Hackgit

Posts

Date Content Media
2023-03-23 20:24:00
​​SecretOpt1c A #RedTeam tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!https://github.com/blackhatethicalhacking/SecretOpt1c#cybersecurity #infosec #pentesting
2023-03-23 20:23:00
​​Fofa_ViewerFofa Viewer is a user-friendly FOFA client written in JavaFX, attributed to the WgpSec Community and primarily maintained by f1ashine. By leveraging the powerful internet search engine FoFa, it encapsulates many commonly used APIs into a concise UI, making it easier for cybersecurity professionals to hunt for vulnerabilities on target websites. With its out-of-the-box functionality, Fofa Viewer streamlines the search process, helping penetration testers quickly obtain the information they need.https://github.com/wgpsec/fofa_viewer/blob/master/README.en.md#cybersecurity #infosec
2023-03-23 16:20:00
​​wildcrawlBash script that crawls a target URL to get a better image of what is tied to a website.https://github.com/NeverWonderLand/wildcrawl#bugbounty #pentesting
2023-03-23 16:19:00
​​SpoofyA program that checks if a list of domains can be spoofed based on SPF and DMARC records.https://github.com/MattKeeley/Spoofy#bugbounty #pentesting
2023-03-23 12:15:00
​​Dependency-CheckOWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.https://github.com/jeremylong/DependencyCheck#cybersecurity #infosec
2023-03-23 08:26:10
​​LeakySAB-PoCPoC of 'LeakySAB' a vulnerability allowing extraction of usenet provider password from a SABnzbd instance.https://github.com/rlaphoenix/LeakySAB-PoC#cybersecurity #infosec
2023-03-23 08:00:18
​​NidhoggA multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file with simple usage, you can see an example here.Nidhogg can work on any version of x64 Windows 10 and Windows 11.https://github.com/Idov31/Nidhogg#pentesting #redteam #cybersecurity #infosec
2023-03-22 20:23:00
​​CrassusCrassus Windows privilege escalation discovery tool.https://github.com/vu-ls/Crassus#pentesting #redteam #cybersecurity #infosec
2023-03-22 18:23:14
​​WFNWindows Firewall #Notifier extends the default #Windows embedded #firewall by allowing to handle and notify about outgoing connections, offers real time connections monitoring, connections map, bandwidth usage monitoring and more...https://github.com/wokhan/WFN
2023-03-22 16:19:00
​​rdi-rsRusty Reflective DLL Injection - A small reflective loader in Rust 4KB in size.https://github.com/memN0ps/rdi-rs#pentesting #redteam
2023-03-22 12:15:00
​​AWS Customer Security IncidentsSecurity is an exercise in managing risk. Reviewing the common root causes of security incidents is an effective way to guide prioritized remediation efforts.https://github.com/ramimac/aws-customer-security-incidents#cybersecurity #infosec
2023-03-22 11:31:18
​​#DevOps GuideDevelopment to Production all configurations with basic notes to debug efficiently.https://github.com/Tikam02/DevOps-Guide
2023-03-22 09:24:16
EqualNetA Secure and Practical Defense for Long-term Network Topology Obfuscationhttps://github.com/Abduarraheem/Mimic-EqualNet#cybersecurity #infosec
2023-03-21 20:24:00
​​ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.https://github.com/lgandx/Responder#cybersecurity #infosec #pentesting #redteam
2023-03-21 20:23:00
​​(ISC)2 Certified in CybersecurityThe content in this repo is based on the self-paced course called Certified in #Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity.In this entry-level cybersecurity certification, the domains included are: Security Principles, Business Continuity, Disaster Recovery & Incident Response Concepts, Access Controls Concepts, Network Security and Security Operations.https://github.com/cyberfascinate/ISC2-CC-Study-Material
2023-03-21 16:20:00
​​Elevate-System-Trusted-BOFThis BOF can be used to elevate the current beacon to SYSTEM and obtain the TrustedInstaller group privilege. The impersonation is done through the SetThreadToken API.https://github.com/Mr-Un1k0d3r/Elevate-System-Trusted-BOF#cybersecurity #infosec #pentesting #redteam
2023-03-21 16:19:00
​​CEH-Exam-QuestionsPlanning To Take Certified Ethical Hacker (CEH)? Here are github repo with 125 questions and answers to help you prep for the test.https://github.com/ryh04x/CEH-Exam-Questions#cybersecurity #infosec
2023-03-21 12:16:00
​​pyThreadlessInjectA python port of CCob's ThreadlessInject, because why should C# have all the fun?!https://github.com/rkbennett/pyThreadlessInject#cybersecurity #infosec #redteam
2023-03-21 12:15:00
​​bootdoor An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot.https://github.com/realoriginal/bootdoor#cybersecurity #infosec #redteam
2023-03-21 08:08:53
#Malware and #Reverse Engineering Complete Collection.https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering
2023-03-20 18:57:29
​​Black Angel RootkitBlack Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.https://github.com/XaFF-XaFF/Black-Angel-Rootkit#pentesting #redteam
2023-03-20 18:56:39
​​Parallels Desktop VM EscapeThis repository contains an exploit for a Parallels Desktop vulnerability which has been assigned CVE-2023-27326. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop.The exploit was tested on Parallels Desktop version 18.0.0 (53049), and the vulnerability was patched in the 18.1.1 (53328) security update.https://github.com/Impalabs/CVE-2023-27326Details:https://blog.impalabs.com/2303_advisory_parallels-desktop_toolgate.html#cve #exploit #cybersecurity #infosec
2023-03-20 12:15:00
​​Windows Atom Table HijackingPrivilege Escalation in Windows 7/8/10 through Atom Table Hijacking.https://github.com/SleepTheGod/Windows-Atom-Table-Hijacking
2023-03-19 19:22:00
​​Nuclei Wordfence CVEhttps://github.com/topscoder/nuclei-wordfence-cve#cybersecurity #infosec #cve #pentesting
2023-03-19 15:19:00
​​BeEFBeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.https://github.com/beefproject/beefWebsite:https://beefproject.com/#kali #pentesting #redteam #best
2023-03-19 15:18:00
​​Authentication Token Obtain and Replace ExtenderThe plugin is created to help automated scanning using Burp in the following scenarios:▫️ Access/Refresh token▫️ Token replacement in XML,JSON body▫️ Token replacement in cookies▫️ The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become tricky and do not work in scenarios where the replacement text is either JSON, XML.https://github.com/portswigger/ator
2023-03-19 11:14:08
​​imgdevilQuick and dirty proof-of-concept to hide shells in images.https://github.com/nyxgeek/imgdevilShells in Plain Sight - Storing Payloads in the Cloud:https://www.trustedsec.com/blog/shells-in-plain-sight-storing-payloads-in-the-cloud#cybersecurity #infosec #pentesting #redteam
2023-03-19 11:14:00
​​Dark Web ArchivesAll public/Privately leaked Dark Web Marketplace (DNM) Scripts, Source codes and information.https://github.com/D4RK-R4BB1T/Dark-Web-Archives
2023-03-18 20:23:00
​​Awesome Cyber SkillsA curated list of hacking environments where you can train your cyber skills legally and safely.https://github.com/joe-shenouda/awesome-cyber-skills#cybersecurity #infosec
2023-03-18 19:22:00
​​ldrLdr is an unsuccesful attempt at a Rust BOF/COFF loader. It works for the simplest of object files, but crashes every time. The beacon functions themselves have also not been implemented well.https://github.com/yamakadi/ldr#redteam
2023-03-18 18:21:00
​​All about bug bountyThese are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!https://github.com/daffainfo/AllAboutBugBounty#bugbounty #pentesting #infosec
2023-03-18 17:20:00
​​Sirius ScanSirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for #cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Scan intends to leverage.https://github.com/SiriusScan/Sirius#infosec #pentesting #redteam
2023-03-18 17:19:00
​​CVE-2023-0861Analyzing and reproducing the command injection vulnerability in Netmodule routers.https://github.com/seifallahhomrani1/CVE-2023-0861-POC#cve #poc
2023-03-18 11:29:06
​​GPT_Vuln-analyzerUses #ChatGPT API and Python-Nmap module to use the GPT3 model to create vulnerability reports based on #Nmap scan data.https://github.com/morpheuslord/GPT_Vuln-analyzer#cybersecurity #infosec
2023-03-18 11:28:59
​​Kebidu Remote Control \ DuplicatorThe Kebidu Duplicator is a versatile device that can clone a variety of remote control IC modules for garage doors, motorcycles, car alarms, and more. It has a working voltage of DC12V and operates at a frequency of 433MHz, with an emission distance of 50 to 100 meters. The device can delete existing codes and easily clone original remotes, making it simple to use. It comes with a metal and plastic construction and weighs only 50g, making it portable and convenient to use on the go.Buy online: 🛒 $1.21 https://alii.pub/6n9fhf🛒 https://amzn.to/40fbG4z#remote #RF
2023-03-18 11:22:54
​​wifi_dbScript to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes (in 22000 hashcat format), MGT identities, interesting relations between APs, clients and it's Probes, WPS information and a global view of all the APs seen.https://github.com/r4ulcl/wifi_db#cybersecurity #infosec #pentesting
2023-03-18 11:14:00
​​Signature-BaseSignature-Base is the YARA signature and IOC database for our scanners LOKI and THOR Litehttps://github.com/Neo23x0/signature-base#cybersecurity #infosec
2023-03-18 09:30:46
None
2023-03-18 09:12:00
​​WinSpoofThis PoC code demostrate how TpAllocWork, TpPostWork and TpReleaseWork can be used to execute machine code, the code start a image file by calling:👇 https://github.com/mobdk/WinSpoof#cybersecurity #infosec
2023-03-18 07:46:26
Let's reach the 9,000-subscriber milestone together - please share our posts with your friends! 🥰
2023-03-17 18:26:47
​​Bypass PaywallsA web browser #extension to help #bypass paywalls for selected sites.https://github.com/iamadamdev/bypass-paywalls-chrome
2023-03-17 16:19:00
​​CVE-2023-0179This repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 5.5 to 6.2-rc3, although the exploit was tested on 6.1.6.https://github.com/H4K6/CVE-2023-0179-PoC#cve #poc #exploit
2023-03-17 11:14:00
​​BinwalkA fast, easy to use tool for analyzing, #reverse engineering, and extracting firmware images.https://github.com/ReFirmLabs/binwalk
2023-03-17 10:22:19
​​CVE-2023-27842eXtplorer 2.1.15 - Insecure Permissions following RCE (Authenticated)https://github.com/tristao-marinho/CVE-2023-27842#cve #poc #RCE
2023-03-17 10:19:48
​​CVE-2023-23396Microsoft Excel DoS Vulnerability→ Here you can download the exploit.→ Here you can read my report.→ Here you can buy me a unicorn 🦄https://github.com/LucaBarile/CVE-2023-23396#cve #poc #exploit
2023-03-17 10:15:10
​​CVE-2023-27587ReadtoMyShoe - Generation of Error Message Containing Sensitive Information.https://github.com/sec-fx/CVE-2023-27587-PoCnuclei-template:https://github.com/sec-fx/CVE-2023-27587-PoC/tree/main/nuclei-templates/cves/2023#cve #poc
2023-03-16 15:19:00
​​HashtopolisA #Hashcat wrapper for distributed hashcracking.https://github.com/hashtopolis/server#redteam
2023-03-16 15:18:00
​​CVE-2023-23752#Joomla unauthorized access to webservice endpoints.https://github.com/Jenderal92/Joomla-CVE-2023-23752#pentesting #redteam
2023-03-16 12:15:00
​​GoblobA lightweight and fast enumeration tool designed to aid in the discovery of sensitive information exposed publicy in Azure blobs, which can be useful for various research purposes such as vulnerability assessments, penetration testing, and reconnaissance.https://github.com/Macmod/goblob#pentesting #bugbounty
2023-03-16 11:14:00
​​IPv4Fuscation-EncryptedC++ IPv4Fuscation technique to execute XOR #encrypted #shellcode stored in IP address format to help reduce entopy and detections on the typical hex/base64/other encoding techniques that are frequently used.https://github.com/wsummerhill/IPv4Fuscation-Encrypted
2023-03-16 10:10:15
​​WiFi Devboard for Flipper ZeroThe WiFi Devboard for Flipper Zero is a specialized board based on ESP32-S2, designed specifically for the Flipper Zero hacking device. This devboard enables advanced in-circuit debugging via USB or Wi-Fi using the Black Magic Probe open source project. It also allows for Wi-Fi penetration testing and connectivity to the internet, which is not provided by the module itself and must be implemented separately.Buy online: 🛒 https://amzn.to/3LmmSrZ#board #flipperzero #ESP32 #wifi
2023-03-16 09:15:01
​​PS2A port scanner written purely in PowerShell.https://github.com/nccgroup/PS2#pentesting #redteam
2023-03-16 09:13:00
​​BountyTricksSharing #BugBounty tips and tricks with the community including but not limited to automation, one liners and useful thoughts.https://github.com/NagliNagli/Shockwave-OSS#pentesting
2023-03-16 09:12:00
​​Container Security ChecklistChecklist for container security devsecops practices.https://github.com/krol3/container-security-checklist#kubernetes #docker #security #cheatsheet #blueteam
2023-03-15 12:15:00
​​Chaos ClientGo client to communicate with Chaos DB API.https://github.com/projectdiscovery/chaos-client#bugbounty
2023-03-15 10:13:00
​​PetitPotatoLocal privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)https://github.com/wh0amitz/PetitPotato#pentesting #redteam
2023-03-14 16:19:00
​​ScanAndroidXMLThis tool analyzes #Android app to find vulnerabilities in👇▫️ AndroidManifest.xml▫️ network_security_config.xml▫️ Firebase URLs from strings.xml.https://github.com/satishpatnayak/ScanAndroidXML#cybersecurity #infosec
2023-03-14 12:34:37
#Pentesting MindMaps▫️ AD penetration testing.▫️ Privilege escalation.▫️ Web penetration.https://github.com/eMVee-NL/MindMap#redteam
2023-03-14 11:30:31
​​List of Awesome macOS Red Teaming Resources.As more and more companies begin to adopt macOS as a daily office solution, we often encounter macOS operating system during our Pentest/Red Teaming process. How to #hacking #macOS, how to achieve Persistence under macOS, and using this as a starting point Lateral Movement to DC is a topic worth research.This list is for anyone who wants to learn about Red Teaming for macOS but has no starting point. 👇https://github.com/tonghuaroot/Awesome-macOS-Red-Teaming#redteam
2023-03-14 11:22:15
​​Bus PirateThe Bus Pirate is an open-source hacker multi-tool designed to interface with electronic devices, featuring protocols such as SPI, I2C, and 1-Wire, etc. It is capable of programming and analyzing low-end microcontrollers and features a range of additional functionalities, such as frequency measurement, pull-up resistors, and a logic analyzer. Developed by Dangerous Prototypes, based on a PIC24 MCU, and communicates with a host computer through USB. With its range of features and capabilities, the Bus Pirate is a useful tool for debugging, prototyping, and analyzing microcontrollers and other ICs.Repository:https://github.com/BusPirate/Bus_PirateBuy online: 🛒 v4.0 https://alii.pub/6n4jce🛒v3.6a https://amzn.to/3mOK87M#board #sniffer #dump
2023-03-14 09:12:00
​​Juicy Info Extraction Nuclei TemplatesNuclei templates for extracting juicy info from web pages.https://github.com/cipher387/juicyinfo-nuclei-templates#infosec #infosecurity #bugbounty
2023-03-13 15:18:05
​​JoelGMSecCollection of my talks and workshops about #hacking & #cybersecurity.https://github.com/JoelGMSec/MyTalks
2023-03-13 15:18:00
​​Red Team PlaygroundThe Red Team Playground is a #Dockerized vulnerable testing lab for learning and practicing #RedTeam concepts.Docker network containing many vulnerable targets for practicing Red Teaming concepts (initial access, priv esc, persistence, lateral, C2, evasion, etc).https://github.com/minispooner/red-team-playground
2023-03-13 11:15:00
​​OwnListCompilation of recent hacking-focused, #infosec related writeups, tools, etc.https://github.com/thelikes/ownlist#cybersecurity
2023-03-13 11:14:00
​​level_up! : Web3 Security WarGameslevel_up! is a smartcontracts challenge platform where users can register with their wallet and perform different challenges oriented to their security. In each challenge the corresponding Solidity code can be found for analysis.level_up! is based on the idea that the best way to improve smart contract security is through active participation. By motivating users to work in such an easy way to find security flaws, we hope to improve good programming practices within smart contracts.https://github.com/Telefonica/level_up
2023-03-13 09:12:00
​​PyShellPyShell is Multiplatform #Python #WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating system of the server.https://github.com/JoelGMSec/PyShell
2023-03-13 08:46:42
​​PS5 4.03 Kernel Exploit This repo contains an experimental WebKit ROP implementation of a PS5 kernel exploit based on TheFlow's IPV6 Use-After-Free (UAF), which was reported on HackerOne. The exploit strategy is for the most part based on TheFlow's BSD/PS4…
2023-03-13 07:12:33
​​DevSecOps 🔱Collection and #Roadmap for everyone who wants #DevSecOps. Hope your #DevOps are more safe 😎https://github.com/hahwul/DevSecOps
2023-03-12 11:15:00
​​Crawlector A threat hunting framework designed for scanning websites for malicious objects.https://github.com/MFMokbel/Crawlector#cybersecurity #bugbounty
2023-03-12 11:14:00
​​ChatGPT Prompts for Bug BountyA list of ChatGPT Prompts for Web Application Security, Bug Bounty, and Pentesting.https://github.com/TakSec/chatgpt-prompts-bug-bounty
2023-03-12 09:12:00
​​Cyber MindmapThis repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them.https://github.com/Ignitetechnologies/Mindmap#cybersecurity #infosec #pentesting #redteam
2023-03-11 15:18:00
​​WebGoat 8 A deliberately insecure web application maintained by OWASP designed to teach web application security lessons.https://github.com/WebGoat/WebGoat#pentesting #cybersecurity #infosec
2023-03-11 11:15:00
​​Awesome Pentest Tools CollectionThe tools listed below are commonly used in penetration testing, and the tool catalog is referenced from Kali Tools, most of which are open source software. https://github.com/arch3rPro/PentestTools#cybersecurity #infosec #pentesting #bugbounty #redteam
2023-03-11 11:14:00
​​nuclei templateshttps://github.com/DoubleTakes/nuclei-templates#bugbounty
2023-03-11 09:19:49
​​iOS Internals & Security TestingiOS is Apple's proprietary operating system that runs on the iPhone, iPod Touch and iPad. A lot of components are specific to #iOS. Here are key features of the iOS hardware and software security architecture and guide how to test your applications.https://github.com/vadim-a-yegorov/iOS-Internals-and-Security-Testing#cybersecurity #infosec
2023-03-11 09:19:47
​​Kingston IronKey Vault Privacy 80 External SSDThe IronKey™ External SSD is a user-friendly, hardware-encrypted external drive that protects data with touch screen technology. It safeguards against Brute Force attacks and #BadUSB with digitally-signed firmware and FIPS 197 certified XTS-AES 256-bit encryption. The device allows for multi-password protection with numeric PIN or passphrase modes and is ideal for on-the-go use. Buy online: 🛒 https://amzn.to/3FhjMS3#ssd #encrypted #security
2023-03-11 09:13:00
​​SWS-Recon A Python Tool designed to performed Reconnaissance on the given target website- Domain or SubDomain. SWS-Recon collects information such as Google Dork, DNS Information, Sub Domains, PortScan, Subdomain takeovers, Reconnaissance On Github and much more vulnerability scan.https://github.com/ShobhitMishra-bot/SWS-Recon-Tool#pentesting #bugbounty
2023-03-11 09:12:00
​​Penetration-Testing-ToolsA collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.https://github.com/mgeeky/Penetration-Testing-Tools#pentesting #bugbounty #redteam
2023-03-10 11:14:00
​​PSBitsSimple (relatively) things allowing you to dig a bit deeper than usual.https://github.com/gtworek/PSBits#cybersecurity #infosec #pentesting #redteam
2023-03-10 09:12:00
​​Supp'truderThis tool came from an idea I had while doing #bugbounty. I was very dissapointed on the common tools used to fuzz the http protocol, and I wad tired of doing some bash kung-fu or firing burp each time I had to fuzz something needing some pre treatment. That's where Supp'truder comes: It provides a unique set of tools to pre-process your payloads and some neat features that will save you some time !https://github.com/ElSicarius/Supp-truder
2023-03-10 07:05:50
​​NativePayloadsAll my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming.https://github.com/DamonMohammadbagher/NativePayloads#pentesting #redteam
2023-03-09 13:25:23
​​ThinkFun — Hacker Cybersecurity Logic GameThink Fun's "Hacker" is a fun, multicolor cybersecurity coding game and STEM toy suitable for boys and girls aged 10 and up. With over 50 million sold worldwide, Thinkfun is the world's leader in brain and logic games. Playing through the challenges in Hacker helps develop reasoning, planning, and core programming principles, providing a great stealth learning experience for young players. The game includes a game grid, control panel, challenge booklet, and various tokens and tiles. Clear instructions make it easy to start playing immediately.Buy online: 🛒 https://amzn.to/3ZRdgtg#games
2023-03-09 11:14:00
​​WAZUH Active-Response▫️ Blocking Unwanted Commands on Linux using CDB Lists.▫️ Blocking Unwanted Software Vendors on Windows using CDB Lists▫️ Remove-Threat by CDB List from Linux▫️ Remove-Threat by CDB List from Windowshttps://github.com/AliHaydarToprak/Wazuh-Active-Response
2023-03-09 09:12:00
​​Atomic Red TeamAtomic Red Team™ is a library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.https://github.com/redcanaryco/atomic-red-team#redteam
2023-03-09 07:12:45
​​Cheat sheet — attack active directoryThis cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.https://github.com/drak3hft7/Cheat-Sheet---Active-Directory#pentesting #ad #redteam
2023-03-07 19:00:00
​​CVE-2023-1112Drag and Drop Multiple File Uploader PRO - Contact Form 7 v5.0.6.1 Path Traversal (CVE-2023-1112)https://github.com/Nickguitar/Drag-and-Drop-Multiple-File-Uploader-PRO-Path-Traversal
2023-03-07 18:21:00
​​Google Dorks SimplifiedA simple explanation of google dorks, its uses and collection of best google #dorks to get the best and desired information.https://github.com/InfuriousICC/Google-Dorks-Simplified
2023-03-07 15:18:00
​​SlashSlash is Automated Osint Tool that allows you to #OSINT people by their username.https://github.com/theahmadov/slash
2023-03-07 09:12:00
​​DRat Decentralized Remote Administration Tool.https://github.com/SpenserCai/DRat#redteam
2023-03-07 08:34:36
​​CactiA complete #network #graphing solution designed to harness the power of RRDtool's data storage and graphing functionality providing the following features:▫️ Remote and local data collectors▫️ Device discovery▫️ Automation of device and graph creation▫️ Graph and device templating▫️ Custom data collection methods▫️ User, group and domain access controlshttps://github.com/Cacti/cactiWebsite:https://www.cacti.net/
