OTG interface, when PiKVM-A3 is used with Pi3, OTG analog keyboard and mouse cannot be used.PiKVM is a very powerful and Open Source Software which allows for a remote connection via your Raspberry Pi to turn on/off or restart your computer, configure the UEFI/BIOS, and even reinstall the OS using the Virtual CD-ROM or Flash Drive. You can use your remote keyboard and mouse or PiKVM can simulate a keyboard, mouse, and a monitor, which are then presented in a web browser as if you were working on a remote system directly. It's true hardware-level access with no dependency on any remote ports, protocols or services! (KVM - Keyboard Video Mouse.)Buy online:🛒 https://amzn.to/3MVtVIt🛒 https://bit.ly/3MTxmPI#raspberry #pikvm #remote #board #minipc |
|
2023-05-25 12:15:05 |
GitFive#OSINT tool to investigate GitHub profiles.https://github.com/mxrch/GitFive#cybersecurity #infosec |
|
2023-05-25 12:15:00 |
CVE-2023-2859Stored HTML injection in folderName affecting Admin in TeamPass <3.0.9https://github.com/mnqazi/CVE-2023-2859#cve #cybersecurity #infosec |
|
2023-05-24 20:24:00 |
Chrome Cookie Stealer (and injector)Steal/Inject Chrome cookies over the DevTools (--remote-debugging-port) protocol.https://github.com/magisterquis/chromecookiestealer#infosec #pentesting #redteam |
|
2023-05-24 20:23:00 |
Ransomware NotesThis is a collection of various #ransomware notes from the past to the present.https://github.com/threatlabz/ransomware_notes#cybersecurity #infosec |
|
2023-05-24 16:20:00 |
Malleable-CS-ProfilesA list of python tools to help create an OPSEC-safe Cobalt Strike profile. This is the Github repository of the relevant blog post: Unleashing the Unseen: Harnessing the Power of Cobalt Strike Profiles for EDR Evasion.https://github.com/WKL-Sec/Malleable-CS-Profiles#infosec #pentesting #redteam |
|
2023-05-24 16:19:00 |
PyRDPRDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact.https://github.com/GoSecure/pyrdp#infosec #pentesting #redteam |
|
2023-05-24 12:16:00 |
SubScraperPerform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing.https://github.com/m8sec/subscraper#infosec #pentesting #bugbounty |
|
2023-05-24 12:15:00 |
opera-proxyStandalone Opera VPN client. Just run it and it'll start a plain HTTP proxy server forwarding traffic through "Opera VPN" proxies of your choice. By default the application listens on 127.0.0.1:18080.https://github.com/Snawoot/opera-proxy#VPN #infosec #privacy |
|
2023-05-24 07:15:14 |
Detections - Browser Credential HarvestingWeb browsers today allow users to store their username and passwords, directly to log into their application of choice. Threat actors can retrieve these credentials using either the Windows API or decrypting specific files. This detection strategy focuses on specific files that are needed by the attacker to retrieve the user’s web browser stored credentials.https://github.com/cybergoatpsyops/detections/tree/main/techniques/webCredentialHarvest#cybersecurity #infosec |
|
2023-05-23 20:23:00 |
Keyhacks A repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.https://github.com/streaak/keyhacks#infosec #pentesting #bugbounty |
|
2023-05-23 16:19:00 |
PCAPeek A proof-of-concept re-assembler for reverse VNC traffic such as IcedID & Qakbot's VNC Backdoors.https://github.com/0xThiebaut/PCAPeek#cybersecurity #infosec |
|
2023-05-23 12:16:00 |
ShellcryptA single-file cross-platform quality of life tool to obfuscate a given shellcode file and output in a useful format for pasting directly into your source code.https://github.com/iilegacyyii/Shellcrypt#infosec #pentesting #redteam |
|
2023-05-23 12:15:06 |
Damn Vulnerable BankDamn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.https://github.com/rewanthtammana/Damn-Vulnerable-Bank#cybersecurity #infosec #pentesting |
|
2023-05-23 12:15:00 |
File Archiver In The BrowserTwo sample phishing templates that can be used with .zip domains to emulate a file archiver in the browser.https://github.com/mrd0x/file-archiver-in-the-browserFile Archiver In The Browser:https://mrd0x.com/file-archiver-in-the-browser/#infosec #pentesting #redteam |
|
2023-05-23 09:27:18 |
DSTIKE D&B Watch (V4)A unique wearable device that combines the functionalities of a Deauther and BadUSB. It features an ESP8266 module with enhanced signal search capabilities and the addition of an Atmega32u4 chip (Arduino Leonardo), allowing for BadUSB attacks. The watch offers various programmable buttons for executing different commands and can be reprogrammed using the Arduino IDE. It also includes solder pads for connecting the ESP8266 with the Atmega32u4, enabling additional functionalities like the Wi-Fi Duck. The battery has been upgraded to 1000mAh, providing longer usage time, and the watch comes with a durable silicone strap.With a redesigned 3D case and the inclusion of a bottom acrylic board for protection, the watch boasts an improved design. Charging can be done through two USB ports, although it is advised not to charge simultaneously. Experience the power of deauthentication and bad USB attacks in this feature-rich wearable device.Buy online: 🛒 https://bit.ly/4315RJO🛒 https://amzn.to/43g5CuF#badusb #dstike #watch #esp8266 |
|
2023-05-23 07:15:44 |
Web application pentesting checklist A OWASP Based Checklist With 500+ Test Cases. https://github.com/Hari-prasaanth/Web-App-Pentest-Checklist #infosec #pentesting #bugbounty |
|
2023-05-22 16:19:00 |
interactshOpen-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions.https://github.com/projectdiscovery/interactsh#pentesting #redteam #bugbounty |
|
2023-05-22 12:16:00 |
MaccaroniC2 A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.https://github.com/CalfCrusher/MaccaroniC2#infosec #pentesting #redteam |
|
2023-05-22 12:15:06 |
KeeFarce RebornA standalone DLL that exports databases in cleartext once injected in the KeePass process.https://github.com/d3lb3/KeeFarceReborn#infosec #pentesting #redteam |
|
2023-05-22 12:15:05 |
Postman It is designed to perform #OSINT recognition on a target for pentesting, bugbounty and more, in order to get the maximum information from the requests left by developers on the Postman public workspaces.https://github.com/boringthegod/postmaniac#cybersecurity #infosec |
|
2023-05-22 12:15:00 |
AEM-ListStart fuzzing paths and endpoints. https://github.com/clarkvoss/AEM-List/blob/main/paths#infosec #pentesting #bugbounty |
|
2023-05-21 20:23:00 |
GATORGCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments.https://github.com/anrbn/GATOR#infosec #pentesting #redteam |
|
2023-05-21 16:36:20 |
DevOps Solutions MapA Python-based application that helps you to produce a #DevOps tool chain map according to their position in the delivery loop and their use case.https://github.com/Wivik/devops-solutions-map |
|
2023-05-21 16:25:04 |
ezXSSezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.https://github.com/ssl/ezXSS#infosec #redteam #bugbounty |
|
2023-05-21 16:20:00 |
AtomicSyscallTools and PoCs for Windows syscall investigation.https://github.com/daem0nc0re/AtomicSyscall#infosec #pentesting #redteam |
|
2023-05-21 16:19:05 |
Afuzz Automated web path fuzzing tool for the Bug Bounty projects.https://github.com/RapidDNS/Afuzz#infosec #pentesting #bugbounty |
|
2023-05-21 16:19:00 |
SAP_Cloud_Connector_SSFS_DecryptionThis repository offers a Proof of Concept (PoC) for decrypting SAP Cloud Connector SSFS. The core feature of this PoC is the exploitation of an exported function - getRecord, present in the libsapscc20jni.so file. The advantage is that you can decrypt the SSFS properties values WITHOUT REVERSING THE ECRYPTION ALGORITHM.https://github.com/redrays-io/SAP_Cloud_Connector_SSFS_Decryption#cybersecurity #infosec #poc |
|
2023-05-21 12:16:00 |
PowerLessShellPowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.https://github.com/Mr-Un1k0d3r/PowerLessShell#infosec #pentesting #redteam |
|
2023-05-21 12:15:08 |
IvySynA fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks.https://gitlab.com/brown-ssl/ivysyn#cybersecurity #infosec #pentesting |
|
2023-05-21 12:15:07 |
WSLHostPatcherDynamic patch WSL2 to listen port on any interfaces.https://github.com/CzBiX/WSLHostPatcher#cybersecurity #infosec |
|
2023-05-21 12:15:00 |
PurednsA fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.https://github.com/d3mondev/puredns#infosec #pentesting #bugbounty |
|
2023-05-20 20:24:00 |
AADAppAuditThis tool was initially developed to analyze possible illicit consent grant attacks & in help of analyzing Azure AD consent grant framework but has been developed further since to provide answers to the most typical security related questions around Azure AD integrated apps and permissions.https://github.com/jsa2/AADAppAudit#infosec #pentesting #redteam |
|
2023-05-20 12:16:00 |
ProcessInjectionThe program is designed to perform process injection. Currently the tool supports 5 process injection techniques.https://github.com/3xpl01tc0d3r/ProcessInjection#infosec #pentesting #redteam |
|
2023-05-20 12:15:05 |
CVE-2022-20421Privilege escalation exploit from unstrusted_app for Android Binder vulnerability (CVE-2022-20421). The vulnerability is patched on Android's Security Bulletin of October 2022.https://github.com/0xkol/badspin#cve #infosec #exploit |
|
2023-05-20 12:15:00 |
dirsearch_bypass403Directory scanning + extraction of URLs/subdomains from JS files + 403 status bypass + fingerprinting.https://github.com/lemonlove7/dirsearch_bypass403#infosec #pentesting #redteam |
|
2023-05-19 20:24:00 |
Endpoints Explorer A Python script that employs multiple bypass rules to discover sensitive endpoints.https://github.com/wzqs/endpoints_explore#infosec #pentesting #bugbount |
|
2023-05-19 20:23:00 |
PywerViewEasy to find vulnerable machines, or list what domain users were added to the local Administrators group of a machine, and much more.https://github.com/the-useless-one/pywerview#infosec #pentesting #redteam |
|
2023-05-19 16:19:00 |
Navi | An SSG Community ProjectNavi is an interface for CLI AI programs built on 'Echo-AI' to bring together a purpose built cybersecurity #AI.https://github.com/SSGorg/Navi#cybersecurity #infosec |
|
2023-05-19 12:16:00 |
ADCSKillerA Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure.https://github.com/grimlockx/ADCSKiller#infosec #pentesting #redteam |
|
2023-05-19 12:15:06 |
NoCrypt AntiRansomware LinuxTool to prevent #ransomware attacks on Linux systems. The module hooks the system call sys_rename using ftrace to monitor all the files renamed on the system.https://github.com/niveb/NoCrypt#cybersecurity #infosec #ransom |
|
2023-05-19 12:15:05 |
PeExportsThis simple multithreaded tool is for collecting PE exports to help with API hashing when reverse engineering.https://github.com/c3rb3ru5d3d53c/peexports#cybersecurity #infosec |
|
2023-05-19 12:15:00 |
SubreconGTPThis (VERY BETA) Python script performs AI-assisted subdomain discovery. It takes a list of subdomains as input, generates similar subdomains using the OpenAI GPT-3 model, and attempts to resolve these subdomains.https://github.com/jhaddix/SubreconGTP#infosec #pentesting #bugbounty |
|
2023-05-19 08:54:01 |
Invoke-GPTObfuscationA PowerShell Obfuscator that utilizes OpenAI (and other APIs) to obfuscate your PowerShell penetration testing code, malware, or any other sensitive script.https://github.com/hwvs/Invoke-GPTObfuscation#infosec #pentesting #redteam |
|
2023-05-18 20:24:00 |
🕵️ PinkertonPinkerton is an JavaScript file crawler and secret finder developed in Python.https://github.com/oppsec/Pinkerton#pentesting #infosec #bugbounty |
|
2023-05-18 20:23:00 |
snsIIS shortname scanner written in Gohttps://github.com/sw33tLie/sns#iis #cybersecurity #infosec |
|
2023-05-18 16:20:00 |
StealeriumStealer + Clipper + Keylogger. Stealer written on C#, logs will be sent to your Discord channel using a webhook.https://github.com/Stealerium/Stealerium#infosec #pentesting #redteam |
|
2023-05-18 16:19:00 |
linxReveals invisible links within JavaScript files. Inspired by LinkFinderhttps://github.com/riza/linx#cybersecurity #infosec |
|
2023-05-18 12:33:12 |
Ded Security FrameworkA tool aimed at security professionals.https://github.com/dedsecurity/dedsecurity-framework#infosec #pentesting #redteam |
|
2023-05-18 12:16:00 |
PassMuteA multi featured Password Transmutation/Mutator Tool.https://github.com/HITH-Hackerinthehouse/PassMute#infosec #pentesting #redteam |
|
2023-05-18 12:15:07 |
Shark JackThe Shark Jack is a portable network attack and automation tool for pentesters and systems administrators designed to enable social engineering engagements and opportunistic wired network auditing. It features a familiar Hak5 payload architecture, flip-of-the-switch operation and multi-color LED for instant feedback.This documentation serves both cable and battery variants of the Shack Jack with notable differences highlighted.Buy online:🛒 official https://bit.ly/3Wh73pF🛒 aliexpress https://bit.ly/3obbC8q#network #lan #hack5 |
|
2023-05-18 12:15:05 |
Discord-ReconDiscord bot created to automate bug bounty recon, automated scans and information gathering via a #discord server.https://github.com/DEMON1A/Discord-Recon#OSINT #recon #infosec |
|
2023-05-18 12:15:00 |
Fresh ResolversUses DNS Validator to generate a list of fresh working DNS resolvers every day.https://github.com/Findomain/fresh-resolvers#infosec #pentesting #bugbounty |
|
2023-05-18 06:50:04 |
PPLFaultDumpBOFTakes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting #CobaltStrike.https://github.com/trustedsec/PPLFaultDumpBOF#infosec #pentesting #redteam |
|
2023-05-18 06:49:56 |
CVE-2023-32784KeePass 2.X Master Password Dumper.https://github.com/vdohney/keepass-password-dumper#cve #infosec #redteam |
|
2023-05-16 20:23:00 |
Indicator-IntelligenceFinds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files.https://github.com/OsmanKandemir/indicator-intelligence#recon #infosec #redteam |
|
2023-05-16 16:20:00 |
DNS ValidatorMaintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.https://github.com/vortexau/dnsvalidator#infosec #pentesting #bugbounty |
|
2023-05-16 16:19:00 |
Hunt-Weird-ImageLoadsThis project was created to play with different IOCs caused by Imageload events.https://github.com/thefLink/Hunt-Weird-ImageLoads#cybersecurity #infosec |
|
2023-05-16 12:16:00 |
Google Dork SearchThe tool queries Google search engine to find web pages that may be vulnerable to LFI attacks based on certain Google dorks. It then analyzes the responses of these pages to determine if any LFI vulnerabilities exist. https://github.com/capture0x/Lfi-Space#infosec #pentesting #redteam |
|
2023-05-16 12:15:05 |
SnapchangeLightweight fuzzing of a memory snapshot using KVM.https://github.com/awslabs/snapchange#fuzzing #cybersecurity #infosec |
|
2023-05-16 12:15:00 |
SmbCrawlerSmbCrawler is no-nonsense tool that takes credentials and a list of hosts and 'crawls' (or 'spiders') through those shares. https://github.com/SySS-Research/smbcrawler#infosec #pentesting #bugbounty |
|
2023-05-16 08:04:08 |
Psudohash Password List Generator For Orchestrating Brute Force Attacks.This is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more.https://github.com/t3l3machus/psudohash#redteam #password #infosec #bruteforce |
|
2023-05-16 08:03:39 |
Alfa AWUS036ACHThe Alfa AWUS036ACH is a powerful 802.11ac dual-band USB wireless adapter designed to provide fast and reliable WiFi connectivity to Mac and Windows computers. It boasts an ultra-range capability, offering extreme distances and blazing speed to your WiFi network. With up to 300Mbps for 2.4GHz and 867Mbps for 5GHz networks, this adapter provides exceptional performance, making it ideal for streaming, gaming, and other bandwidth-intensive activities. Additionally, the AWUS036ACH comes equipped with two external antenna connectors (RP-SMA) and two detachable dual-band WiFi antennas, which can be replaced with any compatible antennas of your choice. Moreover, the RTL8812AU chipset of this adapter is also supported by Kali Linux with drivers available for it to perform packet injections.Buy online: 🛒 https://amzn.to/433k0G1🛒 https://bit.ly/45438R1#wifi #adapter #alfa |
|
2023-05-14 20:23:00 |
CompMgmtLauncher_DLL_UACBypassCompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive.https://github.com/hackerhouse-opensource/CompMgmtLauncher_DLL_UACBypass#infosec #pentesting #redteam |
|
2023-05-14 16:19:05 |
BackdoorBoxThe open-sourced Python toolbox for backdoor attacks and defenses.https://github.com/THUYimingLi/BackdoorBox#cybersecurity #infosec #pentesting |
|
2023-05-14 16:19:00 |
CVE-2023-27524Apache Superset Auth Bypass (CVE-2023-27524)https://github.com/TardC/CVE-2023-27524#cve #cybersecurity #infosec |
|
2023-05-14 11:42:46 |
HyperDeceitThis repository contains the full source-code of the HyperDeceit project which is a library that allows you to impersonate as Hyper-V and intercept hypercalls done by the Windows kernel.https://github.com/Xyrem/HyperDeceitDetails: https://reversing.info/posts/hyperdeceit/#infosec #pentesting #redteam |
|
2023-05-14 11:18:38 |
badsecretsA library for detecting known secrets across many web frameworks.https://github.com/blacklanternsecurity/badsecretsDetails:https://blog.blacklanternsecurity.com/p/introducing-badsecrets#cybersecurity #infosec #pentesting |
|
2023-05-13 08:31:11 |
wpfingerWordPress scanning tool.• Core version detection• Plugin scanning through fingerprinting• Vulnerability output, using database from Wordfencehttps://github.com/LeakIX/wpfinger#pentesting #redteam #bugbounty |
|
2023-05-13 08:27:16 |
CVE-2023-27363Foxit pdf reader exportxfadata exposed dangerous method remote code execution vulnerability (cve-2023-27363).https://github.com/j00sean/SecBugs/tree/main/CVEs/CVE-2023-27363#cve #cybersecurity #exploit |
|
2023-05-12 20:24:00 |
Nimbo-C2Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows (by dynamically loading the CLR to the process). Nim is powerful, but interacting with Windows is much easier and robust using Powershell, hence this combination is made. The Linux agent is slimer and capable only of basic commands, including ELF loading using the memfd technique.https://github.com/itaymigdal/Nimbo-C2#infosec #pentesting #redteam |
|
2023-05-12 20:23:00 |
Kovid RootkitA full-feature LKM intended for use against Linux kernel v5+.https://github.com/carloslack/KoviD#infosec #pentesting #redteam |
|
2023-05-12 16:20:00 |
SubDomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.https://github.com/nsonaniya2010/SubDomainizer#cybersecurity #infosec #pentesting |
|
2023-05-12 12:16:00 |
Exploit NotesSearch hacking techniques and tools for penetration testings, bug bounty, CTF.https://github.com/hideckies/exploit-notesWeb:https://exploit-notes.hdks.org/#infosec #pentesting #redteam |
|
2023-05-12 12:15:06 |
Buffer-Overflow-Stack-SmashExample of buffer overflow exploit from Aleph1's article "Smashing the Stack for Fun and Profit"https://github.com/CYoshioB/Buffer-Overflow-Stack-Smash#infosec #pentesting #redteam |
|
2023-05-12 12:15:05 |
HPHardwareDiagnostics-PoCPoC exploit for HP Hardware Diagnostic's EtdSupp driverhttps://github.com/alfarom256/HPHardwareDiagnostics-PoC#cve #poc #exploit |
|
2023-05-12 12:15:00 |
GetLAPSPasswordA feeble attempt at writing a LAPS dumping tool that supports both NTLM and Kerberos auth using the impacket library.https://github.com/dru1d-foofus/GetLAPSPassword#infosec #pentesting #redteam |
|
2023-05-12 08:54:48 |
HackRF OneA powerful Software-Defined Radio that can transmit and receive radio signals from 1 MHz to 6 GHz. It works as a USB peripheral and is open-source, allowing it to be programmed and managed as a standalone device. The device can interact with various digital technologies like WiFi, Bluetooth, smartphones, and GPS. The ANT500 telescopic antenna is a perfect first antenna for general-purpose use with the HackRF One. It operates on radio frequencies between 75 MHz and 1000 MHz and can be collapsed to 20 cm or fully extended to 88 cm. The HackRF One Bundle features a half-duplex transceiver, a maximum sample rate of 20 Msps, and 8-bit quadrature samples with an interface of high-speed USB. It can be powered by USB bus power.Buy online: 🛒 https://amzn.to/3I2VInk🛒 https://bit.ly/3VZixyf#SDR #RF #radio |
|
2023-05-10 11:41:03 |
ronin-payloadsA Ruby micro-framework for writing and running exploit payloads. ronin-payloads allows one to write payloads as plain old Ruby classes.https://github.com/ronin-rb/ronin-payloads#infosec #pentesting #redteam |
|
2023-05-10 11:37:58 |
resocksA reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed (e.g. due to NAT). The channel is secured by mutually trusted TLS with auto-generated certificates based on a connection key.https://github.com/RedTeamPentesting/resocks#infosec #pentesting #redteam |
|
2023-05-10 11:11:57 |
Invoke-ADEnumActive Directory Enumerator - Automate Active Directory Enumeration using PowerView.https://github.com/Leo4j/Invoke-ADEnum#infosec #pentesting #redteam |
|
2023-05-10 11:05:55 |
Evilginx 3.0 A man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.https://github.com/kgretzky/evilginx2#infosec #pentesting #redteam |
|
2023-05-10 11:05:51 |
Ultimate Magic Card (Gen4)The Ultimate Magic Card is an all-in-one emulation card with customizable card types, configurations, and functionality modes. It allows for modification of the ATQA/SAK/ATS/byte length/card number (UID)/M1 area size of any card without restrictions and can read and write any block like a UID card without a password. The card also supports Ultralight card transformation and rolling code recovery card mode, even after key modification. Additionally, it has a 14B card with a modifiable card number and a password-protected backdoor command. The recovery mode allows for reconfiguration in case of abnormal interference, reducing the chances of damage to the card.Buy online: 🛒 https://bit.ly/41uefzH#UID #card |
|
2023-05-09 20:23:00 |
Direct Syscalls: A journey from high to lowStart with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).https://github.com/VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-lowDetails:https://redops.at/en/blog/direct-syscalls-a-journey-from-high-to-low#infosec #pentesting #redteam |
|
2023-05-09 16:20:00 |
MeliziaC2DNS over HTTPS targeted malware (only runs once)• Auto-delete malware on failure• Fully encrypted (per victim RSA key) DoH (DNS-over-HTTPS) communication• Malware only runs once!https://github.com/demon-i386/MeliziaC2#infosec #pentesting #redteam |
|
2023-05-09 16:19:07 |
Awesome Cloud Security LabsAwesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.https://github.com/iknowjason/Awesome-CloudSec-Labs#cybersecurity #infosec #pentesting |
|
2023-05-09 16:19:00 |
docker-osmedeus v4Docker image for Osmedeus a fully automated offensive security tool for reconnaissance and vulnerability scanning.https://github.com/mablanco/docker-osmedeus#cybersecurity #infosec #pentesting |
|
2023-05-09 15:37:54 |
SpiderSuiteAn advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. https://github.com/3nock/SpiderSuiteWebsite:https://spidersuite.github.io/#infosec #cybersecurity #bugbounty |
|
2023-05-09 12:16:00 |
Recon MindMap (RMM)A tool that can easily generate complex domain structures using mind mapping software such as Obsidian Mind Map or xmind.https://github.com/Alevsk/rmm#cybersecurity #infosec #pentesting |
|
2023-05-09 12:15:00 |
NIST Vulnerability Data OntologyThe Vulntology is a project created to characterize vulnerabilities and provide a granular and intuitive structure for that information. This repository is a location to support community development of the NIST Vulnerability Data Ontology, or Vulntology.https://github.com/usnistgov/vulntology#cybersecurity #infosec |
|
2023-05-07 20:24:00 |
Kscan - Simple Asset Mapping ToolKscan is an asset mapping tool that can perform port scanning, TCP fingerprinting and banner capture for specified assets, and obtain as much port information as possible without sending more packets. It can perform automatic brute force cracking on scan results, and is the first open source RDP brute force cracking tool on the go platform.https://github.com/lcvvvv/kscan/blob/master/README_ENG.md#infosec #pentesting #redteam |
|
2023-05-07 20:23:00 |
Repo-supervisorScan your code for security misconfiguration, search for passwords and secrets. 🔍https://github.com/auth0/repo-supervisor#cybersecurity #infosec #pentesting |
|
2023-05-07 16:20:00 |
Application-SecurityResources for Application Security including Web, API, Android, iOS and Thick Client.https://github.com/Anof-cyber/Application-Security#infosec #pentesting #bugbounty |
|
2023-05-07 16:19:07 |
KlydaHighly configurable script for dictionary/spray attacks against online web applications.https://github.com/Xeonrx/Klyda#infosec #pentesting #redteam |
|
2023-05-07 16:19:00 |
Google Chrome Cookies Stealer (GCC-Stealer)This tools aims to be a statically compiled binary that can decrypt the Chrome family browsers (Chrome, Brave and Chromium) cookies.https://github.com/illera88/GCC-stealer#infosec #pentesting #redteam |
|
2023-05-07 12:16:00 |
InfosecHouseTools & Resources for Cyber Security Operations. A curated list of many tools and resources for both offensive and defensive security teams.https://github.com/InfosecHouse/InfosecHouse#cybersecurity #infosec #pentesting |
|
2023-05-07 12:15:05 |
handbookThese notes serve as a living document for penetration testing and offensive security. They will serve as a repository of information from existing papers, talks, and other resources and will be updated as new information is discovered.https://github.com/0xffsec/handbook#infosec #pentesting #redteam |
|
2023-05-07 12:15:00 |
Hacking resources and cheat sheets References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.https://github.com/Lifka/hacking-resources#cybersecurity #infosec #pentesting |
|
2023-05-07 07:23:04 |
KernelCallbackTable-InjectionLately, I came across with KernelCallbackTable which could be abused to inject shellcode in a remote process. This method of process injection was used by FinFisher/FinSpy and Lazarus.This post walks through the journey I took and the hurdles I encountered to make process injection via KernelCallbackTable work according to what I wanted.https://github.com/capt-meelo/KernelCallbackTable-InjectionDetails:https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html#infosec #pentesting #redteam |
|
2023-05-07 06:53:04 |
OSCP-ReportingOffensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam and Lab Reporting / Note-Taking Tool.https://github.com/Syslifters/OSCP-Reporting#cybersecurity #infosec #pentesting |
|
2023-05-07 06:28:30 |
RunAsPasswdA RunAs clone with the ability to specify the password as an argument.https://github.com/Sq00ky/RunAsPasswd#infosec #pentesting #redteam |
|
2023-05-06 20:23:00 |
Offensive PayloadsList of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.https://github.com/InfoSecWarrior/Offensive-Payloads#infosec #pentesting #redteam |
|
2023-05-06 16:20:00 |
Web Penetration Testing & Red Teaming MindMapMindmap That Include tools and the ways that help you for bug bounty and penetration testing. With this mindmap you can start web penetration testing step by step from Recon to exploting...https://github.com/N1arut/Pentesting-Mind-Map#infosec #pentesting #redteam |
|
2023-05-06 16:19:07 |
Vulnerable-ADCreate a vulnerable active directory that's allowing you to test most of active directory attacks in local lab.https://github.com/WazeHell/vulnerable-AD#cybersecurity #infosec #pentesting |
|
2023-05-06 16:19:00 |
Offensive Security ToolsHere you will find a useful collection of commands and file resource locations used in Pentesting operations. This reference is will go hand in hand with Kali Linux and the OSCP.https://github.com/Totes5706/Offensive-Security-Cheat-Sheet#infosec #pentesting #redteam |
|
2023-05-06 12:16:00 |
Awesome Cobalt Strike• The first part is a collection of quality articles about Cobalt Strike.• The third part is about the integration of the new features BOF resources.• This project is to solve the problem of not finding the right aggressor script or BOF when it is needed.https://github.com/zer0yu/Awesome-CobaltStrike#infosec #pentesting #redteam |
|
2023-05-06 12:15:05 |
shellcode_exec_workerfactoryJust another shellcode execution technique.https://gist.github.com/RistBS/fd4243d6df142d197920e2b72baa3cdd#infosec #pentesting #redteam |
|
2023-05-06 12:15:00 |
CVE-2023-28231DHCP Server Remote Code Execution impact: 2008 R2 SP1 до Server 2019https://github.com/glavstroy/CVE-2023-28231#cybersecurity #infosec #cve |
|
2023-05-06 08:15:20 |
Parallels Desktop VM EscapeThis repository contains an exploit for a Parallels Desktop vulnerability which has been assigned CVE-2023-27326. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop.https://github.com/Malwareman007/CVE-2023-27326#infosec #cve #pentesting |
|
2023-05-06 07:00:17 |
SSHLogA free, source-available Linux daemon written in C++ and Python that passively monitors #OpenSSH servers via eBPF to:👇https://github.com/sshlog/agent |
|
2023-05-05 20:24:00 |
ViperA powerful graphical tool designed for intranet penetration testing. It utilizes commonly-used tactics and technologies, including anti-virus software bypass, intranet tunneling, file management, and command line functions. With over 80 integrated modules, Viper covers all aspects of resource development, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and collection. Its goal is to improve red team engineers' attack efficiency, simplify operation, and reduce technical barriers. Viper also supports running the native msfconsole in the browser and multi-person collaboration, making it an ideal tool for infosec professionals, pentesters, and red team members.https://github.com/FunnyWolf/Viper/blob/master/README_EN.md#infosec #pentesting #redteam |
|
2023-05-05 20:23:00 |
GroovyWaiterEnumeration tool for developer heavy networks with many Jenkins instances.https://github.com/AnubisSec/GroovyWaiter#cybersecurity #infosec |
|
2023-05-05 17:20:00 |
DRAKVUF SandboxAutomated hypervisor-level malware analysis system.https://github.com/CERT-Polska/drakvuf-sandbox#malware #cybersecurity #infosec |
|
2023-05-05 16:20:00 |
Tangled WinExecThis repository is for investigation of Windows process execution techniques. Most of PoCs are given a name corresponding to the technique.https://github.com/daem0nc0re/TangledWinExec#infosec #pentesting #redteam |
|
2023-05-05 16:19:07 |
Tiktok SSL Pinning BypassBypass Tiktok SSL pinning on Android devices.https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass#infosec |
|
2023-05-05 16:19:00 |
yatafSimple tool to analyze a files/urls content - it was primarily created to analyze the content of a javascript file against a given set of regular expressions. The main goal is to give you an idea if a files content might be of interest. This means that yataf tries to find secrets in the content as well as potential endpoints.https://github.com/Damian89/yataf#cybersecurity #infosec |
|
2023-05-05 13:16:00 |
Panda Wireless® PAU0B AC600 Dual Band — High-speed wireless connectivity to 2.4GHz and 5GHz networks, compatible with Kali Linux 🛒 amzn.to/4149mNH via t.me/PentestingShop |
|
2023-05-05 12:16:54 |
CVE-2023-0386Linux Kernel Privilege Escalation.https://github.com/xkaneiki/CVE-2023-0386#infosec #pentesting #cve |
|
2023-05-05 12:16:00 |
MaskcatUtility tool for Hashcat Masks and Password Cracking.https://github.com/JakeWnuk/maskcat#infosec #pentesting #bugbounty |
|
2023-05-05 12:15:07 |
Offensive-Security-VaultThis is a Personal Knowledge Management tools for taking and managing notes related Offensive Security in Obsidian.https://github.com/hackedbyagirl/Offensive-Security-Vault#cybersecurity #infosec |
|
2023-05-05 12:15:00 |
security-cheatsheets🔒 A collection of cheatsheets for various infosec tools and topics.https://github.com/andrewjkerr/security-cheatsheets#cybersecurity #infosec |
|
2023-05-05 10:21:59 |
None |
|
2023-05-05 07:21:53 |
Awesome RedTeam CheatsheetRed Team Cheatsheet in constant expansion.https://github.com/RistBS/Awesome-RedTeam-Cheatsheet#infosec #pentesting #redteam |
|
2023-05-04 17:16:46 |
Apache Solr 8.3.1 admin panel RCE (Windows)This exploit allows code execution without any prior authentication on a default Solr admin panel.https://github.com/scrt/Apache-Solr-8.3.1-RCE#infosec #exploit #redteam |
|
2023-05-04 17:16:25 |
Hash MuncherGrab NetNTLMv2 hashes using ETW with administrative rights on Windows.https://github.com/lkarlslund/hashmuncher#infosec #pentesting #redteam |
|
2023-05-04 17:16:04 |
OWASP API Security Top 10https://github.com/OWASP/API-Security#cybersecurity #infosec |
|
2023-05-04 09:35:38 |
Freeze-rsA payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze-rs utilizes multiple techniques to not only remove Userland EDR hooks, but to also execute shellcode in such a way that it circumvents other endpoint monitoring controls.https://github.com/optiv/Freeze.rs#infosec #pentesting #redteam |
