Date Content Media
2024-04-29 07:09:28
​​🚀 Google Recaptcha SolverA Python script to solve Google reCAPTCHA using the DrissionPage library.https://github.com/sarperavci/GoogleRecaptchaBypass#cybersecurity #infosec #bugbounty
2024-04-28 07:57:34
​​AutoAppDomainHijackTools to automate finding AppDomain hijacks and generating payloads from shellcode.https://github.com/nbaertsch/AutoAppDomainHijack#cybersecurity #pentesting #redteam
2024-04-25 15:49:56
​​lsassyPython tool to remotely extract credentials on a set of hosts.https://github.com/login-securite/lsassy#infosec #pentesting #redteam
2024-04-25 09:16:23
​​Ominis OSINT: Secure Web-Search 🌐🕵️‍♂️This Python script is an #OSINT tool. It performs online information gathering by querying Google for search results related to a user-inputted query. The tool extracts relevant information such as titles, URLs, and potential mentions of the query in the results.https://github.com/AnonCatalyst/Ominis-Osint#cybersecurity #infosec #pentesting
2024-04-24 09:05:58
​​OFFATThe OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completionhttps://github.com/OWASP/OFFAT#cybersecurity #pentesting #redteam
2024-04-23 06:09:00
​​DarkGPTDarkGPT is an OSINT assistant based on GPT-4-200K designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your traditional OSINT processes.https://github.com/luijait/DarkGPT#OSINT #cybersecurity #infosec
2024-04-22 06:26:12
​​hauditor A tool designed to analyze the security headers returned by a web page and report dangerous configurations.https://github.com/trap-bytes/hauditor#cybersecurity #pentesting #bugbounty
2024-04-01 07:17:45
​​Chiasmodon#OSINT tool designed to assist in the process of gathering information about target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials (usernames and passwords), CIDRs (Classless Inter-Domain Routing), ASNs (Autonomous System Numbers), and subdomains. the tool allows users to search by domain, CIDR, ASN, email, username, password, or Google Play application ID.https://github.com/chiasmod0n/chiasmodon#cybersecurity #infosec #pentesting
2024-02-10 11:14:07
​​NTLM Relay GatA powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of functionalities from listing SMB shares to executing commands on MSSQL databases.https://github.com/ad0nis/ntlm_relay_gat#cybersecurity #pentesting #redteam
2024-02-10 11:14:00
​​COATHANGERIOCs and detection script for COATHANGER #malwarehttps://github.com/JSCU-NL/COATHANGER#cybersecurity #infosec #pentesting
2024-02-06 11:14:00
​​CVE-2024-23897Nuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)https://github.com/kaanatmacaa/CVE-2024-23897#cve #pentesting #bugbounty
2024-02-05 11:15:00
​​MultiDumpA post-exploitation tool written in C for dumping and extracting #LSASS memory discreetly, without triggering Defender alerts, with a handler written in #Python.https://github.com/Xre0uS/MultiDump#cybersecurity #pentesting #redteam
2024-02-05 11:14:05
​​📹 PantheonA GUI application that allows users to display information regarding network cameras in various countries as well as an integrated live-feed for non-protected cameras.https://github.com/josh0xA/Pantheon#OSINT #cybersecurity #recon
2024-02-05 11:14:00
​​Nim-ShellReverse shell that can bypass EDR and windows defender detection.https://github.com/emrekybs/nim-shell#cybersecurity #pentesting #redteam
2024-02-04 11:15:00
​​🔭 PacketSpyA powerful network packet sniffing tool designed to capture and analyze network traffic. It provides a comprehensive set of features for inspecting HTTP requests and responses, viewing raw payload data, and gathering information about network devices. With PacketSpy, you can gain valuable insights into your network's communication patterns and troubleshoot network issues effectively.https://github.com/HalilDeniz/PacketSpy#cybersecurity #pentesting #redteam
2024-02-04 11:14:00
​​📟 Multi Modal LLM Powered Captcha SolverAn Multi-Modal LLM Powered Agent to automatically solve Captchas.https://github.com/AashiqRamachandran/i-am-a-bot#cybersecurity #infosec #pentesting
2024-02-03 11:14:00
​​SQLi_SleepsIt is a simple script that allows to find SQLi vulnerabilities, obtaining the response time greater than 20 seconds per medium and time-based injection.https://github.com/HernanRodriguez1/SQLi_Sleeps#pentesting #redteam #bugbounty
2024-02-02 11:14:07
​​MetaHubMetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.https://github.com/gabrielsoltz/metahub#cybersecurity #pentesting #bugbounty
2024-02-02 11:14:00
​​Unmanaged .NET PatchingA proof-of-concept for patching managed .NET function from unmanaged codehttps://github.com/outflanknl/unmanaged-dotnet-patch#cybersecurity #infosec #pentesting
2024-02-01 11:15:00
​​Frameless BITBA new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.https://github.com/waelmas/frameless-bitb#cybersecurity #pentesting #redteam
2024-02-01 11:14:05
​​CVE-2023-45779A set of scripts and artifacts that demonstrate detection and exploitation of Android devices that ship APEXes signed with test keys from AOSP.https://github.com/metaredteam/rtx-cve-2023-45779Details:https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys#cybersecurity #infosec #pentesting
2024-02-01 11:14:00
​​Cybersecurity RoadmapSkills and career roadmap for #cybersecurity professionals.https://github.com/jassics/cybersecurity-roadmap#infosec #pentesting #bugbounty
2024-01-29 13:17:00
​​PurpleLablab solution, providing a swift setup for #cybersecurity professionals to test detection rules, simulate logs, and various security taskshttps://github.com/Krook9d/PurpleLab#infosec #pentesting #bugbounty
2023-09-28 08:01:12
💢Battle to become the best👽‼️💣💣Create the best strategy to reach the top and win exclusive Artifacts to level up👊💪Upgrade and enhance Artifacts to unlock unimaginable power.👉Download for free:https://g.igg.com/lRk7Ia👈❗️❗️
2023-09-28 07:59:54
💢Strategize with a range of troop types, Hero skills, and attacking styles👽‼️Build a Shelter to protect survivors against enemies and threats👊💣💣Kill the infected, raid other Shelters, and form an alliance to fight enemies.👇Download for free👇https://g.igg.com/FsGCA3
2023-09-27 12:16:00
​​ntkrnlProtectScanOne click tool to scan all the enabled protection of current windows nt kernel.https://github.com/aaaddress1/ntkrnlProtectScan#infosec #pentesting #redteam
2023-09-27 12:15:14
​​TierZeroTableTable of AD and Azure assets and whether they belong to Tier Zero.https://github.com/SpecterOps/TierZeroTable#cybersecurity #infosec #pentesting
2023-09-27 12:15:13
​​CVE-2023-35793Repository contains description for CVE-2023-35793 discovered by Dodge Industrial Team for Dodge OPTIFY platfrom.https://github.com/Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH#cve #cybersecurity #infosec
2023-09-27 12:15:06
CVE-2023-43263Repository for CVE-2023-43263 vulnerability.https://github.com/b0marek/CVE-2023-43263#cve #cybersecurity #infosec
2023-09-27 12:15:05
​​NtdissectorA tool for parsing records of an NTDS database. Records are dumped in JSON format and can be filtered by object class.https://github.com/synacktiv/ntdissector#infosec #pentesting #redteam
2023-09-27 12:15:00
​​graftcpA flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.https://github.com/hmgle/graftcp#infosec #pentesting #redteam
2023-09-26 12:16:00
​​OSCP Cheatsheet 📑This cheatsheet as part of OSCP preperation.https://github.com/saisathvik1/OSCP-Cheatsheet#infosec #pentesting #redteam
2023-07-25 13:17:00
​​DCOM DLL HijackingWe recently discovered the following DCOM classes that are subject to DLL hijacking. If an attacker can write to the associated path, they can move laterally by instantiating the COM object. Some classes have additional DLL hijacking opportunities that are not listed here.https://github.com/WKL-Sec/dcomhijack#infosec #pentesting #redteam
2023-07-25 13:16:07
​​outlook_email_auth_bypassIn Outlook desktop and web app , "display name" of email's "From" header can manipulate the from email which is displayed to the user, that can result in more convincing phish emails.https://gitlab.com/email_bug/outlook_email_auth_bypass#infosec #pentesting #redteam
2023-07-25 13:16:00
​​RICC Robust Collective Classification of Sybil Accountshttps://github.com/WSP-LAB/RICC#cybersecurity #infosec
2023-07-24 11:31:58
​​Analytics & AdBlockerProtect your #privacy while browsing the web.https://github.com/con-schy1/Analytics_AdBlocker#cybersecurity #infosec
2023-07-24 08:43:51
​​DeepCameraOpen-Source #AI #Camera. Empower any camera/CCTV with state-of-the-art AI, including facial recognition, person recognition(RE-ID) car detection, fall detection and more...https://github.com/SharpAI/DeepCamera
2023-07-23 16:20:00
​​TokenTactics v2A fork of the great TokenTactics with support for CAE and token endpoint v2.https://github.com/f-bader/TokenTacticsV2#pentesting #redteam #bugbounty
2023-07-23 16:19:05
​​combineRust in-memory dumper. Check your windows local security authority credential's safety with this awesome tool.https://github.com/m3f157O/combine_harvester#infosec #pentesting #redteam
2023-07-23 16:19:00
​​HtmlSmugglingit is malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page.https://github.com/De3vil/HtmlSmuggling#infosec #pentesting #redteam
2023-07-23 12:16:00
​​Cloudflare Origin ipThis Python tool compares the HTTP response of the given subdomain to HTTP responses of a list of IPs addresses. This list is based on:• subdomains supplied by the user• subdomains found on external sources• IPs found external sourceshttps://github.com/gwen001/cloudflare-origin-ip#infosec #pentesting #bugbounty
2023-07-23 12:15:06
​​CVE-2023-32681Vulnerability in python-requests affects IBM InfoSphere Information Server.https://github.com/hardikmodha/POC-CVE-2023-32681#cve #poc #cybersecurity #infosec
2023-07-23 12:15:05
​​CVE-2023-3519The cve_2023_3519_inspector.py is a Python-based vulnerability scanner for detecting the CVE-2023-3519 vulnerability in Citrix Gateways. It performs a passive analysis and fingerprinting of target websites to assess their vulnerability based on a series of checks.https://github.com/securekomodo/citrixInspector#cve #cybersecurity #infosec
2023-07-23 12:15:00
​​MalwareREToolsA repo containing some tooling build to assist with reverse engineering malware samples.https://github.com/0x0v1/MalwareRETools/tree/main/APT37/ROKRAT#malware #cybersecurity #reverse
2023-07-23 07:56:16
​​🦊 Firefox DecryptA tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles.https://github.com/unode/firefox_decrypt#infosec #pentesting #redteam
2023-07-22 12:16:00
​​PowershellKerberosSome scripts to abuse kerberos using Powershell.https://github.com/MzHmO/PowershellKerberos#infosec #pentesting #redteam
2023-07-22 12:15:11
​​CVE-2023-38632Async-sockets-cpp <0.3.1 TCP Packet tcpsocket.hpp Stack-based Overflowhttps://github.com/Halcy0nic/CVE-2023-38632#cve #cybersecurity #infosec
2023-07-22 12:15:06
​​vala-vala-heyThis is a 0day root LPE for latest #Manjaro distro, tested on embedded ARM and x86_64 desktop installs.https://github.com/c-skills/vala-vala-hey#cve #cybersecurity #infosec
2023-07-22 12:15:05
​​CVE-2023-35885Cloudpanel 0-day Exploithttps://github.com/datackmy/FallingSkies-CVE-2023-35885#cve #cybersecurity #infosec
2023-07-22 12:15:00
​​Tor / Darknet LinksVerified darknet market and darknet service links on the Tor Network.https://github.com/DarkNetEye/tor-linksWeb:https://darkneteye.com/#cybersecurity #infosec #privacy
2023-07-20 12:16:00
​​👺MSI SearchTo simplify this task, Mandiant’s red team created a Beacon Object File (BOF) and a PowerShell script found in msi_search to read and output relevant metadata for all MSI files cached in C:\Windows\Installer. Using this tool will allow red team operators and security teams to download relevant files to investigate local privilege escalation vulnerabilities through MSI repairs.https://github.com/mandiant/msi-searchDetails:https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers#infosec #pentesting #redteam
2023-07-20 12:15:05
​​GIUDA GET a TGS on behalf of another user without password.https://github.com/foxlox/GIUDA#infosec #pentesting #redteam
2023-07-20 12:15:00
​​💠 UnshackleOpen-source tool to bypass windows and linux passwords from bootable usb.https://github.com/Fadi002/unshackle#infosec #pentesting #redteam
2023-07-19 12:15:00
​​Cobalt Strike BOFsBeacon object files I made to use with #CobaltStrike.https://github.com/Und3rf10w/CobaltStrikeBOFs#infosec #pentesting #redteam
2023-07-18 12:16:00
​​AlcatrazA x64 binary obfuscator that is able to obfuscate various different pe files including:• .exe• .dll• .syshttps://github.com/weak1337/Alcatraz#infosec #pentesting #redteam
2023-07-18 12:15:06
​​Awesome Industrial ProtocolsCompilation of industrial network protocols resources focusing on offensive security.• You are currently viewing the Awesome Industrial Protocols page.• etailed pages for protocols are available in protocols.• All data is stored in MongoDB databases in db.• Turn/IP (in srcs) is a handy tool to manipulate this data, generate the awesome list and protocol pages, and simplify the research and test process on industrial protocolshttps://github.com/Orange-Cyberdefense/awesome-industrial-protocols#cybersecurity #infosec
2023-07-18 12:15:05
​​CVE-2023-32117Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints.https://github.com/RandomRobbieBF/CVE-2023-32117#cve #cybersecurity #infosec
2023-07-18 12:15:00
​​Microwalk A microarchitectural leakage detection framework using dynamic instrumentation.https://github.com/microwalk-project/Microwalk#cybersecurity #infosec
2023-07-18 08:30:23
​​TGSCANStreamline Your Telegram Searches: Find Channels, Groups, and Chat History Effortlessly.• Fast search results• Intuitive search interface• Ability to search chat history• Near-real-time indexing for up-to-date search resultshttps://github.com/tgscan-dev/tgscanWeb:https://tgscan.xyz/#OSINT #cybersecurity #infosec
2023-07-17 16:19:15
​​SigmaTauAn extension of the sigma standard to include security metrics.https://github.com/priamai/sigmatau#cybersecurity #infosec #pentesting
2023-07-17 16:19:08
​​CVE-2023-23397MS Outlook Privilege Escalation.https://github.com/Muhammad-Ali007/OutlookNTLM_CVE-2023-23397#cve #cybersecurity #infosec
2023-07-17 16:19:07
​​in-app-protectionsThis repo will contain all the scripts and POCs for bypassing various in-app protection techniques.https://github.com/fatalSec/in-app-protections#cybersecurity #infosec #bugbounty
2023-07-17 16:19:00
​​promptmapPrompt injection is a type of security vulnerability that can be exploited to control the behavior of a ChatGPT instance. By injecting malicious prompts into the system, an attacker can force the #ChatGPT instance to do unintended actions.https://github.com/utkusen/promptmap#infosec #pentesting #redteam
2023-07-17 12:34:06
​​crt.shThis bash script makes it easy to quickly save and parse the output from https://crt.sh website. to be sent to tools like httpx!https://github.com/az7rb/crt.sh#infosec #pentesting #bugbounty
2023-07-17 07:57:57
​​🥷 Awesome PrivacyA curated list of privacy & security-focused software and services.https://github.com/Lissy93/awesome-privacy#cybersecurity #infosec #privacy
2023-07-15 12:16:00
​​UDP Protocol ScannerA tool for identifying UDP services running on remote hosts. This tool may be of use to those performing security testing - e.g. during penetration testing, vulnerability assessments or while pivoting.https://github.com/CiscoCXSecurity/udpy_proto_scanner#cybersecurity #infosec #pentesting
2023-07-15 12:15:05
​​CVE-2023-37582Apache RocketMQ Arbitrary File Write Vulnerability #Exploit.https://github.com/Malayke/CVE-2023-37582_EXPLOIT#cybersecurity #infosec
2023-07-15 12:15:00
​​CVE-2023-36884Office/Windows HTML RCE Vulnerabilityhttps://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline#cve #cybersecurity #infosec
2023-07-15 11:15:03
​​DSTIKE HackheldThis versatile tool is designed for hacking and DIY enthusiasts. It features a D1 Mini, OLED display, RGB LED, and buttons for a simple and compact design. The kit comes preloaded with the latest ESP8266 Deauther software, allowing you to test WiFi networks through various attacks. Additionally, you can develop your own software using this ESP8266 development board. The kit includes a 1000mAh rechargeable battery, providing up to 10 hours of operation.Function:▫️ Deauther Attack: Disconnect 2.4G WiFi▫️ Deauther Beacon: Create fake networks▫️ Deauther Probe:Confuse wifi trackers▫️ Packet Monitor:Display wifi trafficRepository:https://github.com/SpacehuhnTech/HackheldBuy online: Original 🛒 https://bit.ly/44CeESSChinese clone 🛒 https://amzn.to/3pPLqkBChinese clone 🛒 https://bit.ly/3NLsfQY#esp8266 #wifi #dstike
2023-07-15 07:30:02
​​LOLAPPS Kind of like the cousin of LOLBAS and GTFObins. Sometimes you might struggle to common binaries to exploit and LOLAPPS is meant to be a supplementary resource for identifying native functionality in applications that can be used to the hacker's advantage, both third-party and from within.https://github.com/LOLAPPS-Project/LOLAPPSWeb:https://lolapps-project.github.io/#infosec #pentesting #redteam
2023-07-15 07:19:17
​​HadesLdrShellcode loader implementing indirect dynamic syscall, api hashing, fileless shellcode retrieving using winsock2.• Indirect Dynamic Syscall by resolving the SSN and the address pointing to a backed syscall instruction dynamically.• API Hashing by resolving modules & APIs base address from PEB by hashes• Fileless Chunked RC4 Shellcode retrieving using Winsock2https://github.com/CognisysGroup/HadesLdrDetails:https://labs.cognisys.group/posts/Combining-Indirect-Dynamic-Syscalls-and-API-Hashing/#infosec #pentesting #redteam
2023-07-14 18:31:30
​​docleanerA web service to clean #documents from potentially privacy-invasive #metadata.https://github.com/TUD-CERT/docleaner
2023-07-13 20:23:00
​​CoWitnessA powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete responses and valuable insights during your testing process.https://github.com/stolenusername/cowitness#cybersecurity #infosec #pentesting
2023-07-13 16:20:00
​​⚔️ Web Hacker's WeaponsA collection of cool tools used by Web hackers.https://github.com/hahwul/WebHackersWeapons#infosec #pentesting #bugbounty
2023-07-13 16:19:00
​​NavgixA multi-threaded golang tool that will check for nginx alias traversal vulnerabilities.https://github.com/hakaioffsec/navgix#infosec #pentesting #bugbounty
2023-07-13 12:16:00
​​Venera FrameworkA tool for automating customized tests and attacks agaist many kinds of protocol. It relies on a scripting engine based on the Lua scripting language that makes it possible to create modules for all types of checks and exploits.https://github.com/farinap5/Venera#infosec #pentesting #redteam
2023-07-13 12:15:05
​​SharpDXWebcam Utilizing the DirectX and DShowNET assemblies to record video from the host's webcam.https://github.com/snovvcrash/SharpDXWebcam#cybersecurity #infosec #pentesting
2023-07-13 12:15:00
​​CVE-2023-3460Unauthorized admin access for Ultimate Member plugin POC.https://github.com/Fire-Null/CVE-2023-3460#cve #cybersecurity #infosec
2023-07-13 08:38:34
BadZureBadZure orchestrates the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths.https://github.com/mvelazc0/BadZure#infosec #pentesting #redteam
2023-07-12 12:16:00
​​EasyScanA Python script that analyzes the security of a given website by inspecting its HTTP headers and DNS records. The script generates a security report with recommendations for addressing potential vulnerabilities.https://github.com/introvertmac/EasyScan#cybersecurity #infosec #pentesting
2023-07-12 12:15:00
​​SatIntelSatIntel is an #OSINT tool for Satellites 🛰. Extract satellite telemetry, receive orbital predictions, and parse TLEs 🔭https://github.com/ANG13T/SatIntel#cybersecurity #infosec
2023-07-12 06:40:48
​​🤖 supermanKill The Protected Processhttps://github.com/b1-team/superman#cybersecurity #infosec
2023-07-10 12:16:00
​​ShellGhostA memory-based evasion technique which makes shellcode invisible from process start to end.https://github.com/lem0nSec/ShellGhost#infosec #pentesting #redteam
2023-07-10 12:15:05
​​CVE-2023-22906A critical vulnerability that affects the Hero Qubo Smart Doorbell device running version HCD01_02_V1.38_20220125. This particular device allows Telnet access with root privileges by default, without requiring a password. https://github.com/nonamecoder/CVE-2023-22906#cve #cybersecurity #infosec
2023-07-10 12:15:00
​​ShortscanAn IIS short filename enumeration tool.https://github.com/bitquark/shortscan#cybersecurity #infosec
2023-07-10 07:07:15
​​Decrypt Chrome PasswordsA simple program to decrypt chrome password saved on your machine. This code has only been tested on windows, so it may not work on other OS.https://github.com/ohyicong/decrypt-chrome-passwords#cybersecurity #infosec #redteam
2023-07-08 12:15:00
Evil QRProof-of-concept to demonstrate dynamic QR swap phishing attacks in practice.https://github.com/kgretzky/evilqr#cybersecurity #infosec
2023-07-08 07:28:01
TakeMyRDP 2.0A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe) it operates in the background not as a console windows anymore and handles all messages in a hidden window.https://github.com/nocerainfosec/TakeMyRDP2.0#infosec #pentesting #redteam
2023-07-07 12:16:00
​​route-detectFind authentication (authn) and authorization (authz) security bugs in web application routes.https://github.com/mschwager/route-detect#cybersecurity #infosec #pentesting
2023-07-07 12:15:06
​​SR-IOV Network Metrics ExporterExporter that reads metrics for SR-IOV Virtual Functions and exposes them in the Prometheus format.https://github.com/k8snetworkplumbingwg/sriov-network-metrics-exporter#cybersecurity #infosec
2023-07-07 12:15:05
​​CVE-2023-2868Barracuda ESG Command Injectionhttps://github.com/cfielding-r7/poc-cve-2023-2868#cve #cybersecurity #infosec
2023-07-07 12:15:00
​​Useful #OSINT hints and linkshttps://github.com/seintpl/osint#cybersecurity #infosec
2023-07-07 10:01:47
WinsockyWinsocket implementation for #CobaltStrike. Used to communicate with the victim using winsockets instead of the traditional ways.https://github.com/WKL-Sec/Winsocky#infosec #pentesting #redteam
2023-07-06 12:16:00
​​bouhekiKRSI (eBPF+LSM) based Linux security auditing tool. Security events can be audited and blocked based on the container of the process, and restrictions can be applied to container environments.https://github.com/mrtc0/bouheki#cybersecurity #infosec
2023-07-06 12:15:05
​​Backdoor-exploit-pythonBackdoor exploit program which helps an user to get information from any user when deployed to the target machine.https://github.com/vaibhavbais007/Backdoor-exploit-python-program#infosec #pentesting #redteam
2023-07-06 12:15:00
​​CVE-2023-24488The provided script is a Ruby script used to check and detect the CVE-2023-24488 security vulnerability in Citrix Gateway and Citrix ADC.https://github.com/Abo5/CVE-2023-24488#cve #cybersecurity #infosec
2023-07-04 16:20:00
​​inceptorModern Penetration testing and Red Teaming often requires to bypass common AV/EDR appliances in order to execute code on a target. With time, defenses are becoming more complex and inherently more difficult to bypass consistently. Inceptor is a tool which can help to automate great part of this process, hopefully requiring no further effort.https://github.com/klezVirus/inceptor#infosec #pentesting #redteam
2023-07-04 16:19:00
​​Projectdiscovery.io Plugin for SteampipeUse SQL to query Projectdiscovery.io tools for footprinting information.https://github.com/sensepost/steampipe-plugin-projectdiscovery#cybersecurity #infosec #bugbounty
2023-07-04 12:16:00
​​DOMSCANA simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.https://github.com/lauritzh/domscan#infosec #pentesting #bugbounty
2023-07-04 12:15:05
​​CVE-2023-35829Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.https://github.com/ChriSanders22/CVE-2023-35829-poc#cve #cybersecurity #infosec
2023-07-04 12:15:00
​​awesome-linux-attack-forensics-purplelabsThis page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.https://github.com/cr0nx/awesome-linux-attack-forensics-purplelabs#cybersecurity #infosec #forensic
2023-07-04 07:37:08