2023-03-06 18:21:00
​​CCAT ☁️🐈Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.https://github.com/RhinoSecurityLabs/ccat#cybersecurity #pentesting
2023-03-06 15:18:00
​​Awesome Red TeamingList of Awesome #RedTeam / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.https://github.com/0xMrNiko/Awesome-Red-Teaming
2023-03-06 14:20:41
​​YubiKeyThe Yubico Security Key is a heavy-duty, tamper-resistant USB and NFC security key designed to protect online accounts against unauthorized access. It supports FIDO2, FIDO U2F, and other protocols, works with a wide range of online services, and is water and shock-resistant. With touch-based authentication, it provides an easy and secure way to protect your online accounts from phishing and account takeovers.Buy online: 🛒 https://amzn.to/3L0xdJL🛒 https://ali.ski/qAF720#security #key #usb
2023-03-06 13:51:59
​​slowlorisSlowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this:▫️ We start making lots of HTTP requests.▫️ We send headers periodically (every ~15 seconds) to keep the connections open.▫️ We never close the connection unless the server does so. If the server closes a connection, we create a new one keep doing the same thing.https://github.com/gkbrk/slowloris
2023-03-06 13:30:53
​​deepceDocker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)https://github.com/stealthcopter/deepce#infosec #pentesting
2023-03-06 12:29:19
​​Awesome Kubernetes (K8s) Threat DetectionA curated list of resources about detecting threats and defending Kubernetes systems.https://github.com/jatrost/awesome-kubernetes-threat-detection#cybersecurity
2023-03-06 11:14:00
​​Eval VillainThis is a web extension for Firefox that will hook dangerous functions, like eval, and warn you of their use. simplify the reverse engineering or debugging of JavaScript.https://github.com/swoops/eval_villain#pentesting #bugbounty
2023-03-06 09:12:00
​​DarkPhoenixTool to perform differential fault analysis attack (DFA) on whiteboxes with external encodings.https://github.com/SideChannelMarvels/DarkPhoenixDarkPhoenixAES attack:https://github.com/SideChannelMarvels/Deadpool/tree/master/wbs_aes_nsc2013/DFA#cybersecurity #infosec
2023-03-05 15:19:01
​​Awesome apisecA collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.https://github.com/arainho/awesome-api-security#cybersecurity
2023-03-05 15:18:00
​​MLHospitalMLHospital is a repo to evaluate inference attacks and the corresponding defenses against machine learning models.Currently we support membership inference attacks and attribute inference attacks.https://github.com/TrustAIResearch/MLHospital
2023-03-05 12:01:59
​​AfuzzAfuzz is an automated web path fuzzing tool for the #BugBounty projects.▫️ Afuzz automatically detects the development language used by the website, and generates extensions according to the language.▫️ Uses blacklist to filter invalid pages▫️ Uses whitelist to find content that bug bounty hunters are interested in in the page▫️ filters random content in the page▫️ judges 404 error pages in multiple ways▫️ perform statistical analysis on the results after scanning to obtain the final result.▫️ support HTTP2https://github.com/rapiddns/afuzz
2023-03-05 12:01:57
​​Lenovo ThinkPad X1 Carbon Gen 9The ThinkPad X1 Carbon Gen 9 laptop, powered by the Intel® Evo™ platform, boasts exceptional performance, long battery life, and stunning visuals with up to 11th Gen Intel® Core™ i7 vPro® processors. The laptop features an improved Intelligent Thermal Solution to keep it cool under pressure, an updated suite of built-in ThinkShield security solutions for seamless security, and a refined 16:10 display with narrow bezels and powerful Intel® Iris™ Xe graphics for vibrant visuals. The Dolby Atmos® Speaker System and Dolby Voice® improve remote collaboration, and the laptop offers a true smartphone-like experience with speedy WiFi 6 and optional 4G/5G WWAN. Additionally, the ThinkPad X1 Carbon Gen 9 is military-grade tough, having been tested against 12 military-grade requirements and over 200 quality checks.Buy online: 🛒 https://amzn.to/3L2RJcZ#thinkpad #laptop
2023-03-05 11:15:00
​​Awesome Penetration TestingA collection of awesome penetration testing and offensive cybersecurity resources.https://github.com/enaqx/awesome-pentest#pentesting
2023-03-05 09:13:01
​​XSSHunterThe fastest way to set up XSS Hunter to test and find blind cross-site scripting vulnerabilities.https://github.com/trufflesecurity/xsshunterXSSHunter repository is not in a deploy-able state. This fork fixes that. https://github.com/rs-loves-bugs/xsshunter#pentesting #bugbounty #redteam
2023-03-05 09:12:03
​​EPSS API ClientEPSS(Exploit Prediction Scoring System) API client.EPSS is the one of famous vulnerability score developed by FIRST (the Forum of Incident Response and Security Teams).https://github.com/kannkyo/epss-api
2023-03-05 09:12:00
​​X-forceIBM Security utilitary library in python. Search and query all sources: threat_activities and groups, malware_analysis, industrieshttps://github.com/Jul10l1r4/X-force#cybersecurity #infosec
2023-03-04 15:18:00
​​Envizon Network visualization & pentest reportingThis tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, 'envizon'. We hope your feedback will help to improve and hone it even further.https://github.com/evait-security/envizon
2023-03-04 11:15:00
​​XSStrikeAdvanced #XSS Detection SuiteXSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.https://github.com/s0md3v/XSStrike#pentesting #bugbounty
2023-03-04 11:14:01
​​Invoke-PSObfuscationAn in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux.https://github.com/gh0x0st/Invoke-PSObfuscation#infosec #redteam
2023-03-04 11:14:00
​​s6_pcie_microblazePCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoorhttps://github.com/Cr4sh/s6_pcie_microblaze
2023-03-04 10:12:14
​​VulnPlanet 🪐Well-structured vulnerable code snippets with fixes for Web2, Web3, API, Mobile (iOS and Android) and Infrastructure-as-Code (IaC)https://github.com/yevh/VulnPlanet
2023-03-04 09:12:07
stylehaxA Nintendo DSi browser #exploit.See it in action on YouTube! Check out the blog post for the technical writeup.https://github.com/nathanfarlow/stylehaxDetails:https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser
2023-03-04 09:12:00
​​CVE-2022-20494Exploit app for CVE-2022-20494, a high severity permanent denial-of-service vulnerability that leverages Android's DND (Do not disturb) feature.https://github.com/Supersonic/CVE-2022-20494#cve
2023-03-04 08:23:15
​​BugHunter Nuclei templatesI will upload more #nuclei templates that help during the #bugbounty hunting process.https://github.com/ayadim/Nuclei-bug-hunter
2023-03-03 15:18:00
​​llm-securityNew ways of breaking app-integrated LLMs.https://github.com/greshake/llm-securityDetails:https://greshake.github.io/#pentesting #redteam
2023-03-03 11:53:02
​​Fav-upLookups for real IP starting from the favicon icon and using #Shodan.https://github.com/pielco11/fav-up#bugbounty
2023-03-03 11:43:43
​​MSR605X USB Card Reader \ Writer.The MSR605X USB Reader is a magnetic stripe card encoder and reader that supports 1, 2, and 3 tracks, including credit cards, gift cards, and driver's licenses. It can read, write, and erase data and all three tracks can be set to 75 or 210 BPI. The MSR605X is compatible with Hico and Loco with 300 to 4000 OE, and has a USB interface. It is portable with dimensions of 212(L) x 64(W) x 63(H) mm and works with Windows and Mac OS. The device has a built-in power system and does not require an extra power adapter.Buy online: 🛒 https://amzn.to/3KRmn8U🛒 https://alii.pub/6mojc9#usb #card #reader
2023-03-03 09:12:00
​​EnlightnA Laravel Tool To Boost Your App's Performance & SecurityThink of Enlightn as your performance and security consultant. Enlightn will "review" your code and server configurations, and give you actionable recommendations on improving performance, security and reliability!The Enlightn OSS (open source software) version has 64 automated checks that scan your application code, web server configurations and routes to identify performance bottlenecks, possible security vulnerabilities and code reliability issues.https://github.com/enlightn/enlightn
2023-03-03 06:53:12
​​MubengAn incredibly fast #proxy #checker & IP rotator with ease.Features:▫️ Proxy IP rotator: Rotates your IP address for every specific request.▫️ Proxy checker: Check your proxy IP which is still alive.▫️ All HTTP/S methods are supported.▫️ HTTP, SOCKS v4(A) & v5 proxy protocols apply.▫️ All parameters & URIs are passed.▫️ Easy to use: You can just run it against your proxy file, and choose the action you want!▫️ Cross-platform: whether you are Windows, Linux, Mac, or even Raspberry Pi, you can run it very well.https://github.com/kitabisa/mubeng
2023-03-02 11:14:00
​​DroppedConnectionEmulates a Cisco ASA Anyconnect VPN service, accepting any credentials (and logging them) before serving VBS to the client that gets executed in the context of the user.https://github.com/nccgroup/DroppedConnection#redteam
2023-03-02 09:26:22
​​ArkimeArkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Arkime exposes APIs which allow for PCAP data and JSON formatted session data to be downloaded and consumed directly. Arkime stores and exports all packets in standard PCAP format, allowing you to also use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.Arkime is built to be deployed across many systems and can scale to handle tens of gigabits/sec of traffic. PCAP retention is based on available sensor disk space. Metadata retention is based on the Elasticsearch cluster scale. Both can be increased at anytime and are under your complete control.https://github.com/arkime/arkime#cybersecurity
2023-03-02 09:26:20
​​JumboSPOT MMDVM HotspotThe JumboSPOT Multi Mode IP Gateway is a self-contained digital hotspot that allows for DMR, D-Star, P25, and System Fusion communications. It comes fully assembled and tested in a ruggedized aluminum enclosure and only requires a mini USB power source and a WiFi-based internet connection for operation.The device supports PI-STAR's web-based digital voice dashboard and configuration tool and has a built-in OLED system status display indicating Mode, Talk Group, and Call Sign. Additionally, the device has built-in LED indicators for the status of Power, PTT, COS, and Mode, as well as a console port SSH 22 for root level access to the operating system. The JumboSPOT is pocket-sized and comes with a quad-core A7 1.2GHz processor, 512MB DDR3 RAM, and 8GB TF card. It also has a built-in WiFi 802.11b/g/n wireless LAN, and a JumboSPOT UHF (430-440) + VHF (144-146) RF extend board installed. Buy online: 🛒 https://alii.pub/6mmvxd🛒 https://amzn.to/3KRk0TKKit without Raspberry Pi Zero:🛒 https://amzn.to/3IJASJ8🛒 https://alii.pub/6mmwbd#radio #wifi #raspberry
2023-03-02 09:13:04
​​Content Queries (CONQUER) AttackArtifacts of our NDSS'23 paper titled "Do Not Give a Dog Bread Every Time He Wags His Tail: Stealing Passwords through Content Queries (CONQUER) Attack"https://github.com/VoodooChild99/ConquerDetails:https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f5_paper.pdf#pentesting #redteam
2023-03-02 09:12:07
​​CVE 2022-22978Authorization Bypass in RegexRequestMatcher.https://github.com/umakant76705/CVE-2022-22978#cve
2023-03-02 09:12:00
​​AladdinPayload generation tool, which using the specific bypass as well as the necessary header bytes of the .NET remoting protocol is able to generate initial access payloads that abuse the AddInProcess as originally documented.https://github.com/nettitude/Aladdin#redteam
2023-03-01 11:14:00
​​RosenpassA formally verified, post-quantum secure VPN that uses WireGuard to transport the actual data.https://github.com/rosenpass/rosenpass#privacy #infosec
2023-03-01 09:12:00
​​ShellGoSimple Shellcode Loader tool.https://github.com/BlackShell256/ShellGo#redteam
2023-02-28 15:18:01
​​CSharp Alternative Shellcode CallbacksAlternative #shellcode execution techniques using Windows callback functionsEach CSharp file contains code to execute shellcode using native Windows callbacks. I tried to use much less common callback techniques that weren't typically documented online as far as I could tell. This way they should be more evasive.https://github.com/wsummerhill/CSharp-Alt-Shellcode-Callbacks
2023-02-28 15:18:00
​​ParamAnglerIntroducing ParamAngler - the ultimate tool for testing specific payloads on each parameter. The name ParamAngler is a combination of two words - 'parameters' and 'angler'. An angler is someone who enjoys fishing with a rod and line, and with ParamAngler, you can fish for bugs on a much larger scale.Whether you're looking for XSS, LFI, SQLi, or other vulnerabilities in your web application, ParamAngler has got you covered. With its powerful and easy-to-use features, you can search for reflected parameters, test for payloads, and much more.https://github.com/spyx/ParamAngler#pentesting #bugbounty
2023-02-28 11:14:05
​​CVE-2023-21839Weblogic CVE-2023-21839 RCEhttps://github.com/4ra1n/CVE-2023-21839#cve
2023-02-28 11:14:00
​​awesome-threat-intelligenceA curated list of awesome Threat Intelligence resources.https://github.com/hslatman/awesome-threat-intelligence
2023-02-28 10:14:17
​​p0wny-shellA very basic, single-file, #PHPshell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.https://github.com/flozz/p0wny-shell#redteam
2023-02-28 09:14:55
​​RFID Field DetectorThe RFID Field Detector is a small and portable device that can detect Low Frequency (125KHz) and High Frequency (13.56MHz) RFID fields without the need for batteries. It can be used for various purposes including pentesting and development, allowing for rapid identification of RFID presence. The compact design allows it to fit easily on a keyring, making it easy to carry around. The device is powered by the RF field and has an LED indicator that shows the frequency of the field when in the presence of an RFID field.Buy online: 🛒 https://alii.pub/6mjoo4#security #rfid
2023-02-28 09:12:00
​​SharpAltShellCodeExecAlternative Shellcode Execution Via Callbacks in C# with P/Invokehttps://github.com/werdhaihai/SharpAltShellCodeExecMost techniques taken from: https://t.me/hackgit/4635#redteam
2023-02-27 15:18:00
​​BOFsBeacon Object Files, not Buffer Overflowshttps://github.com/snovvcrash/BOFs#redteam
2023-02-27 11:14:01
​​Azure AD Incident Response PowerShell ModuleThe Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.https://github.com/AzureAD/Azure-AD-Incident-Response-PowerShell-Module#ad #cybersecurity
2023-02-27 11:14:00
​​REmote CoMmanD ExecutorA simple utility that can be used to execute command on a remote host.https://github.com/0xor0ne/recmd#infosec #pentesting
2023-02-27 08:32:03
​​Project Based LearningA list of #programming #tutorials in which aspiring software developers learn how to build an application from scratch. These tutorials are divided into different primary programming languages. Tutorials may involve multiple technologies and languages.https://github.com/practical-tutorials/project-based-learning
2023-02-27 08:29:53
​​Lifetime AMSI bypassNew AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it.https://github.com/ZeroMemoryEx/Amsi-Killer
2023-02-27 07:15:34
​​Evasion EscaperA project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environment or sandbox, and to pass all such checks successfully.https://github.com/vvelitkn/Evasion-Escaper#redteam
2023-02-27 07:07:30
​​SekiryuAutomatic decompilation and analysis of binary files with your favorite decompiler and and #ChatGPT.https://github.com/20urc3/Sekiryu
2023-02-27 07:04:36
​​AtomLdrA DLL loader with advanced evasive features.https://github.com/NUL0x4C/AtomLdr#redteam
2023-02-26 15:18:01
​​TCP-Data-Transfer-ToolSendfile Attack Script This is a C script that performs a Sendfile attack. It creates a file called "sendfile1" of size 64 MB and uses the sendfile() function to send it over a socket to a listening server on port 31337. While the file is being sent, it opens the file "kmem" and writes all received data to it.https://github.com/SleepTheGod/TCP-Data-Transfer-Tool
2023-02-26 15:18:00
​​Course on Digital ForensicsA course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University.https://github.com/asiamina/A-Course-on-Digital-Forensics
2023-02-26 15:01:26
​​TTGO T-Beam ESP32 LoRaThe TTGO T-Beam is a long-range wireless capable board supporting LoRa, built around a dual-core ESP32 chip with 4MB of SPI flash onboard, providing both Wi-Fi and Bluetooth LE. The board's LoRa support comes in three different variants, operating at 433MHz, 868MHz, and 915MHz depending on region, with an included SMA antenna. Location tracking is provided by the onboard u-blox NEO-6M GPS module with ceramic antenna, and the board offers 26-pin headers with GPIO, ADC, VP/VN, DAC, touch, SPI, I2C, UART, 2דLoRa” pin, and power signals (5V/3.3V/GND). The board can be programmed using the Arduino development environment, and example code shows you how to both send and receive data via LoRa. The board also includes a battery holder for a 18650 Li-Ion cell.Repository:https://github.com/Xinyuan-LilyGO/LilyGo-LoRa-Series Buy online: 🛒 https://alii.pub/6mgzin🛒 https://amzn.to/3Z2WUh4#radio #lora #mesh #ESP32
2023-02-26 11:14:00
​​XMTXMT is a full-featured C2 framework written in Golang that allows for control, data exfiltration and some other cool functions. Can be used to make full C2 clients/servers with little out-of-the-box changes.ThunderStorm would be an implementation of this.https://github.com/iDigitalFlame/xmt
2023-02-26 09:12:00
​​BootlickerA generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.https://github.com/realoriginal/bootlicker#infosec #redteam
2023-02-25 15:18:00
​​A Red-Teamer diariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.https://github.com/ihebski/A-Red-Teamer-diaries#redteam
2023-02-25 13:41:05
​​Throwing Star LAN Tap ProThe Throwing Star LAN Tap Pro is a fully assembled and enclosed Ethernet tap device that requires no power to operate. It is an excellent tool for monitoring 10BASET and 100BASETX networks, providing both RX and TX monitoring capabilities for packet sniffing programs like tcpdump, tshark, and Wireshark.The device features two specially placed capacitors that force 1000BASET networks to negotiate at lower speeds (typically 100BASETX) so that they can be passively monitored. Pentesters can connect the Throwing Star LAN Tap Pro in line with a target network using Ethernet cables, then connect the monitoring ports to one or two monitoring stations. Finally, capture network traffic using your favorite software on the monitoring station(s).It comes in two versions, the Throwing Star LAN Tap (in kit form to assemble) and the Throwing Star LAN Tap Pro (an assembled device).Buy online: 🛒 https://alii.pub/6mfmov#ethernet #tap #sniffing
2023-02-25 11:14:07
​​DarkAngelDarkAngel is a fully automatic white hat vulnerability scanner, which can monitor hacker and bugcrowd assets, generate vulnerability reports, screen capture of vulnerability URL, and send enterprise WeChat notifications.https://github.com/Bywalks/DarkAngel
2023-02-25 11:14:00
​​CGPLCGPL is a packer/loader written in C# with the following feature (planning to make this list bit longer in the future):▫️ My very own GetProcAddress (parsing PE headers is such a joy) and GetModuleHandle (decided to go for CreateToolhelp32Snapshot) implementation to dinamically fetch the address of the Win32 API I wanted to use.▫️ AES encryption with a SHA256 derived key (must admit got inspiration from some APT guys) for payload and Win32 api function names (delegates might still drop suspicious strings around, but you can also change those names)▫️ It does not dare to allocate a memory buffer which is READWRITEEXEC at the same time.https://github.com/oldboy21/CGPL
2023-02-25 09:12:00
​​PsNotifRoutineUnloaderThis script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection.https://github.com/Processus-Thief/PsNotifRoutineUnloader#cybersecurity #infosec
2023-02-25 08:01:30
​​CVE-2023-23752Simple program for joomla CVE-2023-23752 scanner, This is a simple Ruby script that checks if a list of targets is vulnerable to CVE-2023-23752, a critical security vulnerability in a web application. The script sends a HTTP GET request to a specified endpoint, and extracts information from the response to determine if the target is vulnerable.https://github.com/z3n70/CVE-2023-23752
2023-02-24 15:18:01
​​plagueDefault Detections for EDRThe detections detailed below are what I attempt to establish on any EDR product I deploy or work on. Take your own considerations for criticality and datasets.https://github.com/QueenSquishy/plague#cybersecurity
2023-02-24 15:18:00
​​LeoA network logon cracker which support many different services.https://github.com/zan8in/leo#redteam
2023-02-24 11:14:07
​​kube-benchChecks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark.https://github.com/aquasecurity/kube-bench#cybersecurity
2023-02-24 11:14:00
rekonoExecute complete pentesting processes combining multiple hacking tools automatically.https://github.com/pablosnt/rekono#pentesting #redteam
2023-02-24 09:13:00
​​msLDAPDumpLDAP enumeration tool implemented in Python3msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently.https://github.com/dievus/msLDAPDump#pentesting #redteam
2023-02-24 09:12:00
​​fuzz4bountyAwesome wordlists for Bug Bounty HuntingThis repository contains publicly available wordlists for Bug hunting. The main Objective for creating this repo is to bring all the available worlists at one place.Wordlists will be updated regularly.https://github.com/0xPugazh/fuzz4bounty
2023-02-24 06:27:23
​​Azure-AccessPermissionsEasy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.https://github.com/csandker/Azure-AccessPermissions
2023-02-23 23:15:40
​​Dear friends and supporters, we hope this message finds you well. We would like to take a moment to thank you for being a part of our community and for your ongoing support. As you know, maintaining a channel like ours requires a lot of time, effort. If you appreciate the content we provide and would like to help us continue to grow and thrive, we kindly ask for your donation. Any amount, big or small, would be greatly appreciated and will go towards improving our channel and providing even better content. Thank you for your consideration, and we look forward to continuing to bring you valuable and informative content❣️https://www.buymeacoffee.com/HackGitBTC: 1987zNaVX53v7tzpKRRde84uXbDYjuNykLTON: UQAAZ1BFX5OsybSryoFunzyJN3F7oKWMbZNPlwMTcVK8mEzA
2023-02-23 15:18:00
​​Chatbot Injections & Exploits🐱‍💻Welcome to the ChatBot Injections & Exploits repo. This repo is a collection of known and not ChatBot injections and exploits to "trick" any ChatBot into doing something it shouldn't.https://github.com/Cranot/chatbot-injections-exploits#chatgpt #gpt