|
2023-05-04 09:19:32 |
AB BLE Gateway V4A BLE to gateway and bridge. The gateway reads iBeacon and Eddystone like beacon or customized Tag format and sends to local TCP server or internet HTTP/MQTT server. 🛒 bit.ly/3LQobix via t.me/PentestingShop/289#infosec #devices |
|
2023-05-03 20:23:00 |
REcollapseA helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications.It can also be helpful to bypass WAFs and weak vulnerability mitigations. For more information, take a look at the REcollapse blog post.The goal of this tool is to generate payloads for testing. Actual fuzzing shall be done with other tools like Burp (intruder), ffuf, or similar.https://github.com/0xacb/recollapse#infosec #pentesting #redteam |
|
2023-05-03 16:20:00 |
StackMaskThis is a PoC of encrypting the stack prior to custom sleeping by leveraging CPU cycles. This is the code of the relevant blog post: Masking the Implant with Stack Encryptionhttps://github.com/WKL-Sec/StackMask#infosec #pentesting #redteam |
|
2023-05-03 16:19:08 |
Secbench.jsSecbench.js is the first benchmark suite of server-side JavaScript vulnerabilities. This benchmark consists of 600 publicly reported vulnerabilities curated from different advisory databases, such as Snyk, GitHub Advisories, and Huntr.dev.https://github.com/cristianstaicu/SecBench.js#infosec #pentesting #bugbounty |
|
2023-05-03 16:19:07 |
LAURELLAUREL is an event post-processing plugin for auditd(8) that generates useful, enriched JSON-based audit logs suitable for modern security monitoring setups.https://github.com/threathunters-io/laurel#cybersecurity #infosec |
|
2023-05-03 16:19:00 |
WhatsApp OSINT ToolLogs online/offline events from ANYONE in the world.https://github.com/jasperan/whatsapp-osint#OSINT #infosec |
|
2023-05-03 13:24:34 |
hardCIDRA Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test. This information is maintained by the five Regional Internet Registries (RIRs):👇• ARIN (North America)• RIPE (Europe/Asia/Middle East)• APNIC (Asia/Pacific)• LACNIC (Latin America)• AfriNIC (Africa)https://github.com/trustedsec/hardcidr#infosec #pentesting #recon |
|
2023-05-03 11:41:02 |
RFID Blocker CardProtect your personal data with the most advanced RFID blocker card for your wallet. As contactless card payments become increasingly popular, the risk of fraudsters intercepting our information is on the rise. The RFID Blocking Card is a credit-card-sized tool that can be placed inside a wallet, credit card holder or clip to block electromagnetic signals, ensuring protection against RFID theft while still allowing the use of contactless payments. It's composed of a mixture of metals that disrupt RFID signals, with inside and outside coatings of a patent-pending metal mixture to safeguard your personal information. The card is flexible and only half the thickness of a credit card, so it won't add bulk to your wallet. Simply add RFID Blocking Cards to your wallet or credit card holder to block unwanted RFID scanners and keep your personal data safe.Buy online:🛒 $6.80🔥 https://bit.ly/41WAUpJ🛒 VAULTCARD https://amzn.to/3VrHCkY#RFID #card |
|
2023-05-03 08:08:19 |
reNgineAutomated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.https://github.com/yogeshojha/rengine#infosec #pentesting #redteam |
|
2023-05-02 20:23:00 |
Camera Exploitation ToolAutomated exploit scanner for cameras on the internet.https://github.com/TasosY2K/camera-exploit-tool#infosec #pentesting #redteam |
|
2023-05-02 16:20:00 |
KrakenA modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and is core is developed in Python.https://github.com/kraken-ng/Kraken#infosec #pentesting #redteam |
|
2023-05-02 16:19:07 |
CirFixAutomatically Repairing Defects in Hardware Design Code.https://github.com/hammad-a/verilog_repair#cybersecurity #infosec |
|
2023-05-02 16:19:00 |
Secret Regex ListList of regex for scraping secret API keys and juicy information. You can directly copy this and put into your python code, some regexes might require three quotes or else it will break the code.https://github.com/h33tlit/secret-regex-list#infosec #pentesting #bugbounty |
|
2023-05-02 12:15:06 |
Advanced SQL Injection CheatsheetThis repository contains a advanced methodology of all types of SQL Injection.• Find injection point• Understand the website behaviour• Send queries for enumeration• Understanding WAF & bypass it• Dump the databasehttps://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet#infosec #pentesting #bugbounty |
|
2023-05-02 12:15:05 |
AIMOD2Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.https://github.com/darkquasar/AIMOD2#cybersecurity #infosec |
|
2023-05-02 12:15:00 |
CVE-2023-23399MS Excel 365 MSO 2302 Build 16.0.16130.20186 RCEhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23399#cve #infosec #exploit |
|
2023-05-02 10:21:20 |
linikatzA tool to attack AD on UNIXThis repository contains all of the scripts and source code for "Where 2 Worlds Collide: Bringing Mimikatz et al to UNIX"👆 In addition to the main linikatz.sh script, this also includes auditd policies, John the Ripper rules, Metasploit post-exploitation modules and fuzzers. https://github.com/CiscoCXSecurity/linikatz#infosec #pentesting #redteam |
|
2023-05-01 20:23:00 |
subneriumA fast passive subdomain enumeration tool that uses various sources to gather data. All requests are made through yaml templates, to see more see the documentation:👇https://github.com/d3f1ne/subnerium#infosec #pentesting #bugbounty |
|
2023-05-01 16:19:00 |
hrektA really fast http prober.https://github.com/ethicalhackingplayground/hrekt#infosec #pentesting #bugbounty |
|
2023-05-01 12:15:00 |
TrawlerPowerShell script to help Incident Responders discover adversary persistence mechanisms.https://github.com/joeavanzato/Trawler#blueteam #infosec #malware |
|
2023-05-01 10:09:41 |
ReconBulkAutomated Subdomain Enumeration and Scanning ToolThis script automates the process of subdomain enumeration and scanning using several popular open-source tools, combining their results and providing detailed output. The primary purpose of this tool is to simplify and streamline the process of discovering subdomains and their related information for a given domain.https://github.com/TaurusOmar/reconbulk#infosec #pentesting #bugbounty |
|
2023-04-30 20:23:00 |
LoRa-AX25-IP-NetworkUtilising inexpensive wireless modules and open source software to form networks over long distances using AX25 and IP networking in the unlicensed ISM bands, without reliance on a centralised service provider.• Privacy minded individuals• People living under oppressive governments• Remote communities• Natural Disaster areas• Testing low bandwidth applications eg, COAP ROHC• Testing Decentralised apps like scuttlebutt.nz and tox.chathttps://github.com/dmahony/LoRa-AX25-IP-Network#cybersecurity #infosec #privacy |
|
2023-04-30 16:20:00 |
Shellcode_DownloaderWriting Custom Shellcode Downloader in C++https://github.com/lsecqt/OffensiveCpp/blob/main/WinAPI%20Examples/WinHTTP/Shellcode_Downloader.cpp#infosec #pentesting #redteam |
|
2023-04-30 16:19:00 |
CherrybombCherrybomb is an CLI tool written in Rust that helps prevent incorrect code implementation early in development. It works by validating and testing your API using an OpenAPI file. Its main goal is to reduce security errors and ensure your API functions as intended.https://github.com/blst-security/cherrybomb#cybersecurity #infosec |
|
2023-04-30 13:38:10 |
The Hardware Hacking Handbook — teaches you how to hack embedded devices, exploring hardware interfaces, signaling, and communication protocols. 🛒 amzn.to/41RjQkT via t.me/PentestingShop/286 |
|
2023-04-30 12:16:00 |
MFASweepA PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. Depending on how conditional access policies and other multi-factor authentication settings are configured some protocols may end up being left single factor. It also has an additional check for ADFS configurations and can attempt to log in to the on-prem ADFS server if detected.https://github.com/dafthack/MFASweep#infosec #pentesting #redteam |
|
2023-04-30 12:15:00 |
Introduction to injection and hooking• ASLR on Windows• Process mitigations against RWX pages• Known DLLs• Multithreaded environments• Secure C coding styleshttps://github.com/yo-yo-yo-jbo/injection_and_hooking_intro#cybersecurity #infosec #inject |
|
2023-04-09 20:24:00 |
Recon ScriptsRecon scripts for Red Team and Web blackbox auditing.https://github.com/mtimani/Recon_scripts#infosec #pentesting #redteam |
|
2023-04-09 20:23:07 |
Reverse-EngineeringA FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.https://github.com/mytechnotalent/Reverse-Engineering#cybersecurity #infosec #reverse |
|
2023-04-09 20:23:00 |
DllLoadPathShowcasing two different techniques for changing DLL load order by using undocumented APIs. These are not novel techniques but I never saw them documented anywhere. The proper signatures for RtlCreateProcessParameter and RtlCreateProcessParameters are:👇https://github.com/SecurityAndStuff/DllLoadPath#cybersecurity #infosec |
|
2023-04-09 16:20:00 |
Awesome Malware TechniquesA curated list of resources to analyse and study malware techniques.https://github.com/fr0gger/Awesome_Malware_Techniques#malware #cybersecurity #infosec |
|
2023-04-09 16:19:08 |
BurpgptA #BurpSuite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.https://github.com/aress31/burpgpt#infosec #bugbounty #pentesting |
|
2023-04-09 16:19:07 |
VAmPIVulnerable REST API with OWASP top 10 vulnerabilities for security testing.https://github.com/erev0s/VAmPI#cybersecurity #infosec |
|
2023-04-09 16:19:00 |
AzureGoatA Damn Vulnerable Azure Infrastructure.https://github.com/ine-labs/AzureGoat#cybersecurity #infosec |
|
2023-04-09 12:16:00 |
Hades-C2Hades is a basic Command & Control framework built using Python. It is currently extremely bare bones, but I plan to add more features soon.https://github.com/Lavender-exe/Hades-C2#infosec #pentesting #redteam |
|
2023-04-09 12:15:00 |
spotify-gdpr-dump-analysisLocal analysis of complete spotify streaming dataset (endsong_*.json). Made in 3 hours alongside with chatGPT, fixing bugs as they appeared.https://github.com/pldubouilh/spotify-gdpr-dump-analysis#cybersecurity #infosec |
|
2023-04-09 08:29:29 |
ScoperThis is a #BurpSuite extension that allows users to easily add web addresses to the Burp Suite scope.https://github.com/haticeerturk/scoper#infosec #bugbounty #pentesting |
|
2023-04-08 20:30:52 |
Alfa APA-M25Powerful dual-band directional indoor panel antenna designed to work with any dual-band Wi-Fi router, receiver, or access point that has an RP-SMA port. It replaces the standard factory antenna and can improve your router's range up to four times. It offers up to 145% better performance and 150% longer distance, with a frequency range of 2.4 - 2.5GHz / 5.150 - 5.875GHz and a gain of 8dBi @ 2.4GHz / 10dBi @ 5GHz. Its patch directional design has a 16-degree vertical beam-width and a 66-degree horizontal beam-width, making it ideal for indoor use.Buy online: 🛒 https://amzn.to/3MrllkZ🛒 https://alii.pub/6ny5ik#alfa #antenna #wifi |
|
2023-04-08 20:24:00 |
ZenLdrBasic implementation of Cobalt Strikes - User Defined Reflective Loader feature.https://github.com/Mav3rick33/ZenLdrDetails:https://mav3rick33.gitbook.io/the-lab/cobalt-strike-user-defined-reflective-loader-studies#infosec #redteam #pentesting |
|
2023-04-08 20:23:00 |
ViDeZZoA virtual device fuzzing framework considering both intra- and inter-message dependencies to balance fuzzing scalability and efficiency.https://github.com/HexHive/ViDeZZo#cybersecurity #infosec |
|
2023-04-08 18:21:08 |
vm2A sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!https://github.com/patriksimek/vm2#cybersecurity #infosec |
|
2023-04-08 18:21:07 |
Rusty EkkoA small sleep obfuscation technique that uses the CreateTimerQueueTimer Win32 API function ported from C Ekko to Rust.https://github.com/memN0ps/ekko-rs#cybersecurity #infosec |
|
2023-04-08 18:21:00 |
xv_undergroundA scalable web app features LiveView authentication, user roles and permission system, and secure S3/Wasabi uploads. It calculates file hashes with Erlang crypto library and uses Oban for all most API requests for automated retries. It includes a custom Logger backend to log to Discord, has CI/CD setup and is deployed on Fly.io.https://github.com/blackmassgroup/xv_underground#cybersecurity #infosec #malware |
|
2023-04-08 09:12:00 |
KmonLinux Kernel Manager and Activity Monitor 🐧💻https://github.com/orhun/kmon#linux #cybersecurity |
|
2023-04-07 20:24:00 |
PhoenixC2Free & open source C2 framework for Red Teams. It is written in Python3 and uses for it’s REST API. It is designed to be easy to use and easy to extend. This is the first release of PhoenixC2, so there are still many features missing.Features:• Modern Web-Interface• Built for Teams and Organizations (Multi-User)• Customizable (Plugins, Modules, Kits)• Easy to use• Easy to extend• Supports different languages (Python, Go, …)https://github.com/screamz2k/PhoenixC2Details:https://screamz2k.github.io/posts/phoenixc2-first-release#infosec #pentesting #redteam |
|
2023-04-07 16:20:00 |
Cairo-FuzzerA tool designed for smart contract developers to test the security. It can be used as an independent tool or as a library.• Run Cairo contract• Run Starknet contract• Replayer of fuzzing corpus• Minimizer of fuzzing corpus• Load old corpus• Handle multiple arguments• Workspace architecture• Import dictionnary• Use Cairo-fuzzer as a libraryhttps://github.com/FuzzingLabs/cairo-fuzzer#infosec #bugbounty #pentesting |
|
2023-04-07 14:17:00 |
Hayabusa A sigma-based threat hunting and fast forensics timeline generator for Windows event logs.https://github.com/Yamato-Security/hayabusa#cybersecurity #infosec #forensics |
|
2023-04-07 12:16:00 |
lsassyPython tool to remotely extract credentials on a set of hosts. This blog post explains how it works. This tool uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.https://github.com/Hackndo/lsassy#infosec #pentesting #redteam |
|
2023-04-07 12:15:00 |
Common Threat Matrix for CI/CD PipelineThis is an ATT&CK-like matrix focus on CI/CD Pipeline specific risk. MITRE ATT&CK® is a knowledge base of adversary tactics and techniques. To map the threat of CI/CD Pipeline, I use the same classification as the framework.https://github.com/rung/threat-matrix-cicd#cybersecurity #infosec |
|
2023-04-07 09:46:01 |
Dir2jsonA .NET utility that lists directory contents with attributes and saves it as a .json file. It can be executed from the command line or Cobalt Strike's BOF.NET. Json2csv.ps1 script is also available for easier querying.https://github.com/bitsadmin/dir2jsonDetails:https://blog.bitsadmin.com/blog/digging-for-secrets#infosec #pentesting #redteam |
|
2023-04-06 20:24:00 |
KurlKurl was created to aid my work as a Red Teamer. Kurl creates an easy to view data sent via HTTP requests by the URLs provided, showing:👇• Status code.• Response length.• HTTP Verb.• Data format (json or xml).• Content-Type.• The URL itself.https://github.com/gbrls/kurl#infosec #pentesting #redteam |
|
2023-04-06 20:23:00 |
Arsenal-rsRusty Arsenal - Process Injection / Post-Exploitation Techniques in Rust.https://github.com/memN0ps/arsenal-rs#pentesting #redteam #hackers |
|
2023-04-06 16:20:00 |
♻️ Azure AD - Attack and Defense PlaybookThis publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.• Password Spray• Consent Grant• Service Principals in Azure DevOps Pipelines• Azure AD Connect Sync Service Account• Replay of Primary Refresh (PRT) and other issued tokens• Azure AD Security Config Analyzer (AADSCA)https://github.com/Cloud-Architekt/AzureAD-Attack-Defense#infosec #pentesting #redteam #ad |
|
2023-04-06 16:19:00 |
rogue A barebones template of 'rogue' aka a simple recon and agent deployment I built to communicate over ICMP. Well, without the ICMP code.https://github.com/realoriginal/rogue#cybersecurity #infosec |
|
2023-04-06 13:16:27 |
RangePiRange-Pi is an affordable and portable #LoRa dongle based on Raspberry Pi RP2040 and LoRa modules. It has a built-in 1.14" LCD screen and covers 433/868/915 MHz frequencies, allowing data transmission up to 5 km. LoRa is a wireless technology used for IoT tasks like smart parking, livestock tracking, and automatic meter reading, as it sends packets over long distances without using much power. Setting up LoRa devices is challenging, but Range-Pi simplifies the process. It is open-source, works with any computer or device, and is compatible with The Things Network. Range-Pi is ideal for IoT integrators to test and configure networks on-the-go.Buy online: 🛒 https://amzn.to/40MkeQS#radio #usb #lora #raspberry |
|
2023-04-06 12:16:00 |
IDLE-AbuseA method to execute shellcode using RegisterWaitForInputIdle API.https://github.com/RixedLabs/IDLE-AbuseDetails:https://rixed-labs.medium.com/shellcode-execution-using-registerwaitforinputidle-291c82d2d3fd#cybersecurity #infosec #redteam |
|
2023-04-06 12:15:00 |
XSS-PayloadsList of XSS Vectors/Payloads i have been collecting since 2015 from different resources like websites, tweets, books... You can use them to bypass WAF and find XSS vulnerabilities, i will try to update the list as possible.https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md#infosec #bugbounty #pentesting |
|
2023-04-06 11:14:32 |
SeacraneA single-binary tool that runs on OSX (arm/x86), Windows, Linux, routers & embedded devices (openwrt, busybox, NAS, etc) that offers:👇▫️ encrypt a file▫️ download a file from another device▫️ upload a file to another device▫️ proxy through another machine (SOCKs or tcpport)▫️ base64 encode/decode something▫️ share a clipboard copy/paste buffer with another device▫️ chat on a LAN▫️ send a secret (encrypted message)▫️ and more...https://github.com/s7ephen/seacrane |
|
2023-04-05 20:23:00 |
Capsulecorp AD Pentest (Hyper-v)The Capsulecorp Pentest is a small virtual network managed by Vagrant and Ansible on Hyper-V. It contains four Windows virtual machines configured with various vulnerable services. This project can be used to learn network Active Directory penetration testing, test Command And Control and develop software for future Active directory Audits.https://github.com/Marmeus/capsulecorp-ad-pentest-hyperv#cybersecurity #infosec #pentesting |
|
2023-04-05 16:20:00 |
Fast Google Dorks ScanThe #OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan#cybersecurity #infosec |
|
2023-04-05 16:19:00 |
geacon_plusCobaltStrike beacon written in golang.https://github.com/Arr3stY0u/geacon_plus#infosec #pentesting #redteam |
|
2023-04-05 12:16:00 |
DomoArigatoA simple command line tool which quickly audits the Disallow entries of a site's robots.txt.https://github.com/EmberHext/DomoArigato#infosec #bugbounty #pentesting |
|
2023-04-05 12:15:00 |
Burp VPS ProxyThis BurpSuite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.https://github.com/d3mondev/burp-vps-proxy#infosec #blueteam #pentesting |
|
2023-04-05 11:59:13 |
♻️ Mindmap transfer files to VICTIMhttps://github.com/eMVee-NL/MindMap#redteam |
|
2023-04-05 10:12:19 |
Sherloq Personal research project about implementing a fully integrated environment for digital #image #forensics. It is not meant as an automatic tool that decide if an image is forged or not (that tool probably will never exist...), but as a companion in experimenting with various algorithms found in the latest research papers and workshops.https://github.com/GuidoBartoli/sherloq |
|
2023-04-04 20:23:00 |
wmiexec-ProThe new generation of wmiexec.py, more new features, whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement (Windows Defender, HuoRong, 360)• Main feature: Only need port 135.• New module: AMSI bypass• New module: File transfer• New module: Remote enable RDP via wmi class method• New module: Windows firewall abusing• New module: Eventlog looping cleaning• New module: Remote enable WinRM without touching CMD• Enhancement: Get command execution output in new way• Enhancement: Execute vbs filehttps://github.com/XiaoliChan/wmiexec-Pro#cybersecurity #infosec #pentesting #redteam |
|
2023-04-04 20:22:00 |
iat_unhook_sampleSimple sample of unhooking ntdll (IAT imports) hooks in Rust without using syscalls (except VirtualProtect).https://github.com/Signal-Labs/iat_unhook_sample#cybersecurity #infosec |
|
2023-04-04 16:19:06 |
MalBuzzIt's a handy tool to help you analyze malware. You can use this tool to query your malware samples using different hashes or find all other samples using YARA rules, CalmAV signatures, etc. This tool is based on MalwareBazaar.https://github.com/NomanProdhan/malbuzz#cybersecurity #infosec |
|
2023-04-04 16:19:05 |
FibratusA tool for exploration and tracing of the Windows kernel. It lets you trap system-wide events such as process life-cycle, file system I/O, registry modifications or network requests among many other observability signals. In a nutshell, Fibratus allows for gaining deep operational visibility into the Windows kernel but also processes running on top of it. It requires no drivers nor third-party software.https://github.com/rabbitstack/fibratus#cybersecurity #infosec |
|
2023-04-04 16:19:00 |
PatchlessCLRLoader.NET assembly loader with patchless AMSI and ETW bypass.• AES encryption payload• Fileless payload support• Patchless AMSI and ETW bypass using hardware breakpointhttps://github.com/VoldeSec/PatchlessCLRLoader#cybersecurity #infosec #pentesting #redteam |
|
2023-04-04 12:28:06 |
Wireshark RDP resourcesLooking for a way to capture and inspect RDP traffic in Wireshark? You've come to the right place!https://github.com/awakecoding/wireshark-rdp#cybersecurity #infosec #pentesting #redteam |
|
2023-04-04 11:55:30 |
PentestingToolsFirst and foremost, this repo is a WORK IN PROGRESS and will continue to be updated. This repo is designed to be a one-stop shop for a pentester. Above, you will find a collection of tools and resources for conducting a pentest in a Windows or Linux environment.https://github.com/DritzPS/PentestingTools#infosec #pentesting #redteam |
|
2023-04-04 09:39:51 |
ZimaBoardZimaBoard is an affordable single board server designed for makers, DIY enthusiasts, and geeks. It is a hackable x86 SBC that combines the expandability of a standard server and the power of a micro server. With ZimaBoard, you can easily set up a personal cloud with 4 Terabytes of storage, configure a secure VPN to protect your online activities, build a 4K media server with Plex, or share files with team members. The board is fully customizable and expandable with PCIe x4, SATA 6.0 Gb/s, and dual gigabit Ethernet onboard. ZimaBoard comes with CasaOS pre-installed, a simple and elegant home cloud system built around the Docker ecosystem.Buy online: 🛒 https://amzn.to/3KFWEjv🛒 https://ali.ski/gytJ-u#board #minipc |
|
2023-04-03 20:23:00 |
Awesome wordlists for Bug Bounty HuntingThis repository contains publicly available wordlists for Bug hunting. The main Objective for creating this repo is to bring all the available worlists at one place.https://github.com/0xPugazh/fuzz4bounty#infosec #bugbounty #pentesting |
|
2023-04-03 16:20:00 |
hackerone-reportsTop disclosed reports from HackerOne.https://github.com/reddelexc/hackerone-reports#infosec #blueteam #pentesting |
|
2023-04-03 16:19:00 |
URL HunterCheck out this JavaScript code that extracts URLs from a web page and linked scripts! Perfect for web scraping and penetration testing.https://github.com/SecuritySphinx/URL-Hunter#cybersecurity #infosec #pentesting |
|
2023-04-03 12:16:00 |
Awesome ForensicsCurated list of awesome free (mostly open source) #forensic analysis tools and resources.https://github.com/cugu/awesome-forensics#cybersecurity #infosec |
|
2023-04-03 12:15:00 |
Sublime RulesSublime rules for email attack detection, prevention, and threat hunting.https://github.com/sublime-security/sublime-rules#cybersecurity #infosec |
|
2023-04-03 06:58:29 |
msldapLDAP library for #auditing MS #ADhttps://github.com/skelsec/msldap |
|
2023-04-02 20:23:00 |
WebDirScanWebDirScan is a tool for brute-forcing URIs (directories and files) on web servers by taking input directory to scan for files & directories recursively. It's written in Go and it's capable of multithreaded scanning.https://github.com/jayateertha043/WebDirScan#cybersecurity #infosec #pentesting |
|
2023-04-02 16:19:00 |
ssh-log-auditor Python scriptssh-log-auditor An open source Python script will detect potential SSH brute-force attacks and creates a CSV report. If the number of failed login attempts from a given IP address exceeds a certain threshold (default value is 5), the script alerts the user and outputs the IP address, username, date, number of failed attempts, and location information to a CSV file (default file name is failed_login_attempts.csv).https://github.com/bigb0x/ssh-log-auditor#cybersecurity #infosec #blueteam |
|
2023-04-02 12:29:27 |
padrepadre is an advanced exploiter for Padding Oracle attacks against CBC mode encryption.Features:• blazing fast, concurrent implementation• decryption of tokens• encryption of arbitrary data• automatic fingerprinting of padding oracles• automatic detection of cipher block length• HINTS! if failure occurs during operations, padre will hint you about what can be tweaked to succeed• supports tokens in GET/POST parameters, Cookies• flexible specification of encoding rules (base64, hex, etc.)https://github.com/glebarez/padre#infosec #pentesting #redteam |
|
2023-04-02 12:28:48 |
Multi-RFID keyfobThe Multi-RFID keyfob is a low-tech, cost-effective solution that features six independent RFID tags, including 3x Low Frequency T5577 ("Universal" LF Tags) and 3x MIFARE Classic® Compatible 1K UID Modifiable DirectWrite / Gen2 Tags (Android Compatible). It is activated by pressing and holding the corresponding button for each tag. The keyfob does not require batteries, making it a highly convenient tool for those who need to ensure they have access to LF/HF blank tags at all times.Buy online: 🛒 $4.20 🔥 https://ali.ski/EX6zX#RFID |
|
2023-04-02 12:15:01 |
Crypto #OSINT investigationA collection of resources useful for OSINT Investigations on Cryptocurrencies and WEB3. For sure, it isn't a complete resource, most of what you find here is related to some investigation I did. Feel free to fork and make any addition you want.https://github.com/aaarghhh/awesome_osint_criypto_web3_stuff#cybersecurity #infosec |
|
2023-04-02 12:15:00 |
XXElixir 🧪This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.https://github.com/kljunowsky/XXElixir#bugbounty #pentesting #infosec |
|
2023-04-02 12:14:00 |
Malware AnalysisA repository to organize my malware write-ups that are too long or just don't work as Twitter threads.https://github.com/dodo-sec/Malware-Analysis#malware #cybersecurity #infosec |
|
2023-04-02 11:30:08 |
n0kovo subdomain wordlistAn extremely effective subdomain wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.https://github.com/n0kovo/n0kovo_subdomainsDetails:https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/#bugbounty #pentesting #infosec |
|
2023-04-02 09:28:13 |
ChatGPT#ChatGPT Desktop Application (Mac, Windows and Linux)Features:▫️ Multi-platform: macOS Linux Windows▫️ Text-to-Speech▫️ Export ChatGPT history (PNG, PDF and Markdown)▫️ Automatic application upgrade notification▫️ Common shortcut keys▫️ System tray hover window▫️ Powerful menu items▫️ more...https://github.com/lencx/ChatGPT |
|
2023-04-02 08:33:23 |
Awesome WordlistsA curated list of wordlists for bruteforcing and fuzzing.https://github.com/n0kovo/awesome-wordlists#infosec #bugbounty #pentesting |
|
2023-04-01 20:24:00 |
DockerSecurityPlaygroundA Microservices-based framework for the study of Network Security and Penetration Test techniques.→ Create network and network security scenarios, in order to understand network protocols, rules, and security issues by installing DSP in your PC.→ Learn penetration testing techniques by simulating vulnerability labs scenarios→ Manage a set of docker-compose project . Main goal of DSP is to learn in penetration testing and network security, but its flexibility allows you the creation, graphic editing and managment run / stop of all your docker-compose labs.https://github.com/DockerSecurityPlayground/DSPWebsite:https://secsi.io/docker-security-playground/#cybersecurity #infosec #pentesting |
|
2023-04-01 20:23:00 |
HakoriginfinderTool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!https://github.com/hakluke/hakoriginfinder#cybersecurity #infosec #bugbounty #pentesting |
|
2023-04-01 16:45:57 |
Happy Birthday Fox :)😘 |
|
2023-04-01 16:19:00 |
PatchGuardBypassBypassing PatchGuard on modern x64 systems.https://github.com/AdamOron/PatchGuardBypass#cybersecurity #infosec #pentesting #redteam |
|
2023-04-01 12:16:00 |
yetAnotherObfuscatorA C# obfuscator tool that can bypass Windows Defender antivirus. I made this tool mainly as an excuse to learn more about C# and how obfuscators function.https://github.com/0xb11a1/yetAnotherObfuscator#cybersecurity #infosec #pentesting #redteam |
|
2023-04-01 12:15:00 |
HeapCryptEncypting the Heap while sleeping by hooking and modifying Sleep with our own function that encrypts the heap, sleeps for a moment then decrypts the heap:👇https://github.com/TheD1rkMtr/HeapCrypt#cybersecurity #infosec |
|
2023-03-31 17:56:36 |
OPC UA Network FuzzerThe network fuzzer based on the boofuzz network fuzzer as a framework—which helped us successfully target the KepwareEX server, and trigger a crash that we were able to use to develop a remote code execution exploit against and earn $20,000 at the contest.https://github.com/claroty/opcua_network_fuzzerDetails:https://claroty.com/team82/research/team82-releases-homegrown-opc-ua-network-fuzzer-based-on-boofuzz#infosec #cybersecurity #pentesting #redteam |
|
2023-03-31 17:55:40 |
BoofuzzA fork and successor of the Sulley Fuzzing Framework.Features:• Easy and quick data generation.• Instrumentation – AKA failure detection.• Target reset after failure.• Recording of test data.https://github.com/jtpereyda/boofuzz#cybersecurity #infosec #bugbounty #pentesting |
|
2023-03-31 16:19:00 |
FrilaneAutomated iOS Frida Gadget injection and Testflight deployment using Frida and Fastlane.https://github.com/gjfvieira/frilane#cybersecurity #infosec |
|
2023-03-31 12:15:00 |
emp3r0rA post-exploitation framework for Linux/Windows.https://github.com/jm33-m0/emp3r0r#cybersecurity #infosec #pentesting #redteam |
|
2023-03-31 10:20:31 |
ACEMAGICIAN T8 PlusA mini PC that features the latest Intel Processor N95 “Alder Lake N-Series” quad-core processor with up to 3.4 GHz turbo frequency, and 16EU Intel HD graphics @ 1.2 GHz. It comes with 8GB LPDDR5 memory, a 256GB M.2 NVMe SSD, and is equipped with three HDMI 2.0b ports, dual gigabit Ethernet ports, three USB 3.0 ports, a WiFi 5 and Bluetooth 4.2 wireless module, and a 3.5mm audio jack, plus a Kensington lock slot. The computer ships with Windows 11 Pro but Kali Linux is also supported. Buy online: 🛒 https://amzn.to/3zjDCsw#ACE #minipc |
|
2023-03-30 20:23:00 |
pathbusterA path-normalization pentesting tool.→ Implement --filter-status which will filter the status codes.→ Implement --filter-body-size which will filter the response sizes.→ Implement --drop-after-fail which will ignore requests with the same response code multiple times in a row.→ Fixed a ton performance issues and included directory bruteforcing at the end.https://github.com/ethicalhackingplayground/pathbuster#infosec #bugbounty #pentesting |
|
2023-03-30 20:22:00 |
WebRecon2A re-write of WebRecon. It's faster and prettier.WebRecon2 utilizes the best tools available, each great at their own job, and combines them into a single script to automate a workflow that would typically be followed manually when performing subdomain enumeration against a bug bounty program. Each of the tools listed below will need to be accessible within your $PATH for WebRecon2 to work.https://github.com/sammooredev/WebRecon2#cybersecurity #infosec #bugbounty #pentesting |
|
2023-03-30 12:15:00 |
JsleakA tool to find secret, paths or links in the source code during the recon.Features:• Discover secrets in JS files such as API keys, tokens, and passwords.• Identify links in the source code.• Complete Url Function• Concurrent processing for scanning of multiple Urls• Check status code if the url is alive or nothttps://github.com/channyein1337/jsleak#cybersecurity #infosec #bugbounty #pentesting |
|
2023-03-29 20:23:00 |
Awesome #OSINTA curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources)https://github.com/jivoi/awesome-osint#cybersecurity #infosec |
|
2023-03-29 16:20:00 |
Rusty Hog A secret scanner built in Rust for performance, and based on TruffleHog which is written in Python. Rusty Hog provides the following binaries:👇https://github.com/newrelic/rusty-hog#cybersecurity #infosec #bugbounty #pentesting |
|
2023-03-29 16:19:05 |