​​AuRA - Auth. Request AnalyserThis Chromium extensions aims at supporting the analysis of single sign-on implementations, by offering semi-automated analysis and attack capabilities for OAuth 2.0 and OpenID Connect 1.0 Authorization/Authentication Requests.https://github.com/lauritzh/auth-request-analyser#infosec #pentesting #bugbounty
2023-07-03 12:16:00
​​CryptoTesterA utility for playing with cryptography, geared towards #ransomware analysis.https://github.com/Demonslay335/CryptoTester#cybersecurity #infosec
2023-07-03 12:15:05
​​CVE-2023-24488Reversing Citrix Gateway for #XSShttps://github.com/k00kx/CVE-2023-24488#cve #cybersecurity #infosec
2023-07-03 12:15:00
​​CVE-2023-2982WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass.https://github.com/H4K6/CVE-2023-2982-POC#cve #cybersecurity #infosec
2023-07-03 09:48:28
​​BashfuscatorA fully configurable and extendable #Bash #obfuscation framework. This tool is intended to help both red team and blue team.https://github.com/Bashfuscator/Bashfuscator
2023-07-03 08:42:38
​​powershell-backdoor-generatorReverse backdoor written in PowerShell and obfuscated with Python. It generates payloads for popular hacking devices like Flipper Zero and Hak5 USB Rubber Ducky, and changes its signature after every build for evasion.https://github.com/freeide/powershell-backdoor-generator#infosec #pentesting #redteam
2023-07-03 08:07:39
​​TakeMyRDPA keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.exe and CredentialUIBroker.exe).https://github.com/TheD1rkMtr/TakeMyRDP#infosec #pentesting #redteam
2023-07-01 16:20:00
​​jsluiceExtract URLs, paths, secrets, and other interesting bits from JavaScript.https://github.com/BishopFox/jsluice#infosec #pentesting #bugbounty
2023-07-01 16:19:00
​​Linux-Exploit-DetectionLinux-based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Rego/Sigma.https://github.com/Loginsoft-Research/Linux-Exploit-Detection#cybersecurity #infosec
2023-07-01 12:16:00
​​Uscrapper #OSINT tool that allows users to extract various personal information from a website. It leverages web scraping techniques and regular expressions to extract email addresses, social media links, author names, geolocations, phone numbers, and usernames from both hyperlinked and non-hyperlinked sources on the webpage.https://github.com/z0m31en7/Uscrapper#cybersecurity #infosec
2023-07-01 12:15:05
​​CVE-2023-3338Practicing different Linux kernel exploitation techniques with my DECnet vulnerability and null page mapping enabled.https://github.com/TurtleARM/CVE-2023-3338#cve #cybersecurity #infosec
2023-07-01 12:15:00
​​cloudtoolkitCloud Penetration Testing Toolkithttps://github.com/404tk/cloudtoolkit#cybersecurity #infosec #pentesting
2023-07-01 09:49:10
​​NetSoc #OSINTTool focused on extracting information from an account in various Social Networks.https://github.com/XDeadHackerX/NetSoc_OSINT#cybersecurity #infosec
2023-07-01 07:37:10
​​🛡 eBPFShieldA high-performance security tool that utilizes eBPF and Python to provide real-time IP-Intelligence and DNS monitoring. https://github.com/sagarbhure/eBPFShield#cybersecurity #infosec
2023-07-01 07:10:30
​​Nosey ParkerA command-line program that finds secrets and sensitive information in textual data and Git history.https://github.com/praetorian-inc/noseyparker#infosec #pentesting #bugbounty
2023-06-29 16:20:00
​​DNS AnalyzerA #BurpSuite extension for finding DNS vulnerabilities in web applications!https://github.com/The-Login/DNS-Analyzer#infosec #pentesting #bugbounty
2023-06-29 16:19:00
​​SNAPPYDetecting rogue and fake 802.11 wireless access points through fingerprinting beacon management frames.https://github.com/SpiderLabs/snappyDetails:https://bit.ly/46sGGBN#cybersecurity #infosec #wifi
2023-06-29 12:16:00
​​AtlasReaperA command-line tool developed for offensive security purposes, primarily focused on reconnaissance of Confluence and Jira. It also provides various features that can be helpful for tasks such as credential farming and social engineering. The tool is written in C#.https://github.com/werdhaihai/AtlasReaper#infosec #pentesting #bugbounty
2023-06-29 12:15:00
​​CRTP-NotesStudy materials for the Certified Red Team Pentesting (CRTP) exam, covering essential concepts in red teaming and penetration testing.https://github.com/0xStarlight/CRTP-Notes#infosec #pentesting #redteam
2023-06-29 08:38:57
​​BOFMaskPoC for masking Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF).https://github.com/passthehashbrowns/BOFMask#infosec #pentesting #redteam
2023-06-29 08:36:58
​​Jormungandr A kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel. https://github.com/Idov31/Jormungandr #infosec #pentesting #redteam
2023-06-28 20:23:00
​​MaxMaximizing BloodHound with a simple suite of tools.https://github.com/knavesec/Max#infosec #pentesting #redteam
2023-06-28 16:20:00
​​NvdsearchA National Vulnerability Database (NVD) API query tool.https://github.com/optiv/nvdsearch#infosec #pentesting #bugbounty
2023-06-28 16:19:05
​​CVE-2023-26258Remote Code Execution in ArcServe UDP Backup.https://github.com/mdsecactivebreach/CVE-2023-26258-ArcServeDetails:https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/#cybersecurity #infosec #pentesting
2023-06-28 16:19:00
​​DorkLabWeb app tool for helping compose advance search operators (aka Google dorking AKA boolean searches) for a variety of search engines.https://github.com/rtwillett/DorkLab#OSINT #dork #infosec
2023-06-28 13:17:00
​​hakrevdnsSmall, fast, simple tool for performing reverse DNS lookups en masse. You feed it IP addresses, it returns hostnames. This can be a useful way of finding domains and subdomains belonging to a company from their IP addresses.https://github.com/hakluke/hakrevdns#cybersecurity #infosec
2023-06-28 13:16:08
​​Meta BugBountyCollection of Facebook Bug Bounty Writeups.https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups#cybersecurity #infosec #bugbounty
2023-06-28 13:16:07
​​Tele Helper#Telegram bot built with Python that provides a set of useful tools to help you.https://github.com/thesuhu/tele-helper#OSINT #cybersecurity #infosec
2023-06-28 13:16:00
​​CVE-2023-34840All versions in angular-ui-notification are vulnerable to XSS due to the library not sanitizing the input provided by the user.https://github.com/Xh4H/CVE-2023-34840#cve #cybersecurity #infosec
2023-06-28 10:20:39
​​Review AnalyzerA #Chrome Extension for #extracting valuable insights from reviews, generating concise summaries, sentiment analysis, and keyword extraction.https://github.com/serpapi/review-analyzer
2023-06-28 10:18:58
​​Deeper Connect PicoThe ultimate all-in-one solution for privacy, security, and passive income. This compact device serves as a smart VPN router, miner, hardware firewall, and more. Enjoy true internet freedom with blockchain-powered technology. Get lifetime access to the decentralized VPN, high-speed DPN, and decentralized CDN. Protect your network from cyber threats and mine cryptocurrencies effortlessly.Buy online: 🛒 https://amzn.to/46k0JT7#VPN #router #firewall
2023-06-28 07:11:28
​​🕷 VulnxAn intelligent bot auto shell injector that detects vulnerabilities in multiple types of cms.https://github.com/anouarbensaad/vulnx#infosec #pentesting #bugbounty
2023-06-28 05:36:24
​​PwnDoc-ng A pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. https://github.com/pwndoc-ng/pwndoc-ng #cybersecurity #infosec #pentesting
2023-06-28 05:33:28
​​PwnDoc-ngA pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. https://github.com/pwndoc-ng/pwndoc-ng#cybersecurity #infosec #pentesting
2023-06-27 16:20:00
​​Google CTFThis repository lists most of the challenges used in the Google CTF since 2017, as well as most of the infrastructure that can be used to run them.https://github.com/google/google-ctf#CTF #cybersecurity #infosec
2023-06-27 16:19:00
​​DeFi Attack VectorsThis Repository contains list of Common DeFi threat and Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.https://github.com/Quillhash/DeFi-Attack-Vectors#cybersecurity #infosec
2023-06-27 14:09:33
​​RedWarden Lite A lightweight HTTP/HTTPS reverse proxy for efficient, policy-based traffic filtering and redirection. Tested against: Octopus C2, GoPhish & Web Browsershttps://github.com/iomoath/RedWardenLiteAuthor:https://twitter.com/Moath_0x/status/1673687831246434304#cybersecurity #infosec #github
2023-06-27 13:17:00
​​Secret Fragment exploit v2This exploit is a V2 that provides clearer output, new code execution methods, and fixes a few bugs.Details:https://www.ambionics.io/blog/symfony-secret-fragment#infosec #pentesting #redteam
2023-06-27 13:16:05
​​♻️ CrackMapExec (a.k.a CME) A post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.https://github.com/mpgn/CrackMapExecWiki:https://wiki.porchetta.industries/#infosec #pentesting #redteam
2023-06-27 13:16:00
​​CVE-2023-35844Lightdash directory traversal.https://github.com/Szlein/CVE-2023-35844#cve #cybersecurity #infosec
2023-06-27 08:29:03
​​⚡️ Sophia Script for WindowsThe largest PowerShell module on GitHub for Windows 10 & Windows 11 for fine-tuning and automating the routine tasks. It offers more than 150 unique tweaks, and shows how Windows can be configured without making any harm to it.https://github.com/farag2/Sophia-Script-for-Windows#cybersecurity #infosec #privacy
2023-06-27 08:29:01
​​ESP RFID Tool Wifi readerThe ESP RFID Tool Wifi reader is a powerful data logger designed for security testing. It captures raw binary data from a 5V Wiegand Interface, allowing security researchers to analyze and assess access control systems. It logs credentials from RFID card readers and supports various card types, making it ideal for red team assessments. The tool aids in identifying and cloning badges, replaying captured data, and fuzzing access control systems. With its versatility and portability, it serves as an essential device for security professionals conducting thorough security testing and analysis.Buy online: 🛒 https://bit.ly/3PpDzVa#RFID #wifi #logger
2023-06-25 13:16:06
​​Jormungandr A kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.https://github.com/Idov31/Jormungandr#infosec #pentesting #redteam
2023-06-25 13:16:05
​​ThothCairo/Starknet security toolkit (bytecode analyzer, disassembler, decompiler, symbolic execution, SBMC)https://github.com/FuzzingLabs/thoth#cybersecurity #infosec
2023-06-25 13:16:00
​​Dao-ExploitCryptanalysis of the DAO exploit & Multi-Stage Attack.https://github.com/demining/Dao-Exploit#cybersecurity #infosec
2023-06-24 13:16:00
​​limbaCompile-time control flow obfuscation using MBA (Mixed Boolean-Arithmetic). This project is derived from another project I am working on named limbo, which is why the project files use this name. Keep in mind that this is more of a proof-of-concept rather than something ready to use in production code.https://github.com/ThatLing/limba#cybersecurity #infosec
2023-06-24 09:18:24
​​PrimusC2A C2 framework built for my bachelors thesis at KEA - Københavns Erhvervsakademi - WORK IN PROGRESS - expect bugs and missing features.• Python C2 server• Nim Implant• Bypass AMSI• Powershell in unmanged runspace• GetAV - current anti-virus products installed• Powershell download cradle• Dynamic implant generation• Automated Redirector setup via Digital Ocean VPShttps://github.com/Primusinterp/PrimusC2#infosec #pentesting #redteam
2023-06-23 20:23:00
​​SnafflerA tool for pentesters and red teamers to help find delicious candy needles (creds mostly, but it's flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment).https://github.com/SnaffCon/Snaffler#infosec #pentesting #redteam
2023-06-23 16:20:00
​​NimExecFileless Command Execution for Lateral Movement in Nim.https://github.com/frkngksl/NimExec#infosec #pentesting #redteam
2023-06-23 16:19:00
RPC FirewallCheck out our RPC Firewall blog post or our BlackHat talk to gain better understanding of RPC, RPC attacks and the solution: the RPC Firewall.https://github.com/zeronetworks/rpcfirewall#cybersecurity #infosec
2023-06-23 12:33:14
​​Invoke-PowerExtractThis tool is able to parse memory dumps of the LSASS process without any additional tools (e.g. Debuggers) or additional sideloading of mimikatz. It is a pure PowerShell implementation for parsing and extracting secrets (LSA / MSV and Kerberos) of the LSASS process.https://github.com/powerseb/PowerExtract#infosec #pentesting #redteam
2023-06-23 08:04:37
​​RS-ShellA dirty PoC for a reverse shell with cool features in Rust.https://github.com/BlWasp/rs-shell#infosec #pentesting #redteam
2023-06-22 17:28:53
​​Dear Yamada noriomiWe wanted to take a moment to express our sincere gratitude for your generous donation to our Telegram channel. Your support means a lot to us and will greatly contribute to the growth and improvement of our community.Thank you for believing in our mission and for your willingness to contribute. Your generosity inspires us to keep providing valuable content and services to our subscribers.Once again, we want to say a big thank you for your donation. We truly appreciate your support.Best regards, HackGit
2023-06-22 16:20:00
​​kbtlsKey-Based TLS - Mutually Trusted TLS Connections Based on a Pre-Shared Connection Key.https://github.com/RedTeamPentesting/kbtls#infosec #pentesting #redteam
2023-06-22 13:17:00
​​GhostFartUnhooking is performed via indirect syscalls Leveraging NTAPI to grab NTDLL for unhooking without triggering "PspCreateProcessNotifyRoutine"https://github.com/mansk1es/GhostFart#cybersecurity #infosec
2023-06-22 13:16:06
​​Semgrep Rules for Android Application SecurityA collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.https://github.com/mindedsecurity/semgrep-rules-android-security#cybersecurity #infosec
2023-06-22 13:16:05
​​CVE-2023-1454Jeecg Boot qurestSql SQL vulnhttps://github.com/Sweelg/CVE-2023-1454-Jeecg-Boot-qurestSql-SQLvuln#cve #cybersecurity #infosec
2023-06-22 13:16:00
​​CVE-2023-27997Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing.https://github.com/BishopFox/CVE-2023-27997-check#cve #cybersecurity #infosec
2023-06-22 08:34:21
​​Spartacus DLL/COM Hijacking Toolkit.https://github.com/Accenture/Spartacus#infosec #pentesting #redteam
2023-06-20 16:20:00
​​IIS Short Name ScannerLatest version of scanners for IIS short filename (8.3) disclosure vulnerability.https://github.com/irsdl/IIS-ShortName-Scanner#cybersecurity #infosec #pentesting
2023-06-20 16:19:00
​​Codegate 2023 Qualifiers statementFor those who are not aware, this weekend Kalmarunionen participated in the Codegate 2023 qualifier CTF. This is a very competitive qualifier, where the top 9 teams are allowed to attend the offline finals in Seoul, South Korea, in the fall, where they will compete for a share of a >$50k prize pool.https://github.com/kalmarunionenctf/codegate-statement#CTF #cybersecurity #infosec
2023-06-20 12:12:27
​​Google Calendar RATA PoC of Command&Control (C2) over Google Calendar Events, This tool has been developed for those circumstances where it is difficult to create an entire red teaming infrastructure.https://github.com/MrSaighnal/GCR-Google-Calendar-RAT#infosec #pentesting #redteam
2023-06-20 11:51:43
​​WebPalmA powerful command-line tool for website mapping and web scraping. With its recursive approach, it can generate a complete tree of all webpages and their links on a website. It can also extract data from the body of each page using regular expressions, making it an ideal tool for web scraping and data extraction.https://github.com/Malwarize/webpalm#infosec #pentesting #bugbounty
2023-06-20 11:24:53
CyberChefThe Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.https://github.com/gchq/CyberChefWeb:https://gchq.github.io/CyberChef#infosec #pentesting #bugbounty
2023-06-20 07:34:11
​​ALFA AWUS036ACSCompact dual-band WiFi USB adapter that works according to 802.11ac and features data rates of up to 600Mbps. The AWUS036ACS WiFi USB adapter supports all common standards (IEEE 802.11a/b/g/n/ac) and is fully backwards compatible with the older WiFi standards.AWUS036ACS is the cheapest USB Wireless Adapter available in the market which supports dual-band 2.4 and 5Ghz. It supports both monitor mode and packet injection mode.Buy online: 🛒 https://amzn.to/3NBcFsl#wifi #adapter #alfa
2023-06-19 16:20:00
​​🔑 MantraA tool used to hunt down API key leaks in JS files and pages.https://github.com/MrEmpy/Mantra#infosec #pentesting #redteam
2023-06-19 16:19:00
​​Active Directory Advanced Threat HuntingIdentify vulnerabilities before others do!https://github.com/tomwechsler/Active_Directory_Advanced_Threat_Hunting#cybersecurity #infosec #pentesting
2023-06-19 12:16:00
​​Scanners-BoxA powerful and open-source toolkit for hackers and security automation.https://github.com/We5ter/Scanners-Box#infosec #pentesting #redteam
2023-06-19 12:15:05
​​CVE-2023-29343This is PoC for arbitrary file write bug in Sysmon version 14.14https://github.com/Wh04m1001/CVE-2023-29343#cve #cybersecurity #infosec
2023-06-19 12:15:00
​​HHbackdoor v.0.3This part of the backdoor is still in development this is just a preview of the code!https://github.com/Levi-python/HHbackdoor-V0.3#infosec #pentesting #redteam
2023-06-19 09:05:16
​​HacktricksWelcome to the wiki where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.https://github.com/carlospolop/hacktricksWeb:https://book.hacktricks.xyz/welcome/readme#infosec #pentesting #redteam
2023-06-17 20:23:00
​​SurfEscalate your SSRF vulnerabilities on Modern Cloud Environments. surf allows you to filter a list of hosts, returning a list of viable SSRF candidates.https://github.com/assetnote/surf#pentesting #redteam #bugbounty
2023-06-17 13:16:08
​​CVE-2023-32315Openfire Bypasshttps://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass#cve #cybersecurity #infosec
2023-06-17 13:16:00
​​CVE-2023-23333SolarView Compact through 6.00 downloader.php commands injection (RCE) nuclei-templates.https://github.com/Mr-xn/CVE-2023-23333#cve #cybersecurity #infosec
2023-06-17 06:39:12
​​HackyPiThe Ultimate DIY USB Hacking Tool for Security Professionals and Ethical Hackers. Explore data logging, encryption, and coding. Built around Raspberry Pi RP2040 microcontroller. Learn to write programs, practice ethical hacking techniques, and expand cybersecurity skills. Compatible with Windows, Mac, and Linux. Open-source hardware with Python support. Create custom programs in multiple languages. Powerful processor, onboard display, and SD card support. Ideal for learning, education, and ethical hacking.Buy online: 🛒 https://amzn.to/3NyxfJJ#USB #DIY #Raspberry
2023-06-16 16:20:00
​​PHP Cookie StealerThis project is a simple PHP script used to demonstrate how an attacker can steal cookies. It captures the victim's cookie, IP address, user agent, and geographical details, and then logs this information.https://github.com/noxvix/Xss-Exploitation#infosec #pentesting #redteam
2023-06-16 16:19:00
​​Vulnerability_PoCThe PoC/Exploit of some interesting vulnerabilities.https://github.com/numencyber/Vulnerability_PoC#cybersecurity #infosec
2023-06-16 12:31:39
​​AirGuardProtect yourself from being tracked 🌍 by #AirTags 🏷 and Find My accessories 📍https://github.com/seemoo-lab/AirGuard
2023-06-16 12:16:00
​​NucleiFuzzer A powerful automation tool for detecting xss,sqli,ssrf,open-redirect..etc vulnerabilities in web applications.https://github.com/0xKayala/NucleiFuzzer#infosec #pentesting #bugbounty
2023-06-16 12:15:06
​​One-Liner-CollectionsThis Repositories contains list of One Liners with Descriptions and Installation requirements.https://github.com/thecybertix/One-Liner-Collections#infosec #pentesting #bugbounty
2023-06-16 12:15:05
​​gzip-js-injectorGZIP Page Zero Overhead Injection.https://github.com/EtherDream/gzip-js-injector#infosec #pentesting #redteam
2023-06-16 12:15:00
​​CVE-2022-38694An attacker with physical access to the device can overwrite a function pointer somewhere in the BootROM data section or a return address stored on the stack and execute their own code with BootROM privileges.https://github.com/TomKing062/CVE-2022-38694_unlock_bootloader#cve #cybersecurity #infosec
2023-06-16 09:24:06
​​HBSQLIAutomated tool for testing header based blind sql injection.https://github.com/SAPT01/HBSQLI#infosec #pentesting #bugbounty
2023-06-15 12:16:00
​​RedTeamScriptsThis repo will contain some random Red Team Scripts that I made that can be useful for others.https://github.com/api0cradle/RedTeamScripts#infosec #pentesting #redteam
2023-06-15 12:15:00
​​Python3 C2 Course Code Modules• SMTP Module• File Transfer Module• Securing Your Payload Channelshttps://github.com/dievus/Python3-C2-Course-Code-Modules#infosec #pentesting #redteam
2023-06-14 12:16:00
​​InveighA cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. This repo contains the primary C# version as well as the legacy PowerShell version.https://github.com/Kevin-Robertson/Inveigh#cybersecurity #infosec #pentesting
2023-06-14 12:15:06
​​KillersExploitation of process killer drivers.https://github.com/xalicex/Killers#infosec #pentesting #redteam
2023-06-14 12:15:05
​​Awesome IntelligenceA collaboratively curated list of awesome Open-Source Intelligence (OSINT) Resources.https://github.com/ARPSyndicate/awesome-intelligence#OSINT #cybersecurity #infosec
2023-06-14 12:15:00
​​peetchA collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections.https://github.com/quarkslab/peetch#cybersecurity #infosec #redteam
2023-06-14 10:43:17
​​C2-HunterReal-time extraction of C2 traffic.https://github.com/ZeroMemoryEx/C2-Hunter#infosec #pentesting #redteam
2023-06-14 06:56:42
CVE-2023-34965SSPanel UIM is a multi-purpose agency service sales management system specially designed for Shadowsocks / V2Ray / Trojan protocols. SSPanel-Uim version before 2023.3 does not restrict access to the /link/ interface,which can lead to a leak of user subscription information.https://github.com/AgentY0/CVE-2023-34965#cve #cybersecurity #infosec
2023-06-12 12:16:00
​​SharpTerminatator Terminate AV/EDR Processes using kernel driver. SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable. https://github.com/mertdas/SharpTerminator#infosec #pentesting #redteam
2023-06-12 12:15:00
​​C_revshellBasic reverse shell in C using socket() with complete explanationhttps://github.com/pwnwithlove/C_revshell#infosec #pentesting #redteam
2023-06-11 16:20:00
​​onedrive_user_enum v2.00Pentest tool to enumerate valid o365 users.https://github.com/nyxgeek/onedrive_user_enum#cybersecurity #infosec #pentesting
2023-06-11 12:16:00
​​toxssin Penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js).This project started as (and still is) a research-based creative endeavor to explore the exploitability depth that an XSS vulnerability may introduce by using vanilla JavaScript, trusted certificates and cheap tricks.https://github.com/t3l3machus/toxssin#infosec #pentesting #redteam
2023-06-11 12:15:00
​​Cloudflare Tunnel Ingress ControllerTLDR; This project simplifies exposing Kubernetes services to the internet easily and securely using Cloudflare Tunnel.https://github.com/STRRL/cloudflare-tunnel-ingress-controller#cybersecurity #infosec
2023-06-11 08:11:00
​​spraycharlesLow and slow password spraying tool, designed to spray on an interval over a long period of time.https://github.com/Tw1sm/spraycharles#infosec #pentesting #redteam
2023-06-10 07:06:10
​​April UART SD loggerThe April logger is a versatile data logger designed for logging serial data from your projects. It supports high-capacity microSD cards and offers the option to transfer logs to a remote server via WiFi. Based on the ESP32 C3 chip, it features WiFi and USB support. The board can be easily programmed via the Type-C USB connector. Additionally, it comes with a DS1302 RTC module for real-time information. The logger provides a user-friendly experience with its preloaded firmware and offers flexible power options, including 3.3V, 5V, and USB. The board also includes a button for programming and logging configuration can be easily managed through the config.json file.Buy online: 🛒 https://bit.ly/43x3gaF#USB #logger #ESP32 #wifi
2023-06-09 20:24:00
​​PhoneInfogaInformation gathering framework for phone numbers.https://github.com/sundowndev/PhoneInfoga#OSINT #infosec #recon #best
2023-06-09 16:20:00
​​NODESUBA command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides flexible options for customization.https://github.com/pikpikcu/nodesub#infosec #pentesting #bugbounty
2023-06-09 16:19:00
​​Ransomware MapMap tracking #ransomware ecosystem, by OCD World Watch team.https://github.com/cert-orangecyberdefense/ransomware_map#cybersecurity #infosec