2023-02-23 10:34:39
​​SubzySubdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz.https://github.com/LukaSikic/subzy#pentesting #bugbounty
2023-02-23 10:23:02
Linux Kodachi 8.27Linux Kodachi is a privacy-focused operating system based on Ubuntu that is designed to provide users with a secure and anonymous online experience. With pre-installed VPN, Tor connection, and DNScrypt service, Kodachi is easy to use and requires no setup or Linux knowledge. It is a live operating system that can be started on any computer from a DVD, USB stick, or SD card, leaving no trace of activity once shut down. Kodachi aims to preserve the privacy and anonymity of its users, making it a great option for those who are concerned about their online security.https://sourceforge.net/projects/linuxkodachi/#os #security #linux #ubuntu #privacy
2023-02-23 10:04:23
​​okta scim attack toolThis repository contains a pen-testing tool based on passbleed that allows pen-testers to extract clear text passwords from Okta by abusing Okta's implementation of the System for Cross-domain Identity Management (SCIM) protocol. The issue allows for clear text password stealing and PII theft.https://github.com/authomize/okta_scim_attack_toolDetails:https://www.authomize.com/blog/authomize-discovers-password-stealing-and-impersonation-risks-to-in-okta/#challenges
2023-02-23 09:34:56
​​PortaPow USB Data BlockerThe PortaPow USB-C to C Data Blocker is designed to protect your device against "juice jacking" - a type of cyber attack where charging ports are compromised to steal data or install malware. This data blocker prevents any data transfer between your device and a USB port while still allowing for safe charging. PortaPow has been a pioneer in data blocking since 2009 and offers a wide range of products, including this USB-C to C version. They also prioritize sustainability through their Compact by Design initiative, which promotes efficient product design and packaging to reduce carbon emissions.Buy online: 🛒 https://amzn.to/3KAZGpkUSB-C to C: https://amzn.to/3lZHYlfUSB-A to USB-C:https://amzn.to/3xP9LHQ#USB #Data #Blocker
2023-02-22 15:18:00
​​VDP-FinderThis extension tells if visited sites have vulnerability disclosure programshttps://github.com/yeswehack/yeswehack_vdp_finder
2023-02-22 11:14:00
​​Wifi-HackingCyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)https://github.com/ankit0183/Wifi-Hacking
2023-02-22 09:12:00
​​Awesome Vulnerable ApplicationsA curated list of various vulnerable by design applicationshttps://github.com/vavkamil/awesome-vulnerable-apps
2023-02-21 15:18:08
​​SerianalyzerSerianalyzer is a static bytecode analyzer tracing native method calls made by methods called during deserialization.The main purpose of this tool is as a research tool to audit code for dangerous behavior during deserialization. It is not really useful to determine whether you application is vulnerable or not. If your application deserializes data crossing trust boundaries - you should assume it is.https://github.com/mbechler/serianalyzer
2023-02-21 15:18:07
​​Fortinet FortiNAC Unauthenticated RCEOn Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.https://github.com/horizon3ai/CVE-2022-39952#cve #poc
2023-02-21 15:18:00
​​reverseip_pyDomain Parser for IPAddress.com Reverse IP LookupReverse IP refers to the process of looking up all the domain names that are hosted on a particular IP address. This can be useful for a variety of reasons, such as identifying all the websites that are hosted on a shared hosting server or finding out which websites are hosted on the same IP address as a particular website.https://github.com/yuyudhn/reverseip_py
2023-02-21 11:55:29
​​Silicone Case for Flipper ZeroSoft and smooth, this silicone "Flipper Zero" case will make your cyber companion even more durable, while maintaining an amazing look and protecting it from scratches and bumps.Buy online: 🛒 https://amzn.to/3EnQiS0Screen Protectors:🛒 https://amzn.to/3XHh3rD#flipperzero #case
2023-02-21 11:14:07
​​V-CleanerV Cleaner is a security program, which adds extra security within a Windows computer. It allows you to perform information searches, antivirus scans and system repairs.https://github.com/AnonSpen/V-Cleaner#cybersecurity
2023-02-21 11:14:00
​​Telnet DemoBrowser-based Telnet demo using the much-discussed Direct Sockets APIhttps://github.com/GoogleChromeLabs/telnet-client
2023-02-21 09:12:00
​​LsaParserA shitty (and old) lsass parser.https://github.com/Cracked5pider/LsaParser
2023-02-20 15:18:00
ThreatHoundThis tool will help you on your IR & Threat Hunting & CA. just drop your event log file and anlayze the results.▫️ support windows (ThreatHound.exe)▫️ C for Linux based▫️ new vesion available in C also▫️ now you can save results in json file or print on screen it as you want by arg 'print' "'yes' to print the results on screen and 'no' to save the results on json file"▫️ you can give windows event logs folder or single evtx file or multiple evtx separated by comma by arg -p▫️ you can now give sigam ruels path by arg -s▫️ add multithreading to improve runing speed▫️ ThreatHound.exe is agent based you can push it and run it on multiple servershttps://github.com/MazX0p/ThreatHound
2023-02-20 11:14:00
​​Asset-Discovery-ActionsUse Github Actions to automate Asset Discovery.https://github.com/jayateertha043/Asset-Discovery-Actions
2023-02-20 09:12:00
​​Poc for CVE-2023-23752CMS Joomla - unauthorized access to webservice endpoints.https://github.com/WhiteOwl-Pub/CVE-2023-23752#cve #poc
2023-02-20 08:21:09
​​CRU DataPort Mouse JigglerThe CRU WiebeTech Mouse Jiggler is a plug-and-use device that creates constant mouse activity, preventing a computer from going to sleep while in use. IT professionals and computer forensic investigators use it to prevent password dialog boxes from appearing due to screensavers or sleep mode. With many hard drives now using full-disk encryption, these modes can greatly increase the time and cost of a forensic investigation. By combining the Mouse Jiggler with a WiebeTech HotPlug, investigators can transport a running computer without shutting it down or worrying about logging in. Buy online: 🛒 https://amzn.to/3XOLP1EMouse Jiggler MJ-3:🛒 https://amzn.to/3IhwX6p#mouse #jiggler
2023-02-20 06:21:44
​​HIVEVLAN L2 Pivoting InstrumentThis tool analyzes traffic for VLAN ID for gaining access to other VLAN segments. "HIVE" is completely self-contained and does not create any noise on the air. After traffic analysis, the tool creates virtual VLAN interfaces, to gain access to VLAN segments. https://github.com/c4s73r/HIVE#pentesting #redteam
2023-02-20 05:26:12
​​BHEH's TerminatorZTerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.https://github.com/blackhatethicalhacking/TerminatorZ#pentesting #bugbounty #redteam
2023-02-19 15:18:00
​​cloudcataws cli #pentesting / #redteam snippetsSelection of useful aws cli command snippets for recon, compromise and escalation in aws environments, which I use in engagements. These are by no means covering everthing and every service and are very much work in progress. They do reflect what I see typically and have used in my years doing aws tests.https://github.com/rootcathacking/cloudcat
2023-02-19 14:19:25
♛2Pac ✞ - All Eyez on Me🥀♛ (Gangsta Remix 2023) https://www.youtube.com/watch?v=URYt0TWQfuU #best
2023-02-19 11:14:00
​​CommixAutomated All-in-One OS Command Injection Exploitation Tool.https://github.com/commixproject/commix#best #redteam
2023-02-19 09:12:00
​​burrito_ssl_monitorThis script checks the SSL certificate expiration of a list of URLs and sends a daily report of their expiration status to a Telegram chat.https://github.com/thetrebelcc/burrito_ssl_monitor
2023-02-19 08:47:18
​​Awesome Threat ModelingA curated list of #threat #modeling resources (books, courses - free and paid, videos, tools, tutorials and workshop to practice on) for learning Threat modeling and initial phases of security review.https://github.com/hysnsec/awesome-threat-modelling
2023-02-19 06:23:37
​​Upsi1on ShellPhp #webshell. Some of the functions of this webshell are taken from other webshells.▫️ File manager▫️ Bind shell▫️ Phpinfo▫️ Self removehttps://github.com/n01ep3rz/upsilon-shell#redteam
2023-02-18 22:20:50
♛2Pac ✞ - All Eyez on Me🥀♛ (Gangsta Remix 2023) https://www.youtube.com/watch?v=URYt0TWQfuU#best
2023-02-18 15:18:00
​​AWSTrailGuardTool to check the CloudTrail configuration and the services where trails are sent, to detect potential attacks to CloudTrail logging.https://github.com/adanalvarez/AWSTrailGuard
2023-02-18 11:14:00
​​DetectRaptorA repository to share publicly available bulk Velociraptor detection content in an easy to consume way.https://github.com/mgreen27/DetectRaptor
2023-02-18 09:12:07
​​NimPlant С2This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI.https://github.com/chvancooten/NimPlant#redteam
2023-02-18 09:12:00
​​COFF_With_Exception_handler.cif you've ever wanted to wrap a BOF in an exception handler here is one way to do thathttps://gist.github.com/freefirex/8b202c94fc6c1036aed1402a4dd28db1
2023-02-17 15:18:00
​​HackersCave4StaticAndroidSecA comprehensive resource for Android static analysis and vulnerability assessment. Tutorials, tools, and resources for identifying and mitigating security vulnerabilities in Android applications.https://github.com/krizzsk/HackersCave4StaticAndroidSec
2023-02-17 14:00:47
​​CVE-2023-23752An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.nuclei-templates:https://github.com/thecyberneh/nuclei-templatess/blob/main/cves/2023/CVE-2023-23752.yaml#cve #poc
2023-02-17 11:14:00
​​vss_carverCarves and recreates VSS catalog and store from Windows disk image.https://github.com/mnrkbys/vss_carver
2023-02-17 09:12:00
​​Invoke-GMSAPasswordReader.Net Assembly loader for the GMSAPasswordReaderhttps://github.com/ricardojba/Invoke-GMSAPasswordReader
2023-02-16 18:31:42
​​BackupOperatorToolkitThe BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Adminhttps://github.com/improsec/BackupOperatorToolkit#redteam
2023-02-16 14:30:33
​​Keysy RFID DuplicatorThe Keysy is a pocket-sized device for copying and emulating Low Frequency (125KHz) RFID tags. The device can hold four LF tags, which can be written off the device at a later time onto the Keysy LF tags.Tag reading is simple and takes 20-30 seconds – place the device on top of the target badge, press a few buttons and it will be saved to the button slot you pushed. Tags can be immediately emulated / replayed or written out onto a physical badge.With its discreet looks and card compatibility performance, the Keysy is another solid RFID tool for penetration testers.Buy online: 🛒 https://amzn.to/3E8v2ji#duplicator #rfid
2023-02-16 11:15:00
​​Wizard-LoaderXwizard.exe is a commonly used diagnostic tool for Windows setup and installation, and like other executables, it loads dynamic link libraries (DLLs) to perform various tasks. However, The PoC patch the Xwizard.exe binary on order to make LoadLibrary API load malicious DLL instead of the intended one.https://github.com/ZeroMemoryEx/Wizard-Loader#redteam
2023-02-16 11:14:00
​​TerraLdrA Payload Loader Designed With Advanced Evasion Featureshttps://github.com/NUL0x4C/TerraLdr
2023-02-16 09:12:00
​​Flipper Zero BadUSBRepository for my Flipper Zero badUSB payloadshttps://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB
2023-02-16 07:55:05
CheckHooks-n-loadA Windows stager-cum-PELoader focusing Dynamic EDR Evasion, when Operator wants to Know the the Underlying functions Hooks and then craft Implant based on the previous condition.https://github.com/reveng007/CheckHooks-n-load#pentesting #redteam
2023-02-15 16:53:39
​​Hiding Shellcode In Plain SightThis technique is very simple, a RW memory region 2048 the size of the shellcode is allocated. This region is then filled with randomized data data (RtlGenRandom), the shellcode is then placed randomly somewhere within this massive region each time. This makes it hard for an AV/EDR solution, or an analyst, to simply see where the shellcode is in-memory. To summarize:▫️ Allocate a large PAGE_READWRITE region, 2048 * size of the target shellcode, and align to 0x1000▫️ Fill this allocated region with random data▫️ Write the shellcode to a random location within this region, save position▫️ Change the page permissions to PAGE_EXECUTE▫️ Execute the shellcode (page + position)▫️ Zero the memory where the entire large region is to ensure the data does not persist after being freed, using the RtlZeroMemory macro▫️ Free the region of memoryhttps://github.com/LloydLabs/shellcode-plain-sight
2023-02-15 16:51:42
​​Paruns-FartJust another ntdll unhooking using Parun's Fart technique.https://github.com/MaorSabag/Paruns-Fart
2023-02-15 15:18:01
​​List of API endpoints & objectsA list of 3203 common API endpoints and objects designed for fuzzing.https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d#bugbounty
2023-02-15 12:40:53
​​JsonExphttps://github.com/smallfox233/JsonExp
2023-02-15 12:40:00
​​JNDIExploithttps://github.com/WhiteHSBG/JNDIExploit
2023-02-15 11:23:55
​​EdgeGPTReverse engineered API of Microsoft's Bing Chathttps://github.com/acheong08/EdgeGPT#GPT
2023-02-15 11:17:42
​​dexiosA secure file encryption utility, written in Rust.Dexios will continue to receive updates. Things are stable for the time being and I consider none of the code broken. In the (somewhat) near future I plan to change the backend entirely and give the CLI a re-write, so that things are both easier to maintain and understand. This will regrettably not be backwards-compatible, but the performance improvements and stability guarantees will be extremely worthwhile.https://github.com/brxken128/dexios
2023-02-15 11:16:41
​​osinttoolsA collection of random #OSINT files.https://github.com/WebBreacher/osinttools
2023-02-15 11:15:26
​​KT9000 RF DetectorThe professional-grade KNIGHT KT9000 anti-spy detector was developed including premium German and US military technology in response to the growing need to protect oneself from many types of security threats. As electronic products become smaller and more intelligent, spy devices like hidden cameras, audio bugs, and GPS trackers are becoming more difficult to detect because of their small size and camouflage. Although these electronic spy devices do have legal uses, many people have started using them to illegally invade privacy and/or obtain sensitive information, leading to private information leaks or the theft of confidential business information. The KNIGHT KT9000 will help you to perform the 3 main functions listed below at an expert level.▫️ Radio Frequency Detection▫️ Magnetic Detection▫️ Camera Discovery ScanUser Manual + Instructional Video here Buy online: 🛒 https://amzn.to/3lvwllD#security #spy #detector
2023-02-15 11:15:00
​​tls-scanAn Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )A program to scan TLS based servers and collect X.509 certificates, ciphers and related information. It produces results in JSON format. tls-scan is a single threaded asynchronous/event-based program (powered by libevent) capable of concurrently scan thousands of TLS servers. It can be combined with other tools such as GNU parallel to vertically scale in multi-core machines.https://github.com/prbinu/tls-scan
2023-02-15 11:14:00
​​Web Application Cheatsheet (Vulnhub)This cheatsheet is intended for CTF participants and beginners to help them understand web application vulnerability through examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience.https://github.com/Ignitetechnologies/Web-Application-Cheatsheet
2023-02-15 09:12:00
​​Cybersecurity Career Pathhttps://github.com/rezaduty/cybersecurity-career-path
2023-02-14 11:14:00
​​Email Vulnerablity Checker v1.0.0Verify whether the domain is vulnerable to spoofing by Email-vulnerablity-checker▫️ This tool will automatically tells you if the domain is email spoofable or not▫️ you can do single and multiple domain input as well (for multiple domain checker you need to have text file with domains in it)https://github.com/BLACK-SCORP10/Email-Vulnerablity-Checker
2023-02-14 07:09:55
​​WEB API fuzzinghttps://github.com/vulntinker/FUA
2023-02-14 06:58:47
​​SoulExtractionA windows driver library for extracting cert information in windows drivers.https://github.com/gmh5225/Driver-SoulExtraction
2023-02-14 06:46:47
​​D1rkSleepImproved version of EKKO that Encrypts only Image Sections. Sleep obfuscation technique that uses CreateTimerQueueTimer Win32 API.https://github.com/TheD1rkMtr/D1rkSleep#redteam
2023-02-14 06:42:25
​​CallStackMaskerA PoC implementation for dynamically masking call stacks with timers.This repository demonstrates a PoC technique for dynamically spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its call stack with a fake one and then restore the original before resuming execution. Hence, in the same way we can mask memory belonging to our implant during sleep, we can also mask the call stack of our main thread.https://github.com/Cobalt-Strike/CallStackMaskerDetails:https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/
2023-02-13 17:20:00
​​pyOneNotepyOneNote is a lightweight python library to read OneNote files. The main goal of this parser is to allow cybersecurity analyst to extract useful information from OneNote files.https://github.com/DissectMalware/pyOneNote
2023-02-13 12:37:36
​​SparkSpark is a free, safe, open-source, web-based, cross-platform and full-featured RAT (Remote Administration Tool) that allow you to control all your devices via browser anywhere.https://github.com/XZB-1248/Spark#redteam
2023-02-13 12:37:27
​​BeagleBone BlackThe BeagleBone Black is a low-cost, community-supported ARM-based development platform aimed at developers and hobbyists. The BeagleBone Black runs a 1GHz Cortex-A8 CPU and includes hardware-based floating point and 3D acceleration; while much lower-powered than a desktop or laptop system, its affordability makes it an excellent option for a tiny Linux system.The BeagleBone Black provides a microSD card slot for mass storage and if that device is bootable, will use it in preference to the board’s “burned-in” Angstrom or Debian operating system.By default, the Kali Linux BeagleBone Black image contains the kali-linux-default metapackage similar to most other platforms. If you wish to install extra tools please refer to our metapackages page.Buy online: 🛒 https://amzn.to/3JXPIy6🛒 https://alii.pub/6lz457#kali #board #ARM
2023-02-13 09:12:00
​​DCToolboxA PowerShell toolbox for Microsoft 365 security fans.This PowerShell module contains a collection of tools for Microsoft 365 security tasks, Microsoft Graph functions, Azure AD management, Conditional Access, zero trust strategies, attack and defense scenarios, etc.https://github.com/DanielChronlund/DCToolboxDetails:https://danielchronlund.com/2023/02/09/microsoft-365-data-exfiltration-attack-and-defend/
2023-02-12 15:18:06
​​DDoS-Protection-LiteAnti-DDoS-Lite (Anti-Crawler app) is a small PHP app to protect your site against DDoS attack.https://github.com/CleanTalk/anti-ddos-lite
2023-02-12 15:18:05
​​KEV CheckerA basic Python program to check Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Cataloghttps://github.com/santosomar/kev_checker
2023-02-12 15:18:00
​​Nuclei TemplatesCommunity curated list of templates for the nuclei engine to find security vulnerabilities.Templates are the core of the nuclei scanner which powers the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community. We hope that you also contribute by sending templates via pull requests or Github issues to grow the list.https://github.com/projectdiscovery/nuclei-templates#best #pentesting #bugbounty #redteam
2023-02-12 12:46:07
​​burp-sensive-param-extractor#BurpSuite extension for check and extract sensitive request parameter.https://github.com/theLSA/burp-sensitive-param-extractor
2023-02-12 12:25:16
​​DSTIKE WiFi Duck V2This open source project aims to provide a user-friendly tool to learn about keystroke injection attacks. A microcontroller acts as a USB keyboard that is programmable over WiFi. It’s using the Ducky Script language that Hak5 introduced with the USB Rubber Ducky.A keyboard is trusted by most operating systems by default, which enables for a variety of attacks. Humans might not type very fast, but an automated device like this can. It can open a terminal and mess with your computer in a matter of a milliseconds!Repository:https://github.com/SpacehuhnTech/WiFiDuckBuy online:🛒 https://amzn.to/3XkRlc1🛒 https://alii.pub/6lxy2v#wifi #duck #usb
2023-02-12 11:14:08
​​PowerForensics#PowerShell Digital #Forensicshttps://github.com/Invoke-IR/PowerForensics
2023-02-12 11:14:07
​​SYNgularity1 Exploits and PoC Code for CVEs, Vulnerabilities, etc.https://github.com/SYNgularity1/exploits
2023-02-12 11:14:00
​​enc🔑🔒 A modern and friendly CLI alternative to GnuPG: generate and download keys, encrypt, decrypt, and sign text and files, and more.https://github.com/life4/enc
2023-02-12 10:19:39
​​PaggerA collection of Sub-GHz files generators compatible with the Flipper Zero to handle restaurants/kiosks paging systems.https://github.com/meoker/pagger
2023-02-12 10:14:00
​​powershell-backdooObfuscated powershell reverse backdoor with #FlipperZero and USB #RubberDucky payloadsReverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky.https://github.com/Drew-Alleman/powershell-backdoor-generator
2023-02-12 10:13:00
​​CerbereA project to play a little bit with Kerberos on Windows.▫️ Inject ticket▫️ Ask a tgthttps://github.com/OtterHacker/Cerbere
2023-02-11 11:59:50
​​FireflyFirefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target.https://github.com/Brum3ns/firefly#pentesting #bugbounty
2023-02-11 11:57:05
​​ExploitLeakedHandle A utility that identifies handles in unprivileged processes that may have been inherited from a privileged parent process and attempts to leverage them for local privilege escalation.https://github.com/0x00Check/ExploitLeakedHandle#redteam
2023-02-11 11:14:00
​​mobsfscan A static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.https://github.com/MobSF/mobsfscan
2023-02-11 09:12:44
​​trivyFind vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.Trivy (pronunciation) is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.https://github.com/knqyf263/trivyDocumentation:https://aquasecurity.github.io/trivy/v0.37/
2023-02-11 09:12:00
​​Linux Commit AnalyserThis is a hacky little tool I wrote to parse #Linux kernel commits, with security fixes in mind.Lica allows you to parse a Linux repository's commit history, filtering for fixes and looking for specific keywords. I've included some statistics in the output and a naive search for patch coverage if you give it some local kernel sources.https://github.com/sam4k/licaDetails:https://sam4k.com/analysing-linux-kernel-commits