Early bird + Parent Process Id SpoofingThis technique is already well known but still powerfull. The main idea is to queue an user APC into a suspended process, avoiding the need to create a new thread. Since the process is launch in suspended state, EDR's haven't placed any hooks yet.https://github.com/b4rth0v5k1/EarlyBirdNTDLL#infosec #redteam |
|
2023-03-29 16:19:00 |
VBoxCloakA PowerShell script that attempts to help #malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to evade analysis. Guaranteed to bring down your pafish ratings by at least a few points ;)https://github.com/d4rksystem/VBoxCloak#cybersecurity #infosec |
|
2023-03-29 13:22:10 |
HardHat C2A cross-platform, collaborative, Command & Control framework written in C#, designed for red teaming and ease of use.https://github.com/DragoQCC/HardHatC2#cybersecurity #infosec #pentesting #redteam |
|
2023-03-29 12:36:40 |
Kingston IronKey Vault Privacy 50IronKey Vault Privacy series are encrypted USB drives that offer high-level security for your data. They use FIPS 197 certified AES 256-bit hardware-encryption in XTS mode to protect your data from unauthorized access. They also have features to prevent BadUSB attacks, Brute Force attacks, and malware infection. You can choose from different password options and modes to suit your needs. VP50 series are compatible with Endpoint Management software and meet TAA compliance standards. They are available in Type-A and Type-C versions.Buy online: 🛒 https://amzn.to/3FVSzEX#usb #security #kingston #encrypted |
|
2023-03-29 12:16:00 |
hacking-writeupsHelpful shell commands and lots of writeups from machines solved on Hack the Box and also walkthroughs from CTF competitions.https://github.com/BitFlippa27/hacking-writeups/tree/main/htb/ctf/cyber-apocalypse-2023/web#cybersecurity #infosec #pentesting #redteam |
|
2023-03-29 12:15:00 |
Powershell String CleanerSimple script to deobfuscate Powershell formatting strings.https://github.com/dr4k0nia/tooling-playground/tree/main/PowershellStringCleaner#cybersecurity #infosec |
|
2023-03-29 08:39:59 |
FreeMetsrvLoaderFork of freeBokuLoader which targets and frees Metsrv's initial reflective DLL package.https://github.com/attl4s/freeMetsrvLoader#cybersecurity #infosec #pentesting #redteam |
|
2023-03-29 07:49:45 |
Awesome PythonA curated list of awesome #Python frameworks, libraries, software and resources.https://github.com/vinta/awesome-python |
|
2023-03-28 20:23:00 |
AIxA cli tool to interact with Large Language Models (LLM) APIs.Features:• AMA with AI over CLI• Query LLM APIs (OpenAI)• Supports GPT-3.5 and GPT-4.0 models• Configurable with OpenAI API key• Flexible output optionshttps://github.com/projectdiscovery/aix#cybersecurity #infosec |
|
2023-03-28 16:20:00 |
kitsec-coreA minimalistic Python framework for fast and centralized ethical hacking.Kitsec impressed me. It's user-friendly and centralized, making it fast and efficient. It offers a wide range of capabilities, including OWASP Top 10 coverage, fuzzing, port scanning and more. It's an exceptional ethical hacking tool that I highly recommend.https://github.com/kitsec-labs/kitsec-coreWiki:https://www.kitsec.app/docs/Features#cybersecurity #infosec #pentesting #redteam |
|
2023-03-28 16:19:00 |
PHP filter chains oracle exploitA CLI to exploit parameters vulnerable to PHP filter chain error based oracle.https://github.com/synacktiv/php_filter_chains_oracle_exploit#cybersecurity #infosec #pentesting #redteam |
|
2023-03-28 09:52:39 |
Red Team Guides A platform that provides red team tutorial and guidance along with cheatsheets. It is aimed at helping security professionals and enthusiasts to learn about red teaming and penetration testing techniques. https://github.com/redteamguid… |
|
2023-03-28 09:52:25 |
Red Team GuidesA platform that provides red team tutorial and guidance along with cheatsheets. It is aimed at helping security professionals and enthusiasts to learn about red teaming and penetration testing techniques.https://github.com/redteamguides/redteamguides.github.ioWeb:https://redteamguides.com#pentesting #redteam |
|
2023-03-28 09:35:52 |
💰 Donate Dear subscribers, please support us and our work❣️ https://www.buymeacoffee.com/HackGit Dear channel sponsors, if you want you can get a little bonus from us 🍻 BTC: 1987zNaVX53v7tzpKRRde84uXbDYjuNykL TON: UQAAZ1BFX5OsybSryoFunzyJN3F7oKWMbZNPlwMTcVK8mEzA… |
|
2023-03-28 07:38:10 |
NekoBox for AndroidSing-box / universal proxy toolchain for #Android.https://github.com/MatsuriDayo/NekoBoxForAndroidWeb:https://matsuridayo.github.io/#privacy |
|
2023-03-27 20:23:00 |
100 Bug Bounty SecretsI'm going to reveal a hundred secrets of bug bounty!https://github.com/NafisiAslH/KnowledgeSharing/tree/main/CyberSecurity/Web/100BugBountySecrets#bugbounty #pentesting |
|
2023-03-27 16:20:00 |
403-bypassThis is the tool that I wrote when I was working for pentest.https://github.com/channyein1337/403-bypass#bugbounty #pentesting |
|
2023-03-27 16:19:00 |
Bulk 403 BypassThis is a Bash script that performs bulk 403 bypass by adding a custom header to HTTP requests. It can be useful for testing whether a website is vulnerable to 403 bypass techniques.https://github.com/aardwolfsecurityltd/Bulk_403_Bypass#bugbounty #pentesting |
|
2023-03-27 13:16:58 |
MeLE Quieter2D Mini PCMeLE is now offering its Quieter2D ultrathin fanless mini PC without an operating system, ideal for those who only want to run Linux and not pay extra for a Windows license. The mini PC is equipped with an Intel Celeron N4000 dual-core processor, 4GB RAM, and 64GB or 128GB eMMC storage. Other features include an M.2 2280 SATA/NVMe socket, two HDMI 2.0 ports, Gigabit Ethernet and WiFi 5 connectivity, and four USB 3.0 ports. MeLE also provides an unlocked BIOS suitable for IoT and business users to customize features. While the previous model had some issues with Ubuntu, the company assures that this new version may not be affected.Buy online: 🛒 https://amzn.to/3ZiQzxe🛒 https://ali.ski/gnGtth#minipc #mele |
|
2023-03-27 12:16:00 |
afrogA Vulnerability Scanning Tools For Penetration Testingafrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command execution, etc. It helps network security practitioners quickly verify and fix vulnerabilities in a timely manner.https://github.com/zan8in/afrog#cybersecurity #infosec #bugbounty #pentesting |
|
2023-03-27 12:15:00 |
scorecardOpenSSF Scorecard - Security health metrics for Open Source.https://github.com/ossf/scorecard#cybersecurity #infosec |
|
2023-03-27 08:09:12 |
SliverOpen source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys.https://github.com/BishopFox/sliver#cybersecurity #infosec #pentesting #redteam |
|
2023-03-27 07:47:21 |
NETworkManagerA powerful tool for #managing #networks and troubleshoot network problems!You can connect to and manage remote systems via Remote Desktop, PowerShell, PuTTY, TigerVNC or AWS (Systems Manager) Session Manager. Furthermore it contains features like a WiFi analyzer, IP scanner, port scanner, ping monitor, traceroute, DNS lookup or a LLDP/CDP capture (and many more) to analyze your network and troubleshoot network problems. You can save your hosts (or networks) in profiles which can be used in the various features. For additional security, the profile file can be encrypted.https://github.com/BornToBeRoot/NETworkManager |
|
2023-03-26 20:23:00 |
Red Teaming toolAnd many more. I created this repo to have an overview over my starred repos. I was not able to filter in categories before. Feel free to use it for yourself. I do not list Kali default tools as well as several testing tools which are state of the art.https://gist.github.com/z0rs/e1c640e2892cb6737602fec5d5496480#redteam #infosec #pentesting |
|
2023-03-26 12:22:28 |
Ffuf A fast web fuzzer written in Go Features: ▫️ Fast! ▫️ Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values ▫️ Silent mode (-s) for clean output that's easy to use in pipes to other processes.… |
|
2023-03-26 12:15:00 |
PoC-Malware-TTPsProof of Concept Code Repository for Malware TTPs.https://github.com/knight0x07/PoC-Malware-TTPs#malware #cybersecurity #infosec |
|
2023-03-26 08:16:02 |
Offensive AI CompilationA curated list of useful resources that cover Offensive AI.https://github.com/jiep/offensive-ai-compilation#cybersecurity #infosec #pentesting #redteam |
|
2023-03-25 20:23:00 |
A RedTeam ToolkitARTToolkit is an interactive cheat sheet, containing an useful list of offensive security tools and their respective commands/payloads, to be used in red teaming exercises.https://github.com/arttoolkit/arttoolkit.github.ioFind the project at: https://ARTToolkit.github.io#redteam #infosec |
|
2023-03-25 16:19:00 |
Malicious Software Packages DatasetAn open-source dataset of malicious software packages found in the wild, 100% vetted by humans.https://github.com/DataDog/malicious-software-packages-dataset#malware #cybersecurity #infosec |
|
2023-03-25 13:00:00 |
10K 🥷We have reached a wonderful milestone of 10,000 subscribers on our Telegram channel! 🥰 This is truly an incredible moment and we are immensely grateful to all of you who have been with us since the very beginning, helping us by reposting our content and recommending us to your friends. To those who have made donations, a special and heartfelt thank you. We sincerely hope that we have lived up to your expectations and justified every penny😘.For some, 10,000 may not seem like a big number, but we believe that each and every one of our subscribers is worth more than 100 who are not ours. We love and appreciate all of you and we thank you again for your support! ❤️ |
|
2023-03-25 12:59:53 |
None |
|
2023-03-25 12:16:00 |
WCEThis Python tool enables network node command and exfiltration while applying OPSEC to ensure the process is hidden by transmitting commands through window flags.https://github.com/Cyber-Guy1/WCE#redteam #cybersecurity #infosec |
|
2023-03-25 12:15:00 |
Untitled Goose ToolUntitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.https://github.com/cisagov/untitledgoosetool#cybersecurity #infosec |
|
2023-03-25 08:08:33 |
CVE-2023-23752Joomla! < 4.2.8 - Unauthenticated information disclosure.https://github.com/Acceis/exploit-CVE-2023-23752#cve #exploit #cybersecurity #infosec |
|
2023-03-24 16:20:00 |
AM0N-EyeAM0N-Eye is an advanced #RedTeam & Adversary Simulation Software for C2 operations, featuring opsOpec tools and techniques for AV/EDR evasion, shellcode generation, persistence, BOF, and payload generation.• Linux, MacOS and windows c2 server• Fake Alert techniques• AV/EDR evasion techniques• shellcode Generator & obfuscatior• Persistence techniques• New BOF• AV/EDR Recon• PayloadGenerator Undetected by antivirus programs• custom malwares• New c2 profileshttps://github.com/S3N4T0R-0X0/AM0N-Eye@HackGit |
|
2023-03-24 16:19:00 |
ArcA manager for your secrets made of arc, a RESTful API server written in Go which exposes read and write primitives for encrypted records, and arc, the client application implemented in HTML5 and javascript, which runs in every modern browser and it is served by arc itself.Records are generated, encrypted and decrypted client side by arc (with AES256 in GCM mode, using 10000 iterations for the PBKDF2 key derivation function, everything WebCrypto based ), which offers an intuitive management system equipped with UI widgets including:👇https://github.com/evilsocket/arc#cybersecurity #infosec #infosecurity |
|
2023-03-24 12:47:47 |
Shell GPTA command-line productivity tool powered by #ChatGPT, will help you accomplish your tasks faster and more efficiently.https://github.com/TheR1D/shell_gpt |
|
2023-03-24 12:35:43 |
ROCK Pi E (for Ethernets)ROCK Pi E is a Rockchip RK3328 based SBC(Single Board Computer) by Radxa. It equips a 64bits quad core processor, USB 3.0, dual ethernets, wireless connectivity at the size of 2.5x2.2 inch(56x65mm), making it perfect for IoT and network applications. ROCK Pi E comes in various ram sizes from 512MB to 4GB DDR3, and uses uSD card for OS and storage as well as supporting eMMC module. Optionally, ROCK Pi E supports PoE, additional HAT is required.Website:https://rockpi.eu/RockpiEBuy online: 🛒 https://ali.ski/oLQUm#board #minipc #rockpi |
|
2023-03-24 12:16:00 |
Self-WayBuilt to learn ethical hacking on your own. Includes guides, tutorials, cheat sheets and tools. The guides are accessible directly from CLI.https://github.com/NeverWonderLand/Self-Way#cybersecurity #infosec #redteam #pentesting |
|
2023-03-24 12:15:00 |
IP-ObfuscatorHide an IP address in scripts by hex/decimal conversions. Works in Linux and Windows, or even browsers.https://github.com/bobby-tablez/IP-Obfuscator#cybersecurity #infosec |
|
2023-03-24 09:12:00 |
CVE-2023-27532Proof of Concept code to exploit CVE-2023-27532 and either leak plaintext credentials or perform remote command execution.https://github.com/sfewer-r7/CVE-2023-27532#cve #exploit #cybersecurity #infosec |
|
2023-03-23 20:24:00 |
SecretOpt1c A #RedTeam tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!https://github.com/blackhatethicalhacking/SecretOpt1c#cybersecurity #infosec #pentesting |
|
2023-03-23 20:23:00 |
Fofa_ViewerFofa Viewer is a user-friendly FOFA client written in JavaFX, attributed to the WgpSec Community and primarily maintained by f1ashine. By leveraging the powerful internet search engine FoFa, it encapsulates many commonly used APIs into a concise UI, making it easier for cybersecurity professionals to hunt for vulnerabilities on target websites. With its out-of-the-box functionality, Fofa Viewer streamlines the search process, helping penetration testers quickly obtain the information they need.https://github.com/wgpsec/fofa_viewer/blob/master/README.en.md#cybersecurity #infosec |
|
2023-03-23 16:20:00 |
wildcrawlBash script that crawls a target URL to get a better image of what is tied to a website.https://github.com/NeverWonderLand/wildcrawl#bugbounty #pentesting |
|
2023-03-23 16:19:00 |
SpoofyA program that checks if a list of domains can be spoofed based on SPF and DMARC records.https://github.com/MattKeeley/Spoofy#bugbounty #pentesting |
|
2023-03-23 12:15:00 |
Dependency-CheckOWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.https://github.com/jeremylong/DependencyCheck#cybersecurity #infosec |
|
2023-03-23 08:26:10 |
LeakySAB-PoCPoC of 'LeakySAB' a vulnerability allowing extraction of usenet provider password from a SABnzbd instance.https://github.com/rlaphoenix/LeakySAB-PoC#cybersecurity #infosec |
|
2023-03-23 08:00:18 |
NidhoggA multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file with simple usage, you can see an example here.Nidhogg can work on any version of x64 Windows 10 and Windows 11.https://github.com/Idov31/Nidhogg#pentesting #redteam #cybersecurity #infosec |
|
2023-03-22 20:23:00 |
CrassusCrassus Windows privilege escalation discovery tool.https://github.com/vu-ls/Crassus#pentesting #redteam #cybersecurity #infosec |
|
2023-03-22 18:23:14 |
WFNWindows Firewall #Notifier extends the default #Windows embedded #firewall by allowing to handle and notify about outgoing connections, offers real time connections monitoring, connections map, bandwidth usage monitoring and more...https://github.com/wokhan/WFN |
|
2023-03-22 16:19:00 |
rdi-rsRusty Reflective DLL Injection - A small reflective loader in Rust 4KB in size.https://github.com/memN0ps/rdi-rs#pentesting #redteam |
|
2023-03-22 12:15:00 |
AWS Customer Security IncidentsSecurity is an exercise in managing risk. Reviewing the common root causes of security incidents is an effective way to guide prioritized remediation efforts.https://github.com/ramimac/aws-customer-security-incidents#cybersecurity #infosec |
|
2023-03-22 11:31:18 |
#DevOps GuideDevelopment to Production all configurations with basic notes to debug efficiently.https://github.com/Tikam02/DevOps-Guide |
|
2023-03-22 09:24:16 |
EqualNetA Secure and Practical Defense for Long-term Network Topology Obfuscationhttps://github.com/Abduarraheem/Mimic-EqualNet#cybersecurity #infosec |
|
2023-03-21 20:24:00 |
ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.https://github.com/lgandx/Responder#cybersecurity #infosec #pentesting #redteam |
|
2023-03-21 20:23:00 |
(ISC)2 Certified in CybersecurityThe content in this repo is based on the self-paced course called Certified in #Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity.In this entry-level cybersecurity certification, the domains included are: Security Principles, Business Continuity, Disaster Recovery & Incident Response Concepts, Access Controls Concepts, Network Security and Security Operations.https://github.com/cyberfascinate/ISC2-CC-Study-Material |
|
2023-03-21 16:20:00 |
Elevate-System-Trusted-BOFThis BOF can be used to elevate the current beacon to SYSTEM and obtain the TrustedInstaller group privilege. The impersonation is done through the SetThreadToken API.https://github.com/Mr-Un1k0d3r/Elevate-System-Trusted-BOF#cybersecurity #infosec #pentesting #redteam |
|
2023-03-21 16:19:00 |
CEH-Exam-QuestionsPlanning To Take Certified Ethical Hacker (CEH)? Here are github repo with 125 questions and answers to help you prep for the test.https://github.com/ryh04x/CEH-Exam-Questions#cybersecurity #infosec |
|
2023-03-21 12:16:00 |
pyThreadlessInjectA python port of CCob's ThreadlessInject, because why should C# have all the fun?!https://github.com/rkbennett/pyThreadlessInject#cybersecurity #infosec #redteam |
|
2023-03-21 12:15:00 |
bootdoor An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot.https://github.com/realoriginal/bootdoor#cybersecurity #infosec #redteam |
|
2023-03-21 08:08:53 |
#Malware and #Reverse Engineering Complete Collection.https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering |
|
2023-03-20 18:57:29 |
Black Angel RootkitBlack Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.https://github.com/XaFF-XaFF/Black-Angel-Rootkit#pentesting #redteam |
|
2023-03-20 18:56:39 |
Parallels Desktop VM EscapeThis repository contains an exploit for a Parallels Desktop vulnerability which has been assigned CVE-2023-27326. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop.The exploit was tested on Parallels Desktop version 18.0.0 (53049), and the vulnerability was patched in the 18.1.1 (53328) security update.https://github.com/Impalabs/CVE-2023-27326Details:https://blog.impalabs.com/2303_advisory_parallels-desktop_toolgate.html#cve #exploit #cybersecurity #infosec |
|
2023-03-20 12:15:00 |
Windows Atom Table HijackingPrivilege Escalation in Windows 7/8/10 through Atom Table Hijacking.https://github.com/SleepTheGod/Windows-Atom-Table-Hijacking |
|
2023-03-19 19:22:00 |
Nuclei Wordfence CVEhttps://github.com/topscoder/nuclei-wordfence-cve#cybersecurity #infosec #cve #pentesting |
|
2023-03-19 15:19:00 |
BeEFBeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.https://github.com/beefproject/beefWebsite:https://beefproject.com/#kali #pentesting #redteam #best |
|
2023-03-19 15:18:00 |
Authentication Token Obtain and Replace ExtenderThe plugin is created to help automated scanning using Burp in the following scenarios:▫️ Access/Refresh token▫️ Token replacement in XML,JSON body▫️ Token replacement in cookies▫️ The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become tricky and do not work in scenarios where the replacement text is either JSON, XML.https://github.com/portswigger/ator |
|
2023-03-19 11:14:08 |
imgdevilQuick and dirty proof-of-concept to hide shells in images.https://github.com/nyxgeek/imgdevilShells in Plain Sight - Storing Payloads in the Cloud:https://www.trustedsec.com/blog/shells-in-plain-sight-storing-payloads-in-the-cloud#cybersecurity #infosec #pentesting #redteam |
|
2023-03-19 11:14:00 |
Dark Web ArchivesAll public/Privately leaked Dark Web Marketplace (DNM) Scripts, Source codes and information.https://github.com/D4RK-R4BB1T/Dark-Web-Archives |
|
2023-03-18 20:23:00 |
Awesome Cyber SkillsA curated list of hacking environments where you can train your cyber skills legally and safely.https://github.com/joe-shenouda/awesome-cyber-skills#cybersecurity #infosec |
|
2023-03-18 19:22:00 |
ldrLdr is an unsuccesful attempt at a Rust BOF/COFF loader. It works for the simplest of object files, but crashes every time. The beacon functions themselves have also not been implemented well.https://github.com/yamakadi/ldr#redteam |
|
2023-03-18 18:21:00 |
All about bug bountyThese are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!https://github.com/daffainfo/AllAboutBugBounty#bugbounty #pentesting #infosec |
|
2023-03-18 17:20:00 |
Sirius ScanSirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for #cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Scan intends to leverage.https://github.com/SiriusScan/Sirius#infosec #pentesting #redteam |
|
2023-03-18 17:19:00 |
CVE-2023-0861Analyzing and reproducing the command injection vulnerability in Netmodule routers.https://github.com/seifallahhomrani1/CVE-2023-0861-POC#cve #poc |
|
2023-03-18 11:29:06 |
GPT_Vuln-analyzerUses #ChatGPT API and Python-Nmap module to use the GPT3 model to create vulnerability reports based on #Nmap scan data.https://github.com/morpheuslord/GPT_Vuln-analyzer#cybersecurity #infosec |
|
2023-03-18 11:28:59 |
Kebidu Remote Control \ DuplicatorThe Kebidu Duplicator is a versatile device that can clone a variety of remote control IC modules for garage doors, motorcycles, car alarms, and more. It has a working voltage of DC12V and operates at a frequency of 433MHz, with an emission distance of 50 to 100 meters. The device can delete existing codes and easily clone original remotes, making it simple to use. It comes with a metal and plastic construction and weighs only 50g, making it portable and convenient to use on the go.Buy online: 🛒 $1.21 https://alii.pub/6n9fhf🛒 https://amzn.to/40fbG4z#remote #RF |
|
2023-03-18 11:22:54 |
wifi_dbScript to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes (in 22000 hashcat format), MGT identities, interesting relations between APs, clients and it's Probes, WPS information and a global view of all the APs seen.https://github.com/r4ulcl/wifi_db#cybersecurity #infosec #pentesting |
|
2023-03-18 11:14:00 |
Signature-BaseSignature-Base is the YARA signature and IOC database for our scanners LOKI and THOR Litehttps://github.com/Neo23x0/signature-base#cybersecurity #infosec |
|
2023-03-18 09:30:46 |
None |
|
2023-03-18 09:12:00 |
WinSpoofThis PoC code demostrate how TpAllocWork, TpPostWork and TpReleaseWork can be used to execute machine code, the code start a image file by calling:👇 https://github.com/mobdk/WinSpoof#cybersecurity #infosec |
|
2023-03-18 07:46:26 |
Let's reach the 9,000-subscriber milestone together - please share our posts with your friends! 🥰 |
|
2023-03-17 18:26:47 |
Bypass PaywallsA web browser #extension to help #bypass paywalls for selected sites.https://github.com/iamadamdev/bypass-paywalls-chrome |
|
2023-03-17 16:19:00 |
CVE-2023-0179This repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 5.5 to 6.2-rc3, although the exploit was tested on 6.1.6.https://github.com/H4K6/CVE-2023-0179-PoC#cve #poc #exploit |
|
2023-03-17 11:14:00 |
BinwalkA fast, easy to use tool for analyzing, #reverse engineering, and extracting firmware images.https://github.com/ReFirmLabs/binwalk |
|
2023-03-17 10:22:19 |
CVE-2023-27842eXtplorer 2.1.15 - Insecure Permissions following RCE (Authenticated)https://github.com/tristao-marinho/CVE-2023-27842#cve #poc #RCE |
|
2023-03-17 10:19:48 |
CVE-2023-23396Microsoft Excel DoS Vulnerability→ Here you can download the exploit.→ Here you can read my report.→ Here you can buy me a unicorn 🦄https://github.com/LucaBarile/CVE-2023-23396#cve #poc #exploit |
|
2023-03-17 10:15:10 |
CVE-2023-27587ReadtoMyShoe - Generation of Error Message Containing Sensitive Information.https://github.com/sec-fx/CVE-2023-27587-PoCnuclei-template:https://github.com/sec-fx/CVE-2023-27587-PoC/tree/main/nuclei-templates/cves/2023#cve #poc |
|
2023-03-16 15:19:00 |
HashtopolisA #Hashcat wrapper for distributed hashcracking.https://github.com/hashtopolis/server#redteam |
|
2023-03-16 15:18:00 |
CVE-2023-23752#Joomla unauthorized access to webservice endpoints.https://github.com/Jenderal92/Joomla-CVE-2023-23752#pentesting #redteam |
|
2023-03-16 12:15:00 |
GoblobA lightweight and fast enumeration tool designed to aid in the discovery of sensitive information exposed publicy in Azure blobs, which can be useful for various research purposes such as vulnerability assessments, penetration testing, and reconnaissance.https://github.com/Macmod/goblob#pentesting #bugbounty |
|
2023-03-16 11:14:00 |
IPv4Fuscation-EncryptedC++ IPv4Fuscation technique to execute XOR #encrypted #shellcode stored in IP address format to help reduce entopy and detections on the typical hex/base64/other encoding techniques that are frequently used.https://github.com/wsummerhill/IPv4Fuscation-Encrypted |
|
2023-03-16 10:10:15 |
WiFi Devboard for Flipper ZeroThe WiFi Devboard for Flipper Zero is a specialized board based on ESP32-S2, designed specifically for the Flipper Zero hacking device. This devboard enables advanced in-circuit debugging via USB or Wi-Fi using the Black Magic Probe open source project. It also allows for Wi-Fi penetration testing and connectivity to the internet, which is not provided by the module itself and must be implemented separately.Buy online: 🛒 https://amzn.to/3LmmSrZ#board #flipperzero #ESP32 #wifi |
|
2023-03-16 09:15:01 |
PS2A port scanner written purely in PowerShell.https://github.com/nccgroup/PS2#pentesting #redteam |
|
2023-03-16 09:13:00 |
BountyTricksSharing #BugBounty tips and tricks with the community including but not limited to automation, one liners and useful thoughts.https://github.com/NagliNagli/Shockwave-OSS#pentesting |
|
2023-03-16 09:12:00 |
Container Security ChecklistChecklist for container security devsecops practices.https://github.com/krol3/container-security-checklist#kubernetes #docker #security #cheatsheet #blueteam |
|
2023-03-15 12:15:00 |
Chaos ClientGo client to communicate with Chaos DB API.https://github.com/projectdiscovery/chaos-client#bugbounty |
|
2023-03-15 10:13:00 |
PetitPotatoLocal privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)https://github.com/wh0amitz/PetitPotato#pentesting #redteam |
|
2023-03-14 16:19:00 |
ScanAndroidXMLThis tool analyzes #Android app to find vulnerabilities in👇▫️ AndroidManifest.xml▫️ network_security_config.xml▫️ Firebase URLs from strings.xml.https://github.com/satishpatnayak/ScanAndroidXML#cybersecurity #infosec |
|
2023-03-14 12:34:37 |
#Pentesting MindMaps▫️ AD penetration testing.▫️ Privilege escalation.▫️ Web penetration.https://github.com/eMVee-NL/MindMap#redteam |
|
2023-03-14 11:30:31 |
List of Awesome macOS Red Teaming Resources.As more and more companies begin to adopt macOS as a daily office solution, we often encounter macOS operating system during our Pentest/Red Teaming process. How to #hacking #macOS, how to achieve Persistence under macOS, and using this as a starting point Lateral Movement to DC is a topic worth research.This list is for anyone who wants to learn about Red Teaming for macOS but has no starting point. 👇https://github.com/tonghuaroot/Awesome-macOS-Red-Teaming#redteam |
|
2023-03-14 11:22:15 |
Bus PirateThe Bus Pirate is an open-source hacker multi-tool designed to interface with electronic devices, featuring protocols such as SPI, I2C, and 1-Wire, etc. It is capable of programming and analyzing low-end microcontrollers and features a range of additional functionalities, such as frequency measurement, pull-up resistors, and a logic analyzer. Developed by Dangerous Prototypes, based on a PIC24 MCU, and communicates with a host computer through USB. With its range of features and capabilities, the Bus Pirate is a useful tool for debugging, prototyping, and analyzing microcontrollers and other ICs.Repository:https://github.com/BusPirate/Bus_PirateBuy online: 🛒 v4.0 https://alii.pub/6n4jce🛒v3.6a https://amzn.to/3mOK87M#board #sniffer #dump |
|
2023-03-14 09:12:00 |
Juicy Info Extraction Nuclei TemplatesNuclei templates for extracting juicy info from web pages.https://github.com/cipher387/juicyinfo-nuclei-templates#infosec #infosecurity #bugbounty |
|
2023-03-13 15:18:05 |
JoelGMSecCollection of my talks and workshops about #hacking & #cybersecurity.https://github.com/JoelGMSec/MyTalks |
|
2023-03-13 15:18:00 |
Red Team PlaygroundThe Red Team Playground is a #Dockerized vulnerable testing lab for learning and practicing #RedTeam concepts.Docker network containing many vulnerable targets for practicing Red Teaming concepts (initial access, priv esc, persistence, lateral, C2, evasion, etc).https://github.com/minispooner/red-team-playground |
|
2023-03-13 11:15:00 |
OwnListCompilation of recent hacking-focused, #infosec related writeups, tools, etc.https://github.com/thelikes/ownlist#cybersecurity |
|
2023-03-13 11:14:00 |
level_up! : Web3 Security WarGameslevel_up! is a smartcontracts challenge platform where users can register with their wallet and perform different challenges oriented to their security. In each challenge the corresponding Solidity code can be found for analysis.level_up! is based on the idea that the best way to improve smart contract security is through active participation. By motivating users to work in such an easy way to find security flaws, we hope to improve good programming practices within smart contracts.https://github.com/Telefonica/level_up |
|
2023-03-13 09:12:00 |
PyShellPyShell is Multiplatform #Python #WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating system of the server.https://github.com/JoelGMSec/PyShell |
|
2023-03-13 08:46:42 |
PS5 4.03 Kernel Exploit This repo contains an experimental WebKit ROP implementation of a PS5 kernel exploit based on TheFlow's IPV6 Use-After-Free (UAF), which was reported on HackerOne. The exploit strategy is for the most part based on TheFlow's BSD/PS4… |
|
2023-03-13 07:12:33 |
DevSecOps 🔱Collection and #Roadmap for everyone who wants #DevSecOps. Hope your #DevOps are more safe 😎https://github.com/hahwul/DevSecOps |
|
2023-03-12 11:15:00 |
Crawlector A threat hunting framework designed for scanning websites for malicious objects.https://github.com/MFMokbel/Crawlector#cybersecurity #bugbounty |
|
2023-03-12 11:14:00 |
ChatGPT Prompts for Bug BountyA list of ChatGPT Prompts for Web Application Security, Bug Bounty, and Pentesting.https://github.com/TakSec/chatgpt-prompts-bug-bounty |
|
2023-03-12 09:12:00 |
Cyber MindmapThis repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them.https://github.com/Ignitetechnologies/Mindmap#cybersecurity #infosec #pentesting #redteam |
|
2023-03-11 15:18:00 |
WebGoat 8 A deliberately insecure web application maintained by OWASP designed to teach web application security lessons.https://github.com/WebGoat/WebGoat#pentesting #cybersecurity #infosec |
|
2023-03-11 11:15:00 |
Awesome Pentest Tools CollectionThe tools listed below are commonly used in penetration testing, and the tool catalog is referenced from Kali Tools, most of which are open source software. https://github.com/arch3rPro/PentestTools#cybersecurity #infosec #pentesting #bugbounty #redteam |
|
2023-03-11 11:14:00 |
nuclei templateshttps://github.com/DoubleTakes/nuclei-templates#bugbounty |
|
2023-03-11 09:19:49 |
iOS Internals & Security TestingiOS is Apple's proprietary operating system that runs on the iPhone, iPod Touch and iPad. A lot of components are specific to #iOS. Here are key features of the iOS hardware and software security architecture and guide how to test your applications.https://github.com/vadim-a-yegorov/iOS-Internals-and-Security-Testing#cybersecurity #infosec |
|
2023-03-11 09:19:47 |
Kingston IronKey Vault Privacy 80 External SSDThe IronKey™ External SSD is a user-friendly, hardware-encrypted external drive that protects data with touch screen technology. It safeguards against Brute Force attacks and #BadUSB with digitally-signed firmware and FIPS 197 certified XTS-AES 256-bit encryption. The device allows for multi-password protection with numeric PIN or passphrase modes and is ideal for on-the-go use. Buy online: 🛒 https://amzn.to/3FhjMS3#ssd #encrypted #security |
|
2023-03-11 09:13:00 |
SWS-Recon A Python Tool designed to performed Reconnaissance on the given target website- Domain or SubDomain. SWS-Recon collects information such as Google Dork, DNS Information, Sub Domains, PortScan, Subdomain takeovers, Reconnaissance On Github and much more vulnerability scan.https://github.com/ShobhitMishra-bot/SWS-Recon-Tool#pentesting #bugbounty |
|
2023-03-11 09:12:00 |
Penetration-Testing-ToolsA collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.https://github.com/mgeeky/Penetration-Testing-Tools#pentesting #bugbounty #redteam |
|
2023-03-10 11:14:00 |
PSBitsSimple (relatively) things allowing you to dig a bit deeper than usual.https://github.com/gtworek/PSBits#cybersecurity #infosec #pentesting #redteam |
|
2023-03-10 09:12:00 |