2023-06-09 13:41:38
​​horQRuxBy splitting a #QR code into 7 fragments, we may physically split and distribute a #secret into the real world. For example by printing the QR fragments onto transparent paper and handing them out to multiple people.https://github.com/jzck/horqrux
2023-06-09 12:16:00
​​BansheeExperimental Windows x64 Kernel Rootkit.https://github.com/eversinc33/Banshee#infosec #pentesting #redteam
2023-06-09 12:15:05
​​Threat hunting/detecting using KQL queriesA repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft 365 Defender.https://github.com/cyb3rmik3/KQL-threat-hunting-queries#cybersecurity #infosec
2023-06-09 12:15:00
​​IndoXploit-Shell https://github.com/flux10n/IndoXploit-WebShell#infosec #pentesting #redteam
2023-06-08 20:24:00
​​Shellcode PageSplitSplitting and executing shellcode across multiple pages.https://github.com/x0reaxeax/PageSplit#infosec #pentesting #redteam
2023-06-08 20:23:05
​​BypassNeo-reGeorgAnti-kill version Neo-reGeorg.https://github.com/r00tSe7en/BypassNeo-reGeorg#infosec #pentesting #redteam
2023-06-08 20:23:00
​​Instagram-LookupThis script allows you to search for an Instagram profile using user ID or retrieve a profile's ID by username. It utilizes the Instagram API to retrieve profile information based on the provided input.https://github.com/AyalX/Instagram-Lookup#OSINT #recon #infosec
2023-06-07 17:20:00
​​DietPiLightweight justice for your single-board #computer!DietPi is an extremely lightweight #Debian-based #OS. It is highly optimised for minimal CPU and RAM resource usage, ensuring your SBC always runs at its maximum potential.https://github.com/MichaIng/DietPi
2023-06-07 16:20:00
​​IRCPA robust information gathering tool for large scale reconnaissance on Internet Relay Chat servers.https://github.com/internet-relay-chat/IRCP#cybersecurity #infosec #pentesting
2023-06-07 16:19:00
​​🍞 BREADBREAD (BIOS Reverse Engineering & Advanced Debugging) is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable.https://github.com/Theldus/bread#cybersecurity #infosec #reverse
2023-06-07 12:28:11
​​CSRFSharkA utility for manipulating cross-site request forgery attacks. It allows to easily generate a CSRF PoC based on a given HTTP/CURL requests with further possibility to get a permanent link to the result.https://github.com/csrfshark/appWeb:https://csrfshark.github.io/app/#infosec #pentesting #bugbounty
2023-06-07 12:16:00
​​Offensive BookmarksA collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics.https://github.com/kargisimos/offensive-bookmarks#infosec #pentesting #redteam
2023-06-07 12:15:06
​​tun2socksPowered by gVisor TCP/IP stack.https://github.com/xjasonlyu/tun2socks#cybersecurity #infosec #privacy
2023-06-07 12:15:00
​​CatSnifferCatSniffer is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things) devices. It was designed as a highly portable USB stick that integrates the new chips TI CC1352, Semtech SX1262, and Microchip SAMD21E17.https://github.com/ElectronicCats/CatSniffer#cybersecurity #infosec #pentesting
2023-06-07 09:52:05
​​GrypeA vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.https://github.com/anchore/grype#cybersecurity #infosec #best
2023-06-06 16:20:00
​​PowerSploit A collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.https://github.com/Dec0ne/PowerSploit#infosec #pentesting #redteam
2023-06-06 12:16:00
​​TerminatorReproducing Spyboy technique to terminate all EDR/XDR/AVs processes.https://github.com/ZeroMemoryEx/Terminator#infosec #pentesting #redteam
2023-06-06 12:15:05
​​CAMEbruteforcerFlipperZero Sub Files To #BruteForce CAME 12bit Gate.https://github.com/BitcoinRaven/CAMEbruteforcer#cybersecurity #infosec #pentesting
2023-06-06 12:15:00
​​OWASP WrongSecretsThe game is packed with real life examples of how to not store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy.https://github.com/OWASP/wrongsecrets#cybersecurity #infosec #pentesting
2023-06-05 18:29:18
​​Arts Of Get SystemThis directory is for PoCs to help learning how to get SYSTEM privilege.https://github.com/daem0nc0re/PrivFu/tree/main/ArtsOfGetSystem#infosec #pentesting #redteam
2023-06-05 17:55:00
​​TorA python based module for using tor proxy/network services on windows, osx, linux with just one click.https://github.com/r0oth3x49/Tor#cybersecurity #infosec #privacy
2023-06-05 17:51:53
​​DavRelayUpA universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).https://github.com/yasserbdj96/hiphp#infosec #pentesting #redteam
2023-06-05 17:49:40
​​HiphpFree & Open source project for create a BackDoor to control PHP-based sites.https://github.com/yasserbdj96/hiphp#infosec #pentesting #redteam
2023-06-05 12:15:00
​​msa-exploit-checkerPoC and checker tool to detect if "The Exploit" for Microsoft accounts is enabled.https://github.com/george/msa-exploit-checker#cybersecurity #infosec
2023-06-05 07:58:49
​​EvilCrow KeyloggerA WiFi keylogger with a Micro SD slot, based on Atmega32U4 microcontroller and ESP32-PICO module. It is designed for hackers and cybersecurity enthusiasts.Repository:https://github.com/joelsernamoreno/EvilCrow-KeyloggerBuy online: 🛒 https://bit.ly/3OTGXaA#usb #wifi #evilcrow #keylogger
2023-06-04 16:20:00
​​RegStrikeA .reg payload generator.https://github.com/itaymigdal/RegStrike#infosec #pentesting #redteam
2023-06-04 16:19:00
​​2023-33381OS command injection on MitraStar GPT-2741GNAC.https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC#cve #cybersecurity #infosec
2023-06-04 12:16:00
​​HackBrowserData Command-line tool for decrypting and exporting browser data ( passwords, history, cookies, bookmarks, credit cards, download records, localStorage and extension ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.https://github.com/moonD4rk/HackBrowserData#infosec #pentesting #redteam
2023-06-04 12:15:00
​​CVE-2023-33733This write-up details how an RCE in Reportlab - was found and exploited. Due to the prevalence of Reportlab in HTML to PDF processing, this vulnerability may be reachable in many applications that process PDF files, making this an important one to patch and look out for.https://github.com/c53elyas/CVE-2023-33733#cve #cybersecurity #infosec
2023-06-02 20:24:00
​​GeoWordlistsA tool to generate wordlists of passwords containing cities at a defined distance around the client city.https://github.com/p0dalirius/GeoWordlists#infosec #pentesting #redteam
2023-06-02 16:20:00
​​Js FindingA Python tool for extracting JavaScript (JS) files from a given list of domains. This tool utilizes various utilities such as waybackurls, gauplus, and subjs to perform JS file extraction from the specified domains.https://github.com/pikpikcu/js-finding#infosec #redteam #bugbounty
2023-06-02 16:19:00
​​Smart Contract Vulnerabilitieshttps://github.com/kadenzipfel/smart-contract-vulnerabilities#infosec #pentesting #bugbounty
2023-06-02 12:16:00
​​ntlmscanScan for NTLM directories.Reliable targets are:• OWA servers• Skype for Business/Lync servers• Autodiscover servers (autodiscover.domain.com and lyncdiscover.domain.com)• ADFS servershttps://github.com/nyxgeek/ntlmscan#infosec #pentesting #redteam
2023-06-02 12:15:00
​​MFA Bombing Tools for OktaThis GitHub repository contains a couple of tools that relate to MFA bombing on accounts in Okta, MFA Bombing is also sometimes known as "MFA Fatigue Attack", "MFA Spamming", and other names...https://github.com/authomize/mfa-bombing#cybersecurity #infosec
2023-06-01 20:23:00
​​HALAHALA offers a powerful capability that enables you to identify reflected parameters within the response, providing valuable assistance in your testing and hacking endeavors.https://github.com/whalebone7/Hala#infosec #pentesting #redteam
2023-06-01 16:20:00
​​CRTERA command-line tool for fetching subdomains using the CRT.SH certificate search engine. It allows you to provide a list of domain names or fully-qualified domain names (FQDNs) and retrieve the associated subdomains. The tool fetches the subdomains from CRT.SH and saves them to an output file.https://github.com/Micro0x00/CRTER#infosec #pentesting #bugbounty
2023-06-01 16:19:00
​​CVE-2023-23638Apache Dubbo Vulnerability Exploitation Engineering Practice, covering Dubbo 3.x from service discovery to vulnerability exploitation and reverse display. https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp#cve #poc #cybersecurity #infosec
2023-06-01 12:35:09
Offensive-Resources V3A Huge Learning Resources with Labs For Offensive Security Players.https://github.com/Zeyad-Azima/Offensive-Resources#infosec #pentesting #redteam
2023-06-01 12:16:00
​​WordlistsReal-world infosec wordlists, updated regularly! These wordlists are based on the source code of the CMSes/servers/frameworks listed here. The current wordlists include:• Wordpress• Joomla• Drupal• Magento• Ghost• Tomcat https://github.com/trickest/wordlists#infosec #pentesting #bugbounty
2023-06-01 12:15:00
CVE-2023-3009Stored #XSS on item name - Bypassing CVE-2023-2516 in TeamPass < 3.0.9 - by M Nadeem Qazi.https://github.com/mnqazi/CVE-2023-3009#cve #cybersecurity #infosec
2023-05-31 20:23:00
​​ScrapingKitScraping Kit is made up of several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if you have popped a user's desktop and their outlook client.https://github.com/LaresLLC/ScrapingKit#infosec #pentesting #redteam
2023-05-31 16:19:00
​​APKLeaksScanning APK file for URIs, endpoints & secrets.https://github.com/dwisiswant0/apkleaks#pentesting #infosec #bugbounty
2023-05-31 12:15:00
​​AnalyticsRelationshipsThis script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First search for ID of Google Analytics in the webpage and then request to builtwith and hackertarget with the ID.https://github.com/Josue87/AnalyticsRelationships#pentesting #redteam #bugbounty
2023-05-31 09:13:04
​​DNSMORPHA domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs.https://github.com/netevert/dnsmorph#infosec #pentesting #redteam
2023-05-30 12:16:00
​​Red Teaming & Pentesting checklists for various engagementsEven though, a penetration test is a creative process most people maintain private checklists to ensure that they will not forget to test networks, systems and applications against various scenarios and maintain the overall quality of the assessment.https://github.com/netbiosX/Checklistsinfosec #pentesting #redteam
2023-05-30 12:15:00
​​CVE-2023-33246Apache rocketmq remote code execution vulnerability.https://github.com/I5N0rth/CVE-2023-33246#cve #cybersecurity #infosec
2023-05-29 20:23:00
​​SshimpanzeeA reverse shell based on sshd supporting DNS and ICMP Tunnelling as well as HTTP and Socks Proxies.https://github.com/lexfo/sshimpanzee#infosec #pentesting #redteam
2023-05-29 16:20:00
​​Cymulate FrameworkA framework to help #redteam construct fully customizable and automated APT attacks easily.https://github.com/opabravo/cymulate-framework#cybersecurity #infosec #pentesting
2023-05-29 16:19:07
​​amd-lm32-smu-exploitGeneric #exploit for all version 7 (maybe others) LM32-based AMD SMU's used in APUs (and probably works on GPUs too)https://github.com/jevinskie/amd-lm32-smu-exploit#cybersecurity #infosec
2023-05-29 16:19:00
​​RepeaterSearchThis #burpsuite plugin adds a search bar to Repeater that allows you to search Requests and/or Responses for a string. Regex is also supported.https://github.com/Static-Flow/RepeaterSearch#infosec #infosec #bugbounty
2023-05-29 12:16:00
​​Cookie-Graber-BOFC or BOF file to extract WebKit master key to decrypt user cookie. The C code can be used to compile an executable or a bof script for #CobaltStrike.https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF#infosec #pentesting #redteam
2023-05-29 12:15:05
​​OSINT QuickStartIncludes quick start guides for #Shodan and Censys #OSINT search engines.https://github.com/utilsec/osint#cybersecurity #infosec
2023-05-29 12:15:00
​​CVE-2023-32315Administration Console authentication bypass in openfire xmppserver.https://github.com/advisories/GHSA-gw42-f939-fhvm#cve #cybersecurity #infosec
2023-05-28 16:20:00
​​Storm-BreakerSocial engineering tool [Access Webcam & Microphone & Location Finder] With Python.https://github.com/ultrasecurity/Storm-Breaker#infosec #pentesting #redteam
2023-05-28 16:19:00
​​Link-X A Hack-Via-Link ToolKit. Including: Camera, Voice, Location Etc*4https://github.com/Toxic-Noob/Link-X#infosec #pentesting #redteam
2023-05-28 12:16:00
​​SQLiDetectorSimple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.https://github.com/eslam3kl/SQLiDetector#infosec #pentesting #bugbounty
2023-05-28 12:15:05
​​433Screen-SignalHackerFull duplex 433 MHz Signal jammer, recorder, decoder and hacking multitool device based on ESP32 microcontroller and RFM69HW radios. This version of the device provides an OLED screen and simple UI to navigate menus and different hacks/modes/settings.https://github.com/luispl77/433Screen-SignalHacker#cybersecurity #infosec #pentesting
2023-05-28 12:15:00
​​websurfxAn open source alternative to searx which provides a modern-looking, lightning-fast, privacy respecting, secure, self-hostable meta search engine with ad free clean results, high level of customizability and many other features while keeping privacy and security in mind.https://github.com/neon-mmd/websurfx#cybersecurity #infosec #privacy
2023-05-28 08:01:00
​​Presentation SlidesCollections of Dhiyaneshwaran public presentation slides.https://github.com/DhiyaneshGeek/My-Presentation-Slides#cybersecurity #infosec #pentesting
2023-05-27 16:20:00
​​google-dorkshttps://github.com/CorrieOnly/google-dorks#infosec #pentesting #bugbounty
2023-05-27 16:19:00
​​ChameleonChameleon provides better content discovery by using wappalyzer's set of technology fingerprints alongside custom wordlists tailored to each detected technologies. The tool is highly customizable and allows users to add in their own custom wordlists, extensions or fingerprints.https://github.com/iustin24/chameleon#infosec #pentesting #bugbounty
2023-05-27 12:16:00
​​TypewriterA subdomain permutation tool written in Rust and heavily based on Gotator.• Permutations with the - character!• Unlimited depth, limited only by your computer!• Deduplication by default!https://github.com/projectmonke/typewriter#infosec #pentesting #bugbounty
2023-05-27 12:15:00
​​Awesome-anti-forensicTools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.https://github.com/shadawck/awesome-anti-forensic#cybersecurity #infosec #forensic
2023-05-27 09:12:29
​​x8Hidden parameters discovery suite written in Rust.The tool aids in identifying hidden parameters that could potentially be vulnerable or reveal interesting functionality that may be missed by other testers. Its high accuracy is achieved through line-by-line comparison of pages, comparison of response codes, and reflections.https://github.com/Sh1Yo/x8#infosec #pentesting #bugbounty
2023-05-26 12:16:00
Hidden Desktop BOFHidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved, but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++.https://github.com/WKL-Sec/HiddenDesktop#infosec #pentesting #redteam
2023-05-26 12:15:06
​​WhatMailA command-line tool that analyzes the header of an email and provides detailed information about various fields.https://github.com/z0m31en7/WhatMail#OSINT #cybersecurity #infosec
2023-05-26 12:15:05
​​CVE-2023-30145Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.https://github.com/paragbagul111/CVE-2023-30145#cve #cybersecurity #infosec
2023-05-26 12:15:00
​​codeexplain.nvimA nvim plugin Powered by GPT4ALL for Real-time Code Explanation and Vulnerability Detection (no internet necessary).https://github.com/mthbernardes/codeexplain.nvim#cybersecurity #infosec
2023-05-25 20:24:00
​​LOOBinsLiving Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.https://github.com/infosecB/LOOBinsWeb:https://www.loobins.io/#infosec #cybersecurity #blueteam
2023-05-25 20:23:00
​​Top25 Parameter For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual #recon.https://github.com/lutfumertceylan/top25-parameter#infosec #pentesting #bugbounty
2023-05-25 16:20:00
​​Logger++ A multithreaded logging extension for #BurpSuite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.https://github.com/nccgroup/LoggerPlusPlus#infosec #pentesting #bugbounty
2023-05-25 16:19:00
​​Jira-ScanProvide a list of websites to test with out the http or https and this will test each one for the SSRF vun.https://github.com/random-robbie/Jira-Scan#infosec #pentesting #bugbounty
2023-05-25 12:16:00
​​ROPfuscatorROPfuscator is a fine-grained code obfuscation framework for LLVM-supported languages using ROP (return-oriented programming). ROPfuscator obfuscates a program at the assembly code level by transforming regular instructions into ROP chains, thwarting our natural conception of normal control flow.https://github.com/ropfuscator/ropfuscator#cybersecurity #infosec
2023-05-25 12:15:06
​​Geekworm PiKVM-A3 Kit for Raspberry Pi 4 Open-source KVM Over IPThe PiKVM-A3 kit is designed and based on Raspberry Pi 4B, also support Raspberry Pi 3B/3B+, but since Pi3 without OTG interface, when PiKVM-A3 is used with Pi3, OTG analog keyboard and mouse cannot be used.PiKVM is a very powerful and Open Source Software which allows for a remote connection via your Raspberry Pi to turn on/off or restart your computer, configure the UEFI/BIOS, and even reinstall the OS using the Virtual CD-ROM or Flash Drive. You can use your remote keyboard and mouse or PiKVM can simulate a keyboard, mouse, and a monitor, which are then presented in a web browser as if you were working on a remote system directly. It's true hardware-level access with no dependency on any remote ports, protocols or services! (KVM - Keyboard Video Mouse.)Buy online:🛒 https://amzn.to/3MVtVIt🛒 https://bit.ly/3MTxmPI#raspberry #pikvm #remote #board #minipc
2023-05-25 12:15:05
​​GitFive#OSINT tool to investigate GitHub profiles.https://github.com/mxrch/GitFive#cybersecurity #infosec
2023-05-25 12:15:00
CVE-2023-2859Stored HTML injection in folderName affecting Admin in TeamPass <3.0.9https://github.com/mnqazi/CVE-2023-2859#cve #cybersecurity #infosec
2023-05-24 20:24:00
​​Chrome Cookie Stealer (and injector)Steal/Inject Chrome cookies over the DevTools (--remote-debugging-port) protocol.https://github.com/magisterquis/chromecookiestealer#infosec #pentesting #redteam
2023-05-24 20:23:00
​​Ransomware NotesThis is a collection of various #ransomware notes from the past to the present.https://github.com/threatlabz/ransomware_notes#cybersecurity #infosec
2023-05-24 16:20:00
​​Malleable-CS-ProfilesA list of python tools to help create an OPSEC-safe Cobalt Strike profile. This is the Github repository of the relevant blog post: Unleashing the Unseen: Harnessing the Power of Cobalt Strike Profiles for EDR Evasion.https://github.com/WKL-Sec/Malleable-CS-Profiles#infosec #pentesting #redteam
2023-05-24 16:19:00
​​PyRDPRDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact.https://github.com/GoSecure/pyrdp#infosec #pentesting #redteam
2023-05-24 12:16:00
​​SubScraperPerform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing.https://github.com/m8sec/subscraper#infosec #pentesting #bugbounty
2023-05-24 12:15:00
​​opera-proxyStandalone Opera VPN client. Just run it and it'll start a plain HTTP proxy server forwarding traffic through "Opera VPN" proxies of your choice. By default the application listens on #infosec #privacy
2023-05-24 07:15:14
​​Detections - Browser Credential HarvestingWeb browsers today allow users to store their username and passwords, directly to log into their application of choice. Threat actors can retrieve these credentials using either the Windows API or decrypting specific files. This detection strategy focuses on specific files that are needed by the attacker to retrieve the user’s web browser stored credentials.https://github.com/cybergoatpsyops/detections/tree/main/techniques/webCredentialHarvest#cybersecurity #infosec
2023-05-23 20:23:00
​​Keyhacks A repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.https://github.com/streaak/keyhacks#infosec #pentesting #bugbounty
2023-05-23 16:19:00
​​PCAPeek A proof-of-concept re-assembler for reverse VNC traffic such as IcedID & Qakbot's VNC Backdoors.https://github.com/0xThiebaut/PCAPeek#cybersecurity #infosec
2023-05-23 12:16:00
​​ShellcryptA single-file cross-platform quality of life tool to obfuscate a given shellcode file and output in a useful format for pasting directly into your source code.https://github.com/iilegacyyii/Shellcrypt#infosec #pentesting #redteam
2023-05-23 12:15:06
​​Damn Vulnerable BankDamn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.https://github.com/rewanthtammana/Damn-Vulnerable-Bank#cybersecurity #infosec #pentesting
2023-05-23 12:15:00
​​File Archiver In The BrowserTwo sample phishing templates that can be used with .zip domains to emulate a file archiver in the browser.https://github.com/mrd0x/file-archiver-in-the-browserFile Archiver In The Browser:https://mrd0x.com/file-archiver-in-the-browser/#infosec #pentesting #redteam
2023-05-23 09:27:18
​​DSTIKE D&B Watch (V4)A unique wearable device that combines the functionalities of a Deauther and BadUSB. It features an ESP8266 module with enhanced signal search capabilities and the addition of an Atmega32u4 chip (Arduino Leonardo), allowing for BadUSB attacks. The watch offers various programmable buttons for executing different commands and can be reprogrammed using the Arduino IDE. It also includes solder pads for connecting the ESP8266 with the Atmega32u4, enabling additional functionalities like the Wi-Fi Duck. The battery has been upgraded to 1000mAh, providing longer usage time, and the watch comes with a durable silicone strap.With a redesigned 3D case and the inclusion of a bottom acrylic board for protection, the watch boasts an improved design. Charging can be done through two USB ports, although it is advised not to charge simultaneously. Experience the power of deauthentication and bad USB attacks in this feature-rich wearable device.Buy online: 🛒 https://bit.ly/4315RJO🛒 https://amzn.to/43g5CuF#badusb #dstike #watch #esp8266
2023-05-23 07:15:44
​​Web application pentesting checklist A OWASP Based Checklist With 500+ Test Cases. https://github.com/Hari-prasaanth/Web-App-Pentest-Checklist #infosec #pentesting #bugbounty
2023-05-22 16:19:00
​​interactshOpen-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions.https://github.com/projectdiscovery/interactsh#pentesting #redteam #bugbounty
2023-05-22 12:16:00
​​MaccaroniC2 A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration.https://github.com/CalfCrusher/MaccaroniC2#infosec #pentesting #redteam
2023-05-22 12:15:06
​​KeeFarce RebornA standalone DLL that exports databases in cleartext once injected in the KeePass process.https://github.com/d3lb3/KeeFarceReborn#infosec #pentesting #redteam
2023-05-22 12:15:05
​​Postman It is designed to perform #OSINT recognition on a target for pentesting, bugbounty and more, in order to get the maximum information from the requests left by developers on the Postman public workspaces.https://github.com/boringthegod/postmaniac#cybersecurity #infosec
2023-05-22 12:15:00
​​AEM-ListStart fuzzing paths and endpoints. https://github.com/clarkvoss/AEM-List/blob/main/paths#infosec #pentesting #bugbounty
2023-05-21 20:23:00
​​GATORGCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments.https://github.com/anrbn/GATOR#infosec #pentesting #redteam
2023-05-21 16:36:20
​​DevOps Solutions MapA Python-based application that helps you to produce a #DevOps tool chain map according to their position in the delivery loop and their use case.https://github.com/Wivik/devops-solutions-map
2023-05-21 16:25:04
​​ezXSSezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.https://github.com/ssl/ezXSS#infosec #redteam #bugbounty
2023-05-21 16:20:00
​​AtomicSyscallTools and PoCs for Windows syscall investigation.https://github.com/daem0nc0re/AtomicSyscall#infosec #pentesting #redteam
2023-05-21 16:19:05
​​Afuzz Automated web path fuzzing tool for the Bug Bounty projects.https://github.com/RapidDNS/Afuzz#infosec #pentesting #bugbounty
2023-05-21 16:19:00
​​SAP_Cloud_Connector_SSFS_DecryptionThis repository offers a Proof of Concept (PoC) for decrypting SAP Cloud Connector SSFS. The core feature of this PoC is the exploitation of an exported function - getRecord, present in the libsapscc20jni.so file. The advantage is that you can decrypt the SSFS properties values WITHOUT REVERSING THE ECRYPTION ALGORITHM.https://github.com/redrays-io/SAP_Cloud_Connector_SSFS_Decryption#cybersecurity #infosec #poc