2023-02-10 20:57:38
​​LocalPotatoAnother Local Windows privilege escalation using a new potato technique ;)The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.https://github.com/decoder-it/LocalPotatoDetails:https://www.localpotato.com/localpotato_html/LocalPotato.html#pentesting #redteam
2023-02-10 17:08:54
​​Proxmark3The Proxmark3 is the swiss-army tool of RFID, allowing for interactions with the vast majority of RFID tags on a global scale. Originally built by Jonathan Westhues, the device is now the goto tool for RFID Analysis for the enthusiast. Iceman repository is considered to be the pinnacle of features and functionality, enabling a huge range of extremely useful and convenient commands and LUA scripts to automate chip identification, penetration testing, and programming.Buy online: RDV2 🛒 https://amzn.to/3jG7kUrRDV3 Easy 🛒 https://amzn.to/40CtlUyRDV4 BlueShark 🛒 https://t.me/PentestingShop/95RDV4.01 KIT 🛒 https://ali.ski/6_p9Xk#rfid #nfc
2023-02-10 15:18:07
​​SEBASTiAnA Static and Extensible Black-box Application Security Testing tool for iOS and Android applications.https://github.com/talos-security/SEBASTiAn
2023-02-10 15:18:00
​​Server-Side Request Forgery (SSRF) vulnerable LabThis Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack.https://github.com/incredibleindishell/SSRF_Vulnerable_Lab
2023-02-10 11:14:00
​​Exploiting CVE-2022-39299A Simple CVE-2022-39299 #PoC #exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-samlhttps://github.com/doyensec/CVE-2022-39299_PoC_Generator
2023-02-10 09:12:00
​​DiceCTF 2023 ChallengesThis repository contains all challenges from DiceCTF 2023.https://github.com/dicegang/dicectf-2023-challenges
2023-02-09 15:18:00
​​sqlmapAutomatic SQL injection and database takeover toolsqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.https://github.com/sqlmapproject/sqlmap#best #kali
2023-02-09 11:14:00
​​CredSweeperA tool to detect credentials in any directories or files. CredSweeper could help users to detect unwanted exposure of credentials (such as personal information, token, passwords, api keys etc.) in advance. By scanning lines, filtering, and using AI model as option, CredSweeper reports lines with possible credentials, where the line is, and expected type of the credential as a result.https://github.com/Samsung/CredSweeper
2023-02-09 09:12:00
​​IoT-PTA Virtual environment for Pentesting IoT Deviceshttps://github.com/IoT-PTv/IoT-PT
2023-02-08 19:12:54
HackGit pinned «Pentesting Shop The Hacker's Hardware 📟 https://t.me/PentestingShop»
2023-02-08 19:12:51
Pentesting ShopThe Hacker's Hardware 📟https://t.me/PentestingShop
2023-02-08 19:00:03
​​FilelessPELoaderLoading Remote AES Encrypted PE in memory , Decrypted it and run it.https://github.com/TheD1rkMtr/FilelessPELoader#pentesting #infosec #redteam
2023-02-08 18:25:13
​​UnhookingPatchBypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime.https://github.com/TheD1rkMtr/UnhookingPatch#redteam
2023-02-08 11:28:22
​​LdrDllNotificationHookThis project demonstrates a way to hook all DLL load notifications in a process. It hooks all callbacks which are registered with LdrRegisterDllNotification, including callbacks which are registered after the hook is set.The hook can be used to prevent the original callbacks from being called.https://github.com/m417z/LdrDllNotificationHook
2023-02-08 11:14:00
​​#Cybersecurity guidesCybersecurity policies, procedures, and guides.https://github.com/cyberphor/cybersecurity-guides
2023-02-08 09:12:00
​​CYBERONIXCyberonix is a complete resource hub for Cyber Security Community. Our aim is to make this tool an 1 stop solution for all the Hackers out there to get resources of various topics in Cyber Security. We will keep updating this tool & adding new & updated resources on the go.https://github.com/TeamMetaxone/Cyberonix
2023-02-08 06:29:38
​​ssc-asi-toolsSecurityScorecard Attack Surface Intelligence tools repository with a python suite of tools.▫️ Single Queries▫️ Bulk Lookups▫️ Full JSON logging▫️ Wizard based lookupshttps://github.com/securityscorecard/ssc-asi-tools
2023-02-08 06:25:08
​​BREXXTODONA REXX based mastodon reader for MVS 3.8jThis is an alpha release, mostly a POC, there are bugs, it abends, it S0C4s and S0C1, use at your own risk.https://github.com/mainframed/BREXXTODON
2023-02-07 23:10:28
​​GL-iNET Brume 2 GL-MT2500 / MT2500ABrume 2 — A lightweight and compact security gateway designed for hosting VPN servers. It is an ideal gateway for businesses to monitor, manage, and configure SD-WAN settings via GoodCloud, our remote device management platform, resulting in faster network performance, higher network efficiency, and reduced cost for small and medium-sized enterprises.It comes in two versions: GL-MT2500A which has an aluminium alloy exterior, and GL-MT2500 which is made of ABS material. The device comes with a powerful chipset with higher processing efficiency than the previous generation, an upgrade in VPN encryption speed, and an updated SDK4.0 package.Full Protection for Your Network: Cloudflare encryption supported to protect the privacy. IPv6 and WPA3 security protocol supported. (To enable IPv6 function, please access to Admin Panel -> NETWORK -> IPv6.)Support VPN Cascading: Allow VPN server and VPN client operate simultaneously within the same device, enabling user to access local network servers with accessing public internet as a VPN client in the meantime.Ideal Gateway for Hosting a VPN Server at Home or Office: Access sensitive information stored under a corporate private network or access local files and bypass geo-blocking securely while working remotely.Advanced Hardware Specification: Equipped with 2.5 gigabit WAN port, 1 gigabit LAN port with USB 3.0 port, as well as 8 GByte EMMC (embedded multimedia card) storage for offline data storage.Runs on the latest OpenWrt 21.02 operating system, supporting mass device connection capabilities, and reducing signal interference. You can customize the router and install applications based on your preferences.Buy online: MT2500 🛒 https://amzn.to/3IgreyZMT2500A 🛒 https://amzn.to/3YdiWgNAliexpress MT2500/MT2500A: 🛒 https://alii.pub/6lrvop #vpn #gateway #security #openwrt
2023-02-07 19:46:12
NetworkNightmareIt is a mindmap for conducting network attacks. For the most part, it will be useful to pentesters or red team operators. The mindmap will be maintained and updated by me.▫️ Traffic Hijacking▫️ MiTM Attacks▫️ Dynamic IGP Routing▫️ Configuration Exfiltration▫️ DoS▫️ NAC/802.1X Bypassing▫️ GRE Pivoting▫️ Cisco EEM for hiding user▫️ Authentication Cracking▫️ Information Gathering▫️ Cisco Passwords▫️ VLAN Bypassinghttps://github.com/c4s73r/NetworkNightmare#pentesting #mindmap
2023-02-07 19:42:53
​​ntdlll-unhooking-collectiondifferent ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)https://github.com/TheD1rkMtr/ntdlll-unhooking-collection#redteam #hackers
2023-02-07 19:42:26
​​Secrets Patterns Database 🗄The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets.https://github.com/mazen160/secrets-patterns-db#pentesting #bugbounty
2023-02-07 15:18:00
​​Burp Suite Certified Practitioner Exam StudyMy personal study notes on the PortSwigger Academy Burp Suite Certified Practitioner (BSCP) Exam topics. The acronym BSCP has nice simular ring to it, same as OSCP :)https://github.com/botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study
2023-02-07 11:14:00
​​HellgateLoader_CSharpLoad shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.https://github.com/Kara-4search/HellgateLoader_CSharp
2023-02-07 09:12:00
​​CVE-2022-44268ImageMagick arbitrary file readhttps://github.com/Vulnmachines/imagemagick-CVE-2022-44268#cve #poc
2023-02-06 15:46:23
​​RasmanPotatoAbuse Impersonate Privilege from Service to SYSTEM like other potatoes dohttps://github.com/crisprss/RasmanPotato#redteam
2023-02-06 11:14:00
​​WSAPatchMake WSA(Windows Subsystem for Android) run on Windows 10.https://github.com/cinit/WSAPatch
2023-02-06 10:54:53
​​i-Haklab A hacking laboratory for Termux that contains open source tools for pentesting, scan/find vulnerabilities, explotation and post-explotation recommended by Ivam3 with automation hacking commands and many guides and tutorials to learn use it.https://github.com/ivam3/i-Haklab#pentesting #redteam
2023-02-06 09:53:31
​​MalwareConfigListsJust some lists of Malware Configshttps://github.com/Gi7w0rm/MalwareConfigLists
2023-02-06 09:52:35
​​malware-iocThis repository contains indicators of compromise (IOCs) of our various investigations.https://github.com/prodaft/malware-ioc
2023-02-06 09:52:30
​​Ticwatch Pro 3Smart watch with official Kali NetHunter support.What is Kali NetHunter?Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform. Now it's available for your smartwatch with some limitations.The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks.Beyond the penetration testing tools arsenal within Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, WPS attacks, and much more.NetHunter is an open-source project developed by Offensive Security and the community.Installing NetHunter On the TicWatch Pro 3:https://www.kali.org/docs/nethunter/installing-nethunter-on-the-ticwatch-pro3/Buy online:🛒 https://amzn.to/3RC7PeT🛒 https://ali.ski/Zu0T3#watch #kali #ticwatch
2023-02-06 09:12:07
​​CTFsCTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done.https://github.com/Adamkadaban/CTFs
2023-02-06 09:12:00
​​swagger2burpConvert Swagger openapi.json file to burp suite request files.https://github.com/bolbolabadi/swagger2burp
2023-02-06 07:21:08
BypassAVThis map lists the essential techniques to bypass anti-virus and EDRhttps://github.com/CMEPW/BypassAV#redteam
2023-02-05 19:40:08
​​CVE-2022-44268 Arbitrary File Read PoC - PNG generator.https://github.com/voidz0r/CVE-2022-44268#cve #poc
2023-02-05 17:47:24
​​Flipper Zero BadUsb script collectionTo begin using the scripts, please carefully read the "readme.md" file provided with each script. This file contains important information on how to use the script safely. Keep in mind that some scripts may potentially harm your system, so be cautious and do not run unfamiliar scripts on your personal computer. To test scripts, it is recommended to use a virtual machine for safety.https://github.com/UNC0V3R3D/Flipper_Zero-BadUsbFlipper Zero is available for purchase: https://t.me/PentestingShop/221#pentesting #redteam #hackers
2023-02-05 15:18:00
​​opainjectiOS tool to inject a dylib into a process using both shellcode and ROP methods. (By default ROP method is used, it's superior to the shellcode method in every way but I started with the shellcode method and decided to leave it in).Tested on iOS 14 and 15 (yes you heard that right, but this is actually useless without some sort of PMAP trust level bypass as the dylib will just be mapped as R-- and the process will crash).https://github.com/opa334/opainject
2023-02-05 09:12:00
​​HalmosSymbolic Bounded Model Checker for Ethereum Smart Contracts Bytecodehttps://github.com/a16z/halmosDetails:https://a16zcrypto.com/symbolic-testing-with-halmos-leveraging-existing-tests-for-formal-verification/
2023-02-04 15:18:00
​​IoTSecurity101A Curated list of IoT Security Resourceshttps://github.com/V33RU/IoTSecurity101
2023-02-04 11:14:00
​​Practical #CyberSecurity Resources 🌟https://github.com/brcyrr/PracticalCyberSecurityResources/blob/main/README.md
2023-02-04 10:25:10
​​DLL Sideload without DLL Mainhttps://github.com/shantanu561993/DLL-SideloadDetails:https://www.redteam.cafe/red-team/dll-sideloading/dll-sideloading-not-by-dllmain#pentesting #redteam #hackers #inject
2023-02-04 09:13:00
​​ShrewdEyeShrewdEye (sheye) is a set of utilities bundled into a single automated workflow to improve, simplify, and speed up resource discovery and vulnerabilities finding.https://github.com/zzzteph/sheye#pentesting #bugbounty #redteam
2023-02-04 09:12:00
​​TLDbruteA simple utility to generate domain names with all possible TLDshttps://github.com/Sybil-Scan/TLDbrute
2023-02-04 08:50:46
​​CVE-2023-0045Bypassing Spectre-BTI User Space Mitigations on Linuxhttps://github.com/es0j/CVE-2023-0045#cve
2023-02-04 08:20:37
​​Throwing Star LAN TapThe Throwing Star LAN Tap is a passive Ethernet tap, requiring no power for operation. There are active methods of tapping Ethernet connections (e.g., a mirror port on a switch), but none can beat passive taps for portability.→ Use Ethernet cables to connect the Throwing Star LAN Tap (J1 and J2) in line with a target network to be monitored.→ Use Ethernet cables to connect one or both of the monitoring ports (J3 and J4) to ports on one or two monitoring stations. Each port monitors traffic in one direction only.→ Use your favorite software (e.g., tcpdump or Wireshark) on the monitoring station(s) to capture network traffic.Buy online: 🛒 https://amzn.to/3DFyoKq🛒 https://alii.pub/6lmr6v#lan #ethernet #sniffing
2023-02-04 06:41:21
​​RevWhoixA simple utility to perform reverse WHOIS lookups using whoisxml APIhttps://github.com/Sybil-Scan/revwhoix
2023-02-03 18:52:07
​​NTDLLReflectionBypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported APIs from the export table.https://github.com/TheD1rkMtr/NTDLLReflection#pentesting #redteam
2023-02-03 15:18:00
​​Pytractor ToolIt is a tool for collecting subdomains and endpoints.Features:▫️ collect endpoints▫️ subdomains▫️ web archieve▫️ Virus Total▫️ robots.txthttps://github.com/N0LL101/Pytractor
2023-02-03 13:09:01
​​Nmap-PeekAn easy way to preview the content of an XML nmap file, in VS Code.A simple side view of your XMl nmap file. The extensions prints all the basic information retrieved from an nmap scan.The status of each port, is represented with different colors. Green for open, red for closed, light blue for filtered and gray for mixed responses like closed|filtered etc. In case the ports disclose the OS of the host, a related icon will be presented 👇https://github.com/marduc812/vscode-nmap-peek
2023-02-03 12:57:41
​​BlueTeam-ToolsThis github repository contains a collection of 35+ tools and resources that can be useful for blue teaming activities.Some of the tools may be specifically designed for blue teaming, while others are more general-purpose and can be adapted for use in a blue teaming context.https://github.com/A-poc/BlueTeam-Tools#blueteam
2023-02-03 09:12:00
​​injectAmsiBypassCobalt Strike Beacon Object File (BOF) that bypasses AMSI in a remote process with code injection.https://github.com/boku7/injectAmsiBypass
2023-02-02 20:08:20
​​CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator.https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC#cve
2023-02-02 17:04:38
CVE-2023-21608Adobe Acrobat Reader Remote Code Execution ExploitThis bug was Use after Free caused during resetForm operation while handling object memory references.https://github.com/hacksysteam/CVE-2023-21608Details:https://hacksys.io/blogs/adobe-reader-resetform-cagg-rce-CVE-2023-21608#cve
2023-02-02 15:18:00
​​certwatcherCertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates and Selenium. The tool helps to detect and analyze phishing sites, and is designed to make it easy to use for security professionals and researchers.https://github.com/drfabiocastro/certwatcher
2023-02-02 12:41:00
​​FinGenA #ChatGPT based penetration testing findings generator.https://github.com/Stratus-Security/FinGen#pentesting #bugbounty #redteam #hackers
2023-02-02 12:27:53
​​auto-reconTools for auto enumeration subdomain, dns, host alive.https://github.com/1amkaizen/auto-recon
2023-02-02 12:07:24
HackGit pinned «​​Wise — The international account Join over 13 million people and businesses, in more than 170 countries, who use Wise to send, spend, convert, and receive money internationally. Wise is for anyone — travelers, immigrants, freelancers, organisations — whose…»
2023-02-02 12:07:18
​​Wise — The international accountJoin over 13 million people and businesses, in more than 170 countries, who use Wise to send, spend, convert, and receive money internationally.Wise is for anyone — travelers, immigrants, freelancers, organisations — whose money crosses borders. We’re 8x cheaper on average than leading banks. And a lot faster, too.Cheaper and faster money transfers:▫️ Send money to over 80 countries▫️ For a super-low fee, you get the real exchange rate, like on Google, for every money transfer• 50% of transfers are instant or arrive within an hour▫️ Secure your transfers with two-factor authenticationA debit card to spend worldwide:▫️ Spend or withdraw money in more than 200 countries▫️ If you don’t have the local currency, we’ll auto-convert what you have with the lowest possible price▫️ Freeze and unfreeze your card, and update your virtual card whenever you likeCreate your Wise account 💳#promo
2023-02-02 09:13:00
​​DefaScanA python tool that will scrape the internet for your given google dork queries using APIs and alert using the email provied during rutime.https://github.com/RamXtha/DefaScan
2023-02-02 09:12:00
​​tactical-exploitationModern tactical exploitation toolkit.https://github.com/0xdea/tactical-exploitation
2023-02-01 12:27:00
​​Cobalt Strike Beacon NotifierA #Cobalt Strike Beacon Notifier Via #Telegram #Bot.Features:▫️ Showing the Name of the Current User▫️ Showing the Computer Name of the Current User▫️ Showing the Type and Version of the Operating System▫️ Showing the Type of the Process Exec Name▫️ Showing the Internal IP of the System▫️ Showing the Enternal IP of the Systemhttps://github.com/lynxbinz/CS-Beacon-Notifier
2023-02-01 12:08:21
​​Thanks Mobile HackerWe want to give credit to the creators of the videos we used in our posts.▫️ t.me/androidMalware ▫️ youtube.com/@mobilehacker▫️ instagram.com/mobile_hacker0#video #channel
2023-02-01 11:14:00
​​THC's favourite Tips, Tricks & Hacks (Cheat Sheet)A collection of our favourite tricks. Many of those tricks are not from us. We merely collect them.We show the tricks 'as is' without any explanation why they work. You need to know Linux to understand how and why they work.https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet
2023-02-01 11:09:14
​​Dependency-ConfusionAll About Dependency Confusion Attack, (Detecting, Finding, Mitigating)https://github.com/x1337loser/Dependency-Confusion
2023-02-01 10:32:15
​​Cheap BadUSB - Digispark ATtiny85 Arduino boardBesides using it as a Rubber Ducky or hardware password vault, you can start your own projects such as POV display, LED lights controller, IoT gadgets, etc. Digispark allows to connect external modules and operate with them such as Bluetooth, motion, temperature sensors, Wi-Fi, etc.Testing 20 most popular mobile phone PINs (based on SANS institute findings) in 6 minutes using Digispark ATtiny85 board 👇 Based on the research, 26% of all phones can be cracked with these 20 four-digit passcodes.Buy online:🛒 https://amzn.to/3wN80ds🛒 https://ali.ski/13u_Kq#usb #board #badusb
2023-02-01 09:12:05
​​azure-mindmapThe purpose of this map is to list all possible compromise paths when faced with an Azure environment during a cloud security engagement.https://github.com/CMEPW/azure-mindmap#cybersecurity #infosec
2023-02-01 09:12:00
​​TimeExceptionA tool to find folders excluded from AV real-time scanning using a time oracle.https://github.com/bananabr/TimeException
2023-01-31 15:18:08
​​PrivilegerPrivileger allows you to work with privileges in Windows as easily as possible. https://github.com/MzHmO/Privileger#pentesting #Windows #redteam
2023-01-31 15:18:07
​​MimirTrue P2P messenger on top of Yggdrasil Networkhttps://github.com/Revertron/Mimir#privacy
2023-01-31 15:18:00
​​python-tufA Framework for Securing Software Updatehttps://github.com/theupdateframework/python-tuf
2023-01-31 11:15:00
​​Bountystrike-shA collection of bash and python scripts that installs common bug bounty tools, performs recon scans and continous asset discovery.https://github.com/BountyStrike/Bountystrike-sh#bugbounty
2023-01-31 11:14:05
​​CyberPipeAn easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.Functions:▫️ Capture a memory image with DumpIt for Windows,▫️ Capture a triage image with KAPE,▫️ Check for encrypted disks,▫️ Recover the active BitLocker Recovery key,▫️ Save all artifacts, output, and audit logs to USB or source network drive.Prerequisites:https://github.com/dwmetz/CyberPipe
2023-01-31 11:14:00
​​RemComSvc obfuscation PoChttps://gist.github.com/snovvcrash/123945e8f06c7182769846265637fedb
2023-01-31 09:13:00
​​OutpostAWS Testing and Reporting ManagementOutpost is a simple tool to generate AWS configuration files for AssumeRole, a testing capability for verifying accounts work, and a report generator for ScoutSuite scan results.▫️ Run ScoutSuite▫️ Parse the results▫️ ✨Generate Report Findings✨https://github.com/ustayready/outpost
2023-01-31 09:12:01
​​astaroth-deobfuscatorIDA python script for deobfuscating Astaroth/Guildma injector DLLhttps://github.com/dodo-sec/astaroth-deobfuscator
2023-01-31 09:12:00
​​RToolZA Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.https://github.com/OmriBaso/RToolZ#pentesting #redteam
2023-01-30 15:19:00
​​Sublist115rA python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist115r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist115r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.https://github.com/elpirata111/Hacking-tools#Donate t.me/hackgit🍻»»»
2023-01-30 15:18:00
​​Json Value ExtractorCmd line utility that accepts json via standard in (piping) and extracts values from json fields.https://github.com/theflakes/jve
2023-01-30 12:34:06
HackRF One + Portapack H2 Mayhem.The HackRF is an exceptionally capable software defined radio (SDR) transceiver, but naturally you need to connect it to a computer to actually do anything with it. So the PortaPack was developed to turn it into a stand-alone device with the addition of a touchscreen LCD, a few buttons, and a headphone jack. With all the hardware in place, it’s just a matter of installing a firmware capable enough to do some proper RF hacking on the go.Enter MAYHEM, an evolved fork of the original PortaPack firmware that the developers claim is the most up-to-date and feature packed version available. Without ever plugging into a computer, this firmware allows you to receive, decode, and re-transmit a dizzying number of wireless protocols. From firing off the seating pagers at a local restaurant to creating a fleet of phantom aircraft with spoofed ADS-B transponders, MAYHEM certainly seems like it lives up to the name.Detailed blog post about installing and using MAYHEM on the HackRF/PortaPack, complete with a number of real-world examples that show off just a handful of possible applications for the project. Jamming cell phones, sending fake pager messages, and cloning RF remotes is just scratching the surface of what’s possible.Example of use: exploitation of a Honda vulnerability Honda's Remote Keyless System (CVE-2022-27254)Firmware to open any and all Tesla vehicle charging ports in range!Buy online: 🛒 https://alii.pub/6lfodk🛒 https://amzn.to/3kRIrFF#hackrf #radio #sdr #spoofing