Supp'truderThis tool came from an idea I had while doing #bugbounty. I was very dissapointed on the common tools used to fuzz the http protocol, and I wad tired of doing some bash kung-fu or firing burp each time I had to fuzz something needing some pre treatment. That's where Supp'truder comes: It provides a unique set of tools to pre-process your payloads and some neat features that will save you some time !https://github.com/ElSicarius/Supp-truder |
|
2023-03-10 07:05:50 |
NativePayloadsAll my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming.https://github.com/DamonMohammadbagher/NativePayloads#pentesting #redteam |
|
2023-03-09 13:25:23 |
ThinkFun — Hacker Cybersecurity Logic GameThink Fun's "Hacker" is a fun, multicolor cybersecurity coding game and STEM toy suitable for boys and girls aged 10 and up. With over 50 million sold worldwide, Thinkfun is the world's leader in brain and logic games. Playing through the challenges in Hacker helps develop reasoning, planning, and core programming principles, providing a great stealth learning experience for young players. The game includes a game grid, control panel, challenge booklet, and various tokens and tiles. Clear instructions make it easy to start playing immediately.Buy online: 🛒 https://amzn.to/3ZRdgtg#games |
|
2023-03-09 11:14:00 |
WAZUH Active-Response▫️ Blocking Unwanted Commands on Linux using CDB Lists.▫️ Blocking Unwanted Software Vendors on Windows using CDB Lists▫️ Remove-Threat by CDB List from Linux▫️ Remove-Threat by CDB List from Windowshttps://github.com/AliHaydarToprak/Wazuh-Active-Response |
|
2023-03-09 09:12:00 |
Atomic Red TeamAtomic Red Team™ is a library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.https://github.com/redcanaryco/atomic-red-team#redteam |
|
2023-03-09 07:12:45 |
Cheat sheet — attack active directoryThis cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.https://github.com/drak3hft7/Cheat-Sheet---Active-Directory#pentesting #ad #redteam |
|
2023-03-07 19:00:00 |
CVE-2023-1112Drag and Drop Multiple File Uploader PRO - Contact Form 7 v5.0.6.1 Path Traversal (CVE-2023-1112)https://github.com/Nickguitar/Drag-and-Drop-Multiple-File-Uploader-PRO-Path-Traversal |
|
2023-03-07 18:21:00 |
Google Dorks SimplifiedA simple explanation of google dorks, its uses and collection of best google #dorks to get the best and desired information.https://github.com/InfuriousICC/Google-Dorks-Simplified |
|
2023-03-07 15:18:00 |
SlashSlash is Automated Osint Tool that allows you to #OSINT people by their username.https://github.com/theahmadov/slash |
|
2023-03-07 09:12:00 |
DRat Decentralized Remote Administration Tool.https://github.com/SpenserCai/DRat#redteam |
|
2023-03-07 08:34:36 |
CactiA complete #network #graphing solution designed to harness the power of RRDtool's data storage and graphing functionality providing the following features:▫️ Remote and local data collectors▫️ Device discovery▫️ Automation of device and graph creation▫️ Graph and device templating▫️ Custom data collection methods▫️ User, group and domain access controlshttps://github.com/Cacti/cactiWebsite:https://www.cacti.net/ |
|
2023-03-06 18:21:00 |
CCAT ☁️🐈Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.https://github.com/RhinoSecurityLabs/ccat#cybersecurity #pentesting |
|
2023-03-06 15:18:00 |
Awesome Red TeamingList of Awesome #RedTeam / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.https://github.com/0xMrNiko/Awesome-Red-Teaming |
|
2023-03-06 14:20:41 |
YubiKeyThe Yubico Security Key is a heavy-duty, tamper-resistant USB and NFC security key designed to protect online accounts against unauthorized access. It supports FIDO2, FIDO U2F, and other protocols, works with a wide range of online services, and is water and shock-resistant. With touch-based authentication, it provides an easy and secure way to protect your online accounts from phishing and account takeovers.Buy online: 🛒 https://amzn.to/3L0xdJL🛒 https://ali.ski/qAF720#security #key #usb |
|
2023-03-06 13:51:59 |
slowlorisSlowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this:▫️ We start making lots of HTTP requests.▫️ We send headers periodically (every ~15 seconds) to keep the connections open.▫️ We never close the connection unless the server does so. If the server closes a connection, we create a new one keep doing the same thing.https://github.com/gkbrk/slowloris |
|
2023-03-06 13:30:53 |
deepceDocker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)https://github.com/stealthcopter/deepce#infosec #pentesting |
|
2023-03-06 12:29:19 |
Awesome Kubernetes (K8s) Threat DetectionA curated list of resources about detecting threats and defending Kubernetes systems.https://github.com/jatrost/awesome-kubernetes-threat-detection#cybersecurity |
|
2023-03-06 11:14:00 |
Eval VillainThis is a web extension for Firefox that will hook dangerous functions, like eval, and warn you of their use. simplify the reverse engineering or debugging of JavaScript.https://github.com/swoops/eval_villain#pentesting #bugbounty |
|
2023-03-06 09:12:00 |
DarkPhoenixTool to perform differential fault analysis attack (DFA) on whiteboxes with external encodings.https://github.com/SideChannelMarvels/DarkPhoenixDarkPhoenixAES attack:https://github.com/SideChannelMarvels/Deadpool/tree/master/wbs_aes_nsc2013/DFA#cybersecurity #infosec |
|
2023-03-05 15:19:01 |
Awesome apisecA collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.https://github.com/arainho/awesome-api-security#cybersecurity |
|
2023-03-05 15:18:00 |
MLHospitalMLHospital is a repo to evaluate inference attacks and the corresponding defenses against machine learning models.Currently we support membership inference attacks and attribute inference attacks.https://github.com/TrustAIResearch/MLHospital |
|
2023-03-05 12:01:59 |
AfuzzAfuzz is an automated web path fuzzing tool for the #BugBounty projects.▫️ Afuzz automatically detects the development language used by the website, and generates extensions according to the language.▫️ Uses blacklist to filter invalid pages▫️ Uses whitelist to find content that bug bounty hunters are interested in in the page▫️ filters random content in the page▫️ judges 404 error pages in multiple ways▫️ perform statistical analysis on the results after scanning to obtain the final result.▫️ support HTTP2https://github.com/rapiddns/afuzz |
|
2023-03-05 12:01:57 |
Lenovo ThinkPad X1 Carbon Gen 9The ThinkPad X1 Carbon Gen 9 laptop, powered by the Intel® Evo™ platform, boasts exceptional performance, long battery life, and stunning visuals with up to 11th Gen Intel® Core™ i7 vPro® processors. The laptop features an improved Intelligent Thermal Solution to keep it cool under pressure, an updated suite of built-in ThinkShield security solutions for seamless security, and a refined 16:10 display with narrow bezels and powerful Intel® Iris™ Xe graphics for vibrant visuals. The Dolby Atmos® Speaker System and Dolby Voice® improve remote collaboration, and the laptop offers a true smartphone-like experience with speedy WiFi 6 and optional 4G/5G WWAN. Additionally, the ThinkPad X1 Carbon Gen 9 is military-grade tough, having been tested against 12 military-grade requirements and over 200 quality checks.Buy online: 🛒 https://amzn.to/3L2RJcZ#thinkpad #laptop |
|
2023-03-05 11:15:00 |
Awesome Penetration TestingA collection of awesome penetration testing and offensive cybersecurity resources.https://github.com/enaqx/awesome-pentest#pentesting |
|
2023-03-05 09:13:01 |
XSSHunterThe fastest way to set up XSS Hunter to test and find blind cross-site scripting vulnerabilities.https://github.com/trufflesecurity/xsshunterXSSHunter repository is not in a deploy-able state. This fork fixes that. https://github.com/rs-loves-bugs/xsshunter#pentesting #bugbounty #redteam |
|
2023-03-05 09:12:03 |
EPSS API ClientEPSS(Exploit Prediction Scoring System) API client.EPSS is the one of famous vulnerability score developed by FIRST (the Forum of Incident Response and Security Teams).https://github.com/kannkyo/epss-api |
|
2023-03-05 09:12:00 |
X-forceIBM Security utilitary library in python. Search and query all sources: threat_activities and groups, malware_analysis, industrieshttps://github.com/Jul10l1r4/X-force#cybersecurity #infosec |
|
2023-03-04 15:18:00 |
Envizon Network visualization & pentest reportingThis tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, 'envizon'. We hope your feedback will help to improve and hone it even further.https://github.com/evait-security/envizon |
|
2023-03-04 11:15:00 |
XSStrikeAdvanced #XSS Detection SuiteXSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.https://github.com/s0md3v/XSStrike#pentesting #bugbounty |
|
2023-03-04 11:14:01 |
Invoke-PSObfuscationAn in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux.https://github.com/gh0x0st/Invoke-PSObfuscation#infosec #redteam |
|
2023-03-04 11:14:00 |
s6_pcie_microblazePCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoorhttps://github.com/Cr4sh/s6_pcie_microblaze |
|
2023-03-04 10:12:14 |
VulnPlanet 🪐Well-structured vulnerable code snippets with fixes for Web2, Web3, API, Mobile (iOS and Android) and Infrastructure-as-Code (IaC)https://github.com/yevh/VulnPlanet |
|
2023-03-04 09:12:07 |
stylehaxA Nintendo DSi browser #exploit.See it in action on YouTube! Check out the blog post for the technical writeup.https://github.com/nathanfarlow/stylehaxDetails:https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser |
|
2023-03-04 09:12:00 |
CVE-2022-20494Exploit app for CVE-2022-20494, a high severity permanent denial-of-service vulnerability that leverages Android's DND (Do not disturb) feature.https://github.com/Supersonic/CVE-2022-20494#cve |
|
2023-03-04 08:23:15 |
BugHunter Nuclei templatesI will upload more #nuclei templates that help during the #bugbounty hunting process.https://github.com/ayadim/Nuclei-bug-hunter |
|
2023-03-03 15:18:00 |
llm-securityNew ways of breaking app-integrated LLMs.https://github.com/greshake/llm-securityDetails:https://greshake.github.io/#pentesting #redteam |
|
2023-03-03 11:53:02 |
Fav-upLookups for real IP starting from the favicon icon and using #Shodan.https://github.com/pielco11/fav-up#bugbounty |
|
2023-03-03 11:43:43 |
MSR605X USB Card Reader \ Writer.The MSR605X USB Reader is a magnetic stripe card encoder and reader that supports 1, 2, and 3 tracks, including credit cards, gift cards, and driver's licenses. It can read, write, and erase data and all three tracks can be set to 75 or 210 BPI. The MSR605X is compatible with Hico and Loco with 300 to 4000 OE, and has a USB interface. It is portable with dimensions of 212(L) x 64(W) x 63(H) mm and works with Windows and Mac OS. The device has a built-in power system and does not require an extra power adapter.Buy online: 🛒 https://amzn.to/3KRmn8U🛒 https://alii.pub/6mojc9#usb #card #reader |
|
2023-03-03 09:12:00 |
EnlightnA Laravel Tool To Boost Your App's Performance & SecurityThink of Enlightn as your performance and security consultant. Enlightn will "review" your code and server configurations, and give you actionable recommendations on improving performance, security and reliability!The Enlightn OSS (open source software) version has 64 automated checks that scan your application code, web server configurations and routes to identify performance bottlenecks, possible security vulnerabilities and code reliability issues.https://github.com/enlightn/enlightn |
|
2023-03-03 06:53:12 |
MubengAn incredibly fast #proxy #checker & IP rotator with ease.Features:▫️ Proxy IP rotator: Rotates your IP address for every specific request.▫️ Proxy checker: Check your proxy IP which is still alive.▫️ All HTTP/S methods are supported.▫️ HTTP, SOCKS v4(A) & v5 proxy protocols apply.▫️ All parameters & URIs are passed.▫️ Easy to use: You can just run it against your proxy file, and choose the action you want!▫️ Cross-platform: whether you are Windows, Linux, Mac, or even Raspberry Pi, you can run it very well.https://github.com/kitabisa/mubeng |
|
2023-03-02 11:14:00 |
DroppedConnectionEmulates a Cisco ASA Anyconnect VPN service, accepting any credentials (and logging them) before serving VBS to the client that gets executed in the context of the user.https://github.com/nccgroup/DroppedConnection#redteam |
|
2023-03-02 09:26:22 |
ArkimeArkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Arkime exposes APIs which allow for PCAP data and JSON formatted session data to be downloaded and consumed directly. Arkime stores and exports all packets in standard PCAP format, allowing you to also use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.Arkime is built to be deployed across many systems and can scale to handle tens of gigabits/sec of traffic. PCAP retention is based on available sensor disk space. Metadata retention is based on the Elasticsearch cluster scale. Both can be increased at anytime and are under your complete control.https://github.com/arkime/arkime#cybersecurity |
|
2023-03-02 09:26:20 |
JumboSPOT MMDVM HotspotThe JumboSPOT Multi Mode IP Gateway is a self-contained digital hotspot that allows for DMR, D-Star, P25, and System Fusion communications. It comes fully assembled and tested in a ruggedized aluminum enclosure and only requires a mini USB power source and a WiFi-based internet connection for operation.The device supports PI-STAR's web-based digital voice dashboard and configuration tool and has a built-in OLED system status display indicating Mode, Talk Group, and Call Sign. Additionally, the device has built-in LED indicators for the status of Power, PTT, COS, and Mode, as well as a console port SSH 22 for root level access to the operating system. The JumboSPOT is pocket-sized and comes with a quad-core A7 1.2GHz processor, 512MB DDR3 RAM, and 8GB TF card. It also has a built-in WiFi 802.11b/g/n wireless LAN, and a JumboSPOT UHF (430-440) + VHF (144-146) RF extend board installed. Buy online: 🛒 https://alii.pub/6mmvxd🛒 https://amzn.to/3KRk0TKKit without Raspberry Pi Zero:🛒 https://amzn.to/3IJASJ8🛒 https://alii.pub/6mmwbd#radio #wifi #raspberry |
|
2023-03-02 09:13:04 |
Content Queries (CONQUER) AttackArtifacts of our NDSS'23 paper titled "Do Not Give a Dog Bread Every Time He Wags His Tail: Stealing Passwords through Content Queries (CONQUER) Attack"https://github.com/VoodooChild99/ConquerDetails:https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f5_paper.pdf#pentesting #redteam |
|
2023-03-02 09:12:07 |
CVE 2022-22978Authorization Bypass in RegexRequestMatcher.https://github.com/umakant76705/CVE-2022-22978#cve |
|
2023-03-02 09:12:00 |
AladdinPayload generation tool, which using the specific bypass as well as the necessary header bytes of the .NET remoting protocol is able to generate initial access payloads that abuse the AddInProcess as originally documented.https://github.com/nettitude/Aladdin#redteam |
|
2023-03-01 11:14:00 |
RosenpassA formally verified, post-quantum secure VPN that uses WireGuard to transport the actual data.https://github.com/rosenpass/rosenpass#privacy #infosec |
|
2023-03-01 09:12:00 |
ShellGoSimple Shellcode Loader tool.https://github.com/BlackShell256/ShellGo#redteam |
|
2023-02-28 15:18:01 |
CSharp Alternative Shellcode CallbacksAlternative #shellcode execution techniques using Windows callback functionsEach CSharp file contains code to execute shellcode using native Windows callbacks. I tried to use much less common callback techniques that weren't typically documented online as far as I could tell. This way they should be more evasive.https://github.com/wsummerhill/CSharp-Alt-Shellcode-Callbacks |
|
2023-02-28 15:18:00 |
ParamAnglerIntroducing ParamAngler - the ultimate tool for testing specific payloads on each parameter. The name ParamAngler is a combination of two words - 'parameters' and 'angler'. An angler is someone who enjoys fishing with a rod and line, and with ParamAngler, you can fish for bugs on a much larger scale.Whether you're looking for XSS, LFI, SQLi, or other vulnerabilities in your web application, ParamAngler has got you covered. With its powerful and easy-to-use features, you can search for reflected parameters, test for payloads, and much more.https://github.com/spyx/ParamAngler#pentesting #bugbounty |
|
2023-02-28 11:14:05 |
CVE-2023-21839Weblogic CVE-2023-21839 RCEhttps://github.com/4ra1n/CVE-2023-21839#cve |
|
2023-02-28 11:14:00 |
awesome-threat-intelligenceA curated list of awesome Threat Intelligence resources.https://github.com/hslatman/awesome-threat-intelligence |
|
2023-02-28 10:14:17 |
p0wny-shellA very basic, single-file, #PHPshell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.https://github.com/flozz/p0wny-shell#redteam |
|
2023-02-28 09:14:55 |
RFID Field DetectorThe RFID Field Detector is a small and portable device that can detect Low Frequency (125KHz) and High Frequency (13.56MHz) RFID fields without the need for batteries. It can be used for various purposes including pentesting and development, allowing for rapid identification of RFID presence. The compact design allows it to fit easily on a keyring, making it easy to carry around. The device is powered by the RF field and has an LED indicator that shows the frequency of the field when in the presence of an RFID field.Buy online: 🛒 https://alii.pub/6mjoo4#security #rfid |
|
2023-02-28 09:12:00 |
SharpAltShellCodeExecAlternative Shellcode Execution Via Callbacks in C# with P/Invokehttps://github.com/werdhaihai/SharpAltShellCodeExecMost techniques taken from: https://t.me/hackgit/4635#redteam |
|
2023-02-27 15:18:00 |
BOFsBeacon Object Files, not Buffer Overflowshttps://github.com/snovvcrash/BOFs#redteam |
|
2023-02-27 11:14:01 |
Azure AD Incident Response PowerShell ModuleThe Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.https://github.com/AzureAD/Azure-AD-Incident-Response-PowerShell-Module#ad #cybersecurity |
|
2023-02-27 11:14:00 |
REmote CoMmanD ExecutorA simple utility that can be used to execute command on a remote host.https://github.com/0xor0ne/recmd#infosec #pentesting |
|
2023-02-27 08:32:03 |
Project Based LearningA list of #programming #tutorials in which aspiring software developers learn how to build an application from scratch. These tutorials are divided into different primary programming languages. Tutorials may involve multiple technologies and languages.https://github.com/practical-tutorials/project-based-learning |
|
2023-02-27 08:29:53 |
Lifetime AMSI bypassNew AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it.https://github.com/ZeroMemoryEx/Amsi-Killer |
|
2023-02-27 07:15:34 |
Evasion EscaperA project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environment or sandbox, and to pass all such checks successfully.https://github.com/vvelitkn/Evasion-Escaper#redteam |
|
2023-02-27 07:07:30 |
SekiryuAutomatic decompilation and analysis of binary files with your favorite decompiler and and #ChatGPT.https://github.com/20urc3/Sekiryu |
|
2023-02-27 07:04:36 |
AtomLdrA DLL loader with advanced evasive features.https://github.com/NUL0x4C/AtomLdr#redteam |
|
2023-02-26 15:18:01 |
TCP-Data-Transfer-ToolSendfile Attack Script This is a C script that performs a Sendfile attack. It creates a file called "sendfile1" of size 64 MB and uses the sendfile() function to send it over a socket to a listening server on port 31337. While the file is being sent, it opens the file "kmem" and writes all received data to it.https://github.com/SleepTheGod/TCP-Data-Transfer-Tool |
|
2023-02-26 15:18:00 |
Course on Digital ForensicsA course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University.https://github.com/asiamina/A-Course-on-Digital-Forensics |
|
2023-02-26 15:01:26 |
TTGO T-Beam ESP32 LoRaThe TTGO T-Beam is a long-range wireless capable board supporting LoRa, built around a dual-core ESP32 chip with 4MB of SPI flash onboard, providing both Wi-Fi and Bluetooth LE. The board's LoRa support comes in three different variants, operating at 433MHz, 868MHz, and 915MHz depending on region, with an included SMA antenna. Location tracking is provided by the onboard u-blox NEO-6M GPS module with ceramic antenna, and the board offers 26-pin headers with GPIO, ADC, VP/VN, DAC, touch, SPI, I2C, UART, 2דLoRa” pin, and power signals (5V/3.3V/GND). The board can be programmed using the Arduino development environment, and example code shows you how to both send and receive data via LoRa. The board also includes a battery holder for a 18650 Li-Ion cell.Repository:https://github.com/Xinyuan-LilyGO/LilyGo-LoRa-Series Buy online: 🛒 https://alii.pub/6mgzin🛒 https://amzn.to/3Z2WUh4#radio #lora #mesh #ESP32 |
|
2023-02-26 11:14:00 |
XMTXMT is a full-featured C2 framework written in Golang that allows for control, data exfiltration and some other cool functions. Can be used to make full C2 clients/servers with little out-of-the-box changes.ThunderStorm would be an implementation of this.https://github.com/iDigitalFlame/xmt |
|
2023-02-26 09:12:00 |
BootlickerA generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.https://github.com/realoriginal/bootlicker#infosec #redteam |
|
2023-02-25 15:18:00 |
A Red-Teamer diariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.https://github.com/ihebski/A-Red-Teamer-diaries#redteam |
|
2023-02-25 13:41:05 |
Throwing Star LAN Tap ProThe Throwing Star LAN Tap Pro is a fully assembled and enclosed Ethernet tap device that requires no power to operate. It is an excellent tool for monitoring 10BASET and 100BASETX networks, providing both RX and TX monitoring capabilities for packet sniffing programs like tcpdump, tshark, and Wireshark.The device features two specially placed capacitors that force 1000BASET networks to negotiate at lower speeds (typically 100BASETX) so that they can be passively monitored. Pentesters can connect the Throwing Star LAN Tap Pro in line with a target network using Ethernet cables, then connect the monitoring ports to one or two monitoring stations. Finally, capture network traffic using your favorite software on the monitoring station(s).It comes in two versions, the Throwing Star LAN Tap (in kit form to assemble) and the Throwing Star LAN Tap Pro (an assembled device).Buy online: 🛒 https://alii.pub/6mfmov#ethernet #tap #sniffing |
|
2023-02-25 11:14:07 |
DarkAngelDarkAngel is a fully automatic white hat vulnerability scanner, which can monitor hacker and bugcrowd assets, generate vulnerability reports, screen capture of vulnerability URL, and send enterprise WeChat notifications.https://github.com/Bywalks/DarkAngel |
|
2023-02-25 11:14:00 |
CGPLCGPL is a packer/loader written in C# with the following feature (planning to make this list bit longer in the future):▫️ My very own GetProcAddress (parsing PE headers is such a joy) and GetModuleHandle (decided to go for CreateToolhelp32Snapshot) implementation to dinamically fetch the address of the Win32 API I wanted to use.▫️ AES encryption with a SHA256 derived key (must admit got inspiration from some APT guys) for payload and Win32 api function names (delegates might still drop suspicious strings around, but you can also change those names)▫️ It does not dare to allocate a memory buffer which is READWRITEEXEC at the same time.https://github.com/oldboy21/CGPL |
|
2023-02-25 09:12:00 |
PsNotifRoutineUnloaderThis script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection.https://github.com/Processus-Thief/PsNotifRoutineUnloader#cybersecurity #infosec |
|
2023-02-25 08:01:30 |
CVE-2023-23752Simple program for joomla CVE-2023-23752 scanner, This is a simple Ruby script that checks if a list of targets is vulnerable to CVE-2023-23752, a critical security vulnerability in a web application. The script sends a HTTP GET request to a specified endpoint, and extracts information from the response to determine if the target is vulnerable.https://github.com/z3n70/CVE-2023-23752 |
|
2023-02-24 15:18:01 |
plagueDefault Detections for EDRThe detections detailed below are what I attempt to establish on any EDR product I deploy or work on. Take your own considerations for criticality and datasets.https://github.com/QueenSquishy/plague#cybersecurity |
|
2023-02-24 15:18:00 |
LeoA network logon cracker which support many different services.https://github.com/zan8in/leo#redteam |
|
2023-02-24 11:14:07 |
kube-benchChecks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark.https://github.com/aquasecurity/kube-bench#cybersecurity |
|
2023-02-24 11:14:00 |
rekonoExecute complete pentesting processes combining multiple hacking tools automatically.https://github.com/pablosnt/rekono#pentesting #redteam |
|
2023-02-24 09:13:00 |
msLDAPDumpLDAP enumeration tool implemented in Python3msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently.https://github.com/dievus/msLDAPDump#pentesting #redteam |
|
2023-02-24 09:12:00 |
fuzz4bountyAwesome wordlists for Bug Bounty HuntingThis repository contains publicly available wordlists for Bug hunting. The main Objective for creating this repo is to bring all the available worlists at one place.Wordlists will be updated regularly.https://github.com/0xPugazh/fuzz4bounty |
|
2023-02-24 06:27:23 |
Azure-AccessPermissionsEasy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.https://github.com/csandker/Azure-AccessPermissions |
|
2023-02-23 23:15:40 |
Dear friends and supporters, we hope this message finds you well. We would like to take a moment to thank you for being a part of our community and for your ongoing support. As you know, maintaining a channel like ours requires a lot of time, effort. If you appreciate the content we provide and would like to help us continue to grow and thrive, we kindly ask for your donation. Any amount, big or small, would be greatly appreciated and will go towards improving our channel and providing even better content. Thank you for your consideration, and we look forward to continuing to bring you valuable and informative content❣️https://www.buymeacoffee.com/HackGitBTC: 1987zNaVX53v7tzpKRRde84uXbDYjuNykLTON: UQAAZ1BFX5OsybSryoFunzyJN3F7oKWMbZNPlwMTcVK8mEzA |
|
2023-02-23 15:18:00 |
Chatbot Injections & Exploits🐱💻Welcome to the ChatBot Injections & Exploits repo. This repo is a collection of known and not ChatBot injections and exploits to "trick" any ChatBot into doing something it shouldn't.https://github.com/Cranot/chatbot-injections-exploits#chatgpt #gpt |
|
2023-02-23 10:34:39 |
SubzySubdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz.https://github.com/LukaSikic/subzy#pentesting #bugbounty |
|
2023-02-23 10:23:02 |
Linux Kodachi 8.27Linux Kodachi is a privacy-focused operating system based on Ubuntu that is designed to provide users with a secure and anonymous online experience. With pre-installed VPN, Tor connection, and DNScrypt service, Kodachi is easy to use and requires no setup or Linux knowledge. It is a live operating system that can be started on any computer from a DVD, USB stick, or SD card, leaving no trace of activity once shut down. Kodachi aims to preserve the privacy and anonymity of its users, making it a great option for those who are concerned about their online security.https://sourceforge.net/projects/linuxkodachi/#os #security #linux #ubuntu #privacy |
|
2023-02-23 10:04:23 |
okta scim attack toolThis repository contains a pen-testing tool based on passbleed that allows pen-testers to extract clear text passwords from Okta by abusing Okta's implementation of the System for Cross-domain Identity Management (SCIM) protocol. The issue allows for clear text password stealing and PII theft.https://github.com/authomize/okta_scim_attack_toolDetails:https://www.authomize.com/blog/authomize-discovers-password-stealing-and-impersonation-risks-to-in-okta/#challenges |
|
2023-02-23 09:34:56 |
PortaPow USB Data BlockerThe PortaPow USB-C to C Data Blocker is designed to protect your device against "juice jacking" - a type of cyber attack where charging ports are compromised to steal data or install malware. This data blocker prevents any data transfer between your device and a USB port while still allowing for safe charging. PortaPow has been a pioneer in data blocking since 2009 and offers a wide range of products, including this USB-C to C version. They also prioritize sustainability through their Compact by Design initiative, which promotes efficient product design and packaging to reduce carbon emissions.Buy online: 🛒 https://amzn.to/3KAZGpkUSB-C to C: https://amzn.to/3lZHYlfUSB-A to USB-C:https://amzn.to/3xP9LHQ#USB #Data #Blocker |
|
2023-02-22 15:18:00 |
VDP-FinderThis extension tells if visited sites have vulnerability disclosure programshttps://github.com/yeswehack/yeswehack_vdp_finder |
|
2023-02-22 11:14:00 |
Wifi-HackingCyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)https://github.com/ankit0183/Wifi-Hacking |
|
2023-02-22 09:12:00 |
Awesome Vulnerable ApplicationsA curated list of various vulnerable by design applicationshttps://github.com/vavkamil/awesome-vulnerable-apps |
|
2023-02-21 15:18:08 |
SerianalyzerSerianalyzer is a static bytecode analyzer tracing native method calls made by methods called during deserialization.The main purpose of this tool is as a research tool to audit code for dangerous behavior during deserialization. It is not really useful to determine whether you application is vulnerable or not. If your application deserializes data crossing trust boundaries - you should assume it is.https://github.com/mbechler/serianalyzer |
|
2023-02-21 15:18:07 |
Fortinet FortiNAC Unauthenticated RCEOn Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.https://github.com/horizon3ai/CVE-2022-39952#cve #poc |
|
2023-02-21 15:18:00 |
reverseip_pyDomain Parser for IPAddress.com Reverse IP LookupReverse IP refers to the process of looking up all the domain names that are hosted on a particular IP address. This can be useful for a variety of reasons, such as identifying all the websites that are hosted on a shared hosting server or finding out which websites are hosted on the same IP address as a particular website.https://github.com/yuyudhn/reverseip_py |
|
2023-02-21 11:55:29 |
Silicone Case for Flipper ZeroSoft and smooth, this silicone "Flipper Zero" case will make your cyber companion even more durable, while maintaining an amazing look and protecting it from scratches and bumps.Buy online: 🛒 https://amzn.to/3EnQiS0Screen Protectors:🛒 https://amzn.to/3XHh3rD#flipperzero #case |
|
2023-02-21 11:14:07 |
V-CleanerV Cleaner is a security program, which adds extra security within a Windows computer. It allows you to perform information searches, antivirus scans and system repairs.https://github.com/AnonSpen/V-Cleaner#cybersecurity |
|
2023-02-21 11:14:00 |
Telnet DemoBrowser-based Telnet demo using the much-discussed Direct Sockets APIhttps://github.com/GoogleChromeLabs/telnet-client |
|
2023-02-21 09:12:00 |
LsaParserA shitty (and old) lsass parser.https://github.com/Cracked5pider/LsaParser |
|
2023-02-20 15:18:00 |
ThreatHoundThis tool will help you on your IR & Threat Hunting & CA. just drop your event log file and anlayze the results.▫️ support windows (ThreatHound.exe)▫️ C for Linux based▫️ new vesion available in C also▫️ now you can save results in json file or print on screen it as you want by arg 'print' "'yes' to print the results on screen and 'no' to save the results on json file"▫️ you can give windows event logs folder or single evtx file or multiple evtx separated by comma by arg -p▫️ you can now give sigam ruels path by arg -s▫️ add multithreading to improve runing speed▫️ ThreatHound.exe is agent based you can push it and run it on multiple servershttps://github.com/MazX0p/ThreatHound |
|
2023-02-20 11:14:00 |
Asset-Discovery-ActionsUse Github Actions to automate Asset Discovery.https://github.com/jayateertha043/Asset-Discovery-Actions |
|
2023-02-20 09:12:00 |
Poc for CVE-2023-23752CMS Joomla - unauthorized access to webservice endpoints.https://github.com/WhiteOwl-Pub/CVE-2023-23752#cve #poc |
|
2023-02-20 08:21:09 |
CRU DataPort Mouse JigglerThe CRU WiebeTech Mouse Jiggler is a plug-and-use device that creates constant mouse activity, preventing a computer from going to sleep while in use. IT professionals and computer forensic investigators use it to prevent password dialog boxes from appearing due to screensavers or sleep mode. With many hard drives now using full-disk encryption, these modes can greatly increase the time and cost of a forensic investigation. By combining the Mouse Jiggler with a WiebeTech HotPlug, investigators can transport a running computer without shutting it down or worrying about logging in. Buy online: 🛒 https://amzn.to/3XOLP1EMouse Jiggler MJ-3:🛒 https://amzn.to/3IhwX6p#mouse #jiggler |
|
2023-02-20 06:21:44 |
HIVEVLAN L2 Pivoting InstrumentThis tool analyzes traffic for VLAN ID for gaining access to other VLAN segments. "HIVE" is completely self-contained and does not create any noise on the air. After traffic analysis, the tool creates virtual VLAN interfaces, to gain access to VLAN segments. https://github.com/c4s73r/HIVE#pentesting #redteam |
|
2023-02-20 05:26:12 |
BHEH's TerminatorZTerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.https://github.com/blackhatethicalhacking/TerminatorZ#pentesting #bugbounty #redteam |