2023-05-21 12:16:00
​​PowerLessShellPowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.https://github.com/Mr-Un1k0d3r/PowerLessShell#infosec #pentesting #redteam
2023-05-21 12:15:08
​​IvySynA fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks.https://gitlab.com/brown-ssl/ivysyn#cybersecurity #infosec #pentesting
2023-05-21 12:15:07
​​WSLHostPatcherDynamic patch WSL2 to listen port on any interfaces.https://github.com/CzBiX/WSLHostPatcher#cybersecurity #infosec
2023-05-21 12:15:00
​​PurednsA fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.https://github.com/d3mondev/puredns#infosec #pentesting #bugbounty
2023-05-20 20:24:00
​​AADAppAuditThis tool was initially developed to analyze possible illicit consent grant attacks & in help of analyzing Azure AD consent grant framework but has been developed further since to provide answers to the most typical security related questions around Azure AD integrated apps and permissions.https://github.com/jsa2/AADAppAudit#infosec #pentesting #redteam
2023-05-20 12:16:00
​​ProcessInjectionThe program is designed to perform process injection. Currently the tool supports 5 process injection techniques.https://github.com/3xpl01tc0d3r/ProcessInjection#infosec #pentesting #redteam
2023-05-20 12:15:05
​​CVE-2022-20421Privilege escalation exploit from unstrusted_app for Android Binder vulnerability (CVE-2022-20421). The vulnerability is patched on Android's Security Bulletin of October 2022.https://github.com/0xkol/badspin#cve #infosec #exploit
2023-05-20 12:15:00
​​dirsearch_bypass403Directory scanning + extraction of URLs/subdomains from JS files + 403 status bypass + fingerprinting.https://github.com/lemonlove7/dirsearch_bypass403#infosec #pentesting #redteam
2023-05-19 20:24:00
​​Endpoints Explorer A Python script that employs multiple bypass rules to discover sensitive endpoints.https://github.com/wzqs/endpoints_explore#infosec #pentesting #bugbount
2023-05-19 20:23:00
​​PywerViewEasy to find vulnerable machines, or list what domain users were added to the local Administrators group of a machine, and much more.https://github.com/the-useless-one/pywerview#infosec #pentesting #redteam
2023-05-19 16:19:00
​​Navi | An SSG Community ProjectNavi is an interface for CLI AI programs built on 'Echo-AI' to bring together a purpose built cybersecurity #AI.https://github.com/SSGorg/Navi#cybersecurity #infosec
2023-05-19 12:16:00
​​ADCSKillerA Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure.https://github.com/grimlockx/ADCSKiller#infosec #pentesting #redteam
2023-05-19 12:15:06
​​NoCrypt AntiRansomware LinuxTool to prevent #ransomware attacks on Linux systems. The module hooks the system call sys_rename using ftrace to monitor all the files renamed on the system.https://github.com/niveb/NoCrypt#cybersecurity #infosec #ransom
2023-05-19 12:15:05
​​PeExportsThis simple multithreaded tool is for collecting PE exports to help with API hashing when reverse engineering.https://github.com/c3rb3ru5d3d53c/peexports#cybersecurity #infosec
2023-05-19 12:15:00
​​SubreconGTPThis (VERY BETA) Python script performs AI-assisted subdomain discovery. It takes a list of subdomains as input, generates similar subdomains using the OpenAI GPT-3 model, and attempts to resolve these subdomains.https://github.com/jhaddix/SubreconGTP#infosec #pentesting #bugbounty
2023-05-19 08:54:01
​​Invoke-GPTObfuscationA PowerShell Obfuscator that utilizes OpenAI (and other APIs) to obfuscate your PowerShell penetration testing code, malware, or any other sensitive script.https://github.com/hwvs/Invoke-GPTObfuscation#infosec #pentesting #redteam
2023-05-18 20:24:00
​​🕵️ PinkertonPinkerton is an JavaScript file crawler and secret finder developed in Python.https://github.com/oppsec/Pinkerton#pentesting #infosec #bugbounty
2023-05-18 20:23:00
​​snsIIS shortname scanner written in Gohttps://github.com/sw33tLie/sns#iis #cybersecurity #infosec
2023-05-18 16:20:00
​​StealeriumStealer + Clipper + Keylogger. Stealer written on C#, logs will be sent to your Discord channel using a webhook.https://github.com/Stealerium/Stealerium#infosec #pentesting #redteam
2023-05-18 16:19:00
​​linxReveals invisible links within JavaScript files. Inspired by LinkFinderhttps://github.com/riza/linx#cybersecurity #infosec
2023-05-18 12:33:12
​​Ded Security FrameworkA tool aimed at security professionals.https://github.com/dedsecurity/dedsecurity-framework#infosec #pentesting #redteam
2023-05-18 12:16:00
​​PassMuteA multi featured Password Transmutation/Mutator Tool.https://github.com/HITH-Hackerinthehouse/PassMute#infosec #pentesting #redteam
2023-05-18 12:15:07
​​Shark JackThe Shark Jack is a portable network attack and automation tool for pentesters and systems administrators designed to enable social engineering engagements and opportunistic wired network auditing. It features a familiar Hak5 payload architecture, flip-of-the-switch operation and multi-color LED for instant feedback.This documentation serves both cable and battery variants of the Shack Jack with notable differences highlighted.Buy online:🛒 official https://bit.ly/3Wh73pF🛒 aliexpress https://bit.ly/3obbC8q#network #lan #hack5
2023-05-18 12:15:05
​​Discord-ReconDiscord bot created to automate bug bounty recon, automated scans and information gathering via a #discord server.https://github.com/DEMON1A/Discord-Recon#OSINT #recon #infosec
2023-05-18 12:15:00
​​Fresh ResolversUses DNS Validator to generate a list of fresh working DNS resolvers every day.https://github.com/Findomain/fresh-resolvers#infosec #pentesting #bugbounty
2023-05-18 06:50:04
​​PPLFaultDumpBOFTakes the original PPLFault and the original included DumpShellcode and combinds it all into a BOF targeting #CobaltStrike.https://github.com/trustedsec/PPLFaultDumpBOF#infosec #pentesting #redteam
2023-05-18 06:49:56
​​CVE-2023-32784KeePass 2.X Master Password Dumper.https://github.com/vdohney/keepass-password-dumper#cve #infosec #redteam
2023-05-16 20:23:00
​​Indicator-IntelligenceFinds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files.https://github.com/OsmanKandemir/indicator-intelligence#recon #infosec #redteam
2023-05-16 16:20:00
​​DNS ValidatorMaintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.https://github.com/vortexau/dnsvalidator#infosec #pentesting #bugbounty
2023-05-16 16:19:00
​​Hunt-Weird-ImageLoadsThis project was created to play with different IOCs caused by Imageload events.https://github.com/thefLink/Hunt-Weird-ImageLoads#cybersecurity #infosec
2023-05-16 12:16:00
Google Dork SearchThe tool queries Google search engine to find web pages that may be vulnerable to LFI attacks based on certain Google dorks. It then analyzes the responses of these pages to determine if any LFI vulnerabilities exist. https://github.com/capture0x/Lfi-Space#infosec #pentesting #redteam
2023-05-16 12:15:05
​​SnapchangeLightweight fuzzing of a memory snapshot using KVM.https://github.com/awslabs/snapchange#fuzzing #cybersecurity #infosec
2023-05-16 12:15:00
​​SmbCrawlerSmbCrawler is no-nonsense tool that takes credentials and a list of hosts and 'crawls' (or 'spiders') through those shares. https://github.com/SySS-Research/smbcrawler#infosec #pentesting #bugbounty
2023-05-16 08:04:08
​​Psudohash Password List Generator For Orchestrating Brute Force Attacks.This is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more.https://github.com/t3l3machus/psudohash#redteam #password #infosec #bruteforce
2023-05-16 08:03:39
​​Alfa AWUS036ACHThe Alfa AWUS036ACH is a powerful 802.11ac dual-band USB wireless adapter designed to provide fast and reliable WiFi connectivity to Mac and Windows computers. It boasts an ultra-range capability, offering extreme distances and blazing speed to your WiFi network. With up to 300Mbps for 2.4GHz and 867Mbps for 5GHz networks, this adapter provides exceptional performance, making it ideal for streaming, gaming, and other bandwidth-intensive activities. Additionally, the AWUS036ACH comes equipped with two external antenna connectors (RP-SMA) and two detachable dual-band WiFi antennas, which can be replaced with any compatible antennas of your choice. Moreover, the RTL8812AU chipset of this adapter is also supported by Kali Linux with drivers available for it to perform packet injections.Buy online: 🛒 https://amzn.to/433k0G1🛒 https://bit.ly/45438R1#wifi #adapter #alfa
2023-05-14 20:23:00
​​CompMgmtLauncher_DLL_UACBypassCompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive.https://github.com/hackerhouse-opensource/CompMgmtLauncher_DLL_UACBypass#infosec #pentesting #redteam
2023-05-14 16:19:05
​​BackdoorBoxThe open-sourced Python toolbox for backdoor attacks and defenses.https://github.com/THUYimingLi/BackdoorBox#cybersecurity #infosec #pentesting
2023-05-14 16:19:00
​​CVE-2023-27524Apache Superset Auth Bypass (CVE-2023-27524)https://github.com/TardC/CVE-2023-27524#cve #cybersecurity #infosec
2023-05-14 11:42:46
​​HyperDeceitThis repository contains the full source-code of the HyperDeceit project which is a library that allows you to impersonate as Hyper-V and intercept hypercalls done by the Windows kernel.https://github.com/Xyrem/HyperDeceitDetails: https://reversing.info/posts/hyperdeceit/#infosec #pentesting #redteam
2023-05-14 11:18:38
​​badsecretsA library for detecting known secrets across many web frameworks.https://github.com/blacklanternsecurity/badsecretsDetails:https://blog.blacklanternsecurity.com/p/introducing-badsecrets#cybersecurity #infosec #pentesting
2023-05-13 08:31:11
​​wpfingerWordPress scanning tool.• Core version detection• Plugin scanning through fingerprinting• Vulnerability output, using database from Wordfencehttps://github.com/LeakIX/wpfinger#pentesting #redteam #bugbounty
2023-05-13 08:27:16
​​CVE-2023-27363Foxit pdf reader exportxfadata exposed dangerous method remote code execution vulnerability (cve-2023-27363).https://github.com/j00sean/SecBugs/tree/main/CVEs/CVE-2023-27363#cve #cybersecurity #exploit
2023-05-12 20:24:00
​​Nimbo-C2Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows (by dynamically loading the CLR to the process). Nim is powerful, but interacting with Windows is much easier and robust using Powershell, hence this combination is made. The Linux agent is slimer and capable only of basic commands, including ELF loading using the memfd technique.https://github.com/itaymigdal/Nimbo-C2#infosec #pentesting #redteam
2023-05-12 20:23:00
​​Kovid RootkitA full-feature LKM intended for use against Linux kernel v5+.https://github.com/carloslack/KoviD#infosec #pentesting #redteam
2023-05-12 16:20:00
​​SubDomainizerA tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.https://github.com/nsonaniya2010/SubDomainizer#cybersecurity #infosec #pentesting
2023-05-12 12:16:00
​​Exploit NotesSearch hacking techniques and tools for penetration testings, bug bounty, CTF.https://github.com/hideckies/exploit-notesWeb:https://exploit-notes.hdks.org/#infosec #pentesting #redteam
2023-05-12 12:15:06
​​Buffer-Overflow-Stack-SmashExample of buffer overflow exploit from Aleph1's article "Smashing the Stack for Fun and Profit"https://github.com/CYoshioB/Buffer-Overflow-Stack-Smash#infosec #pentesting #redteam
2023-05-12 12:15:05
​​HPHardwareDiagnostics-PoCPoC exploit for HP Hardware Diagnostic's EtdSupp driverhttps://github.com/alfarom256/HPHardwareDiagnostics-PoC#cve #poc #exploit
2023-05-12 12:15:00
​​GetLAPSPasswordA feeble attempt at writing a LAPS dumping tool that supports both NTLM and Kerberos auth using the impacket library.https://github.com/dru1d-foofus/GetLAPSPassword#infosec #pentesting #redteam
2023-05-12 08:54:48
​​HackRF OneA powerful Software-Defined Radio that can transmit and receive radio signals from 1 MHz to 6 GHz. It works as a USB peripheral and is open-source, allowing it to be programmed and managed as a standalone device. The device can interact with various digital technologies like WiFi, Bluetooth, smartphones, and GPS. The ANT500 telescopic antenna is a perfect first antenna for general-purpose use with the HackRF One. It operates on radio frequencies between 75 MHz and 1000 MHz and can be collapsed to 20 cm or fully extended to 88 cm. The HackRF One Bundle features a half-duplex transceiver, a maximum sample rate of 20 Msps, and 8-bit quadrature samples with an interface of high-speed USB. It can be powered by USB bus power.Buy online: 🛒 https://amzn.to/3I2VInk🛒 https://bit.ly/3VZixyf#SDR #RF #radio
2023-05-10 11:41:03
​​ronin-payloadsA Ruby micro-framework for writing and running exploit payloads. ronin-payloads allows one to write payloads as plain old Ruby classes.https://github.com/ronin-rb/ronin-payloads#infosec #pentesting #redteam
2023-05-10 11:37:58
​​resocksA reverse/back-connect SOCKS5 proxy tunnel that can be used to route traffic through a system that can't be directly accessed (e.g. due to NAT). The channel is secured by mutually trusted TLS with auto-generated certificates based on a connection key.https://github.com/RedTeamPentesting/resocks#infosec #pentesting #redteam
2023-05-10 11:11:57
​​Invoke-ADEnumActive Directory Enumerator - Automate Active Directory Enumeration using PowerView.https://github.com/Leo4j/Invoke-ADEnum#infosec #pentesting #redteam
2023-05-10 11:05:55
​​Evilginx 3.0 A man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.https://github.com/kgretzky/evilginx2#infosec #pentesting #redteam
2023-05-10 11:05:51
​​Ultimate Magic Card (Gen4)The Ultimate Magic Card is an all-in-one emulation card with customizable card types, configurations, and functionality modes. It allows for modification of the ATQA/SAK/ATS/byte length/card number (UID)/M1 area size of any card without restrictions and can read and write any block like a UID card without a password. The card also supports Ultralight card transformation and rolling code recovery card mode, even after key modification. Additionally, it has a 14B card with a modifiable card number and a password-protected backdoor command. The recovery mode allows for reconfiguration in case of abnormal interference, reducing the chances of damage to the card.Buy online: 🛒 https://bit.ly/41uefzH#UID #card
2023-05-09 20:23:00
​​Direct Syscalls: A journey from high to lowStart with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).https://github.com/VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-lowDetails:https://redops.at/en/blog/direct-syscalls-a-journey-from-high-to-low#infosec #pentesting #redteam
2023-05-09 16:20:00
​​MeliziaC2DNS over HTTPS targeted malware (only runs once)• Auto-delete malware on failure• Fully encrypted (per victim RSA key) DoH (DNS-over-HTTPS) communication• Malware only runs once!https://github.com/demon-i386/MeliziaC2#infosec #pentesting #redteam
2023-05-09 16:19:07
​​Awesome Cloud Security LabsAwesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.https://github.com/iknowjason/Awesome-CloudSec-Labs#cybersecurity #infosec #pentesting
2023-05-09 16:19:00
​​docker-osmedeus v4Docker image for Osmedeus a fully automated offensive security tool for reconnaissance and vulnerability scanning.https://github.com/mablanco/docker-osmedeus#cybersecurity #infosec #pentesting
2023-05-09 15:37:54
​​SpiderSuiteAn advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. https://github.com/3nock/SpiderSuiteWebsite:https://spidersuite.github.io/#infosec #cybersecurity #bugbounty
2023-05-09 12:16:00
​​Recon MindMap (RMM)A tool that can easily generate complex domain structures using mind mapping software such as Obsidian Mind Map or xmind.https://github.com/Alevsk/rmm#cybersecurity #infosec #pentesting
2023-05-09 12:15:00
​​NIST Vulnerability Data OntologyThe Vulntology is a project created to characterize vulnerabilities and provide a granular and intuitive structure for that information. This repository is a location to support community development of the NIST Vulnerability Data Ontology, or Vulntology.https://github.com/usnistgov/vulntology#cybersecurity #infosec
2023-05-07 20:24:00
​​Kscan - Simple Asset Mapping ToolKscan is an asset mapping tool that can perform port scanning, TCP fingerprinting and banner capture for specified assets, and obtain as much port information as possible without sending more packets. It can perform automatic brute force cracking on scan results, and is the first open source RDP brute force cracking tool on the go platform.https://github.com/lcvvvv/kscan/blob/master/README_ENG.md#infosec #pentesting #redteam
2023-05-07 20:23:00
​​Repo-supervisorScan your code for security misconfiguration, search for passwords and secrets. 🔍https://github.com/auth0/repo-supervisor#cybersecurity #infosec #pentesting
2023-05-07 16:20:00
​​Application-SecurityResources for Application Security including Web, API, Android, iOS and Thick Client.https://github.com/Anof-cyber/Application-Security#infosec #pentesting #bugbounty
2023-05-07 16:19:07
​​KlydaHighly configurable script for dictionary/spray attacks against online web applications.https://github.com/Xeonrx/Klyda#infosec #pentesting #redteam
2023-05-07 16:19:00
​​Google Chrome Cookies Stealer (GCC-Stealer)This tools aims to be a statically compiled binary that can decrypt the Chrome family browsers (Chrome, Brave and Chromium) cookies.https://github.com/illera88/GCC-stealer#infosec #pentesting #redteam
2023-05-07 12:16:00
​​InfosecHouseTools & Resources for Cyber Security Operations. A curated list of many tools and resources for both offensive and defensive security teams.https://github.com/InfosecHouse/InfosecHouse#cybersecurity #infosec #pentesting
2023-05-07 12:15:05
​​handbookThese notes serve as a living document for penetration testing and offensive security. They will serve as a repository of information from existing papers, talks, and other resources and will be updated as new information is discovered.https://github.com/0xffsec/handbook#infosec #pentesting #redteam
2023-05-07 12:15:00
​​Hacking resources and cheat sheets References, tools, scripts, tutorials, and other resources that help offensive and defensive security professionals.https://github.com/Lifka/hacking-resources#cybersecurity #infosec #pentesting
2023-05-07 07:23:04
​​KernelCallbackTable-InjectionLately, I came across with KernelCallbackTable which could be abused to inject shellcode in a remote process. This method of process injection was used by FinFisher/FinSpy and Lazarus.This post walks through the journey I took and the hurdles I encountered to make process injection via KernelCallbackTable work according to what I wanted.https://github.com/capt-meelo/KernelCallbackTable-InjectionDetails:https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html#infosec #pentesting #redteam
2023-05-07 06:53:04
​​OSCP-ReportingOffensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam and Lab Reporting / Note-Taking Tool.https://github.com/Syslifters/OSCP-Reporting#cybersecurity #infosec #pentesting
2023-05-07 06:28:30
​​RunAsPasswdA RunAs clone with the ability to specify the password as an argument.https://github.com/Sq00ky/RunAsPasswd#infosec #pentesting #redteam
2023-05-06 20:23:00
​​Offensive PayloadsList of payloads and wordlists that are specifically crafted to identify and exploit vulnerabilities in target web applications.https://github.com/InfoSecWarrior/Offensive-Payloads#infosec #pentesting #redteam
2023-05-06 16:20:00
​​Web Penetration Testing & Red Teaming MindMapMindmap That Include tools and the ways that help you for bug bounty and penetration testing. With this mindmap you can start web penetration testing step by step from Recon to exploting...https://github.com/N1arut/Pentesting-Mind-Map#infosec #pentesting #redteam
2023-05-06 16:19:07
​​Vulnerable-ADCreate a vulnerable active directory that's allowing you to test most of active directory attacks in local lab.https://github.com/WazeHell/vulnerable-AD#cybersecurity #infosec #pentesting
2023-05-06 16:19:00
​​Offensive Security ToolsHere you will find a useful collection of commands and file resource locations used in Pentesting operations. This reference is will go hand in hand with Kali Linux and the OSCP.https://github.com/Totes5706/Offensive-Security-Cheat-Sheet#infosec #pentesting #redteam
2023-05-06 12:16:00
​​Awesome Cobalt Strike• The first part is a collection of quality articles about Cobalt Strike.• The third part is about the integration of the new features BOF resources.• This project is to solve the problem of not finding the right aggressor script or BOF when it is needed.https://github.com/zer0yu/Awesome-CobaltStrike#infosec #pentesting #redteam
2023-05-06 12:15:05
​​shellcode_exec_workerfactoryJust another shellcode execution technique.https://gist.github.com/RistBS/fd4243d6df142d197920e2b72baa3cdd#infosec #pentesting #redteam
2023-05-06 12:15:00
​​CVE-2023-28231DHCP Server Remote Code Execution impact: 2008 R2 SP1 до Server 2019https://github.com/glavstroy/CVE-2023-28231#cybersecurity #infosec #cve
2023-05-06 08:15:20
​​Parallels Desktop VM EscapeThis repository contains an exploit for a Parallels Desktop vulnerability which has been assigned CVE-2023-27326. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop.https://github.com/Malwareman007/CVE-2023-27326#infosec #cve #pentesting
2023-05-06 07:00:17
​​SSHLogA free, source-available Linux daemon written in C++ and Python that passively monitors #OpenSSH servers via eBPF to:👇https://github.com/sshlog/agent
2023-05-05 20:24:00
​​ViperA powerful graphical tool designed for intranet penetration testing. It utilizes commonly-used tactics and technologies, including anti-virus software bypass, intranet tunneling, file management, and command line functions. With over 80 integrated modules, Viper covers all aspects of resource development, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and collection. Its goal is to improve red team engineers' attack efficiency, simplify operation, and reduce technical barriers. Viper also supports running the native msfconsole in the browser and multi-person collaboration, making it an ideal tool for infosec professionals, pentesters, and red team members.https://github.com/FunnyWolf/Viper/blob/master/README_EN.md#infosec #pentesting #redteam
2023-05-05 20:23:00
​​GroovyWaiterEnumeration tool for developer heavy networks with many Jenkins instances.https://github.com/AnubisSec/GroovyWaiter#cybersecurity #infosec
2023-05-05 17:20:00
​​DRAKVUF SandboxAutomated hypervisor-level malware analysis system.https://github.com/CERT-Polska/drakvuf-sandbox#malware #cybersecurity #infosec
2023-05-05 16:20:00
​​Tangled WinExecThis repository is for investigation of Windows process execution techniques. Most of PoCs are given a name corresponding to the technique.https://github.com/daem0nc0re/TangledWinExec#infosec #pentesting #redteam
2023-05-05 16:19:07
​​Tiktok SSL Pinning BypassBypass Tiktok SSL pinning on Android devices.https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass#infosec
2023-05-05 16:19:00
​​yatafSimple tool to analyze a files/urls content - it was primarily created to analyze the content of a javascript file against a given set of regular expressions. The main goal is to give you an idea if a files content might be of interest. This means that yataf tries to find secrets in the content as well as potential endpoints.https://github.com/Damian89/yataf#cybersecurity #infosec
2023-05-05 13:16:00
​​Panda Wireless® PAU0B AC600 Dual Band — High-speed wireless connectivity to 2.4GHz and 5GHz networks, compatible with Kali Linux 🛒 amzn.to/4149mNH via t.me/PentestingShop
2023-05-05 12:16:54
​​CVE-2023-0386Linux Kernel Privilege Escalation.https://github.com/xkaneiki/CVE-2023-0386#infosec #pentesting #cve
2023-05-05 12:16:00
​​MaskcatUtility tool for Hashcat Masks and Password Cracking.https://github.com/JakeWnuk/maskcat#infosec #pentesting #bugbounty
2023-05-05 12:15:07
​​Offensive-Security-VaultThis is a Personal Knowledge Management tools for taking and managing notes related Offensive Security in Obsidian.https://github.com/hackedbyagirl/Offensive-Security-Vault#cybersecurity #infosec
2023-05-05 12:15:00
​​security-cheatsheets🔒 A collection of cheatsheets for various infosec tools and topics.https://github.com/andrewjkerr/security-cheatsheets#cybersecurity #infosec
2023-05-05 10:21:59
2023-05-05 07:21:53