2023-01-30 11:15:00
​​Windows 11 Debloat / Privacy GuideThis guide is meant for advanced users who wants to get rid off Windows 11's bloatware and telemetry, if you have no experience of such thing then you can consider this guide for ease.▫️ Get rid of bloatware▫️ Disable most of the telemetry▫️ Gain performance▫️ Optimize Windows 11 for gaming as well as productivity▫️ Strip Windows 11 to barebones (In Advanced removal below)https://github.com/TheWorldOfPC/Windows11-Debloat-Privacy-Guide
2023-01-30 11:14:00
​​Dell Driver EoP (CVE-2021-21551)Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.This exploit was tested on Windows 10 v1511.https://github.com/nanabingies/CVE-2021-21551#cve
2023-01-30 09:13:00
​​bbFuzzing.txtA unique vocabulary that is 70% generated with OpenAI ChatGPT.The remaining 30% is a compilation of dictionaries from Bo0om, circuit and other bugbounters.https://github.com/reewardius/bbFuzzing.txt#bugbounty #ChatGPT
2023-01-30 09:12:00
​​APT-HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . APT-Hunter use pre-defined detection rules and focus on statistics to uncover abnormalities which is very effective in compromise assessment . the output produced with timeline that can be analyzed directly from Excel, Timeline Explorer, Timesketch, etc...https://github.com/ahmedkhlief/APT-Hunter
2023-01-29 15:18:00
​​Linux Security and Hardening Security Guidehttps://github.com/In4n1s357/Linux-Security-and-Hardening-Security-Guide
2023-01-29 12:51:22
​​SeManage Volume #ExploitThis exploit grants full permission on C:\ drive for all users on the machine.▫️ Enables the privilege in the token▫️ Creates handle to .\C: with SYNCHRONIZE | FILE_TRAVERSE▫️ Sends the FSCTL_SD_GLOBAL_CHANGE to replace S-1-5-32-544 with S-1-5-32-545https://github.com/CsEnox/SeManageVolumeExploit
2023-01-29 12:44:10
HackGit pinned «​​OnePlus 7 Pro OnePlus 7 Pro is the best phone you can use with Kali Nethunter. It is bundled with the Qualcomm SM8150 Snapdragon 855+ chipset along with 8GB RAM and Adreno 640 GPU. It also has a 90Hz AMOLED 6.57 inches display with 1080 x 2400 pixel resolution.…»
2023-01-29 12:44:02
​​OnePlus 7 ProOnePlus 7 Pro is the best phone you can use with Kali Nethunter. It is bundled with the Qualcomm SM8150 Snapdragon 855+ chipset along with 8GB RAM and Adreno 640 GPU.It also has a 90Hz AMOLED 6.57 inches display with 1080 x 2400 pixel resolution. As for storage, you have the option to choose between the 128GB and 256GB variants. Keep in mind, this phone doesn’t have a Memory card slot.When it comes to networking, the OnePlus 7 supports Wi-Fi 802.11 a/b/g/n/ac network standards. Moreover, having Bluetooth 5.0 is of utter importance as there is no 3.5mm jack included in the device.Lastly, the battery of this phone is 3800mAh Li-Po which supports 30W fast charging and 30T Warp Charge.OnePlus 7 is heavily supported by the Kali Nethunter community and is also the recommended high-end device for Nethunter. You can also find the installation instructions for Nethunter on OnePlus 7 in the official Nethunter documentation.Buy online:🛒 https://amzn.to/3kQlLWd🛒 https://alii.pub/6leekh#kali #mobile
2023-01-29 11:21:34
​​PayClipYou can use this tool to transfer payloads to the clipboard so you can use them more quickly.https://github.com/bwiko/PayClip
2023-01-29 11:14:00
​​ludvigSecurity scanner using YARA.https://github.com/FrodeHus/ludvig
2023-01-29 09:13:00
​​hackebdsThis tool is used for backdoor and shellcode generation for various architecture devices.https://github.com/doudoudedi/hackEmbedded#redteam
2023-01-29 09:12:00
​​PHP Antimalware ScannerAMWScan is a free tool to scan php files and analyze your project to find any malicious code inside it.https://github.com/marcocesarato/PHP-Antimalware-Scanner
2023-01-28 12:06:11
​​YARD Stick OneYet Another Radio Dongle can transmit or receive digital wireless signals at frequencies below 1 GHz. It uses the same radio circuit as the popular IM-Me. The radio functions that are possible by customizing IM-Me firmware are now at your fingertips when you attach YARD Stick One to a computer via USB. Great for listening on RF emitters and transmitting on ISM bands.YARD Stick One comes with RfCat firmware installed, courtesy of Atlas. RfCat allows you to control the wireless transceiver from an interactive Python shell or your own program running on your computer.Repository:https://github.com/greatscottgadgets/yardstickBuy online:🛒 https://amzn.to/3WNO9W1🛒 https://alii.pub/6lbzti#radio #usb #transceiver
2023-01-28 11:14:07
​​jsoupThe Java HTML parser, built for HTML editing, cleaning, scraping, and XSS safety.jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.https://github.com/jhy/jsoup
2023-01-28 11:14:00
​​pentesting-resourcesResources for ethical hacking, pentesting and other offsec tools.https://github.com/Root-Down-Digital/pentesting-resources
2023-01-28 09:13:00
RemoteShellCodeInjectionThis will help you inject a shellcode hosted as text remotly into a process.https://github.com/soufianetahiri/RemoteShellCodeInjection#pentesting #redteam
2023-01-28 09:12:00
​​ExploitsA handy collection of my public exploits, all in one place.https://github.com/0xdea/exploits#redteam #cve #exploit
2023-01-27 15:18:00
​​CryptomatorMulti-platform transparent client-side encryption of your files in the cloud.https://github.com/cryptomator/cryptomatorDownload https://cryptomator.org/downloads/#cybersecurity
2023-01-27 11:15:00
​​Capacapa detects capabilities in executable files. You run it against a PE, ELF, .NET module, or shellcode file and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.https://github.com/mandiant/capa
2023-01-27 11:14:00
​​GUACGUAC aggregates software security metadata into a high fidelity graph database.https://github.com/guacsec/guac
2023-01-27 09:48:31
​​NativePayload_PE1NativePayload_PE1/PE2 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing RWX to X or RX or (both) [Bypassing AVs].https://github.com/DamonMohammadbagher/NativePayload_PE1#redteam
2023-01-27 09:29:59
linWinPwn Active Directory Vulnerability ScannerlinWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script uses a number of tools and serves as wrapper of them. Tools include: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump, certipy, silenthound, and others.https://github.com/lefayjey/linWinPwn#pentesting #redteam #ad #best
2023-01-27 09:13:00
​​Awesome-Bugbounty-WriteupsA curated list of #bugbounty writeups (Bug type wise).https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
2023-01-27 09:12:00
​​Burp IIS Tilde Enumeration ScannerThis extension will add an Active Scanner check for detecting IIS Tilde Enumeration vulnerability and add a new tab in the #Burp UI to manually exploit the vulnerability.https://github.com/cyberaz0r/Burp-IISTildeEnumerationScanner
2023-01-27 08:08:14
​​GrypeA vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.https://github.com/anchore/grype#best
2023-01-27 07:16:28
​​CVE-2023-24055 PoC (KeePass 2.5x)An attacker who has write access to the KeePass configuration file can modify it and inject malicious triggers, e.g to obtain the cleartext passwords by adding an export trigger.https://github.com/alt3kx/CVE-2023-24055_PoC#cve #poc
2023-01-27 07:11:19
Proxying DLL Loads For Hiding ETWTI Stack Tracing.https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing/Proxy-DLL-Loads:https://github.com/paranoidninja/Proxy-DLL-Loads#pentesting #redteam
2023-01-26 15:18:00
​​FIR Fast Incident Response is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents.FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It was tailored to suit our needs and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit.https://github.com/certsocietegenerale/FIR
2023-01-26 14:24:31
​​CVE-2022-34689CryptoAPI spoofing vulnerabilityThe repository contains code for two types of PoCs: one exploiting Chrome v48 and another focusing on the vulnerable MD5 check in crypt32.dll.https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689Details:https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi#cve #poc
2023-01-26 11:16:13
​​CVE-2023-24055POC and Scanner for CVE-2023-24055.https://github.com/deetl/CVE-2023-24055#cve
2023-01-26 11:14:10
​​EYSOFT Webcam CoverWhether you want to protect your smartphone, laptop or desktop computer, this 5-pack of webcam privacy covers is an excellent choice. The cover is durable and easy to install using the provided double-sided tape. To cover the viewfinder, all you need to do is slide the black circle within the cover to the left.Measuring only 0.022 inches in thickness which will not interfere with closing lid of your laptop. It adheres with double sided tape and can be removed if needed. Moreover, it will sustain through the wear and tear and remain strongly adhesive.Not only suitable for computer, PC, laptops, Mac, iPad, Android tablet and all in one desktop, also can be used in most models of smartphones.Buy online: 🛒 $5.99 https://amzn.to/3Hca2c4#camera #privacy #covers
2023-01-26 11:14:07
​​opencveOpenCVE is a platform used to locally import the list of CVEs and perform searches on it (by vendors, products, CVSS, CWE...).Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE.https://github.com/opencve/opencve
2023-01-26 11:14:00
​​BSidesRomaSecurityBsides Roma Conference Repohttps://github.com/SecurityBsidesIT/BSidesRoma
2023-01-26 09:13:00
​​PyCriptPycript is a Burp Suite extension that enables users to encrypt and decrypt requests for manual and automated application penetration testing. It also allows users to create custom encryption and decryption logic using JavaScript and Node.js, allowing for a tailored encryption/decryption process for specific needs.https://github.com/Anof-cyber/PyCript
2023-01-26 09:12:00
​​Gato (Github Attack TOolkit)Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization.The tool also allows searching for and thoroughly enumerating public repositories that utilize self-hosted runners. GitHub recommends that self-hosted runners only be utilized for private repositories, however, there are thousands of organizations that utilize self-hosted runners.https://github.com/praetorian-inc/gato
2023-01-25 15:18:00
​​Hekatomb A python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.https://github.com/Processus-Thief/HEKATOMB#ad
2023-01-25 11:15:00
​​IntroLabsThese are the labs for my Intro class. Yes, this is public. Yes, this is intentional.https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md
2023-01-25 11:14:00
​​threat-intelThis repository contains IoCs related to Volexity public threat intelligence blog posts and tools published by Volexity's threat intelligence team.https://github.com/volexity/threat-intel
2023-01-25 09:49:38
​​Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.Buy online: 🛒 $299.98 https://amzn.to/3DfmfLU#rfid #nfc
2023-01-25 09:47:42
​​burp-rest-apiREST/JSON API to the Burp Suite security tool.https://github.com/vmware/burp-rest-api
2023-01-25 09:12:05
​​ExtAnalysisBrowser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels.https://github.com/Tuhinshubhra/ExtAnalysis
2023-01-25 09:12:00
​​robots-txt-parser pycollect robots.txt endpoint for allowed and disallowed endpoints from a list of subdomainshttps://github.com/smackerdodi/robots-txt-parser.py
2023-01-24 15:18:00
​​Hackng Articles — Cyber MindmapThis repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them.https://github.com/Ignitetechnologies/Mindmap
2023-01-24 11:14:00
​​wstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.https://github.com/OWASP/wstg
2023-01-24 09:24:00
​​WD 5TB My Passport Portable Hard DriveThe My Passport™ drive is trusted, portable storage that gives you the confidence and freedom to drive forward in life. With a new, stylish design that fits in the palm of your hand, there’s space to store, organize, and share your photos, videos, music, and documents.The My Passport™ drive’s built-in 256-bit AES hardware encryption with password protection helps keep your digital life's contents secure. Just activate password protection and set your own personalized password using WD Discovery™.Buy online: 🛒 -21% $117.99 https://amzn.to/3WGTuyIWD 5TB My Passport for Mac:🛒 -22% $124.99 https://amzn.to/3R1oGqY#usb #hdd #encryption
2023-01-24 09:12:00
​​AzBeltStandalone DLL and sliver extension for enumerating Azure related credentials, primarily on AAD joined machines.https://github.com/daddycocoaman/AzBelt
2023-01-23 16:55:11
​​SQLi-Hunter-v2SQLi Hunter v2 is a python program that checks for SQL (and Blind) injection vulnerability in URL's. The program is designed to be easy to use, practical and beneficial. The intention of this tool is to include it in your ethical Bug Bounty Hunting methodology. Please do not use this tool on any website without having its permission.https://github.com/3a7/SQLi-Hunter-v2
2023-01-23 16:52:45
​​CVE-2021-20294-POCA flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack BoF, OOB write of arbitrary data supplied by the attacker.https://github.com/tin-z/CVE-2021-20294-POC#cve #poc
2023-01-23 16:49:45
​​Inline-Execute-PEInline-Execute-PE is a suite of Beacon Object Files (BOF's) and an accompanying Aggressor script for #CobaltStrike that enables Operators to load unmanaged Windows executables into Beacon memory and execute them, retrieving the output and rendering it in the Beacon console.https://github.com/Octoberfest7/Inline-Execute-PE#redteam
2023-01-23 11:14:00
​​PhoneSploit ProPhoneSploit with Metasploit Integration.An All-In-One hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.https://github.com/azeemidrisi/phonesploit-pro
2023-01-23 09:13:00
​​BLintBLint is a Binary Linter to check the security properties, and capabilities in your executables. It is powered by lief.https://github.com/AppThreat/blint
2023-01-23 09:12:00
​​PopeyeA Kubernetes Cluster SanitizerPopeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what's deployed and not what's sitting on disk. By scanning your cluster, it detects misconfigurations and helps you to ensure that best practices are in place, thus preventing future headaches.https://github.com/derailed/popeye
2023-01-22 15:19:00
​​About Cloud ScoutCloud Scout is a plugin which works on top of BloodHound, leveraging its visualization capabilities in order to visualize cross platform attack paths.https://github.com/SygniaLabs/security-cloud-scout
2023-01-22 15:18:00
​​shosubgoSmall tool to Grab subdomains using Shodan api.https://github.com/incogbyte/shosubgo
2023-01-22 11:14:05
​​CredsSome usefull Scripts and Executables for Pentest & ForensicsMost Scripts/Executables are Windows / Domain specific.https://github.com/S3cur3Th1sSh1t/Creds
2023-01-22 11:14:00
​​AerleonGenerate firewall configs for multiple firewall platforms from a single platform-agnostic configuration language through a command line tool and Python API.Aerleon is a fork of Capirca with the following enhancements 👇https://github.com/aerleon/aerleon
2023-01-22 09:12:07
​​CVE-2023-0179 PoCThis repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 5.5 to 6.2-rc3, although the exploit was tested on 6.1.6.https://github.com/TurtleARM/CVE-2023-0179-PoC#cve #poc
2023-01-22 09:12:00
​​APCLdrPayload Loader With Evasion Features.https://github.com/NUL0x4C/APCLdr
2023-01-21 15:18:00
​​pdtmProjectDiscovery's Open Source Tool ManagerA simple and easy-to-use golang based tool for managing open source projects from ProjectDiscovery.https://github.com/projectdiscovery/pdtm
2023-01-21 11:14:00
​​PTAAgentDumpA tool for checking malicious use of stolen pass-through authentication (PTA) agent certificates. The tool shows how many active certificates exists per agent.https://github.com/secureworks/PTAAgentDump
2023-01-21 09:12:00
​​LogonTracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log.https://github.com/JPCERTCC/LogonTracerDemo:https://www.youtube.com/watch?v=aX-vTd7-moY
2023-01-20 09:12:00
​​Gold DiggerGold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.https://github.com/ustayready/golddigger
2023-01-20 07:53:37
​​CVE-2022-47966POC for CVE-2022-47966 affecting multiple ManageEngine products👇https://github.com/horizon3ai/CVE-2022-47966Nuclei templates:https://github.com/projectdiscovery/nuclei-templates/pull/6564/files
2023-01-17 11:15:00
​​gmailc2A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions.C2 Feature:▫️ Persistence (type persist)▫️ Shell Access ▫️ System Info (type info)▫️ More Features Will Be AddedFeatures:▫️ FUD Ratio 0/40▫️ Bypass Any EDR's Solutions▫️ Bypass Any Network Restrictions▫️ Commands Are Being Sent in Base64 And Decoded on server side▫️ No More Tcp Shitshttps://github.com/machine1337/gmailc2
2023-01-17 11:14:00
​​Hunting-Queries-Detection-RulesDefender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
2023-01-17 10:11:58
​​EvilCrow KeyloggerEvil Crow Keylogger is a physical keylogger device for professionals and cybersecurity enthusiasts. This WiFi keylogger with Micro SD slot, based on the Atmega32U4 microcontroller and the ESP32-PICO module.Repository:https://github.com/joelsernamoreno/EvilCrow-KeyloggerBuy online: 🛒 https://ali.ski/Xf5tcE#USB #wifi
2023-01-17 09:13:00
​​OffensivePipelineOfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the resulting binary and generate a shellcode.https://github.com/Aetsu/OffensivePipeline#dotnet #obfuscate #inject #bypass #av
2023-01-17 09:12:00
​​Windows LPE PoCshttps://github.com/dbgsymbol/windows_lpe_pocs
2023-01-16 11:14:00
​​Automation_Bug_HuntingSome Bug Hunting automation Basic scripts using python (LFI, Error SQLI, Blind SSRF, SSTI, Open Redirect, OS Command Injection).https://github.com/Mostafa-Elguerdawi/Automation_Bug_Hunting
2023-01-16 09:12:00
​​tau-researchThe project will serve as a central repository for VMware Threat Analysis Unit (TAU) to share threat intelligence with the security community, such as threat indicators of compromises (IoCs) and the corresponding scripts/tools TAU developed to extract the IoCs. The IoCs are typically used/discussed in TAU's published research papers such as repo…https://github.com/vmware-samples/tau-research
2023-01-15 09:12:00
​​WriteupsDifferent hacking Platforms writeups!!https://github.com/a-fai1ur3/Writeups
2023-01-14 15:19:00
​​cheatsheetsCollection of knowledge about information security.https://github.com/r1cksec/cheatsheets#cybersecurity #infosec
2023-01-14 15:18:00
​​PowerShell-Deobfuscation-ExerciseAn exercise to practice deobfuscating PowerShell Scripts.https://github.com/trevormiller6/PowerShell-Deobfuscation-Exercise
2023-01-14 11:15:00
​​CVE-2022-46169Exploit to CVE-2022-46169 vulnerability on Cacti 1.2.19https://github.com/Anthonyc3rb3ru5/CVE-2022-46169#cve #exploit
2023-01-14 11:14:05
​​asta-decryptThis is a simple script that implements the decryption routine for the encrypted final stage used by the Astaroth/Guildma malware family.Astaroth uses an AutoIT script with an embedded DLL that writes the final payload to disk as db.temp and injects it into a hollow process.https://github.com/dodo-sec/asta-decrypt.py
2023-01-14 11:14:00
​​anti_RoyalPoweshell tool to check for partially encrypted files with various techniques and sandbox them for analysis.https://github.com/shadowdevnotreal/anti_Royal
2023-01-14 09:12:00
​​CVE-2022-28944EMCO Software Multiple Products Unauthenticated Update Remote Code Execution Vulnerability.https://github.com/gerr-re/cve-2022-28944
2023-01-13 15:18:00
​​code-inspectorJava code inspector for web vulnerability scan.https://github.com/4ra1n/code-inspector
2023-01-13 11:14:00
​​T95-H616-Malware"Pre-Owned" malware in ROM on T95 Android TV Boxhttps://github.com/DesktopECHO/T95-H616-Malware
2023-01-13 10:45:51
​​SUDO_KILLERA tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.https://github.com/TH3xACE/SUDO_KILLER#linux #sudo
2023-01-13 10:04:34
​​Alfa AWUS036ACHMThis adapter looks like a basic everday wifi adapter but it is not! I have tested many adapters and this adapter has the longest range of any modern dual band adapter that I have tested. If you need long range or an adapter that can run 24/7/365 and never miss a beat, this adapter is worth a look. Don't buy it for speed as it is a AC600 adapter, but if looking for range, great AP mode support, great monitor mode support and reliability, take a look.My opinion is that this adapter is the single best adapter available for use with Kali Linux or other distros used for pen testing and security analysis. Compared to the Alfa AWUS036ACH, the Alfa AWUS036ACHM has better range, costs less and is supported with in-kernel drivers making it the better choice for Linux users. It comes with the required USB2 cable and a clip that allows you to mount the adapter in various locations. Overall, the Alfa AWUS036ACHM is a solid performer. Highly recommended.Buy online: 🛒 https://amzn.to/3W9BkW3#alfa #wifi #adapter
2023-01-13 09:13:00
​​WPAxFuzzA full-featured open-source Wi-Fi fuzzerhttps://github.com/efchatz/WPAxFuzz
2023-01-13 09:12:00
​​stackplzThis work on eBPF for reversing on Android. https://github.com/SeeFlowerX/stackplz
2023-01-12 15:18:00
sast-scanScan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application, and infrastructure code in a single fast scan without the need for any remote server. Scan is purpose built for workflow integration with nifty features such as automatic build breaker, results baseline and PR summary comments. Scan products are open-source under a GNUhttps://github.com/ShiftLeftSecurity/sast-scan
2023-01-12 11:14:00
​​slitherSlither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.https://github.com/crytic/slither
2023-01-12 09:13:00
​​nuclearpondNuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.▫️ Output results to your terminal, as json, or to an S3▫️ Specify threads and parallel invocations in any desired number of batches▫️ Specify any Nuclei arguments just like you would locally▫️ Specify a single host or from a file▫️ Run the http server to take scans from the API▫️ Run the http server to the status of the scans▫️ Query findings through Athena for searchinghttps://github.com/DevSecOpsDocs/nuclearpond
2023-01-12 09:12:00
​​BinwalkBinwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.https://github.com/ReFirmLabs/binwalk
2023-01-11 15:19:00
Secret HandshakeA prototype malware C2 channel using x509 certificates over mTLSI always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication in the x509 cert. After searching for something like this in the wild for 5 years I finally decided to just code it myself to see if it's possible...it ishttps://github.com/jconwell/secret_handshake#malware
2023-01-11 15:18:00