|
2023-02-19 15:18:00 |
cloudcataws cli #pentesting / #redteam snippetsSelection of useful aws cli command snippets for recon, compromise and escalation in aws environments, which I use in engagements. These are by no means covering everthing and every service and are very much work in progress. They do reflect what I see typically and have used in my years doing aws tests.https://github.com/rootcathacking/cloudcat |
|
2023-02-19 14:19:25 |
♛2Pac ✞ - All Eyez on Me🥀♛ (Gangsta Remix 2023) https://www.youtube.com/watch?v=URYt0TWQfuU #best |
|
2023-02-19 11:14:00 |
CommixAutomated All-in-One OS Command Injection Exploitation Tool.https://github.com/commixproject/commix#best #redteam |
|
2023-02-19 09:12:00 |
burrito_ssl_monitorThis script checks the SSL certificate expiration of a list of URLs and sends a daily report of their expiration status to a Telegram chat.https://github.com/thetrebelcc/burrito_ssl_monitor |
|
2023-02-19 08:47:18 |
Awesome Threat ModelingA curated list of #threat #modeling resources (books, courses - free and paid, videos, tools, tutorials and workshop to practice on) for learning Threat modeling and initial phases of security review.https://github.com/hysnsec/awesome-threat-modelling |
|
2023-02-19 06:23:37 |
Upsi1on ShellPhp #webshell. Some of the functions of this webshell are taken from other webshells.▫️ File manager▫️ Bind shell▫️ Phpinfo▫️ Self removehttps://github.com/n01ep3rz/upsilon-shell#redteam |
|
2023-02-18 22:20:50 |
♛2Pac ✞ - All Eyez on Me🥀♛ (Gangsta Remix 2023) https://www.youtube.com/watch?v=URYt0TWQfuU#best |
|
2023-02-18 15:18:00 |
AWSTrailGuardTool to check the CloudTrail configuration and the services where trails are sent, to detect potential attacks to CloudTrail logging.https://github.com/adanalvarez/AWSTrailGuard |
|
2023-02-18 11:14:00 |
DetectRaptorA repository to share publicly available bulk Velociraptor detection content in an easy to consume way.https://github.com/mgreen27/DetectRaptor |
|
2023-02-18 09:12:07 |
NimPlant С2This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI.https://github.com/chvancooten/NimPlant#redteam |
|
2023-02-18 09:12:00 |
COFF_With_Exception_handler.cif you've ever wanted to wrap a BOF in an exception handler here is one way to do thathttps://gist.github.com/freefirex/8b202c94fc6c1036aed1402a4dd28db1 |
|
2023-02-17 15:18:00 |
HackersCave4StaticAndroidSecA comprehensive resource for Android static analysis and vulnerability assessment. Tutorials, tools, and resources for identifying and mitigating security vulnerabilities in Android applications.https://github.com/krizzsk/HackersCave4StaticAndroidSec |
|
2023-02-17 14:00:47 |
CVE-2023-23752An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.nuclei-templates:https://github.com/thecyberneh/nuclei-templatess/blob/main/cves/2023/CVE-2023-23752.yaml#cve #poc |
|
2023-02-17 11:14:00 |
vss_carverCarves and recreates VSS catalog and store from Windows disk image.https://github.com/mnrkbys/vss_carver |
|
2023-02-17 09:12:00 |
Invoke-GMSAPasswordReader.Net Assembly loader for the GMSAPasswordReaderhttps://github.com/ricardojba/Invoke-GMSAPasswordReader |
|
2023-02-16 18:31:42 |
BackupOperatorToolkitThe BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Adminhttps://github.com/improsec/BackupOperatorToolkit#redteam |
|
2023-02-16 14:30:33 |
Keysy RFID DuplicatorThe Keysy is a pocket-sized device for copying and emulating Low Frequency (125KHz) RFID tags. The device can hold four LF tags, which can be written off the device at a later time onto the Keysy LF tags.Tag reading is simple and takes 20-30 seconds – place the device on top of the target badge, press a few buttons and it will be saved to the button slot you pushed. Tags can be immediately emulated / replayed or written out onto a physical badge.With its discreet looks and card compatibility performance, the Keysy is another solid RFID tool for penetration testers.Buy online: 🛒 https://amzn.to/3E8v2ji#duplicator #rfid |
|
2023-02-16 11:15:00 |
Wizard-LoaderXwizard.exe is a commonly used diagnostic tool for Windows setup and installation, and like other executables, it loads dynamic link libraries (DLLs) to perform various tasks. However, The PoC patch the Xwizard.exe binary on order to make LoadLibrary API load malicious DLL instead of the intended one.https://github.com/ZeroMemoryEx/Wizard-Loader#redteam |
|
2023-02-16 11:14:00 |
TerraLdrA Payload Loader Designed With Advanced Evasion Featureshttps://github.com/NUL0x4C/TerraLdr |
|
2023-02-16 09:12:00 |
Flipper Zero BadUSBRepository for my Flipper Zero badUSB payloadshttps://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB |
|
2023-02-16 07:55:05 |
CheckHooks-n-loadA Windows stager-cum-PELoader focusing Dynamic EDR Evasion, when Operator wants to Know the the Underlying functions Hooks and then craft Implant based on the previous condition.https://github.com/reveng007/CheckHooks-n-load#pentesting #redteam |
|
2023-02-15 16:53:39 |
Hiding Shellcode In Plain SightThis technique is very simple, a RW memory region 2048 the size of the shellcode is allocated. This region is then filled with randomized data data (RtlGenRandom), the shellcode is then placed randomly somewhere within this massive region each time. This makes it hard for an AV/EDR solution, or an analyst, to simply see where the shellcode is in-memory. To summarize:▫️ Allocate a large PAGE_READWRITE region, 2048 * size of the target shellcode, and align to 0x1000▫️ Fill this allocated region with random data▫️ Write the shellcode to a random location within this region, save position▫️ Change the page permissions to PAGE_EXECUTE▫️ Execute the shellcode (page + position)▫️ Zero the memory where the entire large region is to ensure the data does not persist after being freed, using the RtlZeroMemory macro▫️ Free the region of memoryhttps://github.com/LloydLabs/shellcode-plain-sight |
|
2023-02-15 16:51:42 |
Paruns-FartJust another ntdll unhooking using Parun's Fart technique.https://github.com/MaorSabag/Paruns-Fart |
|
2023-02-15 15:18:01 |
List of API endpoints & objectsA list of 3203 common API endpoints and objects designed for fuzzing.https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d#bugbounty |
|
2023-02-15 12:40:53 |
JsonExphttps://github.com/smallfox233/JsonExp |
|
2023-02-15 12:40:00 |
JNDIExploithttps://github.com/WhiteHSBG/JNDIExploit |
|
2023-02-15 11:23:55 |
EdgeGPTReverse engineered API of Microsoft's Bing Chathttps://github.com/acheong08/EdgeGPT#GPT |
|
2023-02-15 11:17:42 |
dexiosA secure file encryption utility, written in Rust.Dexios will continue to receive updates. Things are stable for the time being and I consider none of the code broken. In the (somewhat) near future I plan to change the backend entirely and give the CLI a re-write, so that things are both easier to maintain and understand. This will regrettably not be backwards-compatible, but the performance improvements and stability guarantees will be extremely worthwhile.https://github.com/brxken128/dexios |
|
2023-02-15 11:16:41 |
osinttoolsA collection of random #OSINT files.https://github.com/WebBreacher/osinttools |
|
2023-02-15 11:15:26 |
KT9000 RF DetectorThe professional-grade KNIGHT KT9000 anti-spy detector was developed including premium German and US military technology in response to the growing need to protect oneself from many types of security threats. As electronic products become smaller and more intelligent, spy devices like hidden cameras, audio bugs, and GPS trackers are becoming more difficult to detect because of their small size and camouflage. Although these electronic spy devices do have legal uses, many people have started using them to illegally invade privacy and/or obtain sensitive information, leading to private information leaks or the theft of confidential business information. The KNIGHT KT9000 will help you to perform the 3 main functions listed below at an expert level.▫️ Radio Frequency Detection▫️ Magnetic Detection▫️ Camera Discovery ScanUser Manual + Instructional Video here Buy online: 🛒 https://amzn.to/3lvwllD#security #spy #detector |
|
2023-02-15 11:15:00 |
tls-scanAn Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )A program to scan TLS based servers and collect X.509 certificates, ciphers and related information. It produces results in JSON format. tls-scan is a single threaded asynchronous/event-based program (powered by libevent) capable of concurrently scan thousands of TLS servers. It can be combined with other tools such as GNU parallel to vertically scale in multi-core machines.https://github.com/prbinu/tls-scan |
|
2023-02-15 11:14:00 |
Web Application Cheatsheet (Vulnhub)This cheatsheet is intended for CTF participants and beginners to help them understand web application vulnerability through examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience.https://github.com/Ignitetechnologies/Web-Application-Cheatsheet |
|
2023-02-15 09:12:00 |
Cybersecurity Career Pathhttps://github.com/rezaduty/cybersecurity-career-path |
|
2023-02-14 11:14:00 |
Email Vulnerablity Checker v1.0.0Verify whether the domain is vulnerable to spoofing by Email-vulnerablity-checker▫️ This tool will automatically tells you if the domain is email spoofable or not▫️ you can do single and multiple domain input as well (for multiple domain checker you need to have text file with domains in it)https://github.com/BLACK-SCORP10/Email-Vulnerablity-Checker |
|
2023-02-14 07:09:55 |
WEB API fuzzinghttps://github.com/vulntinker/FUA |
|
2023-02-14 06:58:47 |
SoulExtractionA windows driver library for extracting cert information in windows drivers.https://github.com/gmh5225/Driver-SoulExtraction |
|
2023-02-14 06:46:47 |
D1rkSleepImproved version of EKKO that Encrypts only Image Sections. Sleep obfuscation technique that uses CreateTimerQueueTimer Win32 API.https://github.com/TheD1rkMtr/D1rkSleep#redteam |
|
2023-02-14 06:42:25 |
CallStackMaskerA PoC implementation for dynamically masking call stacks with timers.This repository demonstrates a PoC technique for dynamically spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its call stack with a fake one and then restore the original before resuming execution. Hence, in the same way we can mask memory belonging to our implant during sleep, we can also mask the call stack of our main thread.https://github.com/Cobalt-Strike/CallStackMaskerDetails:https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/ |
|
2023-02-13 17:20:00 |
pyOneNotepyOneNote is a lightweight python library to read OneNote files. The main goal of this parser is to allow cybersecurity analyst to extract useful information from OneNote files.https://github.com/DissectMalware/pyOneNote |
|
2023-02-13 12:37:36 |
SparkSpark is a free, safe, open-source, web-based, cross-platform and full-featured RAT (Remote Administration Tool) that allow you to control all your devices via browser anywhere.https://github.com/XZB-1248/Spark#redteam |
|
2023-02-13 12:37:27 |
BeagleBone BlackThe BeagleBone Black is a low-cost, community-supported ARM-based development platform aimed at developers and hobbyists. The BeagleBone Black runs a 1GHz Cortex-A8 CPU and includes hardware-based floating point and 3D acceleration; while much lower-powered than a desktop or laptop system, its affordability makes it an excellent option for a tiny Linux system.The BeagleBone Black provides a microSD card slot for mass storage and if that device is bootable, will use it in preference to the board’s “burned-in” Angstrom or Debian operating system.By default, the Kali Linux BeagleBone Black image contains the kali-linux-default metapackage similar to most other platforms. If you wish to install extra tools please refer to our metapackages page.Buy online: 🛒 https://amzn.to/3JXPIy6🛒 https://alii.pub/6lz457#kali #board #ARM |
|
2023-02-13 09:12:00 |
DCToolboxA PowerShell toolbox for Microsoft 365 security fans.This PowerShell module contains a collection of tools for Microsoft 365 security tasks, Microsoft Graph functions, Azure AD management, Conditional Access, zero trust strategies, attack and defense scenarios, etc.https://github.com/DanielChronlund/DCToolboxDetails:https://danielchronlund.com/2023/02/09/microsoft-365-data-exfiltration-attack-and-defend/ |
|
2023-02-12 15:18:06 |
DDoS-Protection-LiteAnti-DDoS-Lite (Anti-Crawler app) is a small PHP app to protect your site against DDoS attack.https://github.com/CleanTalk/anti-ddos-lite |
|
2023-02-12 15:18:05 |
KEV CheckerA basic Python program to check Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Cataloghttps://github.com/santosomar/kev_checker |
|
2023-02-12 15:18:00 |
Nuclei TemplatesCommunity curated list of templates for the nuclei engine to find security vulnerabilities.Templates are the core of the nuclei scanner which powers the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community. We hope that you also contribute by sending templates via pull requests or Github issues to grow the list.https://github.com/projectdiscovery/nuclei-templates#best #pentesting #bugbounty #redteam |
|
2023-02-12 12:46:07 |
burp-sensive-param-extractor#BurpSuite extension for check and extract sensitive request parameter.https://github.com/theLSA/burp-sensitive-param-extractor |
|
2023-02-12 12:25:16 |
DSTIKE WiFi Duck V2This open source project aims to provide a user-friendly tool to learn about keystroke injection attacks. A microcontroller acts as a USB keyboard that is programmable over WiFi. It’s using the Ducky Script language that Hak5 introduced with the USB Rubber Ducky.A keyboard is trusted by most operating systems by default, which enables for a variety of attacks. Humans might not type very fast, but an automated device like this can. It can open a terminal and mess with your computer in a matter of a milliseconds!Repository:https://github.com/SpacehuhnTech/WiFiDuckBuy online:🛒 https://amzn.to/3XkRlc1🛒 https://alii.pub/6lxy2v#wifi #duck #usb |
|
2023-02-12 11:14:08 |
PowerForensics#PowerShell Digital #Forensicshttps://github.com/Invoke-IR/PowerForensics |
|
2023-02-12 11:14:07 |
SYNgularity1 Exploits and PoC Code for CVEs, Vulnerabilities, etc.https://github.com/SYNgularity1/exploits |
|
2023-02-12 11:14:00 |
enc🔑🔒 A modern and friendly CLI alternative to GnuPG: generate and download keys, encrypt, decrypt, and sign text and files, and more.https://github.com/life4/enc |
|
2023-02-12 10:19:39 |
PaggerA collection of Sub-GHz files generators compatible with the Flipper Zero to handle restaurants/kiosks paging systems.https://github.com/meoker/pagger |
|
2023-02-12 10:14:00 |
powershell-backdooObfuscated powershell reverse backdoor with #FlipperZero and USB #RubberDucky payloadsReverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky.https://github.com/Drew-Alleman/powershell-backdoor-generator |
|
2023-02-12 10:13:00 |
CerbereA project to play a little bit with Kerberos on Windows.▫️ Inject ticket▫️ Ask a tgthttps://github.com/OtterHacker/Cerbere |
|
2023-02-11 11:59:50 |
FireflyFirefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target.https://github.com/Brum3ns/firefly#pentesting #bugbounty |
|
2023-02-11 11:57:05 |
ExploitLeakedHandle A utility that identifies handles in unprivileged processes that may have been inherited from a privileged parent process and attempts to leverage them for local privilege escalation.https://github.com/0x00Check/ExploitLeakedHandle#redteam |
|
2023-02-11 11:14:00 |
mobsfscan A static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.https://github.com/MobSF/mobsfscan |
|
2023-02-11 09:12:44 |
trivyFind vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.Trivy (pronunciation) is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.https://github.com/knqyf263/trivyDocumentation:https://aquasecurity.github.io/trivy/v0.37/ |
|
2023-02-11 09:12:00 |
Linux Commit AnalyserThis is a hacky little tool I wrote to parse #Linux kernel commits, with security fixes in mind.Lica allows you to parse a Linux repository's commit history, filtering for fixes and looking for specific keywords. I've included some statistics in the output and a naive search for patch coverage if you give it some local kernel sources.https://github.com/sam4k/licaDetails:https://sam4k.com/analysing-linux-kernel-commits |
|
2023-02-10 20:57:38 |
LocalPotatoAnother Local Windows privilege escalation using a new potato technique ;)The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.https://github.com/decoder-it/LocalPotatoDetails:https://www.localpotato.com/localpotato_html/LocalPotato.html#pentesting #redteam |
|
2023-02-10 17:08:54 |
Proxmark3The Proxmark3 is the swiss-army tool of RFID, allowing for interactions with the vast majority of RFID tags on a global scale. Originally built by Jonathan Westhues, the device is now the goto tool for RFID Analysis for the enthusiast. Iceman repository is considered to be the pinnacle of features and functionality, enabling a huge range of extremely useful and convenient commands and LUA scripts to automate chip identification, penetration testing, and programming.Buy online: RDV2 🛒 https://amzn.to/3jG7kUrRDV3 Easy 🛒 https://amzn.to/40CtlUyRDV4 BlueShark 🛒 https://t.me/PentestingShop/95RDV4.01 KIT 🛒 https://ali.ski/6_p9Xk#rfid #nfc |
|
2023-02-10 15:18:07 |
SEBASTiAnA Static and Extensible Black-box Application Security Testing tool for iOS and Android applications.https://github.com/talos-security/SEBASTiAn |
|
2023-02-10 15:18:00 |
Server-Side Request Forgery (SSRF) vulnerable LabThis Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack.https://github.com/incredibleindishell/SSRF_Vulnerable_Lab |
|
2023-02-10 11:14:00 |
Exploiting CVE-2022-39299A Simple CVE-2022-39299 #PoC #exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-samlhttps://github.com/doyensec/CVE-2022-39299_PoC_Generator |
|
2023-02-10 09:12:00 |
DiceCTF 2023 ChallengesThis repository contains all challenges from DiceCTF 2023.https://github.com/dicegang/dicectf-2023-challenges |
|
2023-02-09 15:18:00 |
sqlmapAutomatic SQL injection and database takeover toolsqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.https://github.com/sqlmapproject/sqlmap#best #kali |
|
2023-02-09 11:14:00 |
CredSweeperA tool to detect credentials in any directories or files. CredSweeper could help users to detect unwanted exposure of credentials (such as personal information, token, passwords, api keys etc.) in advance. By scanning lines, filtering, and using AI model as option, CredSweeper reports lines with possible credentials, where the line is, and expected type of the credential as a result.https://github.com/Samsung/CredSweeper |
|
2023-02-09 09:12:00 |
IoT-PTA Virtual environment for Pentesting IoT Deviceshttps://github.com/IoT-PTv/IoT-PT |
|
2023-02-08 19:12:54 |
HackGit pinned «Pentesting Shop The Hacker's Hardware 📟 https://t.me/PentestingShop» |
|
2023-02-08 19:12:51 |
Pentesting ShopThe Hacker's Hardware 📟https://t.me/PentestingShop |
|
2023-02-08 19:00:03 |
FilelessPELoaderLoading Remote AES Encrypted PE in memory , Decrypted it and run it.https://github.com/TheD1rkMtr/FilelessPELoader#pentesting #infosec #redteam |
|
2023-02-08 18:25:13 |
UnhookingPatchBypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime.https://github.com/TheD1rkMtr/UnhookingPatch#redteam |
|
2023-02-08 11:28:22 |
LdrDllNotificationHookThis project demonstrates a way to hook all DLL load notifications in a process. It hooks all callbacks which are registered with LdrRegisterDllNotification, including callbacks which are registered after the hook is set.The hook can be used to prevent the original callbacks from being called.https://github.com/m417z/LdrDllNotificationHook |
|
2023-02-08 11:14:00 |
#Cybersecurity guidesCybersecurity policies, procedures, and guides.https://github.com/cyberphor/cybersecurity-guides |
|
2023-02-08 09:12:00 |
CYBERONIXCyberonix is a complete resource hub for Cyber Security Community. Our aim is to make this tool an 1 stop solution for all the Hackers out there to get resources of various topics in Cyber Security. We will keep updating this tool & adding new & updated resources on the go.https://github.com/TeamMetaxone/Cyberonix |
|
2023-02-08 06:29:38 |
ssc-asi-toolsSecurityScorecard Attack Surface Intelligence tools repository with a python suite of tools.▫️ Single Queries▫️ Bulk Lookups▫️ Full JSON logging▫️ Wizard based lookupshttps://github.com/securityscorecard/ssc-asi-tools |
|
2023-02-08 06:25:08 |
BREXXTODONA REXX based mastodon reader for MVS 3.8jThis is an alpha release, mostly a POC, there are bugs, it abends, it S0C4s and S0C1, use at your own risk.https://github.com/mainframed/BREXXTODON |
|
2023-02-07 23:10:28 |
GL-iNET Brume 2 GL-MT2500 / MT2500ABrume 2 — A lightweight and compact security gateway designed for hosting VPN servers. It is an ideal gateway for businesses to monitor, manage, and configure SD-WAN settings via GoodCloud, our remote device management platform, resulting in faster network performance, higher network efficiency, and reduced cost for small and medium-sized enterprises.It comes in two versions: GL-MT2500A which has an aluminium alloy exterior, and GL-MT2500 which is made of ABS material. The device comes with a powerful chipset with higher processing efficiency than the previous generation, an upgrade in VPN encryption speed, and an updated SDK4.0 package.Full Protection for Your Network: Cloudflare encryption supported to protect the privacy. IPv6 and WPA3 security protocol supported. (To enable IPv6 function, please access to Admin Panel -> NETWORK -> IPv6.)Support VPN Cascading: Allow VPN server and VPN client operate simultaneously within the same device, enabling user to access local network servers with accessing public internet as a VPN client in the meantime.Ideal Gateway for Hosting a VPN Server at Home or Office: Access sensitive information stored under a corporate private network or access local files and bypass geo-blocking securely while working remotely.Advanced Hardware Specification: Equipped with 2.5 gigabit WAN port, 1 gigabit LAN port with USB 3.0 port, as well as 8 GByte EMMC (embedded multimedia card) storage for offline data storage.Runs on the latest OpenWrt 21.02 operating system, supporting mass device connection capabilities, and reducing signal interference. You can customize the router and install applications based on your preferences.Buy online: MT2500 🛒 https://amzn.to/3IgreyZMT2500A 🛒 https://amzn.to/3YdiWgNAliexpress MT2500/MT2500A: 🛒 https://alii.pub/6lrvop #vpn #gateway #security #openwrt |
|
2023-02-07 19:46:12 |
NetworkNightmareIt is a mindmap for conducting network attacks. For the most part, it will be useful to pentesters or red team operators. The mindmap will be maintained and updated by me.▫️ Traffic Hijacking▫️ MiTM Attacks▫️ Dynamic IGP Routing▫️ Configuration Exfiltration▫️ DoS▫️ NAC/802.1X Bypassing▫️ GRE Pivoting▫️ Cisco EEM for hiding user▫️ Authentication Cracking▫️ Information Gathering▫️ Cisco Passwords▫️ VLAN Bypassinghttps://github.com/c4s73r/NetworkNightmare#pentesting #mindmap |
|
2023-02-07 19:42:53 |
ntdlll-unhooking-collectiondifferent ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)https://github.com/TheD1rkMtr/ntdlll-unhooking-collection#redteam #hackers |
|
2023-02-07 19:42:26 |
Secrets Patterns Database 🗄The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets.https://github.com/mazen160/secrets-patterns-db#pentesting #bugbounty |
|
2023-02-07 15:18:00 |
Burp Suite Certified Practitioner Exam StudyMy personal study notes on the PortSwigger Academy Burp Suite Certified Practitioner (BSCP) Exam topics. The acronym BSCP has nice simular ring to it, same as OSCP :)https://github.com/botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study |
|
2023-02-07 11:14:00 |
HellgateLoader_CSharpLoad shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.https://github.com/Kara-4search/HellgateLoader_CSharp |
|
2023-02-07 09:12:00 |
CVE-2022-44268ImageMagick arbitrary file readhttps://github.com/Vulnmachines/imagemagick-CVE-2022-44268#cve #poc |
|
2023-02-06 15:46:23 |
RasmanPotatoAbuse Impersonate Privilege from Service to SYSTEM like other potatoes dohttps://github.com/crisprss/RasmanPotato#redteam |
|
2023-02-06 11:14:00 |
WSAPatchMake WSA(Windows Subsystem for Android) run on Windows 10.https://github.com/cinit/WSAPatch |
|
2023-02-06 10:54:53 |
i-Haklab A hacking laboratory for Termux that contains open source tools for pentesting, scan/find vulnerabilities, explotation and post-explotation recommended by Ivam3 with automation hacking commands and many guides and tutorials to learn use it.https://github.com/ivam3/i-Haklab#pentesting #redteam |
|
2023-02-06 09:53:31 |
MalwareConfigListsJust some lists of Malware Configshttps://github.com/Gi7w0rm/MalwareConfigLists |
|
2023-02-06 09:52:35 |
malware-iocThis repository contains indicators of compromise (IOCs) of our various investigations.https://github.com/prodaft/malware-ioc |
|
2023-02-06 09:52:30 |
Ticwatch Pro 3Smart watch with official Kali NetHunter support.What is Kali NetHunter?Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform. Now it's available for your smartwatch with some limitations.The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks.Beyond the penetration testing tools arsenal within Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, WPS attacks, and much more.NetHunter is an open-source project developed by Offensive Security and the community.Installing NetHunter On the TicWatch Pro 3:https://www.kali.org/docs/nethunter/installing-nethunter-on-the-ticwatch-pro3/Buy online:🛒 https://amzn.to/3RC7PeT🛒 https://ali.ski/Zu0T3#watch #kali #ticwatch |
|
2023-02-06 09:12:07 |
CTFsCTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done.https://github.com/Adamkadaban/CTFs |
|
2023-02-06 09:12:00 |
swagger2burpConvert Swagger openapi.json file to burp suite request files.https://github.com/bolbolabadi/swagger2burp |
|
2023-02-06 07:21:08 |
BypassAVThis map lists the essential techniques to bypass anti-virus and EDRhttps://github.com/CMEPW/BypassAV#redteam |
|
2023-02-05 19:40:08 |
CVE-2022-44268 Arbitrary File Read PoC - PNG generator.https://github.com/voidz0r/CVE-2022-44268#cve #poc |
|
2023-02-05 17:47:24 |
Flipper Zero BadUsb script collectionTo begin using the scripts, please carefully read the "readme.md" file provided with each script. This file contains important information on how to use the script safely. Keep in mind that some scripts may potentially harm your system, so be cautious and do not run unfamiliar scripts on your personal computer. To test scripts, it is recommended to use a virtual machine for safety.https://github.com/UNC0V3R3D/Flipper_Zero-BadUsbFlipper Zero is available for purchase: https://t.me/PentestingShop/221#pentesting #redteam #hackers |
|
2023-02-05 15:18:00 |
opainjectiOS tool to inject a dylib into a process using both shellcode and ROP methods. (By default ROP method is used, it's superior to the shellcode method in every way but I started with the shellcode method and decided to leave it in).Tested on iOS 14 and 15 (yes you heard that right, but this is actually useless without some sort of PMAP trust level bypass as the dylib will just be mapped as R-- and the process will crash).https://github.com/opa334/opainject |
|
2023-02-05 09:12:00 |
HalmosSymbolic Bounded Model Checker for Ethereum Smart Contracts Bytecodehttps://github.com/a16z/halmosDetails:https://a16zcrypto.com/symbolic-testing-with-halmos-leveraging-existing-tests-for-formal-verification/ |
|
2023-02-04 15:18:00 |
IoTSecurity101A Curated list of IoT Security Resourceshttps://github.com/V33RU/IoTSecurity101 |
|
2023-02-04 11:14:00 |
Practical #CyberSecurity Resources 🌟https://github.com/brcyrr/PracticalCyberSecurityResources/blob/main/README.md |
|
2023-02-04 10:25:10 |
DLL Sideload without DLL Mainhttps://github.com/shantanu561993/DLL-SideloadDetails:https://www.redteam.cafe/red-team/dll-sideloading/dll-sideloading-not-by-dllmain#pentesting #redteam #hackers #inject |
|
2023-02-04 09:13:00 |
ShrewdEyeShrewdEye (sheye) is a set of utilities bundled into a single automated workflow to improve, simplify, and speed up resource discovery and vulnerabilities finding.https://github.com/zzzteph/sheye#pentesting #bugbounty #redteam |
|
2023-02-04 09:12:00 |
TLDbruteA simple utility to generate domain names with all possible TLDshttps://github.com/Sybil-Scan/TLDbrute |
|
2023-02-04 08:50:46 |
CVE-2023-0045Bypassing Spectre-BTI User Space Mitigations on Linuxhttps://github.com/es0j/CVE-2023-0045#cve |
|
2023-02-04 08:20:37 |
Throwing Star LAN TapThe Throwing Star LAN Tap is a passive Ethernet tap, requiring no power for operation. There are active methods of tapping Ethernet connections (e.g., a mirror port on a switch), but none can beat passive taps for portability.→ Use Ethernet cables to connect the Throwing Star LAN Tap (J1 and J2) in line with a target network to be monitored.→ Use Ethernet cables to connect one or both of the monitoring ports (J3 and J4) to ports on one or two monitoring stations. Each port monitors traffic in one direction only.→ Use your favorite software (e.g., tcpdump or Wireshark) on the monitoring station(s) to capture network traffic.Buy online: 🛒 https://amzn.to/3DFyoKq🛒 https://alii.pub/6lmr6v#lan #ethernet #sniffing |
|
2023-02-04 06:41:21 |
RevWhoixA simple utility to perform reverse WHOIS lookups using whoisxml APIhttps://github.com/Sybil-Scan/revwhoix |
|
2023-02-03 18:52:07 |
NTDLLReflectionBypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported APIs from the export table.https://github.com/TheD1rkMtr/NTDLLReflection#pentesting #redteam |
|
2023-02-03 15:18:00 |
Pytractor ToolIt is a tool for collecting subdomains and endpoints.Features:▫️ collect endpoints▫️ subdomains▫️ web archieve▫️ Virus Total▫️ robots.txthttps://github.com/N0LL101/Pytractor |
|
2023-02-03 13:09:01 |
Nmap-PeekAn easy way to preview the content of an XML nmap file, in VS Code.A simple side view of your XMl nmap file. The extensions prints all the basic information retrieved from an nmap scan.The status of each port, is represented with different colors. Green for open, red for closed, light blue for filtered and gray for mixed responses like closed|filtered etc. In case the ports disclose the OS of the host, a related icon will be presented 👇https://github.com/marduc812/vscode-nmap-peek |
|
2023-02-03 12:57:41 |
BlueTeam-ToolsThis github repository contains a collection of 35+ tools and resources that can be useful for blue teaming activities.Some of the tools may be specifically designed for blue teaming, while others are more general-purpose and can be adapted for use in a blue teaming context.https://github.com/A-poc/BlueTeam-Tools#blueteam |
|
2023-02-03 09:12:00 |
injectAmsiBypassCobalt Strike Beacon Object File (BOF) that bypasses AMSI in a remote process with code injection.https://github.com/boku7/injectAmsiBypass |
|
2023-02-02 20:08:20 |
CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator.https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC#cve |
|
2023-02-02 17:04:38 |
CVE-2023-21608Adobe Acrobat Reader Remote Code Execution ExploitThis bug was Use after Free caused during resetForm operation while handling object memory references.https://github.com/hacksysteam/CVE-2023-21608Details:https://hacksys.io/blogs/adobe-reader-resetform-cagg-rce-CVE-2023-21608#cve |
|
2023-02-02 15:18:00 |
certwatcherCertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates and Selenium. The tool helps to detect and analyze phishing sites, and is designed to make it easy to use for security professionals and researchers.https://github.com/drfabiocastro/certwatcher |
|
2023-02-02 12:41:00 |
FinGenA #ChatGPT based penetration testing findings generator.https://github.com/Stratus-Security/FinGen#pentesting #bugbounty #redteam #hackers |
|
2023-02-02 12:27:53 |
auto-reconTools for auto enumeration subdomain, dns, host alive.https://github.com/1amkaizen/auto-recon |
|
2023-02-02 12:07:24 |
HackGit pinned «Wise — The international account Join over 13 million people and businesses, in more than 170 countries, who use Wise to send, spend, convert, and receive money internationally. Wise is for anyone — travelers, immigrants, freelancers, organisations — whose…» |
|
2023-02-02 12:07:18 |
Wise — The international accountJoin over 13 million people and businesses, in more than 170 countries, who use Wise to send, spend, convert, and receive money internationally.Wise is for anyone — travelers, immigrants, freelancers, organisations — whose money crosses borders. We’re 8x cheaper on average than leading banks. And a lot faster, too.Cheaper and faster money transfers:▫️ Send money to over 80 countries▫️ For a super-low fee, you get the real exchange rate, like on Google, for every money transfer• 50% of transfers are instant or arrive within an hour▫️ Secure your transfers with two-factor authenticationA debit card to spend worldwide:▫️ Spend or withdraw money in more than 200 countries▫️ If you don’t have the local currency, we’ll auto-convert what you have with the lowest possible price▫️ Freeze and unfreeze your card, and update your virtual card whenever you likeCreate your Wise account 💳#promo |