​​Awesome RedTeam CheatsheetRed Team Cheatsheet in constant expansion.https://github.com/RistBS/Awesome-RedTeam-Cheatsheet#infosec #pentesting #redteam
2023-05-04 17:16:46
​​Apache Solr 8.3.1 admin panel RCE (Windows)This exploit allows code execution without any prior authentication on a default Solr admin panel.https://github.com/scrt/Apache-Solr-8.3.1-RCE#infosec #exploit #redteam
2023-05-04 17:16:25
​​Hash MuncherGrab NetNTLMv2 hashes using ETW with administrative rights on Windows.https://github.com/lkarlslund/hashmuncher#infosec #pentesting #redteam
2023-05-04 17:16:04
​​OWASP API Security Top 10https://github.com/OWASP/API-Security#cybersecurity #infosec
2023-05-04 09:35:38
​​Freeze-rsA payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze-rs utilizes multiple techniques to not only remove Userland EDR hooks, but to also execute shellcode in such a way that it circumvents other endpoint monitoring controls.https://github.com/optiv/Freeze.rs#infosec #pentesting #redteam
2023-05-04 09:19:32
​​AB BLE Gateway V4A BLE to gateway and bridge. The gateway reads iBeacon and Eddystone like beacon or customized Tag format and sends to local TCP server or internet HTTP/MQTT server. 🛒 bit.ly/3LQobix via t.me/PentestingShop/289#infosec #devices
2023-05-03 20:23:00
​​REcollapseA helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications.It can also be helpful to bypass WAFs and weak vulnerability mitigations. For more information, take a look at the REcollapse blog post.The goal of this tool is to generate payloads for testing. Actual fuzzing shall be done with other tools like Burp (intruder), ffuf, or similar.https://github.com/0xacb/recollapse#infosec #pentesting #redteam
2023-05-03 16:20:00
​​StackMaskThis is a PoC of encrypting the stack prior to custom sleeping by leveraging CPU cycles. This is the code of the relevant blog post: Masking the Implant with Stack Encryptionhttps://github.com/WKL-Sec/StackMask#infosec #pentesting #redteam
2023-05-03 16:19:08
​​Secbench.jsSecbench.js is the first benchmark suite of server-side JavaScript vulnerabilities. This benchmark consists of 600 publicly reported vulnerabilities curated from different advisory databases, such as Snyk, GitHub Advisories, and Huntr.dev.https://github.com/cristianstaicu/SecBench.js#infosec #pentesting #bugbounty
2023-05-03 16:19:07
​​LAURELLAUREL is an event post-processing plugin for auditd(8) that generates useful, enriched JSON-based audit logs suitable for modern security monitoring setups.https://github.com/threathunters-io/laurel#cybersecurity #infosec
2023-05-03 16:19:00
​​WhatsApp OSINT ToolLogs online/offline events from ANYONE in the world.https://github.com/jasperan/whatsapp-osint#OSINT #infosec
2023-05-03 13:24:34
​​hardCIDRA Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test. This information is maintained by the five Regional Internet Registries (RIRs):👇• ARIN (North America)• RIPE (Europe/Asia/Middle East)• APNIC (Asia/Pacific)• LACNIC (Latin America)• AfriNIC (Africa)https://github.com/trustedsec/hardcidr#infosec #pentesting #recon
2023-05-03 11:41:02
​​RFID Blocker CardProtect your personal data with the most advanced RFID blocker card for your wallet. As contactless card payments become increasingly popular, the risk of fraudsters intercepting our information is on the rise. The RFID Blocking Card is a credit-card-sized tool that can be placed inside a wallet, credit card holder or clip to block electromagnetic signals, ensuring protection against RFID theft while still allowing the use of contactless payments. It's composed of a mixture of metals that disrupt RFID signals, with inside and outside coatings of a patent-pending metal mixture to safeguard your personal information. The card is flexible and only half the thickness of a credit card, so it won't add bulk to your wallet. Simply add RFID Blocking Cards to your wallet or credit card holder to block unwanted RFID scanners and keep your personal data safe.Buy online:🛒 $6.80🔥 https://bit.ly/41WAUpJ🛒 VAULTCARD https://amzn.to/3VrHCkY#RFID #card
2023-05-03 08:08:19
​​reNgineAutomated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.https://github.com/yogeshojha/rengine#infosec #pentesting #redteam
2023-05-02 20:23:00
​​Camera Exploitation ToolAutomated exploit scanner for cameras on the internet.https://github.com/TasosY2K/camera-exploit-tool#infosec #pentesting #redteam
2023-05-02 16:20:00
​​KrakenA modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and is core is developed in Python.https://github.com/kraken-ng/Kraken#infosec #pentesting #redteam
2023-05-02 16:19:07
​​CirFixAutomatically Repairing Defects in Hardware Design Code.https://github.com/hammad-a/verilog_repair#cybersecurity #infosec
2023-05-02 16:19:00
​​Secret Regex ListList of regex for scraping secret API keys and juicy information. You can directly copy this and put into your python code, some regexes might require three quotes or else it will break the code.https://github.com/h33tlit/secret-regex-list#infosec #pentesting #bugbounty
2023-05-02 12:15:06
​​Advanced SQL Injection CheatsheetThis repository contains a advanced methodology of all types of SQL Injection.• Find injection point• Understand the website behaviour• Send queries for enumeration• Understanding WAF & bypass it• Dump the databasehttps://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet#infosec #pentesting #bugbounty
2023-05-02 12:15:05
​​AIMOD2Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proactively identify, engage and prevent cyber threats denying or mitigating potential damage to the organization.https://github.com/darkquasar/AIMOD2#cybersecurity #infosec
2023-05-02 12:15:00
​​CVE-2023-23399MS Excel 365 MSO 2302 Build 16.0.16130.20186 RCEhttps://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23399#cve #infosec #exploit
2023-05-02 10:21:20
linikatzA tool to attack AD on UNIXThis repository contains all of the scripts and source code for "Where 2 Worlds Collide: Bringing Mimikatz et al to UNIX"👆 In addition to the main linikatz.sh script, this also includes auditd policies, John the Ripper rules, Metasploit post-exploitation modules and fuzzers. https://github.com/CiscoCXSecurity/linikatz#infosec #pentesting #redteam
2023-05-01 20:23:00
​​subneriumA fast passive subdomain enumeration tool that uses various sources to gather data. All requests are made through yaml templates, to see more see the documentation:👇https://github.com/d3f1ne/subnerium#infosec #pentesting #bugbounty
2023-05-01 16:19:00
​​hrektA really fast http prober.https://github.com/ethicalhackingplayground/hrekt#infosec #pentesting #bugbounty
2023-05-01 12:15:00
​​TrawlerPowerShell script to help Incident Responders discover adversary persistence mechanisms.https://github.com/joeavanzato/Trawler#blueteam #infosec #malware
2023-05-01 10:09:41
​​ReconBulkAutomated Subdomain Enumeration and Scanning ToolThis script automates the process of subdomain enumeration and scanning using several popular open-source tools, combining their results and providing detailed output. The primary purpose of this tool is to simplify and streamline the process of discovering subdomains and their related information for a given domain.https://github.com/TaurusOmar/reconbulk#infosec #pentesting #bugbounty
2023-04-30 20:23:00
​​LoRa-AX25-IP-NetworkUtilising inexpensive wireless modules and open source software to form networks over long distances using AX25 and IP networking in the unlicensed ISM bands, without reliance on a centralised service provider.• Privacy minded individuals• People living under oppressive governments• Remote communities• Natural Disaster areas• Testing low bandwidth applications eg, COAP ROHC• Testing Decentralised apps like scuttlebutt.nz and tox.chathttps://github.com/dmahony/LoRa-AX25-IP-Network#cybersecurity #infosec #privacy
2023-04-30 16:20:00
​​Shellcode_DownloaderWriting Custom Shellcode Downloader in C++https://github.com/lsecqt/OffensiveCpp/blob/main/WinAPI%20Examples/WinHTTP/Shellcode_Downloader.cpp#infosec #pentesting #redteam
2023-04-30 16:19:00
​​CherrybombCherrybomb is an CLI tool written in Rust that helps prevent incorrect code implementation early in development. It works by validating and testing your API using an OpenAPI file. Its main goal is to reduce security errors and ensure your API functions as intended.https://github.com/blst-security/cherrybomb#cybersecurity #infosec
2023-04-30 13:38:10
​​The Hardware Hacking Handbook — teaches you how to hack embedded devices, exploring hardware interfaces, signaling, and communication protocols. 🛒 amzn.to/41RjQkT via t.me/PentestingShop/286
2023-04-30 12:16:00
​​MFASweepA PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. Depending on how conditional access policies and other multi-factor authentication settings are configured some protocols may end up being left single factor. It also has an additional check for ADFS configurations and can attempt to log in to the on-prem ADFS server if detected.https://github.com/dafthack/MFASweep#infosec #pentesting #redteam
2023-04-30 12:15:00
​​Introduction to injection and hooking• ASLR on Windows• Process mitigations against RWX pages• Known DLLs• Multithreaded environments• Secure C coding styleshttps://github.com/yo-yo-yo-jbo/injection_and_hooking_intro#cybersecurity #infosec #inject
2023-04-09 20:24:00
​​Recon ScriptsRecon scripts for Red Team and Web blackbox auditing.https://github.com/mtimani/Recon_scripts#infosec #pentesting #redteam
2023-04-09 20:23:07
​​Reverse-EngineeringA FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.https://github.com/mytechnotalent/Reverse-Engineering#cybersecurity #infosec #reverse
2023-04-09 20:23:00
​​DllLoadPathShowcasing two different techniques for changing DLL load order by using undocumented APIs. These are not novel techniques but I never saw them documented anywhere. The proper signatures for RtlCreateProcessParameter and RtlCreateProcessParameters are:👇https://github.com/SecurityAndStuff/DllLoadPath#cybersecurity #infosec
2023-04-09 16:20:00
​​Awesome Malware TechniquesA curated list of resources to analyse and study malware techniques.https://github.com/fr0gger/Awesome_Malware_Techniques#malware #cybersecurity #infosec
2023-04-09 16:19:08
​​BurpgptA #BurpSuite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.https://github.com/aress31/burpgpt#infosec #bugbounty #pentesting
2023-04-09 16:19:07
​​VAmPIVulnerable REST API with OWASP top 10 vulnerabilities for security testing.https://github.com/erev0s/VAmPI#cybersecurity #infosec
2023-04-09 16:19:00
​​AzureGoatA Damn Vulnerable Azure Infrastructure.https://github.com/ine-labs/AzureGoat#cybersecurity #infosec
2023-04-09 12:16:00
​​Hades-C2Hades is a basic Command & Control framework built using Python. It is currently extremely bare bones, but I plan to add more features soon.https://github.com/Lavender-exe/Hades-C2#infosec #pentesting #redteam
2023-04-09 12:15:00
​​spotify-gdpr-dump-analysisLocal analysis of complete spotify streaming dataset (endsong_*.json). Made in 3 hours alongside with chatGPT, fixing bugs as they appeared.https://github.com/pldubouilh/spotify-gdpr-dump-analysis#cybersecurity #infosec
2023-04-09 08:29:29
​​ScoperThis is a #BurpSuite extension that allows users to easily add web addresses to the Burp Suite scope.https://github.com/haticeerturk/scoper#infosec #bugbounty #pentesting
2023-04-08 20:30:52
​​Alfa APA-M25Powerful dual-band directional indoor panel antenna designed to work with any dual-band Wi-Fi router, receiver, or access point that has an RP-SMA port. It replaces the standard factory antenna and can improve your router's range up to four times. It offers up to 145% better performance and 150% longer distance, with a frequency range of 2.4 - 2.5GHz / 5.150 - 5.875GHz and a gain of 8dBi @ 2.4GHz / 10dBi @ 5GHz. Its patch directional design has a 16-degree vertical beam-width and a 66-degree horizontal beam-width, making it ideal for indoor use.Buy online: 🛒 https://amzn.to/3MrllkZ🛒 https://alii.pub/6ny5ik#alfa #antenna #wifi
2023-04-08 20:24:00
​​ZenLdrBasic implementation of Cobalt Strikes - User Defined Reflective Loader feature.https://github.com/Mav3rick33/ZenLdrDetails:https://mav3rick33.gitbook.io/the-lab/cobalt-strike-user-defined-reflective-loader-studies#infosec #redteam #pentesting
2023-04-08 20:23:00
​​ViDeZZoA virtual device fuzzing framework considering both intra- and inter-message dependencies to balance fuzzing scalability and efficiency.https://github.com/HexHive/ViDeZZo#cybersecurity #infosec
2023-04-08 18:21:08
​​vm2A sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!https://github.com/patriksimek/vm2#cybersecurity #infosec
2023-04-08 18:21:07
​​Rusty EkkoA small sleep obfuscation technique that uses the CreateTimerQueueTimer Win32 API function ported from C Ekko to Rust.https://github.com/memN0ps/ekko-rs#cybersecurity #infosec
2023-04-08 18:21:00
​​xv_undergroundA scalable web app features LiveView authentication, user roles and permission system, and secure S3/Wasabi uploads. It calculates file hashes with Erlang crypto library and uses Oban for all most API requests for automated retries. It includes a custom Logger backend to log to Discord, has CI/CD setup and is deployed on Fly.io.https://github.com/blackmassgroup/xv_underground#cybersecurity #infosec #malware
2023-04-08 09:12:00
​​KmonLinux Kernel Manager and Activity Monitor 🐧💻https://github.com/orhun/kmon#linux #cybersecurity
2023-04-07 20:24:00
​​PhoenixC2Free & open source C2 framework for Red Teams. It is written in Python3 and uses for it’s REST API. It is designed to be easy to use and easy to extend. This is the first release of PhoenixC2, so there are still many features missing.Features:• Modern Web-Interface• Built for Teams and Organizations (Multi-User)• Customizable (Plugins, Modules, Kits)• Easy to use• Easy to extend• Supports different languages (Python, Go, …)https://github.com/screamz2k/PhoenixC2Details:https://screamz2k.github.io/posts/phoenixc2-first-release#infosec #pentesting #redteam
2023-04-07 16:20:00
​​Cairo-FuzzerA tool designed for smart contract developers to test the security. It can be used as an independent tool or as a library.• Run Cairo contract• Run Starknet contract• Replayer of fuzzing corpus• Minimizer of fuzzing corpus• Load old corpus• Handle multiple arguments• Workspace architecture• Import dictionnary• Use Cairo-fuzzer as a libraryhttps://github.com/FuzzingLabs/cairo-fuzzer#infosec #bugbounty #pentesting
2023-04-07 14:17:00
​​Hayabusa A sigma-based threat hunting and fast forensics timeline generator for Windows event logs.https://github.com/Yamato-Security/hayabusa#cybersecurity #infosec #forensics
2023-04-07 12:16:00
​​lsassyPython tool to remotely extract credentials on a set of hosts. This blog post explains how it works. This tool uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.https://github.com/Hackndo/lsassy#infosec #pentesting #redteam
2023-04-07 12:15:00
​​Common Threat Matrix for CI/CD PipelineThis is an ATT&CK-like matrix focus on CI/CD Pipeline specific risk. MITRE ATT&CK® is a knowledge base of adversary tactics and techniques. To map the threat of CI/CD Pipeline, I use the same classification as the framework.https://github.com/rung/threat-matrix-cicd#cybersecurity #infosec
2023-04-07 09:46:01
​​Dir2jsonA .NET utility that lists directory contents with attributes and saves it as a .json file. It can be executed from the command line or Cobalt Strike's BOF.NET. Json2csv.ps1 script is also available for easier querying.https://github.com/bitsadmin/dir2jsonDetails:https://blog.bitsadmin.com/blog/digging-for-secrets#infosec #pentesting #redteam
2023-04-06 20:24:00
​​KurlKurl was created to aid my work as a Red Teamer. Kurl creates an easy to view data sent via HTTP requests by the URLs provided, showing:👇• Status code.• Response length.• HTTP Verb.• Data format (json or xml).• Content-Type.• The URL itself.https://github.com/gbrls/kurl#infosec #pentesting #redteam
2023-04-06 20:23:00
​​Arsenal-rsRusty Arsenal - Process Injection / Post-Exploitation Techniques in Rust.https://github.com/memN0ps/arsenal-rs#pentesting #redteam #hackers
2023-04-06 16:20:00
​​♻️ Azure AD - Attack and Defense PlaybookThis publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.• Password Spray• Consent Grant• Service Principals in Azure DevOps Pipelines• Azure AD Connect Sync Service Account• Replay of Primary Refresh (PRT) and other issued tokens• Azure AD Security Config Analyzer (AADSCA)https://github.com/Cloud-Architekt/AzureAD-Attack-Defense#infosec #pentesting #redteam #ad
2023-04-06 16:19:00
​​rogue A barebones template of 'rogue' aka a simple recon and agent deployment I built to communicate over ICMP. Well, without the ICMP code.https://github.com/realoriginal/rogue#cybersecurity #infosec
2023-04-06 13:16:27
​​RangePiRange-Pi is an affordable and portable #LoRa dongle based on Raspberry Pi RP2040 and LoRa modules. It has a built-in 1.14" LCD screen and covers 433/868/915 MHz frequencies, allowing data transmission up to 5 km. LoRa is a wireless technology used for IoT tasks like smart parking, livestock tracking, and automatic meter reading, as it sends packets over long distances without using much power. Setting up LoRa devices is challenging, but Range-Pi simplifies the process. It is open-source, works with any computer or device, and is compatible with The Things Network. Range-Pi is ideal for IoT integrators to test and configure networks on-the-go.Buy online: 🛒 https://amzn.to/40MkeQS#radio #usb #lora #raspberry
2023-04-06 12:16:00
​​IDLE-AbuseA method to execute shellcode using RegisterWaitForInputIdle API.https://github.com/RixedLabs/IDLE-AbuseDetails:https://rixed-labs.medium.com/shellcode-execution-using-registerwaitforinputidle-291c82d2d3fd#cybersecurity #infosec #redteam
2023-04-06 12:15:00
​​XSS-PayloadsList of XSS Vectors/Payloads i have been collecting since 2015 from different resources like websites, tweets, books... You can use them to bypass WAF and find XSS vulnerabilities, i will try to update the list as possible.https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md#infosec #bugbounty #pentesting
2023-04-06 11:14:32
​​SeacraneA single-binary tool that runs on OSX (arm/x86), Windows, Linux, routers & embedded devices (openwrt, busybox, NAS, etc) that offers:👇▫️ encrypt a file▫️ download a file from another device▫️ upload a file to another device▫️ proxy through another machine (SOCKs or tcpport)▫️ base64 encode/decode something▫️ share a clipboard copy/paste buffer with another device▫️ chat on a LAN▫️ send a secret (encrypted message)▫️ and more...https://github.com/s7ephen/seacrane
2023-04-05 20:23:00
​​Capsulecorp AD Pentest (Hyper-v)The Capsulecorp Pentest is a small virtual network managed by Vagrant and Ansible on Hyper-V. It contains four Windows virtual machines configured with various vulnerable services. This project can be used to learn network Active Directory penetration testing, test Command And Control and develop software for future Active directory Audits.https://github.com/Marmeus/capsulecorp-ad-pentest-hyperv#cybersecurity #infosec #pentesting
2023-04-05 16:20:00
​​Fast Google Dorks ScanThe #OSINT project, the main idea of which is to collect all the possible Google dorks search combinations and to find the information about the specific web-site: common admin panels, the widespread file types and path traversal. The 100% automated.https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan#cybersecurity #infosec
2023-04-05 16:19:00
​​geacon_plusCobaltStrike beacon written in golang.https://github.com/Arr3stY0u/geacon_plus#infosec #pentesting #redteam
2023-04-05 12:16:00
​​DomoArigatoA simple command line tool which quickly audits the Disallow entries of a site's robots.txt.https://github.com/EmberHext/DomoArigato#infosec #bugbounty #pentesting
2023-04-05 12:15:00
​​Burp VPS ProxyThis BurpSuite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.https://github.com/d3mondev/burp-vps-proxy#infosec #blueteam #pentesting
2023-04-05 11:59:13
♻️ Mindmap transfer files to VICTIMhttps://github.com/eMVee-NL/MindMap#redteam
2023-04-05 10:12:19
​​Sherloq Personal research project about implementing a fully integrated environment for digital #image #forensics. It is not meant as an automatic tool that decide if an image is forged or not (that tool probably will never exist...), but as a companion in experimenting with various algorithms found in the latest research papers and workshops.https://github.com/GuidoBartoli/sherloq
2023-04-04 20:23:00
​​wmiexec-ProThe new generation of wmiexec.py, more new features, whole the operations only work with port 135 (don't need smb connection) for AV evasion in lateral movement (Windows Defender, HuoRong, 360)• Main feature: Only need port 135.• New module: AMSI bypass• New module: File transfer• New module: Remote enable RDP via wmi class method• New module: Windows firewall abusing• New module: Eventlog looping cleaning• New module: Remote enable WinRM without touching CMD• Enhancement: Get command execution output in new way• Enhancement: Execute vbs filehttps://github.com/XiaoliChan/wmiexec-Pro#cybersecurity #infosec #pentesting #redteam
2023-04-04 20:22:00
​​iat_unhook_sampleSimple sample of unhooking ntdll (IAT imports) hooks in Rust without using syscalls (except VirtualProtect).https://github.com/Signal-Labs/iat_unhook_sample#cybersecurity #infosec
2023-04-04 16:19:06
​​MalBuzzIt's a handy tool to help you analyze malware. You can use this tool to query your malware samples using different hashes or find all other samples using YARA rules, CalmAV signatures, etc. This tool is based on MalwareBazaar.https://github.com/NomanProdhan/malbuzz#cybersecurity #infosec
2023-04-04 16:19:05
​​FibratusA tool for exploration and tracing of the Windows kernel. It lets you trap system-wide events such as process life-cycle, file system I/O, registry modifications or network requests among many other observability signals. In a nutshell, Fibratus allows for gaining deep operational visibility into the Windows kernel but also processes running on top of it. It requires no drivers nor third-party software.https://github.com/rabbitstack/fibratus#cybersecurity #infosec
2023-04-04 16:19:00
​​PatchlessCLRLoader.NET assembly loader with patchless AMSI and ETW bypass.• AES encryption payload• Fileless payload support• Patchless AMSI and ETW bypass using hardware breakpointhttps://github.com/VoldeSec/PatchlessCLRLoader#cybersecurity #infosec #pentesting #redteam
2023-04-04 12:28:06
​​Wireshark RDP resourcesLooking for a way to capture and inspect RDP traffic in Wireshark? You've come to the right place!https://github.com/awakecoding/wireshark-rdp#cybersecurity #infosec #pentesting #redteam
2023-04-04 11:55:30
PentestingToolsFirst and foremost, this repo is a WORK IN PROGRESS and will continue to be updated. This repo is designed to be a one-stop shop for a pentester. Above, you will find a collection of tools and resources for conducting a pentest in a Windows or Linux environment.https://github.com/DritzPS/PentestingTools#infosec #pentesting #redteam
2023-04-04 09:39:51
​​ZimaBoardZimaBoard is an affordable single board server designed for makers, DIY enthusiasts, and geeks. It is a hackable x86 SBC that combines the expandability of a standard server and the power of a micro server. With ZimaBoard, you can easily set up a personal cloud with 4 Terabytes of storage, configure a secure VPN to protect your online activities, build a 4K media server with Plex, or share files with team members. The board is fully customizable and expandable with PCIe x4, SATA 6.0 Gb/s, and dual gigabit Ethernet onboard. ZimaBoard comes with CasaOS pre-installed, a simple and elegant home cloud system built around the Docker ecosystem.Buy online: 🛒 https://amzn.to/3KFWEjv🛒 https://ali.ski/gytJ-u#board #minipc
2023-04-03 20:23:00
​​Awesome wordlists for Bug Bounty HuntingThis repository contains publicly available wordlists for Bug hunting. The main Objective for creating this repo is to bring all the available worlists at one place.https://github.com/0xPugazh/fuzz4bounty#infosec #bugbounty #pentesting
2023-04-03 16:20:00
​​hackerone-reportsTop disclosed reports from HackerOne.https://github.com/reddelexc/hackerone-reports#infosec #blueteam #pentesting
2023-04-03 16:19:00