​​Python parser for #Cobalt Strike stagersUse parse_stager_config.py to search a file for Cobalt Strike stager shellcode. If shellcode is found, it will be extracted in JSON format.https://github.com/stairwell-inc/cobalt-strike-stager-parser
2023-01-11 11:14:36
HackGit pinned «​​Flipper Zero Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you…»
2023-01-11 11:14:00
​​Black-ToolInstall the tools and start hacking Attackinghttps://github.com/mrprogrammer2938/Black-Tool
2023-01-11 10:38:56
​​Flipper ZeroFlipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.Buy online: 🛒 https://amzn.to/3Qyw6la#rfid #nfc
2023-01-11 09:12:00
​​SEMA ToolChain using Symbolic Execution for Malware Analysis.https://github.com/csvl/SEMA-ToolChain
2023-01-10 15:18:00
​​CoffLoaderIt's just un implementation of in-house CoffLoader supporting #CobaltStrike standard BOF and BSS initialized variables.Look at the main.c file to change the BOF and its parameters. CobalStrike handles the BOF parameter in a special way, the Arg structure is here to pass parameters easier.https://github.com/OtterHacker/CoffLoader
2023-01-10 11:15:00
​​UEFI Firmware ParserThe UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials.https://github.com/theopolis/uefi-firmware-parser
2023-01-10 11:14:00
​​Chrome V8 RCE CVE-2021-38003https://github.com/SpiralBL0CK/Chrome-V8-RCE-CVE-2021-38003#cve #RCE
2023-01-10 09:17:01
​​OffGrid USB Data BlockerThe USB Data Blocker grants devices immunity from viruses or invasion when used to connect to untrusted USB ports. This handy tech accessory blocks unpermitted data transfer to ensure that a device’s information is not stolen by outsiders. The USB connector also boasts lightning-fast charging capabilities. Use the USB Data Blocker to plug into any port in full faith that your device and data are safe from nonconsensual surveillance.This small converter plays a big role in data protection when on the go. A USB Data Blocker liberates individuals from fear and avoidance of unknown power sources so they can plug in whenever and wherever.Buy online: 🛒 7$ https://amzn.to/3k8N1is#usb #security
2023-01-10 09:13:00
​​REST-AttackerAutomated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and report generation - with minimal configuration effort. Additionally, REST-Attacker is designed to be flexible and extensible with support for both large-scale testing and fine-grained analysis.https://github.com/RUB-NDS/REST-Attacker
2023-01-10 09:12:00
​​confusedTool to check for dependency confusion vulnerabilities in multiple package management systemshttps://github.com/visma-prodsec/confused
2023-01-09 15:18:00
​​Brute_PupA web-hunting tool with bruteforce capabilities, and hooked into GoWitness.Bruteforce multiple petabytes of potential sites and subdirectories, then check every combination for existence, and if it exists go take a picture! This usage is a bit extreme, but this is certainly a cool and functional apparatus for dirbusting/bruteforcing/OSINT.https://github.com/7RIXx/Toolbelt/tree/main/Brute_Pup
2023-01-09 11:14:00
​​ModSecurity BackdoorThis is a proof-of-concept of malicious software running inside of ModSecurity WAF.https://github.com/azurit/modsecurity-backdoor
2023-01-09 11:11:35
​​COOKAn overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.https://github.com/glitchedgitz/cook
2023-01-09 11:06:19
​​cth_wordlistsEach pentester has to build his own wordlists...https://github.com/sorokinpf/cth_wordlists
2023-01-09 10:22:45
Microsoft Exchange: OWASSRF + TabShell (CVE-2022-41076)The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103eDetails:https://blog.viettelcybersecurity.com/tabshell-owassrf/#owa #ssrf #tabshell #poc
2023-01-09 09:12:06
​​all InfoSec news - SourcesA list of online news & info sources in the InfoSec/Cybersecurity space with their website + RSS feed. This is an extract of all the sources aggregated from on the allinfosecnews.com website.https://github.com/foorilla/allinfosecnews_sources
2023-01-09 09:12:05
​​AmsiBypassHookManagedAPIA new AMSI Bypass technique using .NET ALI Call Hooking.https://github.com/pracsec/AmsiBypassHookManagedAPI
2023-01-09 09:12:00
​​brc4Unpack Brute Ratel (BRC4) stager and extract config also tries to find the rc4 key in case of encrypted confighttps://github.com/matthw/malware_analysis/tree/main/brc4
2023-01-07 15:18:00
​​ThothAutomate recon for red team assessments.Thoth is a very modular tool that automates the execution of tools during a reconnaissance assessment. Using multithreading, several tools are executed simultaneously. The use of different modules can be adapted on the fly by using module names or risk level as a filter.https://github.com/r1cksec/thoth
2023-01-07 11:14:00
TLS PoisonA tool that allows for generic SSRF via TLS, as well as CSRF via image tags in most browsers. The goals are similar to SNI injection, but this new method uses inherent behaviors of TLS, instead of depending upon bugs in a particular implementation.https://github.com/jmdx/TLS-poison
2023-01-07 09:13:00
​​ccatCloud Container Attack Tool (CCAT) is a tool for testing security of container environments.https://github.com/RhinoSecurityLabs/ccat#redteam #hackers
2023-01-07 09:12:00
​​NTLMReconidentify commonly accessible NTLM authentication endpointsA tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints.https://github.com/praetorian-inc/NTLMRecon
2023-01-06 15:18:00
​​Nessus2HostA program written in Go that takes a #Nessus XML file and extracts the hosts in IP:PORT format.https://github.com/MantisSTS/Nessus2Host
2023-01-06 11:14:05
​​reverse_engineering_toolsVarious code samples and useful tips and tricks from reverse engineering and malware analysis fields.https://github.com/alexey-kleymenov/reverse_engineering_tools
2023-01-06 11:14:00
​​Network Information Hiding and Network Steganography 101A free online class on network information hiding/steganography/covert channels that I teach at the FernUniversität in Hagen, Germany, and HS Worms, Germany.https://github.com/cdpxe/Network-Covert-Channels-A-University-level-Course
2023-01-06 10:11:18
​​zsyscallThis is my implementation of the Hell's Gate VX technique.The main difference with the original implementation is the use of the zsyscall procedure instead of HellsGate and HellDescent for using syscalls.https://gitlab.com/Zer1t0/zsyscall
2023-01-06 09:30:09
​​ALFA AWUS036ACSCompact dual-band WiFi USB adapter that works according to 802.11ac and features data rates of up to 600Mbps. The AWUS036ACS WiFi USB adapter supports all common standards (IEEE 802.11a/b/g/n/ac) and is fully backwards compatible with the older WiFi standards.AWUS036ACS is the cheapest USB Wireless Adapter available in the market which supports dual-band 2.4 and 5Ghz. It supports both monitor mode and packet injection mode.Buy online: 🛒 https://amzn.to/3VPBVvN#adapter #wifi #alfa
2023-01-06 09:12:05
​​System Programming RoadmapA roadmap to teach myself compiler dev, malware #reverse engineering, exploitation and kernel dev fundamentalshttps://github.com/ujjwal-kr/system-programming-roadmap
2023-01-06 09:12:00
​​#Nuclei template generator for #WordPress pluginshttps://github.com/ricardomaia/nuclei-template-generator-for-wordpress-pluginsTOP 200 WordPress Plugins Detection:https://github.com/projectdiscovery/nuclei-templates/pull/6202
2023-01-05 15:19:00
​​VerSprite Security Researchhttps://github.com/VerSprite/research
2023-01-05 15:18:00
​​sub-scoutA simple bash script to automate your inital #recon and extend your attack surface using popular tools made by infosec community.https://github.com/0xAkashsky/sub-scout
2023-01-05 11:15:00
​​XSSFireA standalone Blind XSS Script.https://github.com/SeifElsallamy/XSSFire
2023-01-05 11:14:00
​​HellsHall Another Way To Fetch Clean Syscallshttps://github.com/Maldev-Academy/HellHall
2023-01-05 10:13:28
​​Bluefruit LE SnifferThis Bluefruit LE Friend is programmed with a special firmware image that turns it into an easy to use Bluetooth Low Energy sniffer. You can passively capture data exchanges between two BLE devices, pushing the data into Wireshark, the open source network analysis tool, where you can visualize things on a packet level, with useful descriptors to help you make sense of the values without having to crack open the 2000 page Bluetooth 4.0 Core Specification every time.Plug it into your development machine, fire up the special sniffer bridge SW, select the device you want to sniff, and it will fire up Wireshark for you and start pushing data in via a live stream (using Nordic's Windows software), or save to a pcap file that you can analyze with Wireshark later.The sniffer firmware cannot be used with the the Nordic DFU bootloader firmware, which means that if you want to reprogram this devices you must use a J-Link + SWD adapter! You cannot over-the-air reprogram it.Buy online:🛒 https://amzn.to/3Z7sjiZ🛒 https://bit.ly/3SulFzw#bluetooth
2023-01-05 09:32:36
​​PassTheCertSometimes, Domain Controllers do not support PKINIT. This can be because their certificates do not have the Smart Card Logon EKU. However, several protocols, including LDAP, support Schannel, thus authentication through TLS. We created a small Proof-of-Concept tool that allows authenticating against an LDAP/S server with a certificate to perform different attack actions.More information in the accompanying blog post.https://github.com/AlmondOffSec/PassTheCert
2023-01-05 09:12:05
​​CVE-2022-46164Basic POC exploit for CVE-2022-46164https://github.com/stephenbradshaw/CVE-2022-46164-poc
2023-01-05 09:12:00
​​RedLineStealerAn analysis of the famous info stealer RedLinehttps://github.com/amr-git-dot/RedLineStealer
2023-01-04 15:18:00
​​vxsigAutomatically generate AV byte signatures from sets of similar binaries.https://github.com/google/vxsig
2023-01-04 11:15:00
Power Me UpThis is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not be responsible for your actions. Also this reverse shell currently is not detected by Windows Defender. If you want to use this make sure to detup a Digital Ocean VPS and have the script connect back there or your C2. Happy Hacking!https://github.com/ItsCyberAli/PowerMeUp
2023-01-04 11:14:00
​​LearingMaterialsThis is a repository of training materials and interesting reads for everything related to Malware Analysis.https://github.com/lasq88/LearingMaterials/blob/main/MalwareAnalysis.md
2023-01-04 10:30:17
​​VAULTCARD The most advanced RFID protection for your wallet. With contactless card payments growing in popularity, our personal data is increasingly at risk of interception by fraudsters. VAULTCARD™ is a credit-card-sized tool, which can be placed inside a wallet to block electromagnetic signals – guaranteeing protection against RFID theft, while still enabling the use of contactless payments.Buy online: 🛒 https://amzn.to/3ifjaEf#rfid #card
2023-01-04 09:13:00
​​owasp-mastgThe Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).https://github.com/OWASP/owasp-mastg
2023-01-04 09:12:00
​​PhishimA phishing tool which reduces configuration time and bypasses most types of MFA by running a chrome tab on the server that the user unknowingly interacts with.https://github.com/jackmichalak/phishim
2023-01-03 15:18:00
​​Invoke-Retractor Build a Seatbelt executable containing only commands you specify.https://github.com/Wra7h/PowerShell-Scripts
2023-01-03 11:14:00
​​Open-CyKG An Open Cyber Threat Intelligence Knowledge GraphOpen-CyKG is a framework that is constructed using an attention-based neural Open Information Extraction (OIE) model to extract valuable cyber threat information from unstructured Advanced Persistent Threat (APT) reports. More specifically, we first identify relevant entities by developing a neural cybersecurity Named Entity Recognizer (NER) that aids in labeling relation triples generated by the OIE model. Afterwards, the extracted structured data is canonicalized to build the KG by employing fusion techniques using word embeddings.https://github.com/IS5882/Open-CyKG
2023-01-03 09:12:00
​​Dockle Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start.https://github.com/goodwithtech/dockle
2023-01-02 15:19:00
KENZERAutomated web assets enumeration & scanning.▫️ Subdomain Enumeration using Subfinder, Amass, CerteX, TLSX, DNSX, NXScan, & ShuffleDNS▫️ Port Enumeration using NXScan (Shodan, Netlas, Naabu & Nmap)▫️ Web Enumeration using HttpX, Favinizer, Domlock, Gau, GoSpider, URLhunter & Waymore▫️ Web Vulnerability Scanning using Jaeles, Wapiti, ZAP, Nuclei, Rescro & DalFox▫️ Backup Files Scanning using Fuzzuli▫️ Git Repository Enumeration & Scanning using RepoHunt & Trufflehog▫️ Web Screenshot Identification using Shottie & Perceptic▫️ WAF Detection & Avoidance using WafW00f & Nuclei▫️ Reputation Scoring using DomREP (GreyNoise, URLHaus, PhishTank)▫️ Every task can be distributed over multiple machineshttps://github.com/ARPSyndicate/kenzer
2023-01-02 12:22:29
HackGit pinned «​​Crypto Bot Use only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly. @CryptoBot»
2023-01-02 12:22:23
​​Rust - ReflectiveLoader64#mimikatz and #metasploit payloads are working nicelyhttps://github.com/winsecurity/Offensive-Rust/tree/main/peloader64/src
2023-01-02 12:21:58
​​Crypto BotUse only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly.@CryptoBot
2023-01-02 11:20:32
​​DimorfDimorf is a #ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´shttps://github.com/Ort0x36/Dimorf
2023-01-02 11:14:00
​​WDBFontOverwriteProof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.https://github.com/ginsudev/WDBFontOverwrite#cve #ios
2023-01-02 10:29:16
​​Evil Crow RF V2Evil Crow RF V2 is a radiofrequency hacking device for pentest and Red Team operations, this device operates in the following radiofrequency bands:▫️ 300Mhz-348Mhz▫️ 387Mhz-464Mhz▫️ 779Mhz-928Mhz▫️ 2.4GHzEvil Crow RF V2 has two CC1101 radiofrequency modules, these modules can be configured to transmit or receive on different frequencies at the same time. Additionally, Evil Crow RF V2 has a NRF24L01 module for other attacks.Evil Crow RF V2 allows the following attacks:▫️ Signal receiver▫️ Signal transmitter▫️ Replay attack▫️ URH parse▫️ MousejackingRepository:https://github.com/joelsernamoreno/EvilCrowRF-V2Buy online:🛒 https://amzn.to/3jzPRMS🛒 https://ali.ski/WNHHSN#radio #rf
2023-01-02 09:12:39
​​jenkins-strike#Cobalt Strike profile generator using Jenkins to automate the heavy lifting.https://github.com/RomanRII/jenkins-strike
2023-01-02 09:12:00
​​security-toolsA very opinionated list of security tools.https://github.com/mttaggart/security-tools
2022-12-31 19:04:53
​​Happy New Year!!! 🥂 🍾 🍻 🍷May the new year bless you with health, wealth, and happiness. ❤️ ❤️ ❤️You can leave your gifts here :) 🤭 🎁
2022-12-31 11:14:00
​​fwallowerAnalyze Windows Firewall outbound blocks and selectively allow traffichttps://github.com/scriptjunkie/fwallower
2022-12-31 09:12:00
​​Log4Shell-Scanner-ExploitBash script to identify the #Log4j CVE-2021-44228 vulnerability remotely.https://github.com/julian911015/Log4j-Scanner-Exploit
2022-12-30 11:14:05
​​scriptkiddi3Streamline your recon and vulnerability detection process with SCRIPTKIDDI3, A recon and initial vulnerability detection tool built using shell script and open source tools.https://github.com/thecyberneh/scriptkiddi3
2022-12-30 11:14:00
​​#WireGuard #ESP32WireGuard implementation for ESP32 Arduinohttps://github.com/ciniml/WireGuard-ESP32-Arduino
2022-12-30 09:14:47
HackGit pinned «Some of our posts will appear exclusively on Twitter»
2022-12-30 09:13:00
​​DNS Analysis ServerTools to assess #DNS security.https://github.com/The-Login/DNS-Analysis-Server
2022-12-30 09:12:00
​​Penetration Testing Study NotesThis repo contains all my penetration testing study notes, penetration testing tools, scripts, techniques, tricks and also many scripts that I found them useful from all over the internet.https://github.com/wwong99/pentest-notes
2022-12-30 09:09:35
Some of our posts will appear exclusively on Twitter
2022-12-29 18:39:51
Happy New Year!In the New Year, never forget to thank your past years because they enabled you to reach today! Without the stairs of the past, you cannot arrive at the future!Mehmet Murat Ildan
2022-12-29 15:19:00
​​TinyArgParserTinyArgParser is a command processing program, it has less than 300 lines of code, it supports command line parameter processing and help generation.https://github.com/BeichenDream/SharpTinyArgParser
2022-12-29 15:18:00
​​HackVaultThis is a container repository for my defensive/offensive hacks.https://github.com/0xSobky/HackVault
2022-12-29 11:15:00
​​paA simple #password manager. encryption via age, written in portable posix shell.https://github.com/biox/pa
2022-12-29 11:14:00
​​Moneta A live usermode memory analysis tool for Windows with the capability to detect malware IOCs.https://github.com/forrest-orr/moneta
2022-12-29 09:13:00
​​ASRenumCobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations.https://github.com/mlcsec/ASRenum-BOF#cobalt #bof
2022-12-29 09:12:00
​​Burp Extension - IpLoggerIpLogger is a basic Burp Extension that will make a request to https://api.ipify.org every time Burp is opened and will store the IP and date in iplogger.json.https://github.com/bsysop/IpLogger
2022-12-28 15:18:00
​​Security ExplainedSecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under SecurityExplained series:▫️ Tweets explaining interesting security stuff▫️ Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks▫️ Security Discussion Spaces/Meets▫️ Monthly Mindmap/Mindmap based explainers for different attacks/techniques▫️ My Pentesting Methodology Breakdown▫️ Giveaways and Community Engagement▫️ GitHub Repository to Maintain "SecurityExplained"▫️ Public & Free to Access▫️ Newsletterhttps://github.com/harsh-bothra/SecurityExplained
2022-12-28 11:14:00
​​HENloWebKit+Kernel #exploit chain for all PS Vita firmwareshttps://github.com/TheOfficialFloW/HENlo
2022-12-28 09:33:35
​​Steganography ToolkitThis project is a Docker image useful for solving Steganography challenges as those you can find at #CTF platforms like hackthebox.eu. The image comes pre-installed with many popular tools (see list below) and several screening scripts you can use check simple things (for instance, run check_jpg.sh image.jpg to get a report for a JPG file).https://github.com/DominicBreuker/stego-toolkit
2022-12-28 09:21:34
​​Imaginary C2Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware.Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.By using this tool, an analyst can feed the malware consistent network responses (e.g. C&C instructions for the malware to execute). Additionally, the analyst can capture and inspect HTTP requests towards a domain/IP which is off-line at the time of the analysis.https://github.com/felixweyne/imaginaryC2
2022-12-27 11:15:00
​​WordlistsReal-world infosec wordlists, updated regularlyThese wordlists are based on the source code of the CMSes/servers/frameworks listed here. The current wordlists include:▫️ Wordpress▫️ Joomla▫️ Drupal▫️ Magento▫️ Ghost▫️ Tomcathttps://github.com/trickest/wordlists
2022-12-27 11:14:00
​​S T E R R AA unique SOCMINT tool to get informations on an instagram account from its following | followershttps://github.com/novitae/sterraxcyl
2022-12-27 09:25:00
​​pypykatzModified version of Pypykatz to print encrypted credentials.https://github.com/ly4k/PypykatzDetails:https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
2022-12-27 09:13:00
​​PassTheChallengeRecovering NTLM hashes from Credential Guard. Read more about the techniques here.https://github.com/ly4k/PassTheChallenge
2022-12-27 09:12:00
​​Exploit-For-CVE-2022-36067This repo contains payload for the CVE-2022-36067https://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067
2022-12-27 08:28:33
​​CJMCU BadUSB with MicroSDThis is one of the last developments related to rubberducky or badusb devices. This device is based on the ATMEGA32U4 microprocessor which is able to emulate many USB modes like HID, used for injecting key presses to the target system.The main processor is based on Arduino Leonardo R3 development board and the improvement is that a microSD card slot is included to allow storing many different payloads. The microSD card has to be FAT32 formatted in order to be recognized.Repository:https://github.com/asciiterminal/CJMCU_ATMEGA32U4_BADUSBBuy online:🛒 https://amzn.to/3jy7pZK🛒 https://ali.ski/R8vW3#usb #badusb #atmega32u4
2022-12-27 07:06:03
​​Awesome Incident ResponseA curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.Digital Forensics and Incident Response (DFIR) teams are groups of people in an organization responsible for managing the response to a security incident, including gathering evidence of the incident, remediating its effects, and implementing controls to prevent the incident from recurring in the future. https://github.com/Correia-jpv/fucking-awesome-incident-response
2022-12-27 06:59:39
​​Bug Bounty Dorks List of Google Dorks to search for companies that have a responsible disclosure program or bug bounty program which are not affiliated with known bug bounty platforms such as HackerOne or Bugcrowd. https://github.com/sushiwushi/bug-bounty…
2022-12-27 06:59:02
​​Bug Bounty DorksList of Google Dorks to search for companies that have a responsible disclosure program or bug bounty program which are not affiliated with known bug bounty platforms such as HackerOne or Bugcrowd.https://github.com/sushiwushi/bug-bounty-dorks
2022-12-26 15:18:00
​​APT_REPORTInteresting apt report & sample & malware & technology & intellegence collectionhttps://github.com/blackorbird/APT_REPORT
2022-12-26 14:44:18
HackGit pinned «​​Crypto Bot Use only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly. @CryptoBot»
2022-12-26 14:44:14
​​Crypto BotUse only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly.@CryptoBot
2022-12-26 11:14:00
​​Sample vulnerable RepoJust a sample REST api to test with ShiftLeft. Don't deploy this in production.Some technologies used:▫️ TypeScript▫️ Koa▫️ aws-sdk v2 and v3 (DynamoDB, S3, SES)https://github.com/HooliCorp/vulnerable-aws-koa-app
2022-12-26 10:07:21
​​rp++A fast ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries. https://github.com/0vercl0k/rp
2022-12-26 09:12:07
​​SpoolSploitA collection of Windows print spooler exploits containerized with other utilities for practical exploitation.https://github.com/BeetleChunks/SpoolSploit
2022-12-26 09:12:00
​​ASKJoeAskJoe is a tool that utilizes ChatGPT to assist researchers wanting to use Ghidra as their malware analysis tool. With its capabilities, ChatGPT highly simplifys the practice of reverse engineering, allowing researchers to better detect and mitigate threats.https://github.com/securityjoes/ThreatResearch
2022-12-25 09:13:00