|
2023-02-02 09:13:00 |
DefaScanA python tool that will scrape the internet for your given google dork queries using APIs and alert using the email provied during rutime.https://github.com/RamXtha/DefaScan |
|
2023-02-02 09:12:00 |
tactical-exploitationModern tactical exploitation toolkit.https://github.com/0xdea/tactical-exploitation |
|
2023-02-01 12:27:00 |
Cobalt Strike Beacon NotifierA #Cobalt Strike Beacon Notifier Via #Telegram #Bot.Features:▫️ Showing the Name of the Current User▫️ Showing the Computer Name of the Current User▫️ Showing the Type and Version of the Operating System▫️ Showing the Type of the Process Exec Name▫️ Showing the Internal IP of the System▫️ Showing the Enternal IP of the Systemhttps://github.com/lynxbinz/CS-Beacon-Notifier |
|
2023-02-01 12:08:21 |
Thanks Mobile HackerWe want to give credit to the creators of the videos we used in our posts.▫️ t.me/androidMalware ▫️ youtube.com/@mobilehacker▫️ instagram.com/mobile_hacker0#video #channel |
|
2023-02-01 11:14:00 |
THC's favourite Tips, Tricks & Hacks (Cheat Sheet)A collection of our favourite tricks. Many of those tricks are not from us. We merely collect them.We show the tricks 'as is' without any explanation why they work. You need to know Linux to understand how and why they work.https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet |
|
2023-02-01 11:09:14 |
Dependency-ConfusionAll About Dependency Confusion Attack, (Detecting, Finding, Mitigating)https://github.com/x1337loser/Dependency-Confusion |
|
2023-02-01 10:32:15 |
Cheap BadUSB - Digispark ATtiny85 Arduino boardBesides using it as a Rubber Ducky or hardware password vault, you can start your own projects such as POV display, LED lights controller, IoT gadgets, etc. Digispark allows to connect external modules and operate with them such as Bluetooth, motion, temperature sensors, Wi-Fi, etc.Testing 20 most popular mobile phone PINs (based on SANS institute findings) in 6 minutes using Digispark ATtiny85 board 👇 Based on the research, 26% of all phones can be cracked with these 20 four-digit passcodes.Buy online:🛒 https://amzn.to/3wN80ds🛒 https://ali.ski/13u_Kq#usb #board #badusb |
|
2023-02-01 09:12:05 |
azure-mindmapThe purpose of this map is to list all possible compromise paths when faced with an Azure environment during a cloud security engagement.https://github.com/CMEPW/azure-mindmap#cybersecurity #infosec |
|
2023-02-01 09:12:00 |
TimeExceptionA tool to find folders excluded from AV real-time scanning using a time oracle.https://github.com/bananabr/TimeException |
|
2023-01-31 15:18:08 |
PrivilegerPrivileger allows you to work with privileges in Windows as easily as possible. https://github.com/MzHmO/Privileger#pentesting #Windows #redteam |
|
2023-01-31 15:18:07 |
MimirTrue P2P messenger on top of Yggdrasil Networkhttps://github.com/Revertron/Mimir#privacy |
|
2023-01-31 15:18:00 |
python-tufA Framework for Securing Software Updatehttps://github.com/theupdateframework/python-tuf |
|
2023-01-31 11:15:00 |
Bountystrike-shA collection of bash and python scripts that installs common bug bounty tools, performs recon scans and continous asset discovery.https://github.com/BountyStrike/Bountystrike-sh#bugbounty |
|
2023-01-31 11:14:05 |
CyberPipeAn easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.Functions:▫️ Capture a memory image with DumpIt for Windows,▫️ Capture a triage image with KAPE,▫️ Check for encrypted disks,▫️ Recover the active BitLocker Recovery key,▫️ Save all artifacts, output, and audit logs to USB or source network drive.Prerequisites:https://github.com/dwmetz/CyberPipe |
|
2023-01-31 11:14:00 |
RemComSvc obfuscation PoChttps://gist.github.com/snovvcrash/123945e8f06c7182769846265637fedb |
|
2023-01-31 09:13:00 |
OutpostAWS Testing and Reporting ManagementOutpost is a simple tool to generate AWS configuration files for AssumeRole, a testing capability for verifying accounts work, and a report generator for ScoutSuite scan results.▫️ Run ScoutSuite▫️ Parse the results▫️ ✨Generate Report Findings✨https://github.com/ustayready/outpost |
|
2023-01-31 09:12:01 |
astaroth-deobfuscatorIDA python script for deobfuscating Astaroth/Guildma injector DLLhttps://github.com/dodo-sec/astaroth-deobfuscator |
|
2023-01-31 09:12:00 |
RToolZA Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.https://github.com/OmriBaso/RToolZ#pentesting #redteam |
|
2023-01-30 15:19:00 |
Sublist115rA python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist115r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist115r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.https://github.com/elpirata111/Hacking-tools#Donate t.me/hackgit🍻»»» |
|
2023-01-30 15:18:00 |
Json Value ExtractorCmd line utility that accepts json via standard in (piping) and extracts values from json fields.https://github.com/theflakes/jve |
|
2023-01-30 12:34:06 |
HackRF One + Portapack H2 Mayhem.The HackRF is an exceptionally capable software defined radio (SDR) transceiver, but naturally you need to connect it to a computer to actually do anything with it. So the PortaPack was developed to turn it into a stand-alone device with the addition of a touchscreen LCD, a few buttons, and a headphone jack. With all the hardware in place, it’s just a matter of installing a firmware capable enough to do some proper RF hacking on the go.Enter MAYHEM, an evolved fork of the original PortaPack firmware that the developers claim is the most up-to-date and feature packed version available. Without ever plugging into a computer, this firmware allows you to receive, decode, and re-transmit a dizzying number of wireless protocols. From firing off the seating pagers at a local restaurant to creating a fleet of phantom aircraft with spoofed ADS-B transponders, MAYHEM certainly seems like it lives up to the name.Detailed blog post about installing and using MAYHEM on the HackRF/PortaPack, complete with a number of real-world examples that show off just a handful of possible applications for the project. Jamming cell phones, sending fake pager messages, and cloning RF remotes is just scratching the surface of what’s possible.Example of use: exploitation of a Honda vulnerability Honda's Remote Keyless System (CVE-2022-27254)Firmware to open any and all Tesla vehicle charging ports in range!Buy online: 🛒 https://alii.pub/6lfodk🛒 https://amzn.to/3kRIrFF#hackrf #radio #sdr #spoofing |
|
2023-01-30 11:15:00 |
Windows 11 Debloat / Privacy GuideThis guide is meant for advanced users who wants to get rid off Windows 11's bloatware and telemetry, if you have no experience of such thing then you can consider this guide for ease.▫️ Get rid of bloatware▫️ Disable most of the telemetry▫️ Gain performance▫️ Optimize Windows 11 for gaming as well as productivity▫️ Strip Windows 11 to barebones (In Advanced removal below)https://github.com/TheWorldOfPC/Windows11-Debloat-Privacy-Guide |
|
2023-01-30 11:14:00 |
Dell Driver EoP (CVE-2021-21551)Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.This exploit was tested on Windows 10 v1511.https://github.com/nanabingies/CVE-2021-21551#cve |
|
2023-01-30 09:13:00 |
bbFuzzing.txtA unique vocabulary that is 70% generated with OpenAI ChatGPT.The remaining 30% is a compilation of dictionaries from Bo0om, circuit and other bugbounters.https://github.com/reewardius/bbFuzzing.txt#bugbounty #ChatGPT |
|
2023-01-30 09:12:00 |
APT-HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . APT-Hunter use pre-defined detection rules and focus on statistics to uncover abnormalities which is very effective in compromise assessment . the output produced with timeline that can be analyzed directly from Excel, Timeline Explorer, Timesketch, etc...https://github.com/ahmedkhlief/APT-Hunter |
|
2023-01-29 15:18:00 |
Linux Security and Hardening Security Guidehttps://github.com/In4n1s357/Linux-Security-and-Hardening-Security-Guide |
|
2023-01-29 12:51:22 |
SeManage Volume #ExploitThis exploit grants full permission on C:\ drive for all users on the machine.▫️ Enables the privilege in the token▫️ Creates handle to .\C: with SYNCHRONIZE | FILE_TRAVERSE▫️ Sends the FSCTL_SD_GLOBAL_CHANGE to replace S-1-5-32-544 with S-1-5-32-545https://github.com/CsEnox/SeManageVolumeExploit |
|
2023-01-29 12:44:10 |
HackGit pinned «OnePlus 7 Pro OnePlus 7 Pro is the best phone you can use with Kali Nethunter. It is bundled with the Qualcomm SM8150 Snapdragon 855+ chipset along with 8GB RAM and Adreno 640 GPU. It also has a 90Hz AMOLED 6.57 inches display with 1080 x 2400 pixel resolution.…» |
|
2023-01-29 12:44:02 |
OnePlus 7 ProOnePlus 7 Pro is the best phone you can use with Kali Nethunter. It is bundled with the Qualcomm SM8150 Snapdragon 855+ chipset along with 8GB RAM and Adreno 640 GPU.It also has a 90Hz AMOLED 6.57 inches display with 1080 x 2400 pixel resolution. As for storage, you have the option to choose between the 128GB and 256GB variants. Keep in mind, this phone doesn’t have a Memory card slot.When it comes to networking, the OnePlus 7 supports Wi-Fi 802.11 a/b/g/n/ac network standards. Moreover, having Bluetooth 5.0 is of utter importance as there is no 3.5mm jack included in the device.Lastly, the battery of this phone is 3800mAh Li-Po which supports 30W fast charging and 30T Warp Charge.OnePlus 7 is heavily supported by the Kali Nethunter community and is also the recommended high-end device for Nethunter. You can also find the installation instructions for Nethunter on OnePlus 7 in the official Nethunter documentation.Buy online:🛒 https://amzn.to/3kQlLWd🛒 https://alii.pub/6leekh#kali #mobile |
|
2023-01-29 11:21:34 |
PayClipYou can use this tool to transfer payloads to the clipboard so you can use them more quickly.https://github.com/bwiko/PayClip |
|
2023-01-29 11:14:00 |
ludvigSecurity scanner using YARA.https://github.com/FrodeHus/ludvig |
|
2023-01-29 09:13:00 |
hackebdsThis tool is used for backdoor and shellcode generation for various architecture devices.https://github.com/doudoudedi/hackEmbedded#redteam |
|
2023-01-29 09:12:00 |
PHP Antimalware ScannerAMWScan is a free tool to scan php files and analyze your project to find any malicious code inside it.https://github.com/marcocesarato/PHP-Antimalware-Scanner |
|
2023-01-28 12:06:11 |
YARD Stick OneYet Another Radio Dongle can transmit or receive digital wireless signals at frequencies below 1 GHz. It uses the same radio circuit as the popular IM-Me. The radio functions that are possible by customizing IM-Me firmware are now at your fingertips when you attach YARD Stick One to a computer via USB. Great for listening on RF emitters and transmitting on ISM bands.YARD Stick One comes with RfCat firmware installed, courtesy of Atlas. RfCat allows you to control the wireless transceiver from an interactive Python shell or your own program running on your computer.Repository:https://github.com/greatscottgadgets/yardstickBuy online:🛒 https://amzn.to/3WNO9W1🛒 https://alii.pub/6lbzti#radio #usb #transceiver |
|
2023-01-28 11:14:07 |
jsoupThe Java HTML parser, built for HTML editing, cleaning, scraping, and XSS safety.jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.https://github.com/jhy/jsoup |
|
2023-01-28 11:14:00 |
pentesting-resourcesResources for ethical hacking, pentesting and other offsec tools.https://github.com/Root-Down-Digital/pentesting-resources |
|
2023-01-28 09:13:00 |
RemoteShellCodeInjectionThis will help you inject a shellcode hosted as text remotly into a process.https://github.com/soufianetahiri/RemoteShellCodeInjection#pentesting #redteam |
|
2023-01-28 09:12:00 |
ExploitsA handy collection of my public exploits, all in one place.https://github.com/0xdea/exploits#redteam #cve #exploit |
|
2023-01-27 15:18:00 |
CryptomatorMulti-platform transparent client-side encryption of your files in the cloud.https://github.com/cryptomator/cryptomatorDownload https://cryptomator.org/downloads/#cybersecurity |
|
2023-01-27 11:15:00 |
Capacapa detects capabilities in executable files. You run it against a PE, ELF, .NET module, or shellcode file and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.https://github.com/mandiant/capa |
|
2023-01-27 11:14:00 |
GUACGUAC aggregates software security metadata into a high fidelity graph database.https://github.com/guacsec/guac |
|
2023-01-27 09:48:31 |
NativePayload_PE1NativePayload_PE1/PE2 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing RWX to X or RX or (both) [Bypassing AVs].https://github.com/DamonMohammadbagher/NativePayload_PE1#redteam |
|
2023-01-27 09:29:59 |
linWinPwn Active Directory Vulnerability ScannerlinWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script uses a number of tools and serves as wrapper of them. Tools include: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump, certipy, silenthound, and others.https://github.com/lefayjey/linWinPwn#pentesting #redteam #ad #best |
|
2023-01-27 09:13:00 |
Awesome-Bugbounty-WriteupsA curated list of #bugbounty writeups (Bug type wise).https://github.com/devanshbatham/Awesome-Bugbounty-Writeups |
|
2023-01-27 09:12:00 |
Burp IIS Tilde Enumeration ScannerThis extension will add an Active Scanner check for detecting IIS Tilde Enumeration vulnerability and add a new tab in the #Burp UI to manually exploit the vulnerability.https://github.com/cyberaz0r/Burp-IISTildeEnumerationScanner |
|
2023-01-27 08:08:14 |
GrypeA vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.https://github.com/anchore/grype#best |
|
2023-01-27 07:16:28 |
CVE-2023-24055 PoC (KeePass 2.5x)An attacker who has write access to the KeePass configuration file can modify it and inject malicious triggers, e.g to obtain the cleartext passwords by adding an export trigger.https://github.com/alt3kx/CVE-2023-24055_PoC#cve #poc |
|
2023-01-27 07:11:19 |
Proxying DLL Loads For Hiding ETWTI Stack Tracing.https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing/Proxy-DLL-Loads:https://github.com/paranoidninja/Proxy-DLL-Loads#pentesting #redteam |
|
2023-01-26 15:18:00 |
FIR Fast Incident Response is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents.FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It was tailored to suit our needs and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit.https://github.com/certsocietegenerale/FIR |
|
2023-01-26 14:24:31 |
CVE-2022-34689CryptoAPI spoofing vulnerabilityThe repository contains code for two types of PoCs: one exploiting Chrome v48 and another focusing on the vulnerable MD5 check in crypt32.dll.https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689Details:https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi#cve #poc |
|
2023-01-26 11:16:13 |
CVE-2023-24055POC and Scanner for CVE-2023-24055.https://github.com/deetl/CVE-2023-24055#cve |
|
2023-01-26 11:14:10 |
EYSOFT Webcam CoverWhether you want to protect your smartphone, laptop or desktop computer, this 5-pack of webcam privacy covers is an excellent choice. The cover is durable and easy to install using the provided double-sided tape. To cover the viewfinder, all you need to do is slide the black circle within the cover to the left.Measuring only 0.022 inches in thickness which will not interfere with closing lid of your laptop. It adheres with double sided tape and can be removed if needed. Moreover, it will sustain through the wear and tear and remain strongly adhesive.Not only suitable for computer, PC, laptops, Mac, iPad, Android tablet and all in one desktop, also can be used in most models of smartphones.Buy online: 🛒 $5.99 https://amzn.to/3Hca2c4#camera #privacy #covers |
|
2023-01-26 11:14:07 |
opencveOpenCVE is a platform used to locally import the list of CVEs and perform searches on it (by vendors, products, CVSS, CWE...).Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE.https://github.com/opencve/opencve |
|
2023-01-26 11:14:00 |
BSidesRomaSecurityBsides Roma Conference Repohttps://github.com/SecurityBsidesIT/BSidesRoma |
|
2023-01-26 09:13:00 |
PyCriptPycript is a Burp Suite extension that enables users to encrypt and decrypt requests for manual and automated application penetration testing. It also allows users to create custom encryption and decryption logic using JavaScript and Node.js, allowing for a tailored encryption/decryption process for specific needs.https://github.com/Anof-cyber/PyCript |
|
2023-01-26 09:12:00 |
Gato (Github Attack TOolkit)Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization.The tool also allows searching for and thoroughly enumerating public repositories that utilize self-hosted runners. GitHub recommends that self-hosted runners only be utilized for private repositories, however, there are thousands of organizations that utilize self-hosted runners.https://github.com/praetorian-inc/gato |
|
2023-01-25 15:18:00 |
Hekatomb A python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.https://github.com/Processus-Thief/HEKATOMB#ad |
|
2023-01-25 11:15:00 |
IntroLabsThese are the labs for my Intro class. Yes, this is public. Yes, this is intentional.https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md |
|
2023-01-25 11:14:00 |
threat-intelThis repository contains IoCs related to Volexity public threat intelligence blog posts and tools published by Volexity's threat intelligence team.https://github.com/volexity/threat-intel |
|
2023-01-25 09:49:38 |
Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.Buy online: 🛒 $299.98 https://amzn.to/3DfmfLU#rfid #nfc |
|
2023-01-25 09:47:42 |
burp-rest-apiREST/JSON API to the Burp Suite security tool.https://github.com/vmware/burp-rest-api |
|
2023-01-25 09:12:05 |
ExtAnalysisBrowser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels.https://github.com/Tuhinshubhra/ExtAnalysis |
|
2023-01-25 09:12:00 |
robots-txt-parser pycollect robots.txt endpoint for allowed and disallowed endpoints from a list of subdomainshttps://github.com/smackerdodi/robots-txt-parser.py |
|
2023-01-24 15:18:00 |
Hackng Articles — Cyber MindmapThis repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them.https://github.com/Ignitetechnologies/Mindmap |
|
2023-01-24 11:14:00 |
wstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.https://github.com/OWASP/wstg |
|
2023-01-24 09:24:00 |
WD 5TB My Passport Portable Hard DriveThe My Passport™ drive is trusted, portable storage that gives you the confidence and freedom to drive forward in life. With a new, stylish design that fits in the palm of your hand, there’s space to store, organize, and share your photos, videos, music, and documents.The My Passport™ drive’s built-in 256-bit AES hardware encryption with password protection helps keep your digital life's contents secure. Just activate password protection and set your own personalized password using WD Discovery™.Buy online: 🛒 -21% $117.99 https://amzn.to/3WGTuyIWD 5TB My Passport for Mac:🛒 -22% $124.99 https://amzn.to/3R1oGqY#usb #hdd #encryption |
|
2023-01-24 09:12:00 |
AzBeltStandalone DLL and sliver extension for enumerating Azure related credentials, primarily on AAD joined machines.https://github.com/daddycocoaman/AzBelt |
|
2023-01-23 16:55:11 |
SQLi-Hunter-v2SQLi Hunter v2 is a python program that checks for SQL (and Blind) injection vulnerability in URL's. The program is designed to be easy to use, practical and beneficial. The intention of this tool is to include it in your ethical Bug Bounty Hunting methodology. Please do not use this tool on any website without having its permission.https://github.com/3a7/SQLi-Hunter-v2 |
|
2023-01-23 16:52:45 |
CVE-2021-20294-POCA flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack BoF, OOB write of arbitrary data supplied by the attacker.https://github.com/tin-z/CVE-2021-20294-POC#cve #poc |
|
2023-01-23 16:49:45 |
Inline-Execute-PEInline-Execute-PE is a suite of Beacon Object Files (BOF's) and an accompanying Aggressor script for #CobaltStrike that enables Operators to load unmanaged Windows executables into Beacon memory and execute them, retrieving the output and rendering it in the Beacon console.https://github.com/Octoberfest7/Inline-Execute-PE#redteam |
|
2023-01-23 11:14:00 |
PhoneSploit ProPhoneSploit with Metasploit Integration.An All-In-One hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.https://github.com/azeemidrisi/phonesploit-pro |
|
2023-01-23 09:13:00 |
BLintBLint is a Binary Linter to check the security properties, and capabilities in your executables. It is powered by lief.https://github.com/AppThreat/blint |
|
2023-01-23 09:12:00 |
PopeyeA Kubernetes Cluster SanitizerPopeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what's deployed and not what's sitting on disk. By scanning your cluster, it detects misconfigurations and helps you to ensure that best practices are in place, thus preventing future headaches.https://github.com/derailed/popeye |
|
2023-01-22 15:19:00 |
About Cloud ScoutCloud Scout is a plugin which works on top of BloodHound, leveraging its visualization capabilities in order to visualize cross platform attack paths.https://github.com/SygniaLabs/security-cloud-scout |
|
2023-01-22 15:18:00 |
shosubgoSmall tool to Grab subdomains using Shodan api.https://github.com/incogbyte/shosubgo |
|
2023-01-22 11:14:05 |
CredsSome usefull Scripts and Executables for Pentest & ForensicsMost Scripts/Executables are Windows / Domain specific.https://github.com/S3cur3Th1sSh1t/Creds |
|
2023-01-22 11:14:00 |
AerleonGenerate firewall configs for multiple firewall platforms from a single platform-agnostic configuration language through a command line tool and Python API.Aerleon is a fork of Capirca with the following enhancements 👇https://github.com/aerleon/aerleon |
|
2023-01-22 09:12:07 |
CVE-2023-0179 PoCThis repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 5.5 to 6.2-rc3, although the exploit was tested on 6.1.6.https://github.com/TurtleARM/CVE-2023-0179-PoC#cve #poc |
|
2023-01-22 09:12:00 |
APCLdrPayload Loader With Evasion Features.https://github.com/NUL0x4C/APCLdr |
|
2023-01-21 15:18:00 |
pdtmProjectDiscovery's Open Source Tool ManagerA simple and easy-to-use golang based tool for managing open source projects from ProjectDiscovery.https://github.com/projectdiscovery/pdtm |
|
2023-01-21 11:14:00 |
PTAAgentDumpA tool for checking malicious use of stolen pass-through authentication (PTA) agent certificates. The tool shows how many active certificates exists per agent.https://github.com/secureworks/PTAAgentDump |
|
2023-01-21 09:12:00 |
LogonTracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log.https://github.com/JPCERTCC/LogonTracerDemo:https://www.youtube.com/watch?v=aX-vTd7-moY |
|
2023-01-20 09:12:00 |
Gold DiggerGold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.https://github.com/ustayready/golddigger |
|
2023-01-20 07:53:37 |
CVE-2022-47966POC for CVE-2022-47966 affecting multiple ManageEngine products👇https://github.com/horizon3ai/CVE-2022-47966Nuclei templates:https://github.com/projectdiscovery/nuclei-templates/pull/6564/files |
|
2023-01-17 11:15:00 |
gmailc2A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions.C2 Feature:▫️ Persistence (type persist)▫️ Shell Access ▫️ System Info (type info)▫️ More Features Will Be AddedFeatures:▫️ FUD Ratio 0/40▫️ Bypass Any EDR's Solutions▫️ Bypass Any Network Restrictions▫️ Commands Are Being Sent in Base64 And Decoded on server side▫️ No More Tcp Shitshttps://github.com/machine1337/gmailc2 |
|
2023-01-17 11:14:00 |
Hunting-Queries-Detection-RulesDefender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules |
|
2023-01-17 10:11:58 |
EvilCrow KeyloggerEvil Crow Keylogger is a physical keylogger device for professionals and cybersecurity enthusiasts. This WiFi keylogger with Micro SD slot, based on the Atmega32U4 microcontroller and the ESP32-PICO module.Repository:https://github.com/joelsernamoreno/EvilCrow-KeyloggerBuy online: 🛒 https://ali.ski/Xf5tcE#USB #wifi |
|
2023-01-17 09:13:00 |
OffensivePipelineOfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the resulting binary and generate a shellcode.https://github.com/Aetsu/OffensivePipeline#dotnet #obfuscate #inject #bypass #av |
|
2023-01-17 09:12:00 |
Windows LPE PoCshttps://github.com/dbgsymbol/windows_lpe_pocs |
|
2023-01-16 11:14:00 |
Automation_Bug_HuntingSome Bug Hunting automation Basic scripts using python (LFI, Error SQLI, Blind SSRF, SSTI, Open Redirect, OS Command Injection).https://github.com/Mostafa-Elguerdawi/Automation_Bug_Hunting |
|
2023-01-16 09:12:00 |
tau-researchThe project will serve as a central repository for VMware Threat Analysis Unit (TAU) to share threat intelligence with the security community, such as threat indicators of compromises (IoCs) and the corresponding scripts/tools TAU developed to extract the IoCs. The IoCs are typically used/discussed in TAU's published research papers such as repo…https://github.com/vmware-samples/tau-research |
|
2023-01-15 09:12:00 |
WriteupsDifferent hacking Platforms writeups!!https://github.com/a-fai1ur3/Writeups |
|
2023-01-14 15:19:00 |
cheatsheetsCollection of knowledge about information security.https://github.com/r1cksec/cheatsheets#cybersecurity #infosec |
|
2023-01-14 15:18:00 |
PowerShell-Deobfuscation-ExerciseAn exercise to practice deobfuscating PowerShell Scripts.https://github.com/trevormiller6/PowerShell-Deobfuscation-Exercise |
|
2023-01-14 11:15:00 |
CVE-2022-46169Exploit to CVE-2022-46169 vulnerability on Cacti 1.2.19https://github.com/Anthonyc3rb3ru5/CVE-2022-46169#cve #exploit |
|
2023-01-14 11:14:05 |
asta-decryptThis is a simple script that implements the decryption routine for the encrypted final stage used by the Astaroth/Guildma malware family.Astaroth uses an AutoIT script with an embedded DLL that writes the final payload to disk as db.temp and injects it into a hollow process.https://github.com/dodo-sec/asta-decrypt.py |
|
2023-01-14 11:14:00 |
anti_RoyalPoweshell tool to check for partially encrypted files with various techniques and sandbox them for analysis.https://github.com/shadowdevnotreal/anti_Royal |
|
2023-01-14 09:12:00 |
CVE-2022-28944EMCO Software Multiple Products Unauthenticated Update Remote Code Execution Vulnerability.https://github.com/gerr-re/cve-2022-28944 |
|
2023-01-13 15:18:00 |
code-inspectorJava code inspector for web vulnerability scan.https://github.com/4ra1n/code-inspector |
|
2023-01-13 11:14:00 |
T95-H616-Malware"Pre-Owned" malware in ROM on T95 Android TV Boxhttps://github.com/DesktopECHO/T95-H616-Malware |
|
2023-01-13 10:45:51 |
SUDO_KILLERA tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.https://github.com/TH3xACE/SUDO_KILLER#linux #sudo |
|
2023-01-13 10:04:34 |
Alfa AWUS036ACHMThis adapter looks like a basic everday wifi adapter but it is not! I have tested many adapters and this adapter has the longest range of any modern dual band adapter that I have tested. If you need long range or an adapter that can run 24/7/365 and never miss a beat, this adapter is worth a look. Don't buy it for speed as it is a AC600 adapter, but if looking for range, great AP mode support, great monitor mode support and reliability, take a look.My opinion is that this adapter is the single best adapter available for use with Kali Linux or other distros used for pen testing and security analysis. Compared to the Alfa AWUS036ACH, the Alfa AWUS036ACHM has better range, costs less and is supported with in-kernel drivers making it the better choice for Linux users. It comes with the required USB2 cable and a clip that allows you to mount the adapter in various locations. Overall, the Alfa AWUS036ACHM is a solid performer. Highly recommended.Buy online: 🛒 https://amzn.to/3W9BkW3#alfa #wifi #adapter |
|
2023-01-13 09:13:00 |
WPAxFuzzA full-featured open-source Wi-Fi fuzzerhttps://github.com/efchatz/WPAxFuzz |
|
2023-01-13 09:12:00 |
stackplzThis work on eBPF for reversing on Android. https://github.com/SeeFlowerX/stackplz |
|
2023-01-12 15:18:00 |
sast-scanScan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application, and infrastructure code in a single fast scan without the need for any remote server. Scan is purpose built for workflow integration with nifty features such as automatic build breaker, results baseline and PR summary comments. Scan products are open-source under a GNUhttps://github.com/ShiftLeftSecurity/sast-scan |
|
2023-01-12 11:14:00 |
slitherSlither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.https://github.com/crytic/slither |
|
2023-01-12 09:13:00 |
nuclearpondNuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.▫️ Output results to your terminal, as json, or to an S3▫️ Specify threads and parallel invocations in any desired number of batches▫️ Specify any Nuclei arguments just like you would locally▫️ Specify a single host or from a file▫️ Run the http server to take scans from the API▫️ Run the http server to the status of the scans▫️ Query findings through Athena for searchinghttps://github.com/DevSecOpsDocs/nuclearpond |
|
2023-01-12 09:12:00 |
BinwalkBinwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.https://github.com/ReFirmLabs/binwalk |
|
2023-01-11 15:19:00 |
Secret HandshakeA prototype malware C2 channel using x509 certificates over mTLSI always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication in the x509 cert. After searching for something like this in the wild for 5 years I finally decided to just code it myself to see if it's possible...it ishttps://github.com/jconwell/secret_handshake#malware |
|
2023-01-11 15:18:00 |
Python parser for #Cobalt Strike stagersUse parse_stager_config.py to search a file for Cobalt Strike stager shellcode. If shellcode is found, it will be extracted in JSON format.https://github.com/stairwell-inc/cobalt-strike-stager-parser |
|
2023-01-11 11:14:36 |
HackGit pinned «Flipper Zero Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you…» |
|
2023-01-11 11:14:00 |
Black-ToolInstall the tools and start hacking Attackinghttps://github.com/mrprogrammer2938/Black-Tool |
|
2023-01-11 10:38:56 |
Flipper ZeroFlipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.Buy online: 🛒 https://amzn.to/3Qyw6la#rfid #nfc |
|
2023-01-11 09:12:00 |
SEMA ToolChain using Symbolic Execution for Malware Analysis.https://github.com/csvl/SEMA-ToolChain |
|
2023-01-10 15:18:00 |
CoffLoaderIt's just un implementation of in-house CoffLoader supporting #CobaltStrike standard BOF and BSS initialized variables.Look at the main.c file to change the BOF and its parameters. CobalStrike handles the BOF parameter in a special way, the Arg structure is here to pass parameters easier.https://github.com/OtterHacker/CoffLoader |
|
2023-01-10 11:15:00 |
UEFI Firmware ParserThe UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials.https://github.com/theopolis/uefi-firmware-parser |
|
2023-01-10 11:14:00 |
Chrome V8 RCE CVE-2021-38003https://github.com/SpiralBL0CK/Chrome-V8-RCE-CVE-2021-38003#cve #RCE |
|
2023-01-10 09:17:01 |
OffGrid USB Data BlockerThe USB Data Blocker grants devices immunity from viruses or invasion when used to connect to untrusted USB ports. This handy tech accessory blocks unpermitted data transfer to ensure that a device’s information is not stolen by outsiders. The USB connector also boasts lightning-fast charging capabilities. Use the USB Data Blocker to plug into any port in full faith that your device and data are safe from nonconsensual surveillance.This small converter plays a big role in data protection when on the go. A USB Data Blocker liberates individuals from fear and avoidance of unknown power sources so they can plug in whenever and wherever.Buy online: 🛒 7$ https://amzn.to/3k8N1is#usb #security |
|
2023-01-10 09:13:00 |
REST-AttackerAutomated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and report generation - with minimal configuration effort. Additionally, REST-Attacker is designed to be flexible and extensible with support for both large-scale testing and fine-grained analysis.https://github.com/RUB-NDS/REST-Attacker |
|
2023-01-10 09:12:00 |
confusedTool to check for dependency confusion vulnerabilities in multiple package management systemshttps://github.com/visma-prodsec/confused |
|
2023-01-09 15:18:00 |
Brute_PupA web-hunting tool with bruteforce capabilities, and hooked into GoWitness.Bruteforce multiple petabytes of potential sites and subdirectories, then check every combination for existence, and if it exists go take a picture! This usage is a bit extreme, but this is certainly a cool and functional apparatus for dirbusting/bruteforcing/OSINT.https://github.com/7RIXx/Toolbelt/tree/main/Brute_Pup |
|
2023-01-09 11:14:00 |
ModSecurity BackdoorThis is a proof-of-concept of malicious software running inside of ModSecurity WAF.https://github.com/azurit/modsecurity-backdoor |
|
2023-01-09 11:11:35 |
COOKAn overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.https://github.com/glitchedgitz/cook |
|
2023-01-09 11:06:19 |