​​URL HunterCheck out this JavaScript code that extracts URLs from a web page and linked scripts! Perfect for web scraping and penetration testing.https://github.com/SecuritySphinx/URL-Hunter#cybersecurity #infosec #pentesting
2023-04-03 12:16:00
​​Awesome ForensicsCurated list of awesome free (mostly open source) #forensic analysis tools and resources.https://github.com/cugu/awesome-forensics#cybersecurity #infosec
2023-04-03 12:15:00
​​Sublime RulesSublime rules for email attack detection, prevention, and threat hunting.https://github.com/sublime-security/sublime-rules#cybersecurity #infosec
2023-04-03 06:58:29
​​msldapLDAP library for #auditing MS #ADhttps://github.com/skelsec/msldap
2023-04-02 20:23:00
​​WebDirScanWebDirScan is a tool for brute-forcing URIs (directories and files) on web servers by taking input directory to scan for files & directories recursively. It's written in Go and it's capable of multithreaded scanning.https://github.com/jayateertha043/WebDirScan#cybersecurity #infosec #pentesting
2023-04-02 16:19:00
​​ssh-log-auditor Python scriptssh-log-auditor An open source Python script will detect potential SSH brute-force attacks and creates a CSV report. If the number of failed login attempts from a given IP address exceeds a certain threshold (default value is 5), the script alerts the user and outputs the IP address, username, date, number of failed attempts, and location information to a CSV file (default file name is failed_login_attempts.csv).https://github.com/bigb0x/ssh-log-auditor#cybersecurity #infosec #blueteam
2023-04-02 12:29:27
​​padrepadre is an advanced exploiter for Padding Oracle attacks against CBC mode encryption.Features:• blazing fast, concurrent implementation• decryption of tokens• encryption of arbitrary data• automatic fingerprinting of padding oracles• automatic detection of cipher block length• HINTS! if failure occurs during operations, padre will hint you about what can be tweaked to succeed• supports tokens in GET/POST parameters, Cookies• flexible specification of encoding rules (base64, hex, etc.)https://github.com/glebarez/padre#infosec #pentesting #redteam
2023-04-02 12:28:48
​​Multi-RFID keyfobThe Multi-RFID keyfob is a low-tech, cost-effective solution that features six independent RFID tags, including 3x Low Frequency T5577 ("Universal" LF Tags) and 3x MIFARE Classic® Compatible 1K UID Modifiable DirectWrite / Gen2 Tags (Android Compatible). It is activated by pressing and holding the corresponding button for each tag. The keyfob does not require batteries, making it a highly convenient tool for those who need to ensure they have access to LF/HF blank tags at all times.Buy online: 🛒 $4.20 🔥 https://ali.ski/EX6zX#RFID
2023-04-02 12:15:01
​​Crypto #OSINT investigationA collection of resources useful for OSINT Investigations on Cryptocurrencies and WEB3. For sure, it isn't a complete resource, most of what you find here is related to some investigation I did. Feel free to fork and make any addition you want.https://github.com/aaarghhh/awesome_osint_criypto_web3_stuff#cybersecurity #infosec
2023-04-02 12:15:00
​​XXElixir 🧪This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.https://github.com/kljunowsky/XXElixir#bugbounty #pentesting #infosec
2023-04-02 12:14:00
​​Malware AnalysisA repository to organize my malware write-ups that are too long or just don't work as Twitter threads.https://github.com/dodo-sec/Malware-Analysis#malware #cybersecurity #infosec
2023-04-02 11:30:08
​​n0kovo subdomain wordlistAn extremely effective subdomain wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.https://github.com/n0kovo/n0kovo_subdomainsDetails:https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/#bugbounty #pentesting #infosec
2023-04-02 09:28:13
​​ChatGPT#ChatGPT Desktop Application (Mac, Windows and Linux)Features:▫️ Multi-platform: macOS Linux Windows▫️ Text-to-Speech▫️ Export ChatGPT history (PNG, PDF and Markdown)▫️ Automatic application upgrade notification▫️ Common shortcut keys▫️ System tray hover window▫️ Powerful menu items▫️ more...https://github.com/lencx/ChatGPT
2023-04-02 08:33:23
​​Awesome WordlistsA curated list of wordlists for bruteforcing and fuzzing.https://github.com/n0kovo/awesome-wordlists#infosec #bugbounty #pentesting
2023-04-01 20:24:00
​​DockerSecurityPlaygroundA Microservices-based framework for the study of Network Security and Penetration Test techniques.→ Create network and network security scenarios, in order to understand network protocols, rules, and security issues by installing DSP in your PC.→ Learn penetration testing techniques by simulating vulnerability labs scenarios→ Manage a set of docker-compose project . Main goal of DSP is to learn in penetration testing and network security, but its flexibility allows you the creation, graphic editing and managment run / stop of all your docker-compose labs.https://github.com/DockerSecurityPlayground/DSPWebsite:https://secsi.io/docker-security-playground/#cybersecurity #infosec #pentesting
2023-04-01 20:23:00
​​HakoriginfinderTool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!https://github.com/hakluke/hakoriginfinder#cybersecurity #infosec #bugbounty #pentesting
2023-04-01 16:45:57
Happy Birthday Fox :)😘
2023-04-01 16:19:00
​​PatchGuardBypassBypassing PatchGuard on modern x64 systems.https://github.com/AdamOron/PatchGuardBypass#cybersecurity #infosec #pentesting #redteam
2023-04-01 12:16:00
​​yetAnotherObfuscatorA C# obfuscator tool that can bypass Windows Defender antivirus. I made this tool mainly as an excuse to learn more about C# and how obfuscators function.https://github.com/0xb11a1/yetAnotherObfuscator#cybersecurity #infosec #pentesting #redteam
2023-04-01 12:15:00
​​HeapCryptEncypting the Heap while sleeping by hooking and modifying Sleep with our own function that encrypts the heap, sleeps for a moment then decrypts the heap:👇https://github.com/TheD1rkMtr/HeapCrypt#cybersecurity #infosec
2023-03-31 17:56:36
​​OPC UA Network FuzzerThe network fuzzer based on the boofuzz network fuzzer as a framework—which helped us successfully target the KepwareEX server, and trigger a crash that we were able to use to develop a remote code execution exploit against and earn $20,000 at the contest.https://github.com/claroty/opcua_network_fuzzerDetails:https://claroty.com/team82/research/team82-releases-homegrown-opc-ua-network-fuzzer-based-on-boofuzz#infosec #cybersecurity #pentesting #redteam
2023-03-31 17:55:40
​​BoofuzzA fork and successor of the Sulley Fuzzing Framework.Features:• Easy and quick data generation.• Instrumentation – AKA failure detection.• Target reset after failure.• Recording of test data.https://github.com/jtpereyda/boofuzz#cybersecurity #infosec #bugbounty #pentesting
2023-03-31 16:19:00
​​FrilaneAutomated iOS Frida Gadget injection and Testflight deployment using Frida and Fastlane.https://github.com/gjfvieira/frilane#cybersecurity #infosec
2023-03-31 12:15:00
emp3r0rA post-exploitation framework for Linux/Windows.https://github.com/jm33-m0/emp3r0r#cybersecurity #infosec #pentesting #redteam
2023-03-31 10:20:31
​​ACEMAGICIAN T8 PlusA mini PC that features the latest Intel Processor N95 “Alder Lake N-Series” quad-core processor with up to 3.4 GHz turbo frequency, and 16EU Intel HD graphics @ 1.2 GHz. It comes with 8GB LPDDR5 memory, a 256GB M.2 NVMe SSD, and is equipped with three HDMI 2.0b ports, dual gigabit Ethernet ports, three USB 3.0 ports, a WiFi 5 and Bluetooth 4.2 wireless module, and a 3.5mm audio jack, plus a Kensington lock slot. The computer ships with Windows 11 Pro but Kali Linux is also supported. Buy online: 🛒 https://amzn.to/3zjDCsw#ACE #minipc
2023-03-30 20:23:00
​​pathbusterA path-normalization pentesting tool.→ Implement --filter-status which will filter the status codes.→ Implement --filter-body-size which will filter the response sizes.→ Implement --drop-after-fail which will ignore requests with the same response code multiple times in a row.→ Fixed a ton performance issues and included directory bruteforcing at the end.https://github.com/ethicalhackingplayground/pathbuster#infosec #bugbounty #pentesting
2023-03-30 20:22:00
​​WebRecon2A re-write of WebRecon. It's faster and prettier.WebRecon2 utilizes the best tools available, each great at their own job, and combines them into a single script to automate a workflow that would typically be followed manually when performing subdomain enumeration against a bug bounty program. Each of the tools listed below will need to be accessible within your $PATH for WebRecon2 to work.https://github.com/sammooredev/WebRecon2#cybersecurity #infosec #bugbounty #pentesting
2023-03-30 12:15:00
​​JsleakA tool to find secret, paths or links in the source code during the recon.Features:• Discover secrets in JS files such as API keys, tokens, and passwords.• Identify links in the source code.• Complete Url Function• Concurrent processing for scanning of multiple Urls• Check status code if the url is alive or nothttps://github.com/channyein1337/jsleak#cybersecurity #infosec #bugbounty #pentesting
2023-03-29 20:23:00
​​Awesome #OSINTA curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources)https://github.com/jivoi/awesome-osint#cybersecurity #infosec
2023-03-29 16:20:00
​​Rusty Hog A secret scanner built in Rust for performance, and based on TruffleHog which is written in Python. Rusty Hog provides the following binaries:👇https://github.com/newrelic/rusty-hog#cybersecurity #infosec #bugbounty #pentesting
2023-03-29 16:19:05
​​Early bird + Parent Process Id SpoofingThis technique is already well known but still powerfull. The main idea is to queue an user APC into a suspended process, avoiding the need to create a new thread. Since the process is launch in suspended state, EDR's haven't placed any hooks yet.https://github.com/b4rth0v5k1/EarlyBirdNTDLL#infosec #redteam
2023-03-29 16:19:00
​​VBoxCloakA PowerShell script that attempts to help #malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to evade analysis. Guaranteed to bring down your pafish ratings by at least a few points ;)https://github.com/d4rksystem/VBoxCloak#cybersecurity #infosec
2023-03-29 13:22:10
​​HardHat C2A cross-platform, collaborative, Command & Control framework written in C#, designed for red teaming and ease of use.https://github.com/DragoQCC/HardHatC2#cybersecurity #infosec #pentesting #redteam
2023-03-29 12:36:40
​​Kingston IronKey Vault Privacy 50IronKey Vault Privacy series are encrypted USB drives that offer high-level security for your data. They use FIPS 197 certified AES 256-bit hardware-encryption in XTS mode to protect your data from unauthorized access. They also have features to prevent BadUSB attacks, Brute Force attacks, and malware infection. You can choose from different password options and modes to suit your needs. VP50 series are compatible with Endpoint Management software and meet TAA compliance standards. They are available in Type-A and Type-C versions.Buy online: 🛒 https://amzn.to/3FVSzEX#usb #security #kingston #encrypted
2023-03-29 12:16:00
​​hacking-writeupsHelpful shell commands and lots of writeups from machines solved on Hack the Box and also walkthroughs from CTF competitions.https://github.com/BitFlippa27/hacking-writeups/tree/main/htb/ctf/cyber-apocalypse-2023/web#cybersecurity #infosec #pentesting #redteam
2023-03-29 12:15:00
​​Powershell String CleanerSimple script to deobfuscate Powershell formatting strings.https://github.com/dr4k0nia/tooling-playground/tree/main/PowershellStringCleaner#cybersecurity #infosec
2023-03-29 08:39:59
​​FreeMetsrvLoaderFork of freeBokuLoader which targets and frees Metsrv's initial reflective DLL package.https://github.com/attl4s/freeMetsrvLoader#cybersecurity #infosec #pentesting #redteam
2023-03-29 07:49:45
​​Awesome PythonA curated list of awesome #Python frameworks, libraries, software and resources.https://github.com/vinta/awesome-python
2023-03-28 20:23:00
​​AIxA cli tool to interact with Large Language Models (LLM) APIs.Features:• AMA with AI over CLI• Query LLM APIs (OpenAI)• Supports GPT-3.5 and GPT-4.0 models• Configurable with OpenAI API key• Flexible output optionshttps://github.com/projectdiscovery/aix#cybersecurity #infosec
2023-03-28 16:20:00
​​kitsec-coreA minimalistic Python framework for fast and centralized ethical hacking.Kitsec impressed me. It's user-friendly and centralized, making it fast and efficient. It offers a wide range of capabilities, including OWASP Top 10 coverage, fuzzing, port scanning and more. It's an exceptional ethical hacking tool that I highly recommend.https://github.com/kitsec-labs/kitsec-coreWiki:https://www.kitsec.app/docs/Features#cybersecurity #infosec #pentesting #redteam
2023-03-28 16:19:00
​​PHP filter chains oracle exploitA CLI to exploit parameters vulnerable to PHP filter chain error based oracle.https://github.com/synacktiv/php_filter_chains_oracle_exploit#cybersecurity #infosec #pentesting #redteam
2023-03-28 09:52:39
​​Red Team Guides A platform that provides red team tutorial and guidance along with cheatsheets. It is aimed at helping security professionals and enthusiasts to learn about red teaming and penetration testing techniques. https://github.com/redteamguid…
2023-03-28 09:52:25
​​Red Team GuidesA platform that provides red team tutorial and guidance along with cheatsheets. It is aimed at helping security professionals and enthusiasts to learn about red teaming and penetration testing techniques.https://github.com/redteamguides/redteamguides.github.ioWeb:https://redteamguides.com#pentesting #redteam
2023-03-28 09:35:52
💰 Donate Dear subscribers, please support us and our work❣️ https://www.buymeacoffee.com/HackGit Dear channel sponsors, if you want you can get a little bonus from us 🍻 BTC: 1987zNaVX53v7tzpKRRde84uXbDYjuNykL TON: UQAAZ1BFX5OsybSryoFunzyJN3F7oKWMbZNPlwMTcVK8mEzA…
2023-03-28 07:38:10
​​NekoBox for AndroidSing-box / universal proxy toolchain for #Android.https://github.com/MatsuriDayo/NekoBoxForAndroidWeb:https://matsuridayo.github.io/#privacy
2023-03-27 20:23:00
​​100 Bug Bounty SecretsI'm going to reveal a hundred secrets of bug bounty!https://github.com/NafisiAslH/KnowledgeSharing/tree/main/CyberSecurity/Web/100BugBountySecrets#bugbounty #pentesting
2023-03-27 16:20:00
​​403-bypassThis is the tool that I wrote when I was working for pentest.https://github.com/channyein1337/403-bypass#bugbounty #pentesting
2023-03-27 16:19:00
​​Bulk 403 BypassThis is a Bash script that performs bulk 403 bypass by adding a custom header to HTTP requests. It can be useful for testing whether a website is vulnerable to 403 bypass techniques.https://github.com/aardwolfsecurityltd/Bulk_403_Bypass#bugbounty #pentesting
2023-03-27 13:16:58
​​MeLE Quieter2D Mini PCMeLE is now offering its Quieter2D ultrathin fanless mini PC without an operating system, ideal for those who only want to run Linux and not pay extra for a Windows license. The mini PC is equipped with an Intel Celeron N4000 dual-core processor, 4GB RAM, and 64GB or 128GB eMMC storage. Other features include an M.2 2280 SATA/NVMe socket, two HDMI 2.0 ports, Gigabit Ethernet and WiFi 5 connectivity, and four USB 3.0 ports. MeLE also provides an unlocked BIOS suitable for IoT and business users to customize features. While the previous model had some issues with Ubuntu, the company assures that this new version may not be affected.Buy online: 🛒 https://amzn.to/3ZiQzxe🛒 https://ali.ski/gnGtth#minipc #mele
2023-03-27 12:16:00
​​afrogA Vulnerability Scanning Tools For Penetration Testingafrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command execution, etc. It helps network security practitioners quickly verify and fix vulnerabilities in a timely manner.https://github.com/zan8in/afrog#cybersecurity #infosec #bugbounty #pentesting
2023-03-27 12:15:00
​​scorecardOpenSSF Scorecard - Security health metrics for Open Source.https://github.com/ossf/scorecard#cybersecurity #infosec
2023-03-27 08:09:12
​​SliverOpen source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys.https://github.com/BishopFox/sliver#cybersecurity #infosec #pentesting #redteam
2023-03-27 07:47:21
​​NETworkManagerA powerful tool for #managing #networks and troubleshoot network problems!You can connect to and manage remote systems via Remote Desktop, PowerShell, PuTTY, TigerVNC or AWS (Systems Manager) Session Manager. Furthermore it contains features like a WiFi analyzer, IP scanner, port scanner, ping monitor, traceroute, DNS lookup or a LLDP/CDP capture (and many more) to analyze your network and troubleshoot network problems. You can save your hosts (or networks) in profiles which can be used in the various features. For additional security, the profile file can be encrypted.https://github.com/BornToBeRoot/NETworkManager
2023-03-26 20:23:00
​​Red Teaming toolAnd many more. I created this repo to have an overview over my starred repos. I was not able to filter in categories before. Feel free to use it for yourself. I do not list Kali default tools as well as several testing tools which are state of the art.https://gist.github.com/z0rs/e1c640e2892cb6737602fec5d5496480#redteam #infosec #pentesting
2023-03-26 12:22:28
Ffuf A fast web fuzzer written in Go Features: ▫️ Fast! ▫️ Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values ▫️ Silent mode (-s) for clean output that's easy to use in pipes to other processes.…
2023-03-26 12:15:00
​​PoC-Malware-TTPsProof of Concept Code Repository for Malware TTPs.https://github.com/knight0x07/PoC-Malware-TTPs#malware #cybersecurity #infosec
2023-03-26 08:16:02
​​Offensive AI CompilationA curated list of useful resources that cover Offensive AI.https://github.com/jiep/offensive-ai-compilation#cybersecurity #infosec #pentesting #redteam
2023-03-25 20:23:00
​​A RedTeam ToolkitARTToolkit is an interactive cheat sheet, containing an useful list of offensive security tools and their respective commands/payloads, to be used in red teaming exercises.https://github.com/arttoolkit/arttoolkit.github.ioFind the project at: https://ARTToolkit.github.io#redteam #infosec
2023-03-25 16:19:00
​​Malicious Software Packages DatasetAn open-source dataset of malicious software packages found in the wild, 100% vetted by humans.https://github.com/DataDog/malicious-software-packages-dataset#malware #cybersecurity #infosec
2023-03-25 13:00:00
​​10K 🥷We have reached a wonderful milestone of 10,000 subscribers on our Telegram channel! 🥰 This is truly an incredible moment and we are immensely grateful to all of you who have been with us since the very beginning, helping us by reposting our content and recommending us to your friends. To those who have made donations, a special and heartfelt thank you. We sincerely hope that we have lived up to your expectations and justified every penny😘.For some, 10,000 may not seem like a big number, but we believe that each and every one of our subscribers is worth more than 100 who are not ours. We love and appreciate all of you and we thank you again for your support! ❤️
2023-03-25 12:59:53
2023-03-25 12:16:00
​​WCEThis Python tool enables network node command and exfiltration while applying OPSEC to ensure the process is hidden by transmitting commands through window flags.https://github.com/Cyber-Guy1/WCE#redteam #cybersecurity #infosec
2023-03-25 12:15:00
​​Untitled Goose ToolUntitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.https://github.com/cisagov/untitledgoosetool#cybersecurity #infosec
2023-03-25 08:08:33
​​CVE-2023-23752Joomla! < 4.2.8 - Unauthenticated information disclosure.https://github.com/Acceis/exploit-CVE-2023-23752#cve #exploit #cybersecurity #infosec
2023-03-24 16:20:00
​​AM0N-EyeAM0N-Eye is an advanced #RedTeam & Adversary Simulation Software for C2 operations, featuring opsOpec tools and techniques for AV/EDR evasion, shellcode generation, persistence, BOF, and payload generation.• Linux, MacOS and windows c2 server• Fake Alert techniques• AV/EDR evasion techniques• shellcode Generator & obfuscatior• Persistence techniques• New BOF• AV/EDR Recon• PayloadGenerator Undetected by antivirus programs• custom malwares• New c2 profileshttps://github.com/S3N4T0R-0X0/AM0N-Eye@HackGit
2023-03-24 16:19:00
​​ArcA manager for your secrets made of arc, a RESTful API server written in Go which exposes read and write primitives for encrypted records, and arc, the client application implemented in HTML5 and javascript, which runs in every modern browser and it is served by arc itself.Records are generated, encrypted and decrypted client side by arc (with AES256 in GCM mode, using 10000 iterations for the PBKDF2 key derivation function, everything WebCrypto based ), which offers an intuitive management system equipped with UI widgets including:👇https://github.com/evilsocket/arc#cybersecurity #infosec #infosecurity
2023-03-24 12:47:47
​​Shell GPTA command-line productivity tool powered by #ChatGPT, will help you accomplish your tasks faster and more efficiently.https://github.com/TheR1D/shell_gpt
2023-03-24 12:35:43
​​ROCK Pi E (for Ethernets)ROCK Pi E is a Rockchip RK3328 based SBC(Single Board Computer) by Radxa. It equips a 64bits quad core processor, USB 3.0, dual ethernets, wireless connectivity at the size of 2.5x2.2 inch(56x65mm), making it perfect for IoT and network applications. ROCK Pi E comes in various ram sizes from 512MB to 4GB DDR3, and uses uSD card for OS and storage as well as supporting eMMC module. Optionally, ROCK Pi E supports PoE, additional HAT is required.Website:https://rockpi.eu/RockpiEBuy online: 🛒 https://ali.ski/oLQUm#board #minipc #rockpi
2023-03-24 12:16:00
​​Self-WayBuilt to learn ethical hacking on your own. Includes guides, tutorials, cheat sheets and tools. The guides are accessible directly from CLI.https://github.com/NeverWonderLand/Self-Way#cybersecurity #infosec #redteam #pentesting
2023-03-24 12:15:00
​​IP-ObfuscatorHide an IP address in scripts by hex/decimal conversions. Works in Linux and Windows, or even browsers.https://github.com/bobby-tablez/IP-Obfuscator#cybersecurity #infosec
2023-03-24 09:12:00
​​CVE-2023-27532Proof of Concept code to exploit CVE-2023-27532 and either leak plaintext credentials or perform remote command execution.https://github.com/sfewer-r7/CVE-2023-27532#cve #exploit #cybersecurity #infosec
2023-03-23 20:24:00
​​SecretOpt1c A #RedTeam tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!https://github.com/blackhatethicalhacking/SecretOpt1c#cybersecurity #infosec #pentesting
2023-03-23 20:23:00
​​Fofa_ViewerFofa Viewer is a user-friendly FOFA client written in JavaFX, attributed to the WgpSec Community and primarily maintained by f1ashine. By leveraging the powerful internet search engine FoFa, it encapsulates many commonly used APIs into a concise UI, making it easier for cybersecurity professionals to hunt for vulnerabilities on target websites. With its out-of-the-box functionality, Fofa Viewer streamlines the search process, helping penetration testers quickly obtain the information they need.https://github.com/wgpsec/fofa_viewer/blob/master/README.en.md#cybersecurity #infosec
2023-03-23 16:20:00
​​wildcrawlBash script that crawls a target URL to get a better image of what is tied to a website.https://github.com/NeverWonderLand/wildcrawl#bugbounty #pentesting
2023-03-23 16:19:00
​​SpoofyA program that checks if a list of domains can be spoofed based on SPF and DMARC records.https://github.com/MattKeeley/Spoofy#bugbounty #pentesting
2023-03-23 12:15:00
​​Dependency-CheckOWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.https://github.com/jeremylong/DependencyCheck#cybersecurity #infosec
2023-03-23 08:26:10
​​LeakySAB-PoCPoC of 'LeakySAB' a vulnerability allowing extraction of usenet provider password from a SABnzbd instance.https://github.com/rlaphoenix/LeakySAB-PoC#cybersecurity #infosec
2023-03-23 08:00:18
​​NidhoggA multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file with simple usage, you can see an example here.Nidhogg can work on any version of x64 Windows 10 and Windows 11.https://github.com/Idov31/Nidhogg#pentesting #redteam #cybersecurity #infosec
2023-03-22 20:23:00
​​CrassusCrassus Windows privilege escalation discovery tool.https://github.com/vu-ls/Crassus#pentesting #redteam #cybersecurity #infosec
2023-03-22 18:23:14
​​WFNWindows Firewall #Notifier extends the default #Windows embedded #firewall by allowing to handle and notify about outgoing connections, offers real time connections monitoring, connections map, bandwidth usage monitoring and more...https://github.com/wokhan/WFN