​​Network ScannerUniversal Network Scanner is a multi-brand ultra-fast network discovery tool based on multicast and broadcast discovery. This network discovery scanner is implemented based on a flexible framework to ease implementation of any vanilla discovery IP protocol such as SSDP/UPnP, mDNS, proprietary discovery protocols, etc.https://github.com/julienblitte/UniversalScanner
2022-12-25 09:12:00
​​Mail Log ManipulationExploit script to get RCE by using LFI and Mail log poisoninghttps://github.com/Ananthavijay/Mail-log-Manipulation
2022-12-25 08:51:07
​​dnscrypt-proxy A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). ▫️ dnscrypt-proxy documentation ← Start here ▫️ DNSCrypt project home page ▫️ Discussions…
2022-12-25 08:50:46
​​dnscrypt-proxyA flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).▫️ dnscrypt-proxy documentation ← Start here▫️ DNSCrypt project home page▫️ Discussions▫️ DNS-over-HTTPS and DNSCrypt resolvers▫️ Server and client implementations▫️ DNS stamps▫️ FAQhttps://github.com/DNSCrypt/dnscrypt-proxy#DNS #privacy
2022-12-25 08:50:42
​​WiFi Pineapple Mark VII by Hak5The Hak5 WiFi Pineapple is a highly advanced WiFi auditing and MITM platform. The original "RougeAP" device - the WiFi Pineapple provides an end-to-end workflow to bring WiFi clients from their trusted network to your rouge network.Hak5's latest generation V7 brings sees updates in three key area: performance, management tools and framework upgrades.The PineAP suite is a cross-platform control panel for the WiFi Pineapple devices, providing fine-grained control over all elements of your audit.The elegance of the WiFi Pineapple Platform is in its simplicity. Previously onerous, inefficient and prone to collateral damage - WiFi Auditing and Offensive Operations are now highly targeted, covert and very simple.Advanced mitm attacks: Perfectly mimicks target networks, allowing for seamless client capture via the highly targeted deAuth mechanisms. Once captured, all standard network vectors are available: DNSSpoofing, Packet Capture, etc.Wifi reconnaissance: Covertly discover, visualise and map WiFi networks and client hierarchies. Build lists of existing networks, and even client historical SSID connections. Continuously scan, add notes, filter clients, networks, logs and more.Automated wifi infiltration: Capture and pipe WiFi Encryption credentials in pcap / hashcat or JTR formats. WEP, WPA & WPA Enterprise.Highly targeted, highly covert: Keep your "Get Out of Jail Free" letter firmly in your pocket. The PineAP suite allows for fine-grained, highly targeted actions, ensuring no detection and no collateral damage.Buy online: 🛒 https://amzn.to/3Wpnpfo🛒 https://ali.ski/_jqbke#wifi #network
2022-12-25 07:54:23
​​bloodyADbloodyAD is an Active Directory privilege escalation swiss army knifeThis tool can perform specific LDAP/SAMR calls to a domain controller in order to perform #AD privesc.bloodyAD supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket or certificates and binds to LDAP services of a domain controller to perform AD privesc.It is designed to be used transparently with a SOCKS proxy.https://github.com/CravateRouge/bloodyAD
2022-12-24 11:14:00
​​Hardened mallocThis is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independent arenas, with the internal locking within arenas further divided up per size class.https://github.com/GrapheneOS/hardened_malloc
2022-12-24 09:13:00
​​CredzCheckrTesting default web credentials.https://github.com/c0dejump/CredzCheckr
2022-12-24 09:12:00
​​DC3-MWCPDC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names. A parser module is usually created per malware family. DC3-MWCP is designed to help ensure consistency in parser function and output, ease parser development, and facilitate parser sharing. DC3-MWCP supports both analyst directed analysis and large-scale automated execution, utilizing either the native python API, a REST API, or a provided command line tool. DC3-MWCP is authored by the Defense Cyber Crime Center (DC3).https://github.com/dod-cyber-crime-center/DC3-MWCP
2022-12-23 09:13:00
​​Cairo-FuzzerCairo Smart Contract FuzzerA tool designed for smart contract developers to test the security. It can be used as an independent tool or as a library.▫️ Run cairo contract▫️ Run cairo contract with hints implemented in cairo-rs▫️ Replayer of fuzzing corpus▫️ Minimizer of fuzzing corpus▫️ Load old corpus▫️ Handle multiple arguments▫️ Load a folder of inputs/crashes files▫️ CLI▫️ Run Cairo-fuzzer using a config file instead of CLI▫️ Workspace architecturehttps://github.com/FuzzingLabs/cairo-fuzzer
2022-12-23 09:12:00
​​gitSome#OSINT tool to extract email addresses and other useful info from various GitHub sources.▫️ Provide a user account to extract emails from associated repos▫️ Provide an org account to extract emails from associated repos▫️ Provide a domain to extract related emails from public commits, issues, and other sourceshttps://github.com/chm0dx/gitSome
2022-12-22 15:18:01
​​SquarePhishSquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.https://github.com/secureworks/squarephish
2022-12-22 15:18:00
​​Copilot, for your terminalA CLI tool that generates shell scripts from a human readable description.https://github.com/m1guelpf/plz-cli
2022-12-22 11:14:05
​​Golden NuggetsBurp Suite Extension to easily create Wordlists based off URI, URI Parameters and Single Words (Minus the Domain)https://github.com/GainSec/GoldenNuggets-1
2022-12-22 11:14:00
​​Dolos JShttps://github.com/fkasler/dolosjs
2022-12-22 09:12:00
​​BlinsideBlindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory. This will result in a clean and unhooked ntdll which then could be copied to our process and unhook the original ntdll.https://github.com/CymulateResearch/Blindside
2022-12-21 15:19:00
​​hackGPTOpenAI and #ChatGPT to do hackerish things by NoDataFoundhttps://github.com/NoDataFound/hackGPT
2022-12-21 15:18:00
​​PHPGGC A library of unserialize() payloads along with a tool to generate them, from command line or programmatically. https://github.com/ambionics/phpggc
2022-12-21 12:24:48
​​USB NinjaUSB Ninja is an information security and penetration testing tool that looks and functions just like a regular USB cable (both power and data) until a wireless remote control triggers it to deliver your choice of attack payload to the host machine. In essence, USB Ninja is the next step in the evolution of BadUSB, embedding the attack in the USB cable itself.Emulating keyboard and mouse actions, payloads can be completely customized and can be highly targeted. Undetectable by firewalls, AV software (depending on payload of course) or visual inspection, the USB Ninja is an ideal tool for penetration testers, police and government.Wireless trigger device for the USB Ninja. Can trigger two different payloads via toggle buttons. Accepts RP-SMA antennas if you want greater distances for remote payload triggering. Documentation:https://usbninja.com/help/Buy online:🛒 Cable https://ali.ski/IjDEv4🛒 Bluetooth Remote https://ali.ski/aVNHh#usb #badusb #cable
2022-12-21 11:14:00
​​CloudmareCloudmare is a simple tool to find the origin servers of websites protected by Cloudflare, Sucuri, or Incapsula with a misconfiguration DNS.https://github.com/mrh0wl/Cloudmare
2022-12-21 09:12:00
​​MSI DumpA tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.▫️ Quickly determine whether file is suspicious or not.▫️ List all MSI tables as well as dump specific records▫️ Extract Binary data, all files from CABs, scripts from CustomActions▫️ scan all inner data and records with YARA rules▫️ Uses file/MIME type deduction to determine inner data typehttps://github.com/mgeeky/msidump
2022-12-21 07:10:00
​​VultrieverVulnerability scoring with NmapA small tool that allows you to convert to Excel and JSON formats the results of using the #Nmap scanner in conjunction with the built-in Vulners snap-in. It was created to automate the process of inventory of open ports and running network services on the server and scoring of existing vulnerabilities determined based on the versions of the software used. Implemented the use of Vultriever from the terminal and as an imported module in native Python scripts.In the process, Vultriever collects and provides the following information about the server in a structured form:▫️ Server IP address▫️ Network port number▫️ Network port status▫️ Protocol used by the network port▫️ Network service operating on the network port and its version▫️ Vulnerability CVE-identifier▫️ Vulnerability rating▫️ URL-link to the description of the vulnerability on the platform Vulners.comhttps://github.com/MalwareHunters/vultriever
2022-12-20 15:18:00
​​Overlord – Red Teaming AutomationOverlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloud provider of choice. Currently supports AWS and Digital Ocean. The tool is still under development and it was inspired and uses the Red-Baron Terraform implementation found on Github.https://github.com/qsecure-labs/overlordA demo infrastructure was set up in our blog post: https://qsecure.com.cy/resources/publications/overlord/.For the full documentation of the tool visit the Wiki tab at: https://github.com/qsecure-labs/overlord/wiki.
2022-12-20 15:17:00
​​axiomAxiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security.https://github.com/pry0cc/axiom
2022-12-20 14:17:00
​​SEH HelperA Binary Ninja helper for exploring structured exception handlers in PEs.https://github.com/EliseZeroTwo/SEH-Helper
2022-12-20 12:15:00
​​URLClassLoader hot jar swappingThe following example code shows the ability to hot jar swap an already loaded JAR-file and get code execution by abusing the fact that inner classes still access the JAR file when invoked, as long as the inode does not change.https://github.com/fransr/hot-jar-swapping-urlclassloader
2022-12-20 11:18:35
​​blockchain hacker toolkitthe resources in this repository are from my own research, which is intermittent and boundless. therefore, no guarantees, no promises; use it at your own risk.https://github.com/go-outside-labs/blockchain-hacking
2022-12-20 11:15:00
​​subrutSubrut is the super fast tool for brute forcing subdomains. From arg2u with.https://github.com/arg2u/subrut
2022-12-20 11:14:00
​​IHKEY RansomwareIHKEY is a complete #Ransomware project built while I was learning about malwares For encryption I used AES for encrypt files and RSA for encrypt the Private key along with IV The Ransomware demonstrate how hackers can built there own Ransomware for encrypt files on windows systemshttps://github.com/moe-ih/IHkey
2022-12-20 09:49:00
​​OwlyshieldAn AI antivirus written in RustOwlyshield is an open-source AI-driven #antivirus engine written in Rust. Static analysis as performed by AV is only able to detect known threats, explaining why hackers are adapting so quickly and ransom attacks surging. We provide an embedded behavioural analysis AI that is able to detect and kill ransomwares in their very early execution.https://github.com/SitinCloud/Owlyshield
2022-12-20 09:39:47
​​If you like what we do support us! 🥷https://www.buymeacoffee.com/HackGitTON: UQAAZ1BFX5OsybSryoFunzyJN3F7oKWMbZNPlwMTcVK8mEzABTC: 1987zNaVX53v7tzpKRRde84uXbDYjuNykL
2022-12-20 09:23:13
​​BBSSRF Bug Bounty SSRF is a powerful tool to check SSRF OOB connection.The testing field must contain "BBSSRF" and this tool will automatically change it to dynamically generated payloads.▫️ Generating dynamic payloads▫️ Testing Single URL▫️ Testing URLs list▫️ Testing request file▫️ STDIN input supported▫️ Threading requests▫️ Intercept request using proxyhttps://github.com/z3dc0ps/BBSSRF
2022-12-20 08:29:25
​​clifclif is a command-line interface (CLI) application fuzzer, pretty much what wfuzz or ffuf are for web. It was inspired by sudo vulnerability CVE-2021-3156 and the fact that for some reasons, Google's afl-fuzz doesn't allow for unlimited argument or option specification.https://github.com/0x4ndy/clif
2022-12-20 08:27:42
​​ninja_shell v2.1Secure shell using port Knocking technique with AES256-GCM.https://github.com/CoolerVoid/ninja_shellPort knocking from the scratch:https://antonio-cooler.gitbook.io/coolervoid-tavern/port-knocking-from-the-scratch
2022-12-19 15:18:00
​​SOLDRSOLDR is an Endpoint Detection and Response system which consists of centralised management part with extensive Web UI and Agents being installed on endpoint systems. SOLDR allows you not only to configure security policies but also write your own modules and make detection of the comprehensive security events as well as do almost instant response on the security alarms.https://github.com/vxcontrol/soldr
2022-12-19 12:20:45
​​powershell-obfuscationA simple and effective powershell obfuscaiton tool bypass Anti-Virus.https://github.com/H4de5-7/powershell-obfuscation
2022-12-19 12:14:43
​​NFC KillThe world's only RFID fuzzing tool.While the NFCKill is tuned to cover the most common Low and High Frequencies of RFID: 125KHz - 13.56MHz. Likewise, it is able to inductively couple with most devices that contain an form of coil.▫️ Securely disable RFID badges. ▫️ Test and harden RFID hardware▫️ Audit access control failure modes▫️ Test and reduce the attack surface for pen-test customers▫️ Single Discharge Mode (Standard + Professional Versions)▫️ Continuous Discharge Mode (Professional Version only)Buy online: 🛒 https://ali.ski/xffYk#RFID
2022-12-19 08:11:00
​​VenomVenom is a C++ library that is meant to give an alternative way to communicate, instead of creating a socket that could be traced back to the process, it creates a new "hidden" (there is no window shown) detached edge process (edge was chosen because it is a browser that is installed on every Windows 10+ and won't raise suspicious) and stealing one of its sockets to perform the network operations.The benefit of creating a detached browser process is that there is no danger that it will be closed accidentally by the user and the sockets exist but not communicating with any site, therefore avoiding possible collisions.https://github.com/Idov31/Venom
2022-12-18 11:14:00
​​octosuiteA framework fro gathering osint on GitHub users, repositories and organizationshttps://github.com/bellingcat/octosuite
2022-12-18 10:32:41
​​linux_injectorA simple ptrace-less shared library injector for x64 Linux.https://github.com/namazso/linux_injector
2022-12-18 10:32:04
​​blinkblink is a virtual machine for running statically-compiled x86-64-linux programs on different operating systems and hardware architectureshttps://github.com/jart/blink
2022-12-18 10:31:36
​​Packet SquirreThe Pocket Squirrel is a miniaturised man-in-the-middle multi-tool. Multiple configurable payloads. Designed to slip into target networks, it's a compact fully-featured Linux computer: that you control with the flip of a switch.Out-of-the box, the Pocket Squirrel is configured to provide fully-featured packet sniffing, DNS Spoofing, Reverse Shell / VPN, and a root shell access.Central to the Packet Squirrel is its 4-way switch: Each switch position represents a configurable mode of operation. Flick the switch and trigger a specific payload. The configurable push-button and RGB LED provides instant incognito deployment and feedback of payloads.Documentation:https://docs.hak5.org/packet-squirrel/Buy online: 🛒 https://ali.ski/OfuvV#lan #remote #network
2022-12-18 09:12:00
​​MacDirtyCowDemoGet root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source.https://github.com/zhuowei/MacDirtyCowDemo
2022-12-17 15:19:00
​​ShellclearThe idea behind shellclear is to provide a simple and fast way to secure you shell commands history.https://github.com/rusty-ferris-club/shellclear
2022-12-17 12:15:00
​​CVE-2003-0358Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges > via a long -s command line option.https://github.com/snowcra5h/CVE-2003-0358#cve
2022-12-17 11:14:00
​​SCPASophisticated cyber penetration attacks is a series of advanced techniques, notes and guidance that will help you to prepare as a hacker on your journey.https://github.com/ghostsec420/scpa
2022-12-17 09:12:00
​​The RemClip projectRemClip is a C# project which permits to steal user clipboard data and send it to a remote web server under attacker control.https://github.com/Processus-Thief/RemClip
2022-12-17 08:30:07
​​AzureHoundThe BloodHound data collector for Microsoft Azurehttps://github.com/BloodHoundAD/AzureHound#ad
2022-12-16 17:20:00
​​Bug Bounty ScriptA BASH Script to automate the installation of the most popular bug bounty tools, the main purpose of this script is to run it on temporary/disposable virtual machines in the cloud.https://github.com/hakrishi/bug-bounty-tools
2022-12-04 11:14:08
​​IKEA Vindriktning WisBlock HackThis repository holds the code to connect a WisBlock RAK4631 to an IKEA Vindriktning air quality sensor and send the aire quality data over LoRaWAN to your LNS of choice. The code also expects a Bosch BME680 sensor connected to the WisBlock using a WisBlock Environment Sensor (RAK1906).These are the components required for this hack:▫️ IKEA Vindriktning▫️ RAKwireless WisBlock Mini Base Board (RAK19003)▫️ RAKwireless nRF52840 Core (RAK4631)▫️ RAKwireless Environment Sensor (RAK1906)▫️ A JST1.0 battery connector and some wire▫️ USB Type-C cable to flash the WisBlockhttps://github.com/xoseperez/wisblock-vindriktning
2022-12-04 11:14:07
​​cvedataA collection of CVE and related data. This python package is caught somewhere between a data collection tool and a CVE data API. Much more the former than the latter.https://github.com/clearbluejar/cvedata
2022-12-04 11:14:00
​​CVE-2022-2650Brute Force on wger workout application v2.0https://github.com/HackinKraken/CVE-2022-2650#cve
2022-12-04 09:24:13
HackGit pinned «​​Raspberry Pi 4 Model B - Miniature Hacking Station! Raspberry Pi 4 Model B was released with specs including either 1 GB, 2 GB, 4 GB, or 8 GB of memory, a Broadcom BCM2711B0 quad-core A72 SoC, a USB Type-C power supply, and dual Micro-HDMI outputs. Performance…»
2022-12-04 09:24:09
​​Raspberry Pi 4 Model B - Miniature Hacking Station!Raspberry Pi 4 Model B was released with specs including either 1 GB, 2 GB, 4 GB, or 8 GB of memory, a Broadcom BCM2711B0 quad-core A72 SoC, a USB Type-C power supply, and dual Micro-HDMI outputs. Performance and hardware changes aside, the Pi 4 Model B runs Kali Linux just as well, if not better, than its predecessors. It also includes support for Wi-Fi hacking on its internal wireless card.For hackers interested in a cheap Kali Linux computer capable of hacking Wi-Fi without a separate wireless network adapter, the Pi 4 Model B is a great way to run Kali without needing a virtual machine. Thanks to the number of Wi-Fi hacking tools included in Kali Linux, the new Pi 4 Model B represents a complete Ethernet and Wi-Fi hacking kit for beginners.The reasons for using a Raspberry Pi as a hacking computer are many. Previous Raspberry Pi versions have proved that it doesn't take expensive hardware to run tools in Kali Linux. Virtual machines can behave unpredictably, especially when working with Wi-Fi hacking. Plus, it's sometimes more straightforward to run Kali on hardware rather than in a virtual machine.Another advantage to the Raspberry Pi is that it can easily be used in combination with a device like an unmodified iPhone or Android smartphone. If your smartphone supports creating a Wi-Fi hotspot, it's simple to connect the Pi to your hotspot and control it over SSH. If your smartphone can't create a hotspot, the Pi can also host its own Wi-Fi network, allowing you to join the network created by the Pi on your phone and SSH into it on the go.One of the most exciting things about using a Raspberry Pi for hacking is the add-on of the Nexmon firmware. The addition makes it possible to put the built-in Wi-Fi network adapter into monitor mode. That means it's possible to do things like grab WPA handshakes, listen in on Wi-Fi traffic, and execute attacks like WPS-Pixie without needing a separate compatible Wi-Fi network adapter.For someone interested in getting started with Wi-Fi hacking, the Raspberry Pi 4 Model B provides a Kali-supported Wi-Fi network adapter and an onboard computer capable of basic cracking and MiTM attacks in a single package. The increase in speed and power of the Pi 4 Model B make it a more capable networking device as well as a more capable computer.Hack WiFi with a Raspberry Pi and Kali Linux:https://www.youtube.com/watch?v=PqRVo2niA_8Buy online: 🛒 https://amzn.to/3XXH9Yw🛒 https://ali.ski/QMVRo#raspberrypi #kali #bord
2022-12-04 09:12:00
​​PrintNotifyPotatoAnother potato, using PrintNotify COM service for lifting rightsFor Windows 10 - 11 Windows Server 2012 - 2022https://github.com/BeichenDream/PrintNotifyPotato
2022-12-04 08:12:00
​​telerReal-time HTTP Intrusion Detectionteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. ❤️https://github.com/kitabisa/teler
2022-12-04 08:11:00
​​SideLOADRA "simple" script to perform DLL sideloading using Python.https://github.com/Pascal-0x90/sideloadr
2022-12-04 08:01:39
​FrostByte Project that combines different defense evasion techniques to build better #redteam payloads Large blobs of shellcode like Cobalt Strike's Stageless shellcode will no longer reside on an unsigned DLL on disk, irrespective of the obfuscation /…
2022-12-03 16:20:00
​​BumbleCryptA Bumblebee-inspired CrypterThe BumbleCrypt is inspired by Bumblebee's crypter, in Bumblebee's case the main Bumblebee DLL is been loaded in the memory and executed in the following way:▫️ Decrypts and writes the payload in the Heap▫️ Hooks three NtApi's - NtOpenFile, NtCreateSection and NtMapViewOfSection▫️ Calls LoadLibraryW("gdiplus.dll") which triggers the inline hooks as the above three API's are been used by LoadLibrary() to load any library.▫️ The inline hooks and LoadLibrary itself then loads the main Bumblebee DLL in place of "gdiplus.dll"▫️ At last, the control is been transferred to the exported function "SetPath" of the main Bumblebee DLLhttps://github.com/knight0x07/BumbleCrypt
2022-12-03 16:19:00
​​s3-inspectorTool to check AWS S3 bucket permissions.https://github.com/clario-tech/s3-inspector
2022-12-03 15:19:00
​​Pen-AndroThis Script will automate the process of installing all necessary tools & tasks for Android Pentesting i.e Moving Burpsuite Certificate, Installing Adb frida server, APKs like proxy toggle, proxydroid, adbwifi.https://github.com/raoshaab/Pen-Andro
2022-12-03 15:18:00
​​AmsiHookerHookers are cooler than patches.simple eicar test sample but you know what to do with it lmao. first hooks amsi, pushes eicar through, then disables hook and does it again.https://github.com/jfmaes/AmsiHooker
2022-12-03 11:15:00
​​FrigateNVR With Realtime Object Detection for IP CamerasA complete and local NVR designed for Home Assistant with AI object detection. Uses OpenCV and Tensorflow to perform realtime object detection locally for IP cameras.https://github.com/blakeblackshear/frigate
2022-12-03 11:14:00