cth_wordlistsEach pentester has to build his own wordlists...https://github.com/sorokinpf/cth_wordlists |
|
2023-01-09 10:22:45 |
Microsoft Exchange: OWASSRF + TabShell (CVE-2022-41076)The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103eDetails:https://blog.viettelcybersecurity.com/tabshell-owassrf/#owa #ssrf #tabshell #poc |
|
2023-01-09 09:12:06 |
all InfoSec news - SourcesA list of online news & info sources in the InfoSec/Cybersecurity space with their website + RSS feed. This is an extract of all the sources aggregated from on the allinfosecnews.com website.https://github.com/foorilla/allinfosecnews_sources |
|
2023-01-09 09:12:05 |
AmsiBypassHookManagedAPIA new AMSI Bypass technique using .NET ALI Call Hooking.https://github.com/pracsec/AmsiBypassHookManagedAPI |
|
2023-01-09 09:12:00 |
brc4Unpack Brute Ratel (BRC4) stager and extract config also tries to find the rc4 key in case of encrypted confighttps://github.com/matthw/malware_analysis/tree/main/brc4 |
|
2023-01-07 15:18:00 |
ThothAutomate recon for red team assessments.Thoth is a very modular tool that automates the execution of tools during a reconnaissance assessment. Using multithreading, several tools are executed simultaneously. The use of different modules can be adapted on the fly by using module names or risk level as a filter.https://github.com/r1cksec/thoth |
|
2023-01-07 11:14:00 |
TLS PoisonA tool that allows for generic SSRF via TLS, as well as CSRF via image tags in most browsers. The goals are similar to SNI injection, but this new method uses inherent behaviors of TLS, instead of depending upon bugs in a particular implementation.https://github.com/jmdx/TLS-poison |
|
2023-01-07 09:13:00 |
ccatCloud Container Attack Tool (CCAT) is a tool for testing security of container environments.https://github.com/RhinoSecurityLabs/ccat#redteam #hackers |
|
2023-01-07 09:12:00 |
NTLMReconidentify commonly accessible NTLM authentication endpointsA tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints.https://github.com/praetorian-inc/NTLMRecon |
|
2023-01-06 15:18:00 |
Nessus2HostA program written in Go that takes a #Nessus XML file and extracts the hosts in IP:PORT format.https://github.com/MantisSTS/Nessus2Host |
|
2023-01-06 11:14:05 |
reverse_engineering_toolsVarious code samples and useful tips and tricks from reverse engineering and malware analysis fields.https://github.com/alexey-kleymenov/reverse_engineering_tools |
|
2023-01-06 11:14:00 |
Network Information Hiding and Network Steganography 101A free online class on network information hiding/steganography/covert channels that I teach at the FernUniversität in Hagen, Germany, and HS Worms, Germany.https://github.com/cdpxe/Network-Covert-Channels-A-University-level-Course |
|
2023-01-06 10:11:18 |
zsyscallThis is my implementation of the Hell's Gate VX technique.The main difference with the original implementation is the use of the zsyscall procedure instead of HellsGate and HellDescent for using syscalls.https://gitlab.com/Zer1t0/zsyscall |
|
2023-01-06 09:30:09 |
ALFA AWUS036ACSCompact dual-band WiFi USB adapter that works according to 802.11ac and features data rates of up to 600Mbps. The AWUS036ACS WiFi USB adapter supports all common standards (IEEE 802.11a/b/g/n/ac) and is fully backwards compatible with the older WiFi standards.AWUS036ACS is the cheapest USB Wireless Adapter available in the market which supports dual-band 2.4 and 5Ghz. It supports both monitor mode and packet injection mode.Buy online: 🛒 https://amzn.to/3VPBVvN#adapter #wifi #alfa |
|
2023-01-06 09:12:05 |
System Programming RoadmapA roadmap to teach myself compiler dev, malware #reverse engineering, exploitation and kernel dev fundamentalshttps://github.com/ujjwal-kr/system-programming-roadmap |
|
2023-01-06 09:12:00 |
#Nuclei template generator for #WordPress pluginshttps://github.com/ricardomaia/nuclei-template-generator-for-wordpress-pluginsTOP 200 WordPress Plugins Detection:https://github.com/projectdiscovery/nuclei-templates/pull/6202 |
|
2023-01-05 15:19:00 |
VerSprite Security Researchhttps://github.com/VerSprite/research |
|
2023-01-05 15:18:00 |
sub-scoutA simple bash script to automate your inital #recon and extend your attack surface using popular tools made by infosec community.https://github.com/0xAkashsky/sub-scout |
|
2023-01-05 11:15:00 |
XSSFireA standalone Blind XSS Script.https://github.com/SeifElsallamy/XSSFire |
|
2023-01-05 11:14:00 |
HellsHall Another Way To Fetch Clean Syscallshttps://github.com/Maldev-Academy/HellHall |
|
2023-01-05 10:13:28 |
Bluefruit LE SnifferThis Bluefruit LE Friend is programmed with a special firmware image that turns it into an easy to use Bluetooth Low Energy sniffer. You can passively capture data exchanges between two BLE devices, pushing the data into Wireshark, the open source network analysis tool, where you can visualize things on a packet level, with useful descriptors to help you make sense of the values without having to crack open the 2000 page Bluetooth 4.0 Core Specification every time.Plug it into your development machine, fire up the special sniffer bridge SW, select the device you want to sniff, and it will fire up Wireshark for you and start pushing data in via a live stream (using Nordic's Windows software), or save to a pcap file that you can analyze with Wireshark later.The sniffer firmware cannot be used with the the Nordic DFU bootloader firmware, which means that if you want to reprogram this devices you must use a J-Link + SWD adapter! You cannot over-the-air reprogram it.Buy online:🛒 https://amzn.to/3Z7sjiZ🛒 https://bit.ly/3SulFzw#bluetooth |
|
2023-01-05 09:32:36 |
PassTheCertSometimes, Domain Controllers do not support PKINIT. This can be because their certificates do not have the Smart Card Logon EKU. However, several protocols, including LDAP, support Schannel, thus authentication through TLS. We created a small Proof-of-Concept tool that allows authenticating against an LDAP/S server with a certificate to perform different attack actions.More information in the accompanying blog post.https://github.com/AlmondOffSec/PassTheCert |
|
2023-01-05 09:12:05 |
CVE-2022-46164Basic POC exploit for CVE-2022-46164https://github.com/stephenbradshaw/CVE-2022-46164-poc |
|
2023-01-05 09:12:00 |
RedLineStealerAn analysis of the famous info stealer RedLinehttps://github.com/amr-git-dot/RedLineStealer |
|
2023-01-04 15:18:00 |
vxsigAutomatically generate AV byte signatures from sets of similar binaries.https://github.com/google/vxsig |
|
2023-01-04 11:15:00 |
Power Me UpThis is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not be responsible for your actions. Also this reverse shell currently is not detected by Windows Defender. If you want to use this make sure to detup a Digital Ocean VPS and have the script connect back there or your C2. Happy Hacking!https://github.com/ItsCyberAli/PowerMeUp |
|
2023-01-04 11:14:00 |
LearingMaterialsThis is a repository of training materials and interesting reads for everything related to Malware Analysis.https://github.com/lasq88/LearingMaterials/blob/main/MalwareAnalysis.md |
|
2023-01-04 10:30:17 |
VAULTCARD The most advanced RFID protection for your wallet. With contactless card payments growing in popularity, our personal data is increasingly at risk of interception by fraudsters. VAULTCARD™ is a credit-card-sized tool, which can be placed inside a wallet to block electromagnetic signals – guaranteeing protection against RFID theft, while still enabling the use of contactless payments.Buy online: 🛒 https://amzn.to/3ifjaEf#rfid #card |
|
2023-01-04 09:13:00 |
owasp-mastgThe Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).https://github.com/OWASP/owasp-mastg |
|
2023-01-04 09:12:00 |
PhishimA phishing tool which reduces configuration time and bypasses most types of MFA by running a chrome tab on the server that the user unknowingly interacts with.https://github.com/jackmichalak/phishim |
|
2023-01-03 15:18:00 |
Invoke-Retractor Build a Seatbelt executable containing only commands you specify.https://github.com/Wra7h/PowerShell-Scripts |
|
2023-01-03 11:14:00 |
Open-CyKG An Open Cyber Threat Intelligence Knowledge GraphOpen-CyKG is a framework that is constructed using an attention-based neural Open Information Extraction (OIE) model to extract valuable cyber threat information from unstructured Advanced Persistent Threat (APT) reports. More specifically, we first identify relevant entities by developing a neural cybersecurity Named Entity Recognizer (NER) that aids in labeling relation triples generated by the OIE model. Afterwards, the extracted structured data is canonicalized to build the KG by employing fusion techniques using word embeddings.https://github.com/IS5882/Open-CyKG |
|
2023-01-03 09:12:00 |
Dockle Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start.https://github.com/goodwithtech/dockle |
|
2023-01-02 15:19:00 |
KENZERAutomated web assets enumeration & scanning.▫️ Subdomain Enumeration using Subfinder, Amass, CerteX, TLSX, DNSX, NXScan, & ShuffleDNS▫️ Port Enumeration using NXScan (Shodan, Netlas, Naabu & Nmap)▫️ Web Enumeration using HttpX, Favinizer, Domlock, Gau, GoSpider, URLhunter & Waymore▫️ Web Vulnerability Scanning using Jaeles, Wapiti, ZAP, Nuclei, Rescro & DalFox▫️ Backup Files Scanning using Fuzzuli▫️ Git Repository Enumeration & Scanning using RepoHunt & Trufflehog▫️ Web Screenshot Identification using Shottie & Perceptic▫️ WAF Detection & Avoidance using WafW00f & Nuclei▫️ Reputation Scoring using DomREP (GreyNoise, URLHaus, PhishTank)▫️ Every task can be distributed over multiple machineshttps://github.com/ARPSyndicate/kenzer |
|
2023-01-02 12:22:29 |
HackGit pinned «Crypto Bot Use only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly. @CryptoBot» |
|
2023-01-02 12:22:23 |
Rust - ReflectiveLoader64#mimikatz and #metasploit payloads are working nicelyhttps://github.com/winsecurity/Offensive-Rust/tree/main/peloader64/src |
|
2023-01-02 12:21:58 |
Crypto BotUse only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly.@CryptoBot |
|
2023-01-02 11:20:32 |
DimorfDimorf is a #ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´shttps://github.com/Ort0x36/Dimorf |
|
2023-01-02 11:14:00 |
WDBFontOverwriteProof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.https://github.com/ginsudev/WDBFontOverwrite#cve #ios |
|
2023-01-02 10:29:16 |
Evil Crow RF V2Evil Crow RF V2 is a radiofrequency hacking device for pentest and Red Team operations, this device operates in the following radiofrequency bands:▫️ 300Mhz-348Mhz▫️ 387Mhz-464Mhz▫️ 779Mhz-928Mhz▫️ 2.4GHzEvil Crow RF V2 has two CC1101 radiofrequency modules, these modules can be configured to transmit or receive on different frequencies at the same time. Additionally, Evil Crow RF V2 has a NRF24L01 module for other attacks.Evil Crow RF V2 allows the following attacks:▫️ Signal receiver▫️ Signal transmitter▫️ Replay attack▫️ URH parse▫️ MousejackingRepository:https://github.com/joelsernamoreno/EvilCrowRF-V2Buy online:🛒 https://amzn.to/3jzPRMS🛒 https://ali.ski/WNHHSN#radio #rf |
|
2023-01-02 09:12:39 |
jenkins-strike#Cobalt Strike profile generator using Jenkins to automate the heavy lifting.https://github.com/RomanRII/jenkins-strike |
|
2023-01-02 09:12:00 |
security-toolsA very opinionated list of security tools.https://github.com/mttaggart/security-tools |
|
2022-12-31 19:04:53 |
Happy New Year!!! 🥂 🍾 🍻 🍷May the new year bless you with health, wealth, and happiness. ❤️ ❤️ ❤️You can leave your gifts here :) 🤭 🎁 |
|
2022-12-31 11:14:00 |
fwallowerAnalyze Windows Firewall outbound blocks and selectively allow traffichttps://github.com/scriptjunkie/fwallower |
|
2022-12-31 09:12:00 |
Log4Shell-Scanner-ExploitBash script to identify the #Log4j CVE-2021-44228 vulnerability remotely.https://github.com/julian911015/Log4j-Scanner-Exploit |
|
2022-12-30 11:14:05 |
scriptkiddi3Streamline your recon and vulnerability detection process with SCRIPTKIDDI3, A recon and initial vulnerability detection tool built using shell script and open source tools.https://github.com/thecyberneh/scriptkiddi3 |
|
2022-12-30 11:14:00 |
#WireGuard #ESP32WireGuard implementation for ESP32 Arduinohttps://github.com/ciniml/WireGuard-ESP32-Arduino |
|
2022-12-30 09:14:47 |
HackGit pinned «Some of our posts will appear exclusively on Twitter» |
|
2022-12-30 09:13:00 |
DNS Analysis ServerTools to assess #DNS security.https://github.com/The-Login/DNS-Analysis-Server |
|
2022-12-30 09:12:00 |
Penetration Testing Study NotesThis repo contains all my penetration testing study notes, penetration testing tools, scripts, techniques, tricks and also many scripts that I found them useful from all over the internet.https://github.com/wwong99/pentest-notes |
|
2022-12-30 09:09:35 |
Some of our posts will appear exclusively on Twitter |
|
2022-12-29 18:39:51 |
Happy New Year!In the New Year, never forget to thank your past years because they enabled you to reach today! Without the stairs of the past, you cannot arrive at the future!Mehmet Murat Ildan |
|
2022-12-29 15:19:00 |
TinyArgParserTinyArgParser is a command processing program, it has less than 300 lines of code, it supports command line parameter processing and help generation.https://github.com/BeichenDream/SharpTinyArgParser |
|
2022-12-29 15:18:00 |
HackVaultThis is a container repository for my defensive/offensive hacks.https://github.com/0xSobky/HackVault |
|
2022-12-29 11:15:00 |
paA simple #password manager. encryption via age, written in portable posix shell.https://github.com/biox/pa |
|
2022-12-29 11:14:00 |
Moneta A live usermode memory analysis tool for Windows with the capability to detect malware IOCs.https://github.com/forrest-orr/moneta |
|
2022-12-29 09:13:00 |
ASRenumCobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations.https://github.com/mlcsec/ASRenum-BOF#cobalt #bof |
|
2022-12-29 09:12:00 |
Burp Extension - IpLoggerIpLogger is a basic Burp Extension that will make a request to https://api.ipify.org every time Burp is opened and will store the IP and date in iplogger.json.https://github.com/bsysop/IpLogger |
|
2022-12-28 15:18:00 |
Security ExplainedSecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under SecurityExplained series:▫️ Tweets explaining interesting security stuff▫️ Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks▫️ Security Discussion Spaces/Meets▫️ Monthly Mindmap/Mindmap based explainers for different attacks/techniques▫️ My Pentesting Methodology Breakdown▫️ Giveaways and Community Engagement▫️ GitHub Repository to Maintain "SecurityExplained"▫️ Public & Free to Access▫️ Newsletterhttps://github.com/harsh-bothra/SecurityExplained |
|
2022-12-28 11:14:00 |
HENloWebKit+Kernel #exploit chain for all PS Vita firmwareshttps://github.com/TheOfficialFloW/HENlo |
|
2022-12-28 09:33:35 |
Steganography ToolkitThis project is a Docker image useful for solving Steganography challenges as those you can find at #CTF platforms like hackthebox.eu. The image comes pre-installed with many popular tools (see list below) and several screening scripts you can use check simple things (for instance, run check_jpg.sh image.jpg to get a report for a JPG file).https://github.com/DominicBreuker/stego-toolkit |
|
2022-12-28 09:21:34 |
Imaginary C2Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware.Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.By using this tool, an analyst can feed the malware consistent network responses (e.g. C&C instructions for the malware to execute). Additionally, the analyst can capture and inspect HTTP requests towards a domain/IP which is off-line at the time of the analysis.https://github.com/felixweyne/imaginaryC2 |
|
2022-12-27 11:15:00 |
WordlistsReal-world infosec wordlists, updated regularlyThese wordlists are based on the source code of the CMSes/servers/frameworks listed here. The current wordlists include:▫️ Wordpress▫️ Joomla▫️ Drupal▫️ Magento▫️ Ghost▫️ Tomcathttps://github.com/trickest/wordlists |
|
2022-12-27 11:14:00 |
S T E R R AA unique SOCMINT tool to get informations on an instagram account from its following | followershttps://github.com/novitae/sterraxcyl |
|
2022-12-27 09:25:00 |
pypykatzModified version of Pypykatz to print encrypted credentials.https://github.com/ly4k/PypykatzDetails:https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22 |
|
2022-12-27 09:13:00 |
PassTheChallengeRecovering NTLM hashes from Credential Guard. Read more about the techniques here.https://github.com/ly4k/PassTheChallenge |
|
2022-12-27 09:12:00 |
Exploit-For-CVE-2022-36067This repo contains payload for the CVE-2022-36067https://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067 |
|
2022-12-27 08:28:33 |
CJMCU BadUSB with MicroSDThis is one of the last developments related to rubberducky or badusb devices. This device is based on the ATMEGA32U4 microprocessor which is able to emulate many USB modes like HID, used for injecting key presses to the target system.The main processor is based on Arduino Leonardo R3 development board and the improvement is that a microSD card slot is included to allow storing many different payloads. The microSD card has to be FAT32 formatted in order to be recognized.Repository:https://github.com/asciiterminal/CJMCU_ATMEGA32U4_BADUSBBuy online:🛒 https://amzn.to/3jy7pZK🛒 https://ali.ski/R8vW3#usb #badusb #atmega32u4 |
|
2022-12-27 07:06:03 |
Awesome Incident ResponseA curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.Digital Forensics and Incident Response (DFIR) teams are groups of people in an organization responsible for managing the response to a security incident, including gathering evidence of the incident, remediating its effects, and implementing controls to prevent the incident from recurring in the future. https://github.com/Correia-jpv/fucking-awesome-incident-response |
|
2022-12-27 06:59:39 |
Bug Bounty Dorks List of Google Dorks to search for companies that have a responsible disclosure program or bug bounty program which are not affiliated with known bug bounty platforms such as HackerOne or Bugcrowd. https://github.com/sushiwushi/bug-bounty… |
|
2022-12-27 06:59:02 |
Bug Bounty DorksList of Google Dorks to search for companies that have a responsible disclosure program or bug bounty program which are not affiliated with known bug bounty platforms such as HackerOne or Bugcrowd.https://github.com/sushiwushi/bug-bounty-dorks |
|
2022-12-26 15:18:00 |
APT_REPORTInteresting apt report & sample & malware & technology & intellegence collectionhttps://github.com/blackorbird/APT_REPORT |
|
2022-12-26 14:44:18 |
HackGit pinned «Crypto Bot Use only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly. @CryptoBot» |
|
2022-12-26 14:44:14 |
Crypto BotUse only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly.@CryptoBot |
|
2022-12-26 11:14:00 |
Sample vulnerable RepoJust a sample REST api to test with ShiftLeft. Don't deploy this in production.Some technologies used:▫️ TypeScript▫️ Koa▫️ aws-sdk v2 and v3 (DynamoDB, S3, SES)https://github.com/HooliCorp/vulnerable-aws-koa-app |
|
2022-12-26 10:07:21 |
rp++A fast ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries. https://github.com/0vercl0k/rp |
|
2022-12-26 09:12:07 |
SpoolSploitA collection of Windows print spooler exploits containerized with other utilities for practical exploitation.https://github.com/BeetleChunks/SpoolSploit |
|
2022-12-26 09:12:00 |
ASKJoeAskJoe is a tool that utilizes ChatGPT to assist researchers wanting to use Ghidra as their malware analysis tool. With its capabilities, ChatGPT highly simplifys the practice of reverse engineering, allowing researchers to better detect and mitigate threats.https://github.com/securityjoes/ThreatResearch |
|
2022-12-25 09:13:00 |
Network ScannerUniversal Network Scanner is a multi-brand ultra-fast network discovery tool based on multicast and broadcast discovery. This network discovery scanner is implemented based on a flexible framework to ease implementation of any vanilla discovery IP protocol such as SSDP/UPnP, mDNS, proprietary discovery protocols, etc.https://github.com/julienblitte/UniversalScanner |
|
2022-12-25 09:12:00 |
Mail Log ManipulationExploit script to get RCE by using LFI and Mail log poisoninghttps://github.com/Ananthavijay/Mail-log-Manipulation |
|
2022-12-25 08:51:07 |
dnscrypt-proxy A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). ▫️ dnscrypt-proxy documentation ← Start here ▫️ DNSCrypt project home page ▫️ Discussions… |
|
2022-12-25 08:50:46 |
dnscrypt-proxyA flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).▫️ dnscrypt-proxy documentation ← Start here▫️ DNSCrypt project home page▫️ Discussions▫️ DNS-over-HTTPS and DNSCrypt resolvers▫️ Server and client implementations▫️ DNS stamps▫️ FAQhttps://github.com/DNSCrypt/dnscrypt-proxy#DNS #privacy |
|
2022-12-25 08:50:42 |
WiFi Pineapple Mark VII by Hak5The Hak5 WiFi Pineapple is a highly advanced WiFi auditing and MITM platform. The original "RougeAP" device - the WiFi Pineapple provides an end-to-end workflow to bring WiFi clients from their trusted network to your rouge network.Hak5's latest generation V7 brings sees updates in three key area: performance, management tools and framework upgrades.The PineAP suite is a cross-platform control panel for the WiFi Pineapple devices, providing fine-grained control over all elements of your audit.The elegance of the WiFi Pineapple Platform is in its simplicity. Previously onerous, inefficient and prone to collateral damage - WiFi Auditing and Offensive Operations are now highly targeted, covert and very simple.Advanced mitm attacks: Perfectly mimicks target networks, allowing for seamless client capture via the highly targeted deAuth mechanisms. Once captured, all standard network vectors are available: DNSSpoofing, Packet Capture, etc.Wifi reconnaissance: Covertly discover, visualise and map WiFi networks and client hierarchies. Build lists of existing networks, and even client historical SSID connections. Continuously scan, add notes, filter clients, networks, logs and more.Automated wifi infiltration: Capture and pipe WiFi Encryption credentials in pcap / hashcat or JTR formats. WEP, WPA & WPA Enterprise.Highly targeted, highly covert: Keep your "Get Out of Jail Free" letter firmly in your pocket. The PineAP suite allows for fine-grained, highly targeted actions, ensuring no detection and no collateral damage.Buy online: 🛒 https://amzn.to/3Wpnpfo🛒 https://ali.ski/_jqbke#wifi #network |
|
2022-12-25 07:54:23 |
bloodyADbloodyAD is an Active Directory privilege escalation swiss army knifeThis tool can perform specific LDAP/SAMR calls to a domain controller in order to perform #AD privesc.bloodyAD supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket or certificates and binds to LDAP services of a domain controller to perform AD privesc.It is designed to be used transparently with a SOCKS proxy.https://github.com/CravateRouge/bloodyAD |
|
2022-12-24 11:14:00 |
Hardened mallocThis is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independent arenas, with the internal locking within arenas further divided up per size class.https://github.com/GrapheneOS/hardened_malloc |
|
2022-12-24 09:13:00 |
CredzCheckrTesting default web credentials.https://github.com/c0dejump/CredzCheckr |
|
2022-12-24 09:12:00 |
DC3-MWCPDC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names. A parser module is usually created per malware family. DC3-MWCP is designed to help ensure consistency in parser function and output, ease parser development, and facilitate parser sharing. DC3-MWCP supports both analyst directed analysis and large-scale automated execution, utilizing either the native python API, a REST API, or a provided command line tool. DC3-MWCP is authored by the Defense Cyber Crime Center (DC3).https://github.com/dod-cyber-crime-center/DC3-MWCP |
|
2022-12-23 09:13:00 |
Cairo-FuzzerCairo Smart Contract FuzzerA tool designed for smart contract developers to test the security. It can be used as an independent tool or as a library.▫️ Run cairo contract▫️ Run cairo contract with hints implemented in cairo-rs▫️ Replayer of fuzzing corpus▫️ Minimizer of fuzzing corpus▫️ Load old corpus▫️ Handle multiple arguments▫️ Load a folder of inputs/crashes files▫️ CLI▫️ Run Cairo-fuzzer using a config file instead of CLI▫️ Workspace architecturehttps://github.com/FuzzingLabs/cairo-fuzzer |
|
2022-12-23 09:12:00 |
gitSome#OSINT tool to extract email addresses and other useful info from various GitHub sources.▫️ Provide a user account to extract emails from associated repos▫️ Provide an org account to extract emails from associated repos▫️ Provide a domain to extract related emails from public commits, issues, and other sourceshttps://github.com/chm0dx/gitSome |
|
2022-12-22 15:18:01 |
SquarePhishSquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.https://github.com/secureworks/squarephish |
|
2022-12-22 15:18:00 |
Copilot, for your terminalA CLI tool that generates shell scripts from a human readable description.https://github.com/m1guelpf/plz-cli |
|
2022-12-22 11:14:05 |
Golden NuggetsBurp Suite Extension to easily create Wordlists based off URI, URI Parameters and Single Words (Minus the Domain)https://github.com/GainSec/GoldenNuggets-1 |
|
2022-12-22 11:14:00 |
Dolos JShttps://github.com/fkasler/dolosjs |
|
2022-12-22 09:12:00 |
BlinsideBlindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory. This will result in a clean and unhooked ntdll which then could be copied to our process and unhook the original ntdll.https://github.com/CymulateResearch/Blindside |
|
2022-12-21 15:19:00 |
hackGPTOpenAI and #ChatGPT to do hackerish things by NoDataFoundhttps://github.com/NoDataFound/hackGPT |
|
2022-12-21 15:18:00 |
PHPGGC A library of unserialize() payloads along with a tool to generate them, from command line or programmatically. https://github.com/ambionics/phpggc |
|
2022-12-21 12:24:48 |
USB NinjaUSB Ninja is an information security and penetration testing tool that looks and functions just like a regular USB cable (both power and data) until a wireless remote control triggers it to deliver your choice of attack payload to the host machine. In essence, USB Ninja is the next step in the evolution of BadUSB, embedding the attack in the USB cable itself.Emulating keyboard and mouse actions, payloads can be completely customized and can be highly targeted. Undetectable by firewalls, AV software (depending on payload of course) or visual inspection, the USB Ninja is an ideal tool for penetration testers, police and government.Wireless trigger device for the USB Ninja. Can trigger two different payloads via toggle buttons. Accepts RP-SMA antennas if you want greater distances for remote payload triggering. Documentation:https://usbninja.com/help/Buy online:🛒 Cable https://ali.ski/IjDEv4🛒 Bluetooth Remote https://ali.ski/aVNHh#usb #badusb #cable |
|
2022-12-21 11:14:00 |
CloudmareCloudmare is a simple tool to find the origin servers of websites protected by Cloudflare, Sucuri, or Incapsula with a misconfiguration DNS.https://github.com/mrh0wl/Cloudmare |
|
2022-12-21 09:12:00 |
MSI DumpA tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.▫️ Quickly determine whether file is suspicious or not.▫️ List all MSI tables as well as dump specific records▫️ Extract Binary data, all files from CABs, scripts from CustomActions▫️ scan all inner data and records with YARA rules▫️ Uses file/MIME type deduction to determine inner data typehttps://github.com/mgeeky/msidump |
|
2022-12-21 07:10:00 |
VultrieverVulnerability scoring with NmapA small tool that allows you to convert to Excel and JSON formats the results of using the #Nmap scanner in conjunction with the built-in Vulners snap-in. It was created to automate the process of inventory of open ports and running network services on the server and scoring of existing vulnerabilities determined based on the versions of the software used. Implemented the use of Vultriever from the terminal and as an imported module in native Python scripts.In the process, Vultriever collects and provides the following information about the server in a structured form:▫️ Server IP address▫️ Network port number▫️ Network port status▫️ Protocol used by the network port▫️ Network service operating on the network port and its version▫️ Vulnerability CVE-identifier▫️ Vulnerability rating▫️ URL-link to the description of the vulnerability on the platform Vulners.comhttps://github.com/MalwareHunters/vultriever |
|
2022-12-20 15:18:00 |
Overlord – Red Teaming AutomationOverlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloud provider of choice. Currently supports AWS and Digital Ocean. The tool is still under development and it was inspired and uses the Red-Baron Terraform implementation found on Github.https://github.com/qsecure-labs/overlordA demo infrastructure was set up in our blog post: https://qsecure.com.cy/resources/publications/overlord/.For the full documentation of the tool visit the Wiki tab at: https://github.com/qsecure-labs/overlord/wiki. |
|
2022-12-20 15:17:00 |
axiomAxiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security.https://github.com/pry0cc/axiom |
|
2022-12-20 14:17:00 |
SEH HelperA Binary Ninja helper for exploring structured exception handlers in PEs.https://github.com/EliseZeroTwo/SEH-Helper |
|
2022-12-20 12:15:00 |
URLClassLoader hot jar swappingThe following example code shows the ability to hot jar swap an already loaded JAR-file and get code execution by abusing the fact that inner classes still access the JAR file when invoked, as long as the inode does not change.https://github.com/fransr/hot-jar-swapping-urlclassloader |
|
2022-12-20 11:18:35 |
blockchain hacker toolkitthe resources in this repository are from my own research, which is intermittent and boundless. therefore, no guarantees, no promises; use it at your own risk.https://github.com/go-outside-labs/blockchain-hacking |
|
2022-12-20 11:15:00 |
subrutSubrut is the super fast tool for brute forcing subdomains. From arg2u with.https://github.com/arg2u/subrut |
|
2022-12-20 11:14:00 |
IHKEY RansomwareIHKEY is a complete #Ransomware project built while I was learning about malwares For encryption I used AES for encrypt files and RSA for encrypt the Private key along with IV The Ransomware demonstrate how hackers can built there own Ransomware for encrypt files on windows systemshttps://github.com/moe-ih/IHkey |
|
2022-12-20 09:49:00 |
OwlyshieldAn AI antivirus written in RustOwlyshield is an open-source AI-driven #antivirus engine written in Rust. Static analysis as performed by AV is only able to detect known threats, explaining why hackers are adapting so quickly and ransom attacks surging. We provide an embedded behavioural analysis AI that is able to detect and kill ransomwares in their very early execution.https://github.com/SitinCloud/Owlyshield |
|
2022-12-20 09:39:47 |
If you like what we do support us! 🥷https://www.buymeacoffee.com/HackGitTON: UQAAZ1BFX5OsybSryoFunzyJN3F7oKWMbZNPlwMTcVK8mEzABTC: 1987zNaVX53v7tzpKRRde84uXbDYjuNykL |
|
2022-12-20 09:23:13 |
BBSSRF Bug Bounty SSRF is a powerful tool to check SSRF OOB connection.The testing field must contain "BBSSRF" and this tool will automatically change it to dynamically generated payloads.▫️ Generating dynamic payloads▫️ Testing Single URL▫️ Testing URLs list▫️ Testing request file▫️ STDIN input supported▫️ Threading requests▫️ Intercept request using proxyhttps://github.com/z3dc0ps/BBSSRF |
|
2022-12-20 08:29:25 |
clifclif is a command-line interface (CLI) application fuzzer, pretty much what wfuzz or ffuf are for web. It was inspired by sudo vulnerability CVE-2021-3156 and the fact that for some reasons, Google's afl-fuzz doesn't allow for unlimited argument or option specification.https://github.com/0x4ndy/clif |
|
2022-12-20 08:27:42 |
ninja_shell v2.1Secure shell using port Knocking technique with AES256-GCM.https://github.com/CoolerVoid/ninja_shellPort knocking from the scratch:https://antonio-cooler.gitbook.io/coolervoid-tavern/port-knocking-from-the-scratch |
|
2022-12-19 15:18:00 |
SOLDRSOLDR is an Endpoint Detection and Response system which consists of centralised management part with extensive Web UI and Agents being installed on endpoint systems. SOLDR allows you not only to configure security policies but also write your own modules and make detection of the comprehensive security events as well as do almost instant response on the security alarms.https://github.com/vxcontrol/soldr |
|
2022-12-19 12:20:45 |
powershell-obfuscationA simple and effective powershell obfuscaiton tool bypass Anti-Virus.https://github.com/H4de5-7/powershell-obfuscation |
|
2022-12-19 12:14:43 |
NFC KillThe world's only RFID fuzzing tool.While the NFCKill is tuned to cover the most common Low and High Frequencies of RFID: 125KHz - 13.56MHz. Likewise, it is able to inductively couple with most devices that contain an form of coil.▫️ Securely disable RFID badges. ▫️ Test and harden RFID hardware▫️ Audit access control failure modes▫️ Test and reduce the attack surface for pen-test customers▫️ Single Discharge Mode (Standard + Professional Versions)▫️ Continuous Discharge Mode (Professional Version only)Buy online: 🛒 https://ali.ski/xffYk#RFID |