2023-03-22 16:19:00
​​rdi-rsRusty Reflective DLL Injection - A small reflective loader in Rust 4KB in size.https://github.com/memN0ps/rdi-rs#pentesting #redteam
2023-03-22 12:15:00
​​AWS Customer Security IncidentsSecurity is an exercise in managing risk. Reviewing the common root causes of security incidents is an effective way to guide prioritized remediation efforts.https://github.com/ramimac/aws-customer-security-incidents#cybersecurity #infosec
2023-03-22 11:31:18
​​#DevOps GuideDevelopment to Production all configurations with basic notes to debug efficiently.https://github.com/Tikam02/DevOps-Guide
2023-03-22 09:24:16
EqualNetA Secure and Practical Defense for Long-term Network Topology Obfuscationhttps://github.com/Abduarraheem/Mimic-EqualNet#cybersecurity #infosec
2023-03-21 20:24:00
​​ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.https://github.com/lgandx/Responder#cybersecurity #infosec #pentesting #redteam
2023-03-21 20:23:00
​​(ISC)2 Certified in CybersecurityThe content in this repo is based on the self-paced course called Certified in #Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity.In this entry-level cybersecurity certification, the domains included are: Security Principles, Business Continuity, Disaster Recovery & Incident Response Concepts, Access Controls Concepts, Network Security and Security Operations.https://github.com/cyberfascinate/ISC2-CC-Study-Material
2023-03-21 16:20:00
​​Elevate-System-Trusted-BOFThis BOF can be used to elevate the current beacon to SYSTEM and obtain the TrustedInstaller group privilege. The impersonation is done through the SetThreadToken API.https://github.com/Mr-Un1k0d3r/Elevate-System-Trusted-BOF#cybersecurity #infosec #pentesting #redteam
2023-03-21 16:19:00
​​CEH-Exam-QuestionsPlanning To Take Certified Ethical Hacker (CEH)? Here are github repo with 125 questions and answers to help you prep for the test.https://github.com/ryh04x/CEH-Exam-Questions#cybersecurity #infosec
2023-03-21 12:16:00
​​pyThreadlessInjectA python port of CCob's ThreadlessInject, because why should C# have all the fun?!https://github.com/rkbennett/pyThreadlessInject#cybersecurity #infosec #redteam
2023-03-21 12:15:00
​​bootdoor An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot.https://github.com/realoriginal/bootdoor#cybersecurity #infosec #redteam
2023-03-21 08:08:53
#Malware and #Reverse Engineering Complete Collection.https://github.com/CyberSecurityUP/Awesome-Malware-and-Reverse-Engineering
2023-03-20 18:57:29
​​Black Angel RootkitBlack Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.https://github.com/XaFF-XaFF/Black-Angel-Rootkit#pentesting #redteam
2023-03-20 18:56:39
​​Parallels Desktop VM EscapeThis repository contains an exploit for a Parallels Desktop vulnerability which has been assigned CVE-2023-27326. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop.The exploit was tested on Parallels Desktop version 18.0.0 (53049), and the vulnerability was patched in the 18.1.1 (53328) security update.https://github.com/Impalabs/CVE-2023-27326Details:https://blog.impalabs.com/2303_advisory_parallels-desktop_toolgate.html#cve #exploit #cybersecurity #infosec
2023-03-20 12:15:00
​​Windows Atom Table HijackingPrivilege Escalation in Windows 7/8/10 through Atom Table Hijacking.https://github.com/SleepTheGod/Windows-Atom-Table-Hijacking
2023-03-19 19:22:00
​​Nuclei Wordfence CVEhttps://github.com/topscoder/nuclei-wordfence-cve#cybersecurity #infosec #cve #pentesting
2023-03-19 15:19:00
​​BeEFBeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.https://github.com/beefproject/beefWebsite:https://beefproject.com/#kali #pentesting #redteam #best
2023-03-19 15:18:00
​​Authentication Token Obtain and Replace ExtenderThe plugin is created to help automated scanning using Burp in the following scenarios:▫️ Access/Refresh token▫️ Token replacement in XML,JSON body▫️ Token replacement in cookies▫️ The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become tricky and do not work in scenarios where the replacement text is either JSON, XML.https://github.com/portswigger/ator
2023-03-19 11:14:08
​​imgdevilQuick and dirty proof-of-concept to hide shells in images.https://github.com/nyxgeek/imgdevilShells in Plain Sight - Storing Payloads in the Cloud:https://www.trustedsec.com/blog/shells-in-plain-sight-storing-payloads-in-the-cloud#cybersecurity #infosec #pentesting #redteam
2023-03-19 11:14:00
​​Dark Web ArchivesAll public/Privately leaked Dark Web Marketplace (DNM) Scripts, Source codes and information.https://github.com/D4RK-R4BB1T/Dark-Web-Archives
2023-03-18 20:23:00
​​Awesome Cyber SkillsA curated list of hacking environments where you can train your cyber skills legally and safely.https://github.com/joe-shenouda/awesome-cyber-skills#cybersecurity #infosec
2023-03-18 19:22:00
​​ldrLdr is an unsuccesful attempt at a Rust BOF/COFF loader. It works for the simplest of object files, but crashes every time. The beacon functions themselves have also not been implemented well.https://github.com/yamakadi/ldr#redteam
2023-03-18 18:21:00
​​All about bug bountyThese are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!https://github.com/daffainfo/AllAboutBugBounty#bugbounty #pentesting #infosec
2023-03-18 17:20:00
​​Sirius ScanSirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for #cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Scan intends to leverage.https://github.com/SiriusScan/Sirius#infosec #pentesting #redteam
2023-03-18 17:19:00
​​CVE-2023-0861Analyzing and reproducing the command injection vulnerability in Netmodule routers.https://github.com/seifallahhomrani1/CVE-2023-0861-POC#cve #poc
2023-03-18 11:29:06
​​GPT_Vuln-analyzerUses #ChatGPT API and Python-Nmap module to use the GPT3 model to create vulnerability reports based on #Nmap scan data.https://github.com/morpheuslord/GPT_Vuln-analyzer#cybersecurity #infosec
2023-03-18 11:28:59
​​Kebidu Remote Control \ DuplicatorThe Kebidu Duplicator is a versatile device that can clone a variety of remote control IC modules for garage doors, motorcycles, car alarms, and more. It has a working voltage of DC12V and operates at a frequency of 433MHz, with an emission distance of 50 to 100 meters. The device can delete existing codes and easily clone original remotes, making it simple to use. It comes with a metal and plastic construction and weighs only 50g, making it portable and convenient to use on the go.Buy online: 🛒 $1.21 https://alii.pub/6n9fhf🛒 https://amzn.to/40fbG4z#remote #RF
2023-03-18 11:22:54
​​wifi_dbScript to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes (in 22000 hashcat format), MGT identities, interesting relations between APs, clients and it's Probes, WPS information and a global view of all the APs seen.https://github.com/r4ulcl/wifi_db#cybersecurity #infosec #pentesting
2023-03-18 11:14:00
​​Signature-BaseSignature-Base is the YARA signature and IOC database for our scanners LOKI and THOR Litehttps://github.com/Neo23x0/signature-base#cybersecurity #infosec
2023-03-18 09:30:46
2023-03-18 09:12:00
​​WinSpoofThis PoC code demostrate how TpAllocWork, TpPostWork and TpReleaseWork can be used to execute machine code, the code start a image file by calling:👇 https://github.com/mobdk/WinSpoof#cybersecurity #infosec
2023-03-18 07:46:26
Let's reach the 9,000-subscriber milestone together - please share our posts with your friends! 🥰
2023-03-17 18:26:47
​​Bypass PaywallsA web browser #extension to help #bypass paywalls for selected sites.https://github.com/iamadamdev/bypass-paywalls-chrome
2023-03-17 16:19:00
​​CVE-2023-0179This repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 5.5 to 6.2-rc3, although the exploit was tested on 6.1.6.https://github.com/H4K6/CVE-2023-0179-PoC#cve #poc #exploit
2023-03-17 11:14:00
​​BinwalkA fast, easy to use tool for analyzing, #reverse engineering, and extracting firmware images.https://github.com/ReFirmLabs/binwalk
2023-03-17 10:22:19
​​CVE-2023-27842eXtplorer 2.1.15 - Insecure Permissions following RCE (Authenticated)https://github.com/tristao-marinho/CVE-2023-27842#cve #poc #RCE
2023-03-17 10:19:48
​​CVE-2023-23396Microsoft Excel DoS Vulnerability→ Here you can download the exploit.→ Here you can read my report.→ Here you can buy me a unicorn 🦄https://github.com/LucaBarile/CVE-2023-23396#cve #poc #exploit
2023-03-17 10:15:10
​​CVE-2023-27587ReadtoMyShoe - Generation of Error Message Containing Sensitive Information.https://github.com/sec-fx/CVE-2023-27587-PoCnuclei-template:https://github.com/sec-fx/CVE-2023-27587-PoC/tree/main/nuclei-templates/cves/2023#cve #poc
2023-03-16 15:19:00
​​HashtopolisA #Hashcat wrapper for distributed hashcracking.https://github.com/hashtopolis/server#redteam
2023-03-16 15:18:00
​​CVE-2023-23752#Joomla unauthorized access to webservice endpoints.https://github.com/Jenderal92/Joomla-CVE-2023-23752#pentesting #redteam
2023-03-16 12:15:00
​​GoblobA lightweight and fast enumeration tool designed to aid in the discovery of sensitive information exposed publicy in Azure blobs, which can be useful for various research purposes such as vulnerability assessments, penetration testing, and reconnaissance.https://github.com/Macmod/goblob#pentesting #bugbounty
2023-03-16 11:14:00
​​IPv4Fuscation-EncryptedC++ IPv4Fuscation technique to execute XOR #encrypted #shellcode stored in IP address format to help reduce entopy and detections on the typical hex/base64/other encoding techniques that are frequently used.https://github.com/wsummerhill/IPv4Fuscation-Encrypted
2023-03-16 10:10:15
​​WiFi Devboard for Flipper ZeroThe WiFi Devboard for Flipper Zero is a specialized board based on ESP32-S2, designed specifically for the Flipper Zero hacking device. This devboard enables advanced in-circuit debugging via USB or Wi-Fi using the Black Magic Probe open source project. It also allows for Wi-Fi penetration testing and connectivity to the internet, which is not provided by the module itself and must be implemented separately.Buy online: 🛒 https://amzn.to/3LmmSrZ#board #flipperzero #ESP32 #wifi
2023-03-16 09:15:01
​​PS2A port scanner written purely in PowerShell.https://github.com/nccgroup/PS2#pentesting #redteam
2023-03-16 09:13:00
​​BountyTricksSharing #BugBounty tips and tricks with the community including but not limited to automation, one liners and useful thoughts.https://github.com/NagliNagli/Shockwave-OSS#pentesting
2023-03-16 09:12:00
​​Container Security ChecklistChecklist for container security devsecops practices.https://github.com/krol3/container-security-checklist#kubernetes #docker #security #cheatsheet #blueteam
2023-03-15 12:15:00
​​Chaos ClientGo client to communicate with Chaos DB API.https://github.com/projectdiscovery/chaos-client#bugbounty
2023-03-15 10:13:00
​​PetitPotatoLocal privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)https://github.com/wh0amitz/PetitPotato#pentesting #redteam
2023-03-14 16:19:00
​​ScanAndroidXMLThis tool analyzes #Android app to find vulnerabilities in👇▫️ AndroidManifest.xml▫️ network_security_config.xml▫️ Firebase URLs from strings.xml.https://github.com/satishpatnayak/ScanAndroidXML#cybersecurity #infosec
2023-03-14 12:34:37
#Pentesting MindMaps▫️ AD penetration testing.▫️ Privilege escalation.▫️ Web penetration.https://github.com/eMVee-NL/MindMap#redteam
2023-03-14 11:30:31
​​List of Awesome macOS Red Teaming Resources.As more and more companies begin to adopt macOS as a daily office solution, we often encounter macOS operating system during our Pentest/Red Teaming process. How to #hacking #macOS, how to achieve Persistence under macOS, and using this as a starting point Lateral Movement to DC is a topic worth research.This list is for anyone who wants to learn about Red Teaming for macOS but has no starting point. 👇https://github.com/tonghuaroot/Awesome-macOS-Red-Teaming#redteam
2023-03-14 11:22:15
​​Bus PirateThe Bus Pirate is an open-source hacker multi-tool designed to interface with electronic devices, featuring protocols such as SPI, I2C, and 1-Wire, etc. It is capable of programming and analyzing low-end microcontrollers and features a range of additional functionalities, such as frequency measurement, pull-up resistors, and a logic analyzer. Developed by Dangerous Prototypes, based on a PIC24 MCU, and communicates with a host computer through USB. With its range of features and capabilities, the Bus Pirate is a useful tool for debugging, prototyping, and analyzing microcontrollers and other ICs.Repository:https://github.com/BusPirate/Bus_PirateBuy online: 🛒 v4.0 https://alii.pub/6n4jce🛒v3.6a https://amzn.to/3mOK87M#board #sniffer #dump
2023-03-14 09:12:00
​​Juicy Info Extraction Nuclei TemplatesNuclei templates for extracting juicy info from web pages.https://github.com/cipher387/juicyinfo-nuclei-templates#infosec #infosecurity #bugbounty
2023-03-13 15:18:05
​​JoelGMSecCollection of my talks and workshops about #hacking & #cybersecurity.https://github.com/JoelGMSec/MyTalks
2023-03-13 15:18:00
​​Red Team PlaygroundThe Red Team Playground is a #Dockerized vulnerable testing lab for learning and practicing #RedTeam concepts.Docker network containing many vulnerable targets for practicing Red Teaming concepts (initial access, priv esc, persistence, lateral, C2, evasion, etc).https://github.com/minispooner/red-team-playground
2023-03-13 11:15:00
​​OwnListCompilation of recent hacking-focused, #infosec related writeups, tools, etc.https://github.com/thelikes/ownlist#cybersecurity
2023-03-13 11:14:00
​​level_up! : Web3 Security WarGameslevel_up! is a smartcontracts challenge platform where users can register with their wallet and perform different challenges oriented to their security. In each challenge the corresponding Solidity code can be found for analysis.level_up! is based on the idea that the best way to improve smart contract security is through active participation. By motivating users to work in such an easy way to find security flaws, we hope to improve good programming practices within smart contracts.https://github.com/Telefonica/level_up
2023-03-13 09:12:00
​​PyShellPyShell is Multiplatform #Python #WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating system of the server.https://github.com/JoelGMSec/PyShell
2023-03-13 08:46:42
​​PS5 4.03 Kernel Exploit This repo contains an experimental WebKit ROP implementation of a PS5 kernel exploit based on TheFlow's IPV6 Use-After-Free (UAF), which was reported on HackerOne. The exploit strategy is for the most part based on TheFlow's BSD/PS4…
2023-03-13 07:12:33
​​DevSecOps 🔱Collection and #Roadmap for everyone who wants #DevSecOps. Hope your #DevOps are more safe 😎https://github.com/hahwul/DevSecOps
2023-03-12 11:15:00
​​Crawlector A threat hunting framework designed for scanning websites for malicious objects.https://github.com/MFMokbel/Crawlector#cybersecurity #bugbounty
2023-03-12 11:14:00
​​ChatGPT Prompts for Bug BountyA list of ChatGPT Prompts for Web Application Security, Bug Bounty, and Pentesting.https://github.com/TakSec/chatgpt-prompts-bug-bounty
2023-03-12 09:12:00
​​Cyber MindmapThis repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them.https://github.com/Ignitetechnologies/Mindmap#cybersecurity #infosec #pentesting #redteam
2023-03-11 15:18:00
​​WebGoat 8 A deliberately insecure web application maintained by OWASP designed to teach web application security lessons.https://github.com/WebGoat/WebGoat#pentesting #cybersecurity #infosec
2023-03-11 11:15:00
​​Awesome Pentest Tools CollectionThe tools listed below are commonly used in penetration testing, and the tool catalog is referenced from Kali Tools, most of which are open source software. https://github.com/arch3rPro/PentestTools#cybersecurity #infosec #pentesting #bugbounty #redteam
2023-03-11 11:14:00
​​nuclei templateshttps://github.com/DoubleTakes/nuclei-templates#bugbounty
2023-03-11 09:19:49
​​iOS Internals & Security TestingiOS is Apple's proprietary operating system that runs on the iPhone, iPod Touch and iPad. A lot of components are specific to #iOS. Here are key features of the iOS hardware and software security architecture and guide how to test your applications.https://github.com/vadim-a-yegorov/iOS-Internals-and-Security-Testing#cybersecurity #infosec
2023-03-11 09:19:47
​​Kingston IronKey Vault Privacy 80 External SSDThe IronKey™ External SSD is a user-friendly, hardware-encrypted external drive that protects data with touch screen technology. It safeguards against Brute Force attacks and #BadUSB with digitally-signed firmware and FIPS 197 certified XTS-AES 256-bit encryption. The device allows for multi-password protection with numeric PIN or passphrase modes and is ideal for on-the-go use. Buy online: 🛒 https://amzn.to/3FhjMS3#ssd #encrypted #security
2023-03-11 09:13:00
​​SWS-Recon A Python Tool designed to performed Reconnaissance on the given target website- Domain or SubDomain. SWS-Recon collects information such as Google Dork, DNS Information, Sub Domains, PortScan, Subdomain takeovers, Reconnaissance On Github and much more vulnerability scan.https://github.com/ShobhitMishra-bot/SWS-Recon-Tool#pentesting #bugbounty
2023-03-11 09:12:00
​​Penetration-Testing-ToolsA collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.https://github.com/mgeeky/Penetration-Testing-Tools#pentesting #bugbounty #redteam
2023-03-10 11:14:00
​​PSBitsSimple (relatively) things allowing you to dig a bit deeper than usual.https://github.com/gtworek/PSBits#cybersecurity #infosec #pentesting #redteam
2023-03-10 09:12:00
​​Supp'truderThis tool came from an idea I had while doing #bugbounty. I was very dissapointed on the common tools used to fuzz the http protocol, and I wad tired of doing some bash kung-fu or firing burp each time I had to fuzz something needing some pre treatment. That's where Supp'truder comes: It provides a unique set of tools to pre-process your payloads and some neat features that will save you some time !https://github.com/ElSicarius/Supp-truder
2023-03-10 07:05:50
​​NativePayloadsAll my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming.https://github.com/DamonMohammadbagher/NativePayloads#pentesting #redteam
2023-03-09 13:25:23
​​ThinkFun — Hacker Cybersecurity Logic GameThink Fun's "Hacker" is a fun, multicolor cybersecurity coding game and STEM toy suitable for boys and girls aged 10 and up. With over 50 million sold worldwide, Thinkfun is the world's leader in brain and logic games. Playing through the challenges in Hacker helps develop reasoning, planning, and core programming principles, providing a great stealth learning experience for young players. The game includes a game grid, control panel, challenge booklet, and various tokens and tiles. Clear instructions make it easy to start playing immediately.Buy online: 🛒 https://amzn.to/3ZRdgtg#games
2023-03-09 11:14:00
​​WAZUH Active-Response▫️ Blocking Unwanted Commands on Linux using CDB Lists.▫️ Blocking Unwanted Software Vendors on Windows using CDB Lists▫️ Remove-Threat by CDB List from Linux▫️ Remove-Threat by CDB List from Windowshttps://github.com/AliHaydarToprak/Wazuh-Active-Response
2023-03-09 09:12:00
​​Atomic Red TeamAtomic Red Team™ is a library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.https://github.com/redcanaryco/atomic-red-team#redteam
2023-03-09 07:12:45
​​Cheat sheet — attack active directoryThis cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.https://github.com/drak3hft7/Cheat-Sheet---Active-Directory#pentesting #ad #redteam
2023-03-07 19:00:00
​​CVE-2023-1112Drag and Drop Multiple File Uploader PRO - Contact Form 7 v5.0.6.1 Path Traversal (CVE-2023-1112)https://github.com/Nickguitar/Drag-and-Drop-Multiple-File-Uploader-PRO-Path-Traversal
2023-03-07 18:21:00
​​Google Dorks SimplifiedA simple explanation of google dorks, its uses and collection of best google #dorks to get the best and desired information.https://github.com/InfuriousICC/Google-Dorks-Simplified
2023-03-07 15:18:00
​​SlashSlash is Automated Osint Tool that allows you to #OSINT people by their username.https://github.com/theahmadov/slash
2023-03-07 09:12:00
​​DRat Decentralized Remote Administration Tool.https://github.com/SpenserCai/DRat#redteam
2023-03-07 08:34:36
​​CactiA complete #network #graphing solution designed to harness the power of RRDtool's data storage and graphing functionality providing the following features:▫️ Remote and local data collectors▫️ Device discovery▫️ Automation of device and graph creation▫️ Graph and device templating▫️ Custom data collection methods▫️ User, group and domain access controlshttps://github.com/Cacti/cactiWebsite:https://www.cacti.net/
2023-03-06 18:21:00
​​CCAT ☁️🐈Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.https://github.com/RhinoSecurityLabs/ccat#cybersecurity #pentesting
2023-03-06 15:18:00
​​Awesome Red TeamingList of Awesome #RedTeam / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.https://github.com/0xMrNiko/Awesome-Red-Teaming
2023-03-06 14:20:41
​​YubiKeyThe Yubico Security Key is a heavy-duty, tamper-resistant USB and NFC security key designed to protect online accounts against unauthorized access. It supports FIDO2, FIDO U2F, and other protocols, works with a wide range of online services, and is water and shock-resistant. With touch-based authentication, it provides an easy and secure way to protect your online accounts from phishing and account takeovers.Buy online: 🛒 https://amzn.to/3L0xdJL🛒 https://ali.ski/qAF720#security #key #usb
2023-03-06 13:51:59
​​slowlorisSlowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this:▫️ We start making lots of HTTP requests.▫️ We send headers periodically (every ~15 seconds) to keep the connections open.▫️ We never close the connection unless the server does so. If the server closes a connection, we create a new one keep doing the same thing.https://github.com/gkbrk/slowloris
2023-03-06 13:30:53
​​deepceDocker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)https://github.com/stealthcopter/deepce#infosec #pentesting
2023-03-06 12:29:19
​​Awesome Kubernetes (K8s) Threat DetectionA curated list of resources about detecting threats and defending Kubernetes systems.https://github.com/jatrost/awesome-kubernetes-threat-detection#cybersecurity
2023-03-06 11:14:00
​​Eval VillainThis is a web extension for Firefox that will hook dangerous functions, like eval, and warn you of their use. simplify the reverse engineering or debugging of JavaScript.https://github.com/swoops/eval_villain#pentesting #bugbounty
2023-03-06 09:12:00
​​DarkPhoenixTool to perform differential fault analysis attack (DFA) on whiteboxes with external encodings.https://github.com/SideChannelMarvels/DarkPhoenixDarkPhoenixAES attack:https://github.com/SideChannelMarvels/Deadpool/tree/master/wbs_aes_nsc2013/DFA#cybersecurity #infosec
2023-03-05 15:19:01
​​Awesome apisecA collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.https://github.com/arainho/awesome-api-security#cybersecurity
2023-03-05 15:18:00
​​MLHospitalMLHospital is a repo to evaluate inference attacks and the corresponding defenses against machine learning models.Currently we support membership inference attacks and attribute inference attacks.https://github.com/TrustAIResearch/MLHospital
2023-03-05 12:01:59
​​AfuzzAfuzz is an automated web path fuzzing tool for the #BugBounty projects.▫️ Afuzz automatically detects the development language used by the website, and generates extensions according to the language.▫️ Uses blacklist to filter invalid pages▫️ Uses whitelist to find content that bug bounty hunters are interested in in the page▫️ filters random content in the page▫️ judges 404 error pages in multiple ways▫️ perform statistical analysis on the results after scanning to obtain the final result.▫️ support HTTP2https://github.com/rapiddns/afuzz
2023-03-05 12:01:57
​​Lenovo ThinkPad X1 Carbon Gen 9The ThinkPad X1 Carbon Gen 9 laptop, powered by the Intel® Evo™ platform, boasts exceptional performance, long battery life, and stunning visuals with up to 11th Gen Intel® Core™ i7 vPro® processors. The laptop features an improved Intelligent Thermal Solution to keep it cool under pressure, an updated suite of built-in ThinkShield security solutions for seamless security, and a refined 16:10 display with narrow bezels and powerful Intel® Iris™ Xe graphics for vibrant visuals. The Dolby Atmos® Speaker System and Dolby Voice® improve remote collaboration, and the laptop offers a true smartphone-like experience with speedy WiFi 6 and optional 4G/5G WWAN. Additionally, the ThinkPad X1 Carbon Gen 9 is military-grade tough, having been tested against 12 military-grade requirements and over 200 quality checks.Buy online: 🛒 https://amzn.to/3L2RJcZ#thinkpad #laptop
2023-03-05 11:15:00
​​Awesome Penetration TestingA collection of awesome penetration testing and offensive cybersecurity resources.https://github.com/enaqx/awesome-pentest#pentesting
2023-03-05 09:13:01
​​XSSHunterThe fastest way to set up XSS Hunter to test and find blind cross-site scripting vulnerabilities.https://github.com/trufflesecurity/xsshunterXSSHunter repository is not in a deploy-able state. This fork fixes that. https://github.com/rs-loves-bugs/xsshunter#pentesting #bugbounty #redteam
2023-03-05 09:12:03
​​EPSS API ClientEPSS(Exploit Prediction Scoring System) API client.EPSS is the one of famous vulnerability score developed by FIRST (the Forum of Incident Response and Security Teams).https://github.com/kannkyo/epss-api
2023-03-05 09:12:00
​​X-forceIBM Security utilitary library in python. Search and query all sources: threat_activities and groups, malware_analysis, industrieshttps://github.com/Jul10l1r4/X-force#cybersecurity #infosec
2023-03-04 15:18:00
​​Envizon Network visualization & pentest reportingThis tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, 'envizon'. We hope your feedback will help to improve and hone it even further.https://github.com/evait-security/envizon
2023-03-04 11:15:00
​​XSStrikeAdvanced #XSS Detection SuiteXSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.https://github.com/s0md3v/XSStrike#pentesting #bugbounty
2023-03-04 11:14:01
​​Invoke-PSObfuscationAn in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux.https://github.com/gh0x0st/Invoke-PSObfuscation#infosec #redteam
2023-03-04 11:14:00
​​s6_pcie_microblazePCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoorhttps://github.com/Cr4sh/s6_pcie_microblaze
2023-03-04 10:12:14
​​VulnPlanet 🪐Well-structured vulnerable code snippets with fixes for Web2, Web3, API, Mobile (iOS and Android) and Infrastructure-as-Code (IaC)https://github.com/yevh/VulnPlanet
2023-03-04 09:12:07
stylehaxA Nintendo DSi browser #exploit.See it in action on YouTube! Check out the blog post for the technical writeup.https://github.com/nathanfarlow/stylehaxDetails:https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser
2023-03-04 09:12:00
​​CVE-2022-20494Exploit app for CVE-2022-20494, a high severity permanent denial-of-service vulnerability that leverages Android's DND (Do not disturb) feature.https://github.com/Supersonic/CVE-2022-20494#cve
2023-03-04 08:23:15
​​BugHunter Nuclei templatesI will upload more #nuclei templates that help during the #bugbounty hunting process.https://github.com/ayadim/Nuclei-bug-hunter
2023-03-03 15:18:00
​​llm-securityNew ways of breaking app-integrated LLMs.https://github.com/greshake/llm-securityDetails:https://greshake.github.io/#pentesting #redteam
2023-03-03 11:53:02
​​Fav-upLookups for real IP starting from the favicon icon and using #Shodan.https://github.com/pielco11/fav-up#bugbounty
2023-03-03 11:43:43
​​MSR605X USB Card Reader \ Writer.The MSR605X USB Reader is a magnetic stripe card encoder and reader that supports 1, 2, and 3 tracks, including credit cards, gift cards, and driver's licenses. It can read, write, and erase data and all three tracks can be set to 75 or 210 BPI. The MSR605X is compatible with Hico and Loco with 300 to 4000 OE, and has a USB interface. It is portable with dimensions of 212(L) x 64(W) x 63(H) mm and works with Windows and Mac OS. The device has a built-in power system and does not require an extra power adapter.Buy online: 🛒 https://amzn.to/3KRmn8U🛒 https://alii.pub/6mojc9#usb #card #reader
2023-03-03 09:12:00
​​EnlightnA Laravel Tool To Boost Your App's Performance & SecurityThink of Enlightn as your performance and security consultant. Enlightn will "review" your code and server configurations, and give you actionable recommendations on improving performance, security and reliability!The Enlightn OSS (open source software) version has 64 automated checks that scan your application code, web server configurations and routes to identify performance bottlenecks, possible security vulnerabilities and code reliability issues.https://github.com/enlightn/enlightn
2023-03-03 06:53:12
​​MubengAn incredibly fast #proxy #checker & IP rotator with ease.Features:▫️ Proxy IP rotator: Rotates your IP address for every specific request.▫️ Proxy checker: Check your proxy IP which is still alive.▫️ All HTTP/S methods are supported.▫️ HTTP, SOCKS v4(A) & v5 proxy protocols apply.▫️ All parameters & URIs are passed.▫️ Easy to use: You can just run it against your proxy file, and choose the action you want!▫️ Cross-platform: whether you are Windows, Linux, Mac, or even Raspberry Pi, you can run it very well.https://github.com/kitabisa/mubeng
2023-03-02 11:14:00
​​DroppedConnectionEmulates a Cisco ASA Anyconnect VPN service, accepting any credentials (and logging them) before serving VBS to the client that gets executed in the context of the user.https://github.com/nccgroup/DroppedConnection#redteam
2023-03-02 09:26:22
​​ArkimeArkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Arkime exposes APIs which allow for PCAP data and JSON formatted session data to be downloaded and consumed directly. Arkime stores and exports all packets in standard PCAP format, allowing you to also use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.Arkime is built to be deployed across many systems and can scale to handle tens of gigabits/sec of traffic. PCAP retention is based on available sensor disk space. Metadata retention is based on the Elasticsearch cluster scale. Both can be increased at anytime and are under your complete control.https://github.com/arkime/arkime#cybersecurity
2023-03-02 09:26:20
​​JumboSPOT MMDVM HotspotThe JumboSPOT Multi Mode IP Gateway is a self-contained digital hotspot that allows for DMR, D-Star, P25, and System Fusion communications. It comes fully assembled and tested in a ruggedized aluminum enclosure and only requires a mini USB power source and a WiFi-based internet connection for operation.The device supports PI-STAR's web-based digital voice dashboard and configuration tool and has a built-in OLED system status display indicating Mode, Talk Group, and Call Sign. Additionally, the device has built-in LED indicators for the status of Power, PTT, COS, and Mode, as well as a console port SSH 22 for root level access to the operating system. The JumboSPOT is pocket-sized and comes with a quad-core A7 1.2GHz processor, 512MB DDR3 RAM, and 8GB TF card. It also has a built-in WiFi 802.11b/g/n wireless LAN, and a JumboSPOT UHF (430-440) + VHF (144-146) RF extend board installed. Buy online: 🛒 https://alii.pub/6mmvxd🛒 https://amzn.to/3KRk0TKKit without Raspberry Pi Zero:🛒 https://amzn.to/3IJASJ8🛒 https://alii.pub/6mmwbd#radio #wifi #raspberry
2023-03-02 09:13:04
​​Content Queries (CONQUER) AttackArtifacts of our NDSS'23 paper titled "Do Not Give a Dog Bread Every Time He Wags His Tail: Stealing Passwords through Content Queries (CONQUER) Attack"https://github.com/VoodooChild99/ConquerDetails:https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f5_paper.pdf#pentesting #redteam
2023-03-02 09:12:07
​​CVE 2022-22978Authorization Bypass in RegexRequestMatcher.https://github.com/umakant76705/CVE-2022-22978#cve
2023-03-02 09:12:00
​​AladdinPayload generation tool, which using the specific bypass as well as the necessary header bytes of the .NET remoting protocol is able to generate initial access payloads that abuse the AddInProcess as originally documented.https://github.com/nettitude/Aladdin#redteam
2023-03-01 11:14:00
​​RosenpassA formally verified, post-quantum secure VPN that uses WireGuard to transport the actual data.https://github.com/rosenpass/rosenpass#privacy #infosec
2023-03-01 09:12:00
​​ShellGoSimple Shellcode Loader tool.https://github.com/BlackShell256/ShellGo#redteam
2023-02-28 15:18:01
​​CSharp Alternative Shellcode CallbacksAlternative #shellcode execution techniques using Windows callback functionsEach CSharp file contains code to execute shellcode using native Windows callbacks. I tried to use much less common callback techniques that weren't typically documented online as far as I could tell. This way they should be more evasive.https://github.com/wsummerhill/CSharp-Alt-Shellcode-Callbacks
2023-02-28 15:18:00
​​ParamAnglerIntroducing ParamAngler - the ultimate tool for testing specific payloads on each parameter. The name ParamAngler is a combination of two words - 'parameters' and 'angler'. An angler is someone who enjoys fishing with a rod and line, and with ParamAngler, you can fish for bugs on a much larger scale.Whether you're looking for XSS, LFI, SQLi, or other vulnerabilities in your web application, ParamAngler has got you covered. With its powerful and easy-to-use features, you can search for reflected parameters, test for payloads, and much more.https://github.com/spyx/ParamAngler#pentesting #bugbounty
2023-02-28 11:14:05
​​CVE-2023-21839Weblogic CVE-2023-21839 RCEhttps://github.com/4ra1n/CVE-2023-21839#cve
2023-02-28 11:14:00
​​awesome-threat-intelligenceA curated list of awesome Threat Intelligence resources.https://github.com/hslatman/awesome-threat-intelligence
2023-02-28 10:14:17
​​p0wny-shellA very basic, single-file, #PHPshell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.https://github.com/flozz/p0wny-shell#redteam
2023-02-28 09:14:55
​​RFID Field DetectorThe RFID Field Detector is a small and portable device that can detect Low Frequency (125KHz) and High Frequency (13.56MHz) RFID fields without the need for batteries. It can be used for various purposes including pentesting and development, allowing for rapid identification of RFID presence. The compact design allows it to fit easily on a keyring, making it easy to carry around. The device is powered by the RF field and has an LED indicator that shows the frequency of the field when in the presence of an RFID field.Buy online: 🛒 https://alii.pub/6mjoo4#security #rfid
2023-02-28 09:12:00
​​SharpAltShellCodeExecAlternative Shellcode Execution Via Callbacks in C# with P/Invokehttps://github.com/werdhaihai/SharpAltShellCodeExecMost techniques taken from: https://t.me/hackgit/4635#redteam
2023-02-27 15:18:00
​​BOFsBeacon Object Files, not Buffer Overflowshttps://github.com/snovvcrash/BOFs#redteam
2023-02-27 11:14:01
​​Azure AD Incident Response PowerShell ModuleThe Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.https://github.com/AzureAD/Azure-AD-Incident-Response-PowerShell-Module#ad #cybersecurity
2023-02-27 11:14:00
​​REmote CoMmanD ExecutorA simple utility that can be used to execute command on a remote host.https://github.com/0xor0ne/recmd#infosec #pentesting
2023-02-27 08:32:03
​​Project Based LearningA list of #programming #tutorials in which aspiring software developers learn how to build an application from scratch. These tutorials are divided into different primary programming languages. Tutorials may involve multiple technologies and languages.https://github.com/practical-tutorials/project-based-learning
2023-02-27 08:29:53
​​Lifetime AMSI bypassNew AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it.https://github.com/ZeroMemoryEx/Amsi-Killer
2023-02-27 07:15:34
​​Evasion EscaperA project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environment or sandbox, and to pass all such checks successfully.https://github.com/vvelitkn/Evasion-Escaper#redteam
2023-02-27 07:07:30
​​SekiryuAutomatic decompilation and analysis of binary files with your favorite decompiler and and #ChatGPT.https://github.com/20urc3/Sekiryu
2023-02-27 07:04:36
​​AtomLdrA DLL loader with advanced evasive features.https://github.com/NUL0x4C/AtomLdr#redteam
2023-02-26 15:18:01
​​TCP-Data-Transfer-ToolSendfile Attack Script This is a C script that performs a Sendfile attack. It creates a file called "sendfile1" of size 64 MB and uses the sendfile() function to send it over a socket to a listening server on port 31337. While the file is being sent, it opens the file "kmem" and writes all received data to it.https://github.com/SleepTheGod/TCP-Data-Transfer-Tool
2023-02-26 15:18:00
​​Course on Digital ForensicsA course on "Digital Forensics" designed and offered in the Computer Science Department at Texas Tech University.https://github.com/asiamina/A-Course-on-Digital-Forensics
2023-02-26 15:01:26
​​TTGO T-Beam ESP32 LoRaThe TTGO T-Beam is a long-range wireless capable board supporting LoRa, built around a dual-core ESP32 chip with 4MB of SPI flash onboard, providing both Wi-Fi and Bluetooth LE. The board's LoRa support comes in three different variants, operating at 433MHz, 868MHz, and 915MHz depending on region, with an included SMA antenna. Location tracking is provided by the onboard u-blox NEO-6M GPS module with ceramic antenna, and the board offers 26-pin headers with GPIO, ADC, VP/VN, DAC, touch, SPI, I2C, UART, 2דLoRa” pin, and power signals (5V/3.3V/GND). The board can be programmed using the Arduino development environment, and example code shows you how to both send and receive data via LoRa. The board also includes a battery holder for a 18650 Li-Ion cell.Repository:https://github.com/Xinyuan-LilyGO/LilyGo-LoRa-Series Buy online: 🛒 https://alii.pub/6mgzin🛒 https://amzn.to/3Z2WUh4#radio #lora #mesh #ESP32
2023-02-26 11:14:00
​​XMTXMT is a full-featured C2 framework written in Golang that allows for control, data exfiltration and some other cool functions. Can be used to make full C2 clients/servers with little out-of-the-box changes.ThunderStorm would be an implementation of this.https://github.com/iDigitalFlame/xmt
2023-02-26 09:12:00
​​BootlickerA generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.https://github.com/realoriginal/bootlicker#infosec #redteam
2023-02-25 15:18:00
​​A Red-Teamer diariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.https://github.com/ihebski/A-Red-Teamer-diaries#redteam
2023-02-25 13:41:05
​​Throwing Star LAN Tap ProThe Throwing Star LAN Tap Pro is a fully assembled and enclosed Ethernet tap device that requires no power to operate. It is an excellent tool for monitoring 10BASET and 100BASETX networks, providing both RX and TX monitoring capabilities for packet sniffing programs like tcpdump, tshark, and Wireshark.The device features two specially placed capacitors that force 1000BASET networks to negotiate at lower speeds (typically 100BASETX) so that they can be passively monitored. Pentesters can connect the Throwing Star LAN Tap Pro in line with a target network using Ethernet cables, then connect the monitoring ports to one or two monitoring stations. Finally, capture network traffic using your favorite software on the monitoring station(s).It comes in two versions, the Throwing Star LAN Tap (in kit form to assemble) and the Throwing Star LAN Tap Pro (an assembled device).Buy online: 🛒 https://alii.pub/6mfmov#ethernet #tap #sniffing
2023-02-25 11:14:07
​​DarkAngelDarkAngel is a fully automatic white hat vulnerability scanner, which can monitor hacker and bugcrowd assets, generate vulnerability reports, screen capture of vulnerability URL, and send enterprise WeChat notifications.https://github.com/Bywalks/DarkAngel
2023-02-25 11:14:00
​​CGPLCGPL is a packer/loader written in C# with the following feature (planning to make this list bit longer in the future):▫️ My very own GetProcAddress (parsing PE headers is such a joy) and GetModuleHandle (decided to go for CreateToolhelp32Snapshot) implementation to dinamically fetch the address of the Win32 API I wanted to use.▫️ AES encryption with a SHA256 derived key (must admit got inspiration from some APT guys) for payload and Win32 api function names (delegates might still drop suspicious strings around, but you can also change those names)▫️ It does not dare to allocate a memory buffer which is READWRITEEXEC at the same time.https://github.com/oldboy21/CGPL
2023-02-25 09:12:00
​​PsNotifRoutineUnloaderThis script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection.https://github.com/Processus-Thief/PsNotifRoutineUnloader#cybersecurity #infosec
2023-02-25 08:01:30
​​CVE-2023-23752Simple program for joomla CVE-2023-23752 scanner, This is a simple Ruby script that checks if a list of targets is vulnerable to CVE-2023-23752, a critical security vulnerability in a web application. The script sends a HTTP GET request to a specified endpoint, and extracts information from the response to determine if the target is vulnerable.https://github.com/z3n70/CVE-2023-23752
2023-02-24 15:18:01
​​plagueDefault Detections for EDRThe detections detailed below are what I attempt to establish on any EDR product I deploy or work on. Take your own considerations for criticality and datasets.https://github.com/QueenSquishy/plague#cybersecurity
2023-02-24 15:18:00
​​LeoA network logon cracker which support many different services.https://github.com/zan8in/leo#redteam
2023-02-24 11:14:07
​​kube-benchChecks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark.https://github.com/aquasecurity/kube-bench#cybersecurity
2023-02-24 11:14:00
rekonoExecute complete pentesting processes combining multiple hacking tools automatically.https://github.com/pablosnt/rekono#pentesting #redteam
2023-02-24 09:13:00
​​msLDAPDumpLDAP enumeration tool implemented in Python3msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently.https://github.com/dievus/msLDAPDump#pentesting #redteam
2023-02-24 09:12:00
​​fuzz4bountyAwesome wordlists for Bug Bounty HuntingThis repository contains publicly available wordlists for Bug hunting. The main Objective for creating this repo is to bring all the available worlists at one place.Wordlists will be updated regularly.https://github.com/0xPugazh/fuzz4bounty
2023-02-24 06:27:23
​​Azure-AccessPermissionsEasy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment.https://github.com/csandker/Azure-AccessPermissions
2023-02-23 23:15:40
​​Dear friends and supporters, we hope this message finds you well. We would like to take a moment to thank you for being a part of our community and for your ongoing support. As you know, maintaining a channel like ours requires a lot of time, effort. If you appreciate the content we provide and would like to help us continue to grow and thrive, we kindly ask for your donation. Any amount, big or small, would be greatly appreciated and will go towards improving our channel and providing even better content. Thank you for your consideration, and we look forward to continuing to bring you valuable and informative content❣️https://www.buymeacoffee.com/HackGitBTC: 1987zNaVX53v7tzpKRRde84uXbDYjuNykLTON: UQAAZ1BFX5OsybSryoFunzyJN3F7oKWMbZNPlwMTcVK8mEzA
2023-02-23 15:18:00
​​Chatbot Injections & Exploits🐱‍💻Welcome to the ChatBot Injections & Exploits repo. This repo is a collection of known and not ChatBot injections and exploits to "trick" any ChatBot into doing something it shouldn't.https://github.com/Cranot/chatbot-injections-exploits#chatgpt #gpt
2023-02-23 10:34:39
​​SubzySubdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz.https://github.com/LukaSikic/subzy#pentesting #bugbounty
2023-02-23 10:23:02
Linux Kodachi 8.27Linux Kodachi is a privacy-focused operating system based on Ubuntu that is designed to provide users with a secure and anonymous online experience. With pre-installed VPN, Tor connection, and DNScrypt service, Kodachi is easy to use and requires no setup or Linux knowledge. It is a live operating system that can be started on any computer from a DVD, USB stick, or SD card, leaving no trace of activity once shut down. Kodachi aims to preserve the privacy and anonymity of its users, making it a great option for those who are concerned about their online security.https://sourceforge.net/projects/linuxkodachi/#os #security #linux #ubuntu #privacy
2023-02-23 10:04:23
​​okta scim attack toolThis repository contains a pen-testing tool based on passbleed that allows pen-testers to extract clear text passwords from Okta by abusing Okta's implementation of the System for Cross-domain Identity Management (SCIM) protocol. The issue allows for clear text password stealing and PII theft.https://github.com/authomize/okta_scim_attack_toolDetails:https://www.authomize.com/blog/authomize-discovers-password-stealing-and-impersonation-risks-to-in-okta/#challenges
2023-02-23 09:34:56
​​PortaPow USB Data BlockerThe PortaPow USB-C to C Data Blocker is designed to protect your device against "juice jacking" - a type of cyber attack where charging ports are compromised to steal data or install malware. This data blocker prevents any data transfer between your device and a USB port while still allowing for safe charging. PortaPow has been a pioneer in data blocking since 2009 and offers a wide range of products, including this USB-C to C version. They also prioritize sustainability through their Compact by Design initiative, which promotes efficient product design and packaging to reduce carbon emissions.Buy online: 🛒 https://amzn.to/3KAZGpkUSB-C to C: https://amzn.to/3lZHYlfUSB-A to USB-C:https://amzn.to/3xP9LHQ#USB #Data #Blocker
2023-02-22 15:18:00
​​VDP-FinderThis extension tells if visited sites have vulnerability disclosure programshttps://github.com/yeswehack/yeswehack_vdp_finder
2023-02-22 11:14:00
​​Wifi-HackingCyber Security Tool For Hacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2/TKIP/IES)https://github.com/ankit0183/Wifi-Hacking
2023-02-22 09:12:00
​​Awesome Vulnerable ApplicationsA curated list of various vulnerable by design applicationshttps://github.com/vavkamil/awesome-vulnerable-apps
2023-02-21 15:18:08
​​SerianalyzerSerianalyzer is a static bytecode analyzer tracing native method calls made by methods called during deserialization.The main purpose of this tool is as a research tool to audit code for dangerous behavior during deserialization. It is not really useful to determine whether you application is vulnerable or not. If your application deserializes data crossing trust boundaries - you should assume it is.https://github.com/mbechler/serianalyzer
2023-02-21 15:18:07
​​Fortinet FortiNAC Unauthenticated RCEOn Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.https://github.com/horizon3ai/CVE-2022-39952#cve #poc
2023-02-21 15:18:00
​​reverseip_pyDomain Parser for IPAddress.com Reverse IP LookupReverse IP refers to the process of looking up all the domain names that are hosted on a particular IP address. This can be useful for a variety of reasons, such as identifying all the websites that are hosted on a shared hosting server or finding out which websites are hosted on the same IP address as a particular website.https://github.com/yuyudhn/reverseip_py
2023-02-21 11:55:29
​​Silicone Case for Flipper ZeroSoft and smooth, this silicone "Flipper Zero" case will make your cyber companion even more durable, while maintaining an amazing look and protecting it from scratches and bumps.Buy online: 🛒 https://amzn.to/3EnQiS0Screen Protectors:🛒 https://amzn.to/3XHh3rD#flipperzero #case
2023-02-21 11:14:07
​​V-CleanerV Cleaner is a security program, which adds extra security within a Windows computer. It allows you to perform information searches, antivirus scans and system repairs.https://github.com/AnonSpen/V-Cleaner#cybersecurity
2023-02-21 11:14:00
​​Telnet DemoBrowser-based Telnet demo using the much-discussed Direct Sockets APIhttps://github.com/GoogleChromeLabs/telnet-client
2023-02-21 09:12:00
​​LsaParserA shitty (and old) lsass parser.https://github.com/Cracked5pider/LsaParser
2023-02-20 15:18:00
ThreatHoundThis tool will help you on your IR & Threat Hunting & CA. just drop your event log file and anlayze the results.▫️ support windows (ThreatHound.exe)▫️ C for Linux based▫️ new vesion available in C also▫️ now you can save results in json file or print on screen it as you want by arg 'print' "'yes' to print the results on screen and 'no' to save the results on json file"▫️ you can give windows event logs folder or single evtx file or multiple evtx separated by comma by arg -p▫️ you can now give sigam ruels path by arg -s▫️ add multithreading to improve runing speed▫️