​​Pywirt Python Windows Incident Response ToolkitWith this application, it is aimed to accelerate the incident response processes by collecting information in windows operating systems via winrm.https://github.com/anil-yelken/pywirt
2022-12-03 09:13:00
​​WiretapWiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.In this diagram, the client has generated and installed a WireGuard configuration file that will route traffic destined for 10.0.0.0/24 through a WireGuard interface. Wiretap is then deployed to the server with a configuration that connects to the client as a WireGuard peer. The client can then interact with resources local to the server as if on the same network.https://github.com/sandialabs/wiretap
2022-12-03 09:12:05
​​BluffyBluffy is a utility which was used in experiments to bypass Anti-Virus products (statically) by formatting shellcode into realistic looking data formats.https://github.com/preemptdev/bluffyt.me/hackgit
2022-12-03 09:12:00
​​Notus ScannerNotus Scanner detects vulnerable products in a system environment. The scanning method is to evaluate internal system information. It does this very fast and even detects currently inactive products because it does not need to interact with each of the products.https://github.com/greenbone/notus-scanner
2022-12-03 08:56:07
Impacket Collection of #Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed…
2022-12-03 07:10:00
​​Ethical Hacking LabsThis is a collection of tutorials and labs made for ethical hacking students, cybersecurity students, network and sys-admins. These tutorials accompany the resources of CEH content and different resources across the internet.https://github.com/Samsar4/Ethical-Hacking-Labs
2022-12-02 15:19:00
StowawayStowaway is a Multi-hop proxy tool for security researchers and pentesters.Users can easily proxy their network traffic to intranet nodes (multi-layer),break the restrction and manipulate all the nodes that under your control XDFeatures:▫️ More user-friendly interaction, support command auto-completion/search history▫️ Obvious node topology▫️ Clear information display of nodes▫️ Active/Passive connection between nodes▫️ Support reconnection between nodes▫️ Nodes can be connected through socks5 proxy▫️ Nodes can be connected through ssh tunnel▫️ TCP/HTTP can be selected for inter-node traffic▫️ Multi-hop socks5 traffic proxy forwarding, support UDP/TCP, IPV4/IPV6▫️ Nodes can access arbitrary host via ssh▫️ Remote shell▫️ Upload/download files▫️ Port local/remote mapping▫️ Port Reuse▫️ Open/Close all the services arbitrarily▫️ Authenicate each other between nodes▫️ Traffic encryption with AES-256-GCM▫️ Compared with v1.0, the file size is reduced by 25%▫️ Multiple platforms support(Linux/Mac/Windows/MIPS/ARM)https://github.com/lz520520/Stowaway/blob/master/README_EN.md
2022-12-02 15:18:01
​​Awesome On-Chain Forensic HandBookIn this article I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology: Linkhttps://github.com/OffcierCia/On-Chain-Investigations-Tools-List
2022-12-02 15:18:00
​​megmeg is a tool for fetching lots of URLs but still being 'nice' to servers.It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.You get lots of results quickly, but non of the individual hosts get flooded with traffic.https://github.com/tomnomnom/meg
2022-12-02 11:15:00
​​Domain HunterDomain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like Symantec Site Review (BlueCoat), IBM X-Force, and Cisco Talos. The primary tool output is a timestamped HTML table style report.Features:▫️ Retrieve specified number of recently expired and deleted domains (.com, .net, .org) from ExpiredDomains.net▫️ Note: You will need credentials from expireddomains.net for full functionality▫️ Retrieve available domains based on keyword search from ExpiredDomains.net▫️ Perform reputation checks against the Symantec WebPulse Site Review (BlueCoat), IBM x-Force, and Cisco Talos▫️ Sort results by domain age (if known) and filter for reputation▫️ Text-based table and HTML report output with links to reputation sources and Archive.org entryhttps://github.com/threatexpress/domainhunter
2022-12-02 11:14:00
​​JA3 Fingerprint RepositoryJA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.https://github.com/LeargasSecurity/ja3-fingerprint-repository
2022-12-02 08:12:24
​​DomainDoucheAbusing SecurityTrails domain suggestion API to find potentially related domains by keyword and brute force.https://github.com/n0kovo/DomainDouche
2022-12-02 07:11:00
​​Prelude BuildPrelude Build is an easy-to-use IDE - purpose built for authoring, testing and verifying security tests for use in real environments. Our goal is to provide a consistent and repeatable way to write, verify and deploy tests for any scale.https://github.com/preludeorg/build
2022-12-02 07:10:00
​​The real uncrackablesIt seems that when it comes to mobile, real good challenges are very few out there. The real objective of a challenge is to actually learn something out of it and not keep hiding flags in the assets :). In fact some of the challenges won't have flags but real solutions as they will to be based on real scenarios like: "hey, how you exploit this ?"I'll keep adding cool crackmes in this repo, so.. penterers and CTFers stay tuned....https://github.com/Ch0pin/uncrackable
2022-12-01 15:19:00
​​GsecWeb Security Scanner & Exploitation.Passive Scan:▫️ Find assets with shodan▫️ RapidDNS to get subdomains▫️ Certsh to enumerate subdomains▫️ DNS enumeration▫️ Waybackurls to fetch old links▫️ Normal / Agressive ScanDomain http code:▫️ Web port scanning▫️ Server information▫️ HTTP security header scanner▫️ CMS security identifier / misconfiguration scanner▫️ Technology scanner▫️ Programming Language check▫️ Path Traversal scan▫️ Nuclei vulnerability scanninghttps://github.com/gotr00t0day/Gsec
2022-12-01 15:18:00
​​End-to-End Demo with Baysehttps://github.com/BayseIntelligence/e2e_demo
2022-12-01 14:01:31
Thank you all so much for being with us! There are already 5,000 of us! And it's already a small army :)
2022-12-01 11:14:03
​​stackroxStackRox Kubernetes Security PlatformThe StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment. StackRox integrates with every stage of container lifecycle: build, deploy and runtime.The StackRox Kubernetes Security platform is built on the foundation of the product formerly known as Prevent, which itself was called Mitigate and Apollo. You may find references to these previous names in code or documentation.https://github.com/stackrox/stackrox
2022-12-01 11:14:00
​​Python Pickle Malware ScannerSecurity scanner detecting Python Pickle files performing suspicious actions.https://github.com/mmaitre314/picklescan
2022-12-01 10:39:57
​​Ticwatch Pro 3 UltraSmart watch with official Kali NetHunter support.What is Kali NetHunter?Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform. Now it's available for your smartwatch with some limitations.The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks.Beyond the penetration testing tools arsenal within Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, WPS attacks, and much more.NetHunter is an open-source project developed by Offensive Security and the community.Installing NetHunter On the TicWatch Pro:https://www.kali.org/docs/nethunter/installing-nethunter-on-the-ticwatch-pro/Buy online:🛒 https://amzn.to/3VmFeeB🛒 https://ali.ski/Zu0T3#watch #kali #ticwatch
2022-12-01 07:36:57
​​YaraToolsThis repo houses a large set of open-source YARA signatures that have been evaluated on a set of 284,181 legitimate and malicious portable executable files. The Get-YaraMatches PowerShell script can be used to scan new files and enrich the results with additional information such as information gain and the source text for the matching signature. This gives users more information to determine if a file is legitimate or malicious.https://github.com/pracsec/YaraToolsView the documentation here: https://practicalsecurityanalytics.com/home/tools/yaratools/
2022-12-01 07:34:11
​​HiveV5 file decryptor PoCThe work done in the last few months has been necessary to reveal the malicious file encryption mechanism of Hive v5-5.2. The work was divided into two parts▫️ Keystream decryption▫️ File decryption using the decrypted keystreamhttps://github.com/reecdeep/HiveV5_file_decryptor
2022-12-01 07:31:04
​​SnapFuzzA scalable fuzzing infrastructure that finds security and stability issues in software.Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz.https://github.com/google/clusterfuzzAn Efficient Fuzzing Framework for Network Applications:https://google.github.io/clusterfuzz/#trophies
2022-12-01 07:21:30
​​Slash Automated doxer toolSlash supports social media search (over 180 websites) , forum search , pastebin leak search , github commit search. New will be added soon... Also slash scrapes multiple informations from important websites as : Name , Bio , Location , Website , User Info... And it extracting Phone Number - Email Adress from Bios...Slash include threading modules. It make slash faster than others. It means, it search social media,github commit,forums,pastebin in same time.https://github.com/redc86/slash
2022-12-01 07:20:02
​​D4TA-HUNTER #Osint Framework for #KALIA tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking.In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees, subdomains and IP's of servers.https://github.com/micro-joan/D4TA-HUNTER
2022-11-30 15:19:00
​​The PenTesters Framework (PTF)A Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As #pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.https://github.com/trustedsec/ptfFor a video tutorial on how to use PTF, check out our Vimeo page here: https://vimeo.com/137133837
2022-11-30 15:18:00
CVE-2022-21661POC Video | WordPress Core 5.8.2 - 'WP_Query' SQL Injection.https://github.com/APTIRAN/CVE-2022-21661#cve #poc
2022-11-30 11:15:00
​​Hacktoria-CTF-WriteUpsTHE KILLER CLOWN:https://github.com/s1l1c0np1r4t3/Hacktoria-CTF-WriteUps/blob/main/Easy/TheKillerClown.mdPRISONER OF WAR:https://github.com/s1l1c0np1r4t3/Hacktoria-CTF-WriteUps/blob/main/Easy/PrisonerOfWar.mdLOST AT SEA:https://github.com/s1l1c0np1r4t3/Hacktoria-CTF-WriteUps/blob/main/Easy/LostAtSea.mdWow, that's cool.) author: @s1l1c0np1r4t3x#OSINT #RedTeam
2022-11-30 11:14:00
​​Namaste!This repository contains some of the most exhaustive wordlists for enumeration, gathered from a lot of wordlists available on the Internet.https://github.com/HacktivistRO/Bug-Bounty-Wordlists
2022-11-30 07:28:49
​​pycryptPython Based Crypter That Can Bypass Any Kinds Of Antivirus Productshttps://github.com/machine1337/pycrypt
2022-11-30 07:20:14
​​ForgeCertForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ~45 days after the whitepaper was published.https://github.com/GhostPack/ForgeCert#ad
2022-11-30 07:04:37
Get-InjectedThreadEx – Detecting Thread Creation Trampolines.https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolinesPowerShell detection script:https://github.com/jdu2600/Get-InjectedThreadEx
2022-11-30 06:54:15
​​YApi-ExploitYApi boolean-based injection exploit.https://github.com/Anthem-whisper/YApi-Exploit#cve #exploit
2022-11-30 06:50:22
​​subzufsubzuf is a subdomain brute-force fuzzer coupled with an immensly simple but effective DNS reponse-guided algorithm. It utilizes a provided set of input data, like a tailored wordlist or historical DNS/TLS records, to accurately synthesize more corresponding domain names and expand them even further in a loop based on information gathered during DNS scan. This somewhat different approach to subdomain enumeration in most cases allows to discover more subdomains with significantly reduced time and resources.In short, subzuf can be summarized by the following:▫️ Generates carefully selected candidates and uncover completely new subdomains during DNS enumeration scans▫️ Efficient multi-threaded DNS client capable of resolving thousands of domains per second▫️ Wildcard detection in two modes: filter (default, slightly slower but accurate) and reject (resource-saving)▫️ Accepts wordlist or domain names or a mix of both as input▫️ Requires essentially no configuration or fine-tuning▫️ Works right of out the box - no external dependencies or bizzare requirements▫️ Easily chainable with other toolshttps://github.com/elceef/subzuf
2022-11-29 15:18:00
​​octosuiteA framework fro gathering osint on GitHub users, repositories and organizationshttps://github.com/bellingcat/octosuite#OSINT
2022-11-29 11:15:00
​​PyramidPyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some Python evasion properties and looking as a legit Python application usage. https://github.com/naksyn/Pyramid
2022-11-29 11:14:00
​​otpOne Time Password utilities Go / GolangOne Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, GitHub, Facebook, Salesforce and many others.The otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.https://github.com/pquerna/otp
2022-11-29 09:52:27
​​Proxmark3The Proxmark3 is the swiss-army tool of RFID, allowing for interactions with the vast majority of RFID tags on a global scale. Originally built by Jonathan Westhues, the device is now the goto tool for RFID Analysis for the enthusiast. Iceman repository is considered to be the pinnacle of features and functionality, enabling a huge range of extremely useful and convenient commands and LUA scripts to automate chip identification, penetration testing, and programming.https://github.com/RfidResearchGroup/proxmark3Buy online: RDV2 🛒 https://amzn.to/3OND3hKRDV3 Easy 🛒 https://amzn.to/3GYfhNVRDV4 BlueShark 🛒 https://t.me/PentestingShop/95RDV4.01 KIT 🛒 https://ali.ski/6_p9Xk#rfid #nfc
2022-11-29 06:58:31
​​WordlistsInfosec Wordlists.https://github.com/xajkep/wordlists
2022-11-29 06:53:58
​​EvilTreeA standalone python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches. Created for two main reasons:▫️ While searching for secrets in files of nested directory structures, being able to visualize which files contain user provided keywords/regex patterns and where those files are located in the hierarchy of folders, provides a significant advantage.▫️ "tree" is an amazing tool for analyzing directory structures. It's really handy to have a standalone alternative of the command for post-exploitation enumeration as it is not pre-installed on every linux distro and is kind of limited on Windows (compared to the UNIX version).https://github.com/t3l3machus/eviltree
2022-11-28 15:18:00
​​RansomwhereA Proof of Concept #ransomware sample that encrypts your files to test out your ransomware detection & prevention strategies. If no arguments are provided, ransomwherewill automatically execute the encrypt mode without deleting the original files.https://github.com/hazcod/ransomwhere
2022-11-28 13:42:44
​​wwwtreeA utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.https://github.com/t3l3machus/wwwtreeVideo Presentation:https://www.youtube.com/watch?v=iog-eb_N0Hg
2022-11-28 12:29:54
​​ServicesMain goal - let disable/stop serviceses like WinDefend, which inot easy task from "mmc services.msc" - need have 'NT SERVICE\WinDefend' AND 'NT SERVICE\TrustedInstaller' sids in token.https://github.com/rbmm/Services
2022-11-28 11:20:50
​​SharkTapUSB Ethernet SnifferThe SharkTap allows you to sniff an Ethernet link without using an Ethernet port on your PC. This is ideal for newer portables without an Ethernet jack, but is also a benefit if you don’t want to switch a port between network and debugging purposes.A 'Test Access Port' allows you to see the packets on an ethernet link. Directly supports 10-, 100- or 1000Base-T links.Intended to be used with the open source Wireshark program, or equivalent.The Gen2 SharkTapUSB features 'carbon copy' copper repeater technology for minimum impact on the monitored network. The carbon copies of bi-directional data are aggregated onto a single wired or USB Test Access Port (TAP)Power-over-ethernet pass through. (For power-fail bypass, search "SharkTapBYP") 750mA current. Non-conductive plastic cover. Auto cross-over for cables.Buy online: 🛒 https://amzn.to/3VerYIQ#sniffer #lan #ethernet #usb
2022-11-28 11:14:05
​​PurposeSome simple IP lists to use in firewall tools like pfBlockerNG. These lists exist elsewhere but may not be in a format that is useable for me.I primarily use these lists to block grey noise in my firewall loghttps://github.com/SilvrrGIT/IP-Lists
2022-11-28 11:14:00
​​PafishPafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do.https://github.com/a0rtega/pafish
2022-11-28 11:13:59
​​YARA in a nutshellYARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a. rule, consists of a set of strings and a boolean expression which determine its logic. Let's see an example:https://github.com/VirusTotal/yara
2022-11-28 10:13:00
​​CVE-2022-39425Vulnerability in Oracle VM VirtualBox <6.1.40 (Core)https://github.com/bob11vrdp/CVE-2022-39425#cve #poc
2022-11-28 09:23:41
​​When an N-Day turns into a 0day. (Part 1 of 2)Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers.https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
2022-11-28 09:12:00
​​stegoWiperA powerful and flexible active attack for disrupting stegomalwarehttps://github.com/mindcrypt/stegowiper
2022-11-28 08:26:56
​​Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server, Starkiller.Features:▫️ Server/Client Architecture for Multiplayer Support▫️ Supports GUI & CLI Clients▫️ Fully encrypted communications▫️ HTTP/S, Malleable HTTP, OneDrive, Dropbox, and PHP Listeners▫️ Massive library (400+) of supported tools in PowerShell, C#, & Python▫️ Donut Integration for shellcode generation▫️ Modular plugin interface for custom server features▫️ Flexible module interface for adding new tools▫️ Integrated obfuscation using ConfuserEx 2 & Invoke-Obfuscation▫️ In-memory .NET assembly execution▫️ Customizable Bypasses▫️ JA3/S and JARM Evasion▫️ MITRE ATT&CK Integration▫️ Integrated Roslyn compiler (Thanks to Covenant)▫️ Docker, Kali, Ubuntu, and Debian Install Supporthttps://github.com/BC-SECURITY/Empire#best #kali
2022-11-27 15:19:00
​​Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) that will help you during adversary simulation and as information intended for threat hunter can make detection and prevention control easier. The list of tools below that could be potentially misused by threat actors such as APT and Human-Operated Ransomware (HumOR). If you want to contribute to this list send me a pull request.https://github.com/infosecn1nja/Red-Teaming-Toolkit
2022-11-27 15:18:00
​​Dynamic RPC proxyProxy requests to different Ethereum RPC servers and optionally alter the request.https://github.com/shark0der/rpc-proxy
2022-11-27 12:15:01
​​Cobalt Strike Community KitCobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be challenging to locate. Community Kit is a central repository of extensions written by the user community to extend the capabilities of Cobalt Strike. The Cobalt Strike team acts as the curator and provides this kit to showcase this fantastic work.https://github.com/Cobalt-Strike/community_kit#cobalt
2022-11-27 11:15:00
​​Dismap Asset discovery and identification toolDismap positioning is an asset discovery and identification tool. It can quickly identify protocols and fingerprint information such as web/tcp/udp, locate asset types, and is suitable for internal and external networks. It assists red team personnel to quickly locate potential risk asset information, and assist blue team personnel to detect Suspected Fragile Assetshttps://github.com/zhzyker/dismap
2022-11-27 11:14:00
​​Linux ForensicsEverything related to Linux #Forensicshttps://github.com/ashemery/LinuxForensics
2022-11-27 09:51:16
​​PSEditEdit PowerShell scripts directly in your terminal.▫️ IntelliSense▫️ Syntax Higlighting▫️ Format on Save▫️ Script Execution▫️ Error View▫️ Syntax Error Viewhttps://github.com/ironmansoftware/pseditt.me/hackgit
2022-11-27 08:36:57
​​HeliosHelios is a fully trustless, efficient, and portable Ethereum light client written in Rust.Helios converts an untrusted centralized RPC endpoint into a safe unmanipulable local RPC for its users. It syncs in seconds, requires no storage, and is lightweight enough to run on mobile devices.The entire size of Helios's binary is 13Mb and should be easy to compile into WebAssembly. This makes it a perfect target to embed directly inside wallets and dapps.https://github.com/a16z/helios
2022-11-27 08:23:24
​​minikerberosKerberos manipulation library in pure Python.https://github.com/skelsec/minikerberosThis is the public repository of minikerberos, for latest version and updates please consider supporting us through https://porchetta.industries/
2022-11-27 07:51:58
​​MistbornA secure platform for easily standing up and managing your own cloud services: including firewall, ad-blocking, and multi-factor WireGuard VPN access.https://gitlab.com/cyber5k/mistborn#cybersecurity #vpn
2022-11-26 15:19:00
​​inject-assemblyExecute .NET in an Existing ProcessThis tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly.There are two components of inject-assembly:1. BOF initializer: A small program responsible for injecting the assembly loader into a remote process with any arguments passed. It uses BeaconInjectProcess to perform the injection, meaning this behavior can be customized in a Malleable C2 profile or with process injection BOFs (as of version 4.5).2. PIC assembly loader: The bulk of the project. The loader will initialize the .NET runtime, load the provided assembly, and execute the assembly. The loader will create a new AppDomain in the target process so that the loaded assembly can be totally unloaded when execution is complete.Communication between the remote process and Beacon occurs through a named pipe. The Aggressor script generates a pipe name and then passes it to the BOF initializer.https://github.com/kyleavery/inject-assembly
2022-11-26 15:18:00
​​LOLBASLiving Off The Land Binaries and ScriptsThe goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.https://github.com/LOLBAS-Project/LOLBASDetails:https://lolbas-project.github.io/
2022-11-26 11:14:00
​​QuickSand Version 2QuickSand Python Package and Command Line ToolQuickSand is a Python-based analysis framework to analyze suspected malware documents to identify exploits in streams of different encodings or compressions. QuickSand supports documents, PDFs, Mime/Email, Postscript and other common formats. A built-in command line tool can process a single document or directory of documents.QuickSand scans within the decoded streams of documents and PDFs using Yara signatures to identify exploits or high risk active content.https://github.com/tylabs/quicksand
2022-11-26 10:16:35
​​shotlooterShotlooter tool is developed to find sensitive data inside the screenshots which are uploaded to https://prnt.sc/ (via the LightShot software) by applying OCR and image processing methods.https://github.com/utkusen/shotlooter