|
2022-12-19 08:11:00 |
VenomVenom is a C++ library that is meant to give an alternative way to communicate, instead of creating a socket that could be traced back to the process, it creates a new "hidden" (there is no window shown) detached edge process (edge was chosen because it is a browser that is installed on every Windows 10+ and won't raise suspicious) and stealing one of its sockets to perform the network operations.The benefit of creating a detached browser process is that there is no danger that it will be closed accidentally by the user and the sockets exist but not communicating with any site, therefore avoiding possible collisions.https://github.com/Idov31/Venom |
|
2022-12-18 11:14:00 |
octosuiteA framework fro gathering osint on GitHub users, repositories and organizationshttps://github.com/bellingcat/octosuite |
|
2022-12-18 10:32:41 |
linux_injectorA simple ptrace-less shared library injector for x64 Linux.https://github.com/namazso/linux_injector |
|
2022-12-18 10:32:04 |
blinkblink is a virtual machine for running statically-compiled x86-64-linux programs on different operating systems and hardware architectureshttps://github.com/jart/blink |
|
2022-12-18 10:31:36 |
Packet SquirreThe Pocket Squirrel is a miniaturised man-in-the-middle multi-tool. Multiple configurable payloads. Designed to slip into target networks, it's a compact fully-featured Linux computer: that you control with the flip of a switch.Out-of-the box, the Pocket Squirrel is configured to provide fully-featured packet sniffing, DNS Spoofing, Reverse Shell / VPN, and a root shell access.Central to the Packet Squirrel is its 4-way switch: Each switch position represents a configurable mode of operation. Flick the switch and trigger a specific payload. The configurable push-button and RGB LED provides instant incognito deployment and feedback of payloads.Documentation:https://docs.hak5.org/packet-squirrel/Buy online: 🛒 https://ali.ski/OfuvV#lan #remote #network |
|
2022-12-18 09:12:00 |
MacDirtyCowDemoGet root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source.https://github.com/zhuowei/MacDirtyCowDemo |
|
2022-12-17 15:19:00 |
ShellclearThe idea behind shellclear is to provide a simple and fast way to secure you shell commands history.https://github.com/rusty-ferris-club/shellclear |
|
2022-12-17 12:15:00 |
CVE-2003-0358Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges > via a long -s command line option.https://github.com/snowcra5h/CVE-2003-0358#cve |
|
2022-12-17 11:14:00 |
SCPASophisticated cyber penetration attacks is a series of advanced techniques, notes and guidance that will help you to prepare as a hacker on your journey.https://github.com/ghostsec420/scpa |
|
2022-12-17 09:12:00 |
The RemClip projectRemClip is a C# project which permits to steal user clipboard data and send it to a remote web server under attacker control.https://github.com/Processus-Thief/RemClip |
|
2022-12-17 08:30:07 |
AzureHoundThe BloodHound data collector for Microsoft Azurehttps://github.com/BloodHoundAD/AzureHound#ad |
|
2022-12-16 17:20:00 |
Bug Bounty ScriptA BASH Script to automate the installation of the most popular bug bounty tools, the main purpose of this script is to run it on temporary/disposable virtual machines in the cloud.https://github.com/hakrishi/bug-bounty-tools |
|
2022-12-04 11:14:08 |
IKEA Vindriktning WisBlock HackThis repository holds the code to connect a WisBlock RAK4631 to an IKEA Vindriktning air quality sensor and send the aire quality data over LoRaWAN to your LNS of choice. The code also expects a Bosch BME680 sensor connected to the WisBlock using a WisBlock Environment Sensor (RAK1906).These are the components required for this hack:▫️ IKEA Vindriktning▫️ RAKwireless WisBlock Mini Base Board (RAK19003)▫️ RAKwireless nRF52840 Core (RAK4631)▫️ RAKwireless Environment Sensor (RAK1906)▫️ A JST1.0 battery connector and some wire▫️ USB Type-C cable to flash the WisBlockhttps://github.com/xoseperez/wisblock-vindriktning |
|
2022-12-04 11:14:07 |
cvedataA collection of CVE and related data. This python package is caught somewhere between a data collection tool and a CVE data API. Much more the former than the latter.https://github.com/clearbluejar/cvedata |
|
2022-12-04 11:14:00 |
CVE-2022-2650Brute Force on wger workout application v2.0https://github.com/HackinKraken/CVE-2022-2650#cve |
|
2022-12-04 09:24:13 |
HackGit pinned «Raspberry Pi 4 Model B - Miniature Hacking Station! Raspberry Pi 4 Model B was released with specs including either 1 GB, 2 GB, 4 GB, or 8 GB of memory, a Broadcom BCM2711B0 quad-core A72 SoC, a USB Type-C power supply, and dual Micro-HDMI outputs. Performance…» |
|
2022-12-04 09:24:09 |
Raspberry Pi 4 Model B - Miniature Hacking Station!Raspberry Pi 4 Model B was released with specs including either 1 GB, 2 GB, 4 GB, or 8 GB of memory, a Broadcom BCM2711B0 quad-core A72 SoC, a USB Type-C power supply, and dual Micro-HDMI outputs. Performance and hardware changes aside, the Pi 4 Model B runs Kali Linux just as well, if not better, than its predecessors. It also includes support for Wi-Fi hacking on its internal wireless card.For hackers interested in a cheap Kali Linux computer capable of hacking Wi-Fi without a separate wireless network adapter, the Pi 4 Model B is a great way to run Kali without needing a virtual machine. Thanks to the number of Wi-Fi hacking tools included in Kali Linux, the new Pi 4 Model B represents a complete Ethernet and Wi-Fi hacking kit for beginners.The reasons for using a Raspberry Pi as a hacking computer are many. Previous Raspberry Pi versions have proved that it doesn't take expensive hardware to run tools in Kali Linux. Virtual machines can behave unpredictably, especially when working with Wi-Fi hacking. Plus, it's sometimes more straightforward to run Kali on hardware rather than in a virtual machine.Another advantage to the Raspberry Pi is that it can easily be used in combination with a device like an unmodified iPhone or Android smartphone. If your smartphone supports creating a Wi-Fi hotspot, it's simple to connect the Pi to your hotspot and control it over SSH. If your smartphone can't create a hotspot, the Pi can also host its own Wi-Fi network, allowing you to join the network created by the Pi on your phone and SSH into it on the go.One of the most exciting things about using a Raspberry Pi for hacking is the add-on of the Nexmon firmware. The addition makes it possible to put the built-in Wi-Fi network adapter into monitor mode. That means it's possible to do things like grab WPA handshakes, listen in on Wi-Fi traffic, and execute attacks like WPS-Pixie without needing a separate compatible Wi-Fi network adapter.For someone interested in getting started with Wi-Fi hacking, the Raspberry Pi 4 Model B provides a Kali-supported Wi-Fi network adapter and an onboard computer capable of basic cracking and MiTM attacks in a single package. The increase in speed and power of the Pi 4 Model B make it a more capable networking device as well as a more capable computer.Hack WiFi with a Raspberry Pi and Kali Linux:https://www.youtube.com/watch?v=PqRVo2niA_8Buy online: 🛒 https://amzn.to/3XXH9Yw🛒 https://ali.ski/QMVRo#raspberrypi #kali #bord |
|
2022-12-04 09:12:00 |
PrintNotifyPotatoAnother potato, using PrintNotify COM service for lifting rightsFor Windows 10 - 11 Windows Server 2012 - 2022https://github.com/BeichenDream/PrintNotifyPotato |
|
2022-12-04 08:12:00 |
telerReal-time HTTP Intrusion Detectionteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. ❤️https://github.com/kitabisa/teler |
|
2022-12-04 08:11:00 |
SideLOADRA "simple" script to perform DLL sideloading using Python.https://github.com/Pascal-0x90/sideloadr |
|
2022-12-04 08:01:39 |
FrostByte Project that combines different defense evasion techniques to build better #redteam payloads Large blobs of shellcode like Cobalt Strike's Stageless shellcode will no longer reside on an unsigned DLL on disk, irrespective of the obfuscation /… |
|
2022-12-03 16:20:00 |
BumbleCryptA Bumblebee-inspired CrypterThe BumbleCrypt is inspired by Bumblebee's crypter, in Bumblebee's case the main Bumblebee DLL is been loaded in the memory and executed in the following way:▫️ Decrypts and writes the payload in the Heap▫️ Hooks three NtApi's - NtOpenFile, NtCreateSection and NtMapViewOfSection▫️ Calls LoadLibraryW("gdiplus.dll") which triggers the inline hooks as the above three API's are been used by LoadLibrary() to load any library.▫️ The inline hooks and LoadLibrary itself then loads the main Bumblebee DLL in place of "gdiplus.dll"▫️ At last, the control is been transferred to the exported function "SetPath" of the main Bumblebee DLLhttps://github.com/knight0x07/BumbleCrypt |
|
2022-12-03 16:19:00 |
s3-inspectorTool to check AWS S3 bucket permissions.https://github.com/clario-tech/s3-inspector |
|
2022-12-03 15:19:00 |
Pen-AndroThis Script will automate the process of installing all necessary tools & tasks for Android Pentesting i.e Moving Burpsuite Certificate, Installing Adb frida server, APKs like proxy toggle, proxydroid, adbwifi.https://github.com/raoshaab/Pen-Andro |
|
2022-12-03 15:18:00 |
AmsiHookerHookers are cooler than patches.simple eicar test sample but you know what to do with it lmao. first hooks amsi, pushes eicar through, then disables hook and does it again.https://github.com/jfmaes/AmsiHooker |
|
2022-12-03 11:15:00 |
FrigateNVR With Realtime Object Detection for IP CamerasA complete and local NVR designed for Home Assistant with AI object detection. Uses OpenCV and Tensorflow to perform realtime object detection locally for IP cameras.https://github.com/blakeblackshear/frigate |
|
2022-12-03 11:14:00 |
Pywirt Python Windows Incident Response ToolkitWith this application, it is aimed to accelerate the incident response processes by collecting information in windows operating systems via winrm.https://github.com/anil-yelken/pywirt |
|
2022-12-03 09:13:00 |
WiretapWiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.In this diagram, the client has generated and installed a WireGuard configuration file that will route traffic destined for 10.0.0.0/24 through a WireGuard interface. Wiretap is then deployed to the server with a configuration that connects to the client as a WireGuard peer. The client can then interact with resources local to the server as if on the same network.https://github.com/sandialabs/wiretap |
|
2022-12-03 09:12:05 |
BluffyBluffy is a utility which was used in experiments to bypass Anti-Virus products (statically) by formatting shellcode into realistic looking data formats.https://github.com/preemptdev/bluffyt.me/hackgit |
|
2022-12-03 09:12:00 |
Notus ScannerNotus Scanner detects vulnerable products in a system environment. The scanning method is to evaluate internal system information. It does this very fast and even detects currently inactive products because it does not need to interact with each of the products.https://github.com/greenbone/notus-scanner |
|
2022-12-03 08:56:07 |
Impacket Collection of #Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed… |
|
2022-12-03 07:10:00 |
Ethical Hacking LabsThis is a collection of tutorials and labs made for ethical hacking students, cybersecurity students, network and sys-admins. These tutorials accompany the resources of CEH content and different resources across the internet.https://github.com/Samsar4/Ethical-Hacking-Labs |
|
2022-12-02 15:19:00 |
StowawayStowaway is a Multi-hop proxy tool for security researchers and pentesters.Users can easily proxy their network traffic to intranet nodes (multi-layer),break the restrction and manipulate all the nodes that under your control XDFeatures:▫️ More user-friendly interaction, support command auto-completion/search history▫️ Obvious node topology▫️ Clear information display of nodes▫️ Active/Passive connection between nodes▫️ Support reconnection between nodes▫️ Nodes can be connected through socks5 proxy▫️ Nodes can be connected through ssh tunnel▫️ TCP/HTTP can be selected for inter-node traffic▫️ Multi-hop socks5 traffic proxy forwarding, support UDP/TCP, IPV4/IPV6▫️ Nodes can access arbitrary host via ssh▫️ Remote shell▫️ Upload/download files▫️ Port local/remote mapping▫️ Port Reuse▫️ Open/Close all the services arbitrarily▫️ Authenicate each other between nodes▫️ Traffic encryption with AES-256-GCM▫️ Compared with v1.0, the file size is reduced by 25%▫️ Multiple platforms support(Linux/Mac/Windows/MIPS/ARM)https://github.com/lz520520/Stowaway/blob/master/README_EN.md |
|
2022-12-02 15:18:01 |
Awesome On-Chain Forensic HandBookIn this article I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology: Linkhttps://github.com/OffcierCia/On-Chain-Investigations-Tools-List |
|
2022-12-02 15:18:00 |
megmeg is a tool for fetching lots of URLs but still being 'nice' to servers.It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.You get lots of results quickly, but non of the individual hosts get flooded with traffic.https://github.com/tomnomnom/meg |
|
2022-12-02 11:15:00 |
Domain HunterDomain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like Symantec Site Review (BlueCoat), IBM X-Force, and Cisco Talos. The primary tool output is a timestamped HTML table style report.Features:▫️ Retrieve specified number of recently expired and deleted domains (.com, .net, .org) from ExpiredDomains.net▫️ Note: You will need credentials from expireddomains.net for full functionality▫️ Retrieve available domains based on keyword search from ExpiredDomains.net▫️ Perform reputation checks against the Symantec WebPulse Site Review (BlueCoat), IBM x-Force, and Cisco Talos▫️ Sort results by domain age (if known) and filter for reputation▫️ Text-based table and HTML report output with links to reputation sources and Archive.org entryhttps://github.com/threatexpress/domainhunter |
|
2022-12-02 11:14:00 |
JA3 Fingerprint RepositoryJA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.https://github.com/LeargasSecurity/ja3-fingerprint-repository |
|
2022-12-02 08:12:24 |
DomainDoucheAbusing SecurityTrails domain suggestion API to find potentially related domains by keyword and brute force.https://github.com/n0kovo/DomainDouche |
|
2022-12-02 07:11:00 |
Prelude BuildPrelude Build is an easy-to-use IDE - purpose built for authoring, testing and verifying security tests for use in real environments. Our goal is to provide a consistent and repeatable way to write, verify and deploy tests for any scale.https://github.com/preludeorg/build |
|
2022-12-02 07:10:00 |
The real uncrackablesIt seems that when it comes to mobile, real good challenges are very few out there. The real objective of a challenge is to actually learn something out of it and not keep hiding flags in the assets :). In fact some of the challenges won't have flags but real solutions as they will to be based on real scenarios like: "hey, how you exploit this ?"I'll keep adding cool crackmes in this repo, so.. penterers and CTFers stay tuned....https://github.com/Ch0pin/uncrackable |
|
2022-12-01 15:19:00 |
GsecWeb Security Scanner & Exploitation.Passive Scan:▫️ Find assets with shodan▫️ RapidDNS to get subdomains▫️ Certsh to enumerate subdomains▫️ DNS enumeration▫️ Waybackurls to fetch old links▫️ Normal / Agressive ScanDomain http code:▫️ Web port scanning▫️ Server information▫️ HTTP security header scanner▫️ CMS security identifier / misconfiguration scanner▫️ Technology scanner▫️ Programming Language check▫️ Path Traversal scan▫️ Nuclei vulnerability scanninghttps://github.com/gotr00t0day/Gsec |
|
2022-12-01 15:18:00 |
End-to-End Demo with Baysehttps://github.com/BayseIntelligence/e2e_demo |
|
2022-12-01 14:01:31 |
Thank you all so much for being with us! There are already 5,000 of us! And it's already a small army :) |
|
2022-12-01 11:14:03 |
stackroxStackRox Kubernetes Security PlatformThe StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment. StackRox integrates with every stage of container lifecycle: build, deploy and runtime.The StackRox Kubernetes Security platform is built on the foundation of the product formerly known as Prevent, which itself was called Mitigate and Apollo. You may find references to these previous names in code or documentation.https://github.com/stackrox/stackrox |
|
2022-12-01 11:14:00 |
Python Pickle Malware ScannerSecurity scanner detecting Python Pickle files performing suspicious actions.https://github.com/mmaitre314/picklescan |
|
2022-12-01 10:39:57 |
Ticwatch Pro 3 UltraSmart watch with official Kali NetHunter support.What is Kali NetHunter?Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform. Now it's available for your smartwatch with some limitations.The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks.Beyond the penetration testing tools arsenal within Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, WPS attacks, and much more.NetHunter is an open-source project developed by Offensive Security and the community.Installing NetHunter On the TicWatch Pro:https://www.kali.org/docs/nethunter/installing-nethunter-on-the-ticwatch-pro/Buy online:🛒 https://amzn.to/3VmFeeB🛒 https://ali.ski/Zu0T3#watch #kali #ticwatch |
|
2022-12-01 07:36:57 |
YaraToolsThis repo houses a large set of open-source YARA signatures that have been evaluated on a set of 284,181 legitimate and malicious portable executable files. The Get-YaraMatches PowerShell script can be used to scan new files and enrich the results with additional information such as information gain and the source text for the matching signature. This gives users more information to determine if a file is legitimate or malicious.https://github.com/pracsec/YaraToolsView the documentation here: https://practicalsecurityanalytics.com/home/tools/yaratools/ |
|
2022-12-01 07:34:11 |
HiveV5 file decryptor PoCThe work done in the last few months has been necessary to reveal the malicious file encryption mechanism of Hive v5-5.2. The work was divided into two parts▫️ Keystream decryption▫️ File decryption using the decrypted keystreamhttps://github.com/reecdeep/HiveV5_file_decryptor |
|
2022-12-01 07:31:04 |
SnapFuzzA scalable fuzzing infrastructure that finds security and stability issues in software.Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz.https://github.com/google/clusterfuzzAn Efficient Fuzzing Framework for Network Applications:https://google.github.io/clusterfuzz/#trophies |
|
2022-12-01 07:21:30 |
Slash Automated doxer toolSlash supports social media search (over 180 websites) , forum search , pastebin leak search , github commit search. New will be added soon... Also slash scrapes multiple informations from important websites as : Name , Bio , Location , Website , User Info... And it extracting Phone Number - Email Adress from Bios...Slash include threading modules. It make slash faster than others. It means, it search social media,github commit,forums,pastebin in same time.https://github.com/redc86/slash |
|
2022-12-01 07:20:02 |
D4TA-HUNTER #Osint Framework for #KALIA tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking.In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees, subdomains and IP's of servers.https://github.com/micro-joan/D4TA-HUNTER |
|
2022-11-30 15:19:00 |
The PenTesters Framework (PTF)A Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As #pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.https://github.com/trustedsec/ptfFor a video tutorial on how to use PTF, check out our Vimeo page here: https://vimeo.com/137133837 |
|
2022-11-30 15:18:00 |
CVE-2022-21661POC Video | WordPress Core 5.8.2 - 'WP_Query' SQL Injection.https://github.com/APTIRAN/CVE-2022-21661#cve #poc |
|
2022-11-30 11:15:00 |
Hacktoria-CTF-WriteUpsTHE KILLER CLOWN:https://github.com/s1l1c0np1r4t3/Hacktoria-CTF-WriteUps/blob/main/Easy/TheKillerClown.mdPRISONER OF WAR:https://github.com/s1l1c0np1r4t3/Hacktoria-CTF-WriteUps/blob/main/Easy/PrisonerOfWar.mdLOST AT SEA:https://github.com/s1l1c0np1r4t3/Hacktoria-CTF-WriteUps/blob/main/Easy/LostAtSea.mdWow, that's cool.) author: @s1l1c0np1r4t3x#OSINT #RedTeam |
|
2022-11-30 11:14:00 |
Namaste!This repository contains some of the most exhaustive wordlists for enumeration, gathered from a lot of wordlists available on the Internet.https://github.com/HacktivistRO/Bug-Bounty-Wordlists |
|
2022-11-30 07:28:49 |
pycryptPython Based Crypter That Can Bypass Any Kinds Of Antivirus Productshttps://github.com/machine1337/pycrypt |
|
2022-11-30 07:20:14 |
ForgeCertForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ~45 days after the whitepaper was published.https://github.com/GhostPack/ForgeCert#ad |
|
2022-11-30 07:04:37 |
Get-InjectedThreadEx – Detecting Thread Creation Trampolines.https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolinesPowerShell detection script:https://github.com/jdu2600/Get-InjectedThreadEx |
|
2022-11-30 06:54:15 |
YApi-ExploitYApi boolean-based injection exploit.https://github.com/Anthem-whisper/YApi-Exploit#cve #exploit |
|
2022-11-30 06:50:22 |
subzufsubzuf is a subdomain brute-force fuzzer coupled with an immensly simple but effective DNS reponse-guided algorithm. It utilizes a provided set of input data, like a tailored wordlist or historical DNS/TLS records, to accurately synthesize more corresponding domain names and expand them even further in a loop based on information gathered during DNS scan. This somewhat different approach to subdomain enumeration in most cases allows to discover more subdomains with significantly reduced time and resources.In short, subzuf can be summarized by the following:▫️ Generates carefully selected candidates and uncover completely new subdomains during DNS enumeration scans▫️ Efficient multi-threaded DNS client capable of resolving thousands of domains per second▫️ Wildcard detection in two modes: filter (default, slightly slower but accurate) and reject (resource-saving)▫️ Accepts wordlist or domain names or a mix of both as input▫️ Requires essentially no configuration or fine-tuning▫️ Works right of out the box - no external dependencies or bizzare requirements▫️ Easily chainable with other toolshttps://github.com/elceef/subzuf |
|
2022-11-29 15:18:00 |
octosuiteA framework fro gathering osint on GitHub users, repositories and organizationshttps://github.com/bellingcat/octosuite#OSINT |
|
2022-11-29 11:15:00 |
PyramidPyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some Python evasion properties and looking as a legit Python application usage. https://github.com/naksyn/Pyramid |
|
2022-11-29 11:14:00 |
otpOne Time Password utilities Go / GolangOne Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, GitHub, Facebook, Salesforce and many others.The otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.https://github.com/pquerna/otp |
|
2022-11-29 09:52:27 |
Proxmark3The Proxmark3 is the swiss-army tool of RFID, allowing for interactions with the vast majority of RFID tags on a global scale. Originally built by Jonathan Westhues, the device is now the goto tool for RFID Analysis for the enthusiast. Iceman repository is considered to be the pinnacle of features and functionality, enabling a huge range of extremely useful and convenient commands and LUA scripts to automate chip identification, penetration testing, and programming.https://github.com/RfidResearchGroup/proxmark3Buy online: RDV2 🛒 https://amzn.to/3OND3hKRDV3 Easy 🛒 https://amzn.to/3GYfhNVRDV4 BlueShark 🛒 https://t.me/PentestingShop/95RDV4.01 KIT 🛒 https://ali.ski/6_p9Xk#rfid #nfc |
|
2022-11-29 06:58:31 |
WordlistsInfosec Wordlists.https://github.com/xajkep/wordlists |
|
2022-11-29 06:53:58 |
EvilTreeA standalone python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches. Created for two main reasons:▫️ While searching for secrets in files of nested directory structures, being able to visualize which files contain user provided keywords/regex patterns and where those files are located in the hierarchy of folders, provides a significant advantage.▫️ "tree" is an amazing tool for analyzing directory structures. It's really handy to have a standalone alternative of the command for post-exploitation enumeration as it is not pre-installed on every linux distro and is kind of limited on Windows (compared to the UNIX version).https://github.com/t3l3machus/eviltree |
|
2022-11-28 15:18:00 |
RansomwhereA Proof of Concept #ransomware sample that encrypts your files to test out your ransomware detection & prevention strategies. If no arguments are provided, ransomwherewill automatically execute the encrypt mode without deleting the original files.https://github.com/hazcod/ransomwhere |
|
2022-11-28 13:42:44 |
wwwtreeA utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.https://github.com/t3l3machus/wwwtreeVideo Presentation:https://www.youtube.com/watch?v=iog-eb_N0Hg |
|
2022-11-28 12:29:54 |
ServicesMain goal - let disable/stop serviceses like WinDefend, which inot easy task from "mmc services.msc" - need have 'NT SERVICE\WinDefend' AND 'NT SERVICE\TrustedInstaller' sids in token.https://github.com/rbmm/Services |
|
2022-11-28 11:20:50 |
SharkTapUSB Ethernet SnifferThe SharkTap allows you to sniff an Ethernet link without using an Ethernet port on your PC. This is ideal for newer portables without an Ethernet jack, but is also a benefit if you don’t want to switch a port between network and debugging purposes.A 'Test Access Port' allows you to see the packets on an ethernet link. Directly supports 10-, 100- or 1000Base-T links.Intended to be used with the open source Wireshark program, or equivalent.The Gen2 SharkTapUSB features 'carbon copy' copper repeater technology for minimum impact on the monitored network. The carbon copies of bi-directional data are aggregated onto a single wired or USB Test Access Port (TAP)Power-over-ethernet pass through. (For power-fail bypass, search "SharkTapBYP") 750mA current. Non-conductive plastic cover. Auto cross-over for cables.Buy online: 🛒 https://amzn.to/3VerYIQ#sniffer #lan #ethernet #usb |
|
2022-11-28 11:14:05 |
PurposeSome simple IP lists to use in firewall tools like pfBlockerNG. These lists exist elsewhere but may not be in a format that is useable for me.I primarily use these lists to block grey noise in my firewall loghttps://github.com/SilvrrGIT/IP-Lists |
|
2022-11-28 11:14:00 |
PafishPafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do.https://github.com/a0rtega/pafish |
|
2022-11-28 11:13:59 |
YARA in a nutshellYARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a. rule, consists of a set of strings and a boolean expression which determine its logic. Let's see an example:https://github.com/VirusTotal/yara |
|
2022-11-28 10:13:00 |
CVE-2022-39425Vulnerability in Oracle VM VirtualBox <6.1.40 (Core)https://github.com/bob11vrdp/CVE-2022-39425#cve #poc |
|
2022-11-28 09:23:41 |
When an N-Day turns into a 0day. (Part 1 of 2)Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers.https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md |
|
2022-11-28 09:12:00 |
stegoWiperA powerful and flexible active attack for disrupting stegomalwarehttps://github.com/mindcrypt/stegowiper |
|
2022-11-28 08:26:56 |
Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server, Starkiller.Features:▫️ Server/Client Architecture for Multiplayer Support▫️ Supports GUI & CLI Clients▫️ Fully encrypted communications▫️ HTTP/S, Malleable HTTP, OneDrive, Dropbox, and PHP Listeners▫️ Massive library (400+) of supported tools in PowerShell, C#, & Python▫️ Donut Integration for shellcode generation▫️ Modular plugin interface for custom server features▫️ Flexible module interface for adding new tools▫️ Integrated obfuscation using ConfuserEx 2 & Invoke-Obfuscation▫️ In-memory .NET assembly execution▫️ Customizable Bypasses▫️ JA3/S and JARM Evasion▫️ MITRE ATT&CK Integration▫️ Integrated Roslyn compiler (Thanks to Covenant)▫️ Docker, Kali, Ubuntu, and Debian Install Supporthttps://github.com/BC-SECURITY/Empire#best #kali |
|
2022-11-27 15:19:00 |
Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) that will help you during adversary simulation and as information intended for threat hunter can make detection and prevention control easier. The list of tools below that could be potentially misused by threat actors such as APT and Human-Operated Ransomware (HumOR). If you want to contribute to this list send me a pull request.https://github.com/infosecn1nja/Red-Teaming-Toolkit |
|
2022-11-27 15:18:00 |
Dynamic RPC proxyProxy requests to different Ethereum RPC servers and optionally alter the request.https://github.com/shark0der/rpc-proxy |
|
2022-11-27 12:15:01 |
Cobalt Strike Community KitCobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be challenging to locate. Community Kit is a central repository of extensions written by the user community to extend the capabilities of Cobalt Strike. The Cobalt Strike team acts as the curator and provides this kit to showcase this fantastic work.https://github.com/Cobalt-Strike/community_kit#cobalt |
|
2022-11-27 11:15:00 |
Dismap Asset discovery and identification toolDismap positioning is an asset discovery and identification tool. It can quickly identify protocols and fingerprint information such as web/tcp/udp, locate asset types, and is suitable for internal and external networks. It assists red team personnel to quickly locate potential risk asset information, and assist blue team personnel to detect Suspected Fragile Assetshttps://github.com/zhzyker/dismap |
|
2022-11-27 11:14:00 |
Linux ForensicsEverything related to Linux #Forensicshttps://github.com/ashemery/LinuxForensics |
|
2022-11-27 09:51:16 |
PSEditEdit PowerShell scripts directly in your terminal.▫️ IntelliSense▫️ Syntax Higlighting▫️ Format on Save▫️ Script Execution▫️ Error View▫️ Syntax Error Viewhttps://github.com/ironmansoftware/pseditt.me/hackgit |
|
2022-11-27 08:36:57 |
HeliosHelios is a fully trustless, efficient, and portable Ethereum light client written in Rust.Helios converts an untrusted centralized RPC endpoint into a safe unmanipulable local RPC for its users. It syncs in seconds, requires no storage, and is lightweight enough to run on mobile devices.The entire size of Helios's binary is 13Mb and should be easy to compile into WebAssembly. This makes it a perfect target to embed directly inside wallets and dapps.https://github.com/a16z/helios |
|
2022-11-27 08:23:24 |
minikerberosKerberos manipulation library in pure Python.https://github.com/skelsec/minikerberosThis is the public repository of minikerberos, for latest version and updates please consider supporting us through https://porchetta.industries/ |
|
2022-11-27 07:51:58 |
MistbornA secure platform for easily standing up and managing your own cloud services: including firewall, ad-blocking, and multi-factor WireGuard VPN access.https://gitlab.com/cyber5k/mistborn#cybersecurity #vpn |
|
2022-11-26 15:19:00 |
inject-assemblyExecute .NET in an Existing ProcessThis tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly.There are two components of inject-assembly:1. BOF initializer: A small program responsible for injecting the assembly loader into a remote process with any arguments passed. It uses BeaconInjectProcess to perform the injection, meaning this behavior can be customized in a Malleable C2 profile or with process injection BOFs (as of version 4.5).2. PIC assembly loader: The bulk of the project. The loader will initialize the .NET runtime, load the provided assembly, and execute the assembly. The loader will create a new AppDomain in the target process so that the loaded assembly can be totally unloaded when execution is complete.Communication between the remote process and Beacon occurs through a named pipe. The Aggressor script generates a pipe name and then passes it to the BOF initializer.https://github.com/kyleavery/inject-assembly |
|
2022-11-26 15:18:00 |
LOLBASLiving Off The Land Binaries and ScriptsThe goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.https://github.com/LOLBAS-Project/LOLBASDetails:https://lolbas-project.github.io/ |
|
2022-11-26 11:14:00 |
QuickSand Version 2QuickSand Python Package and Command Line ToolQuickSand is a Python-based analysis framework to analyze suspected malware documents to identify exploits in streams of different encodings or compressions. QuickSand supports documents, PDFs, Mime/Email, Postscript and other common formats. A built-in command line tool can process a single document or directory of documents.QuickSand scans within the decoded streams of documents and PDFs using Yara signatures to identify exploits or high risk active content.https://github.com/tylabs/quicksand |
|
2022-11-26 10:16:35 |
shotlooterShotlooter tool is developed to find sensitive data inside the screenshots which are uploaded to https://prnt.sc/ (via the LightShot software) by applying OCR and image processing methods.https://github.com/utkusen/shotlooter |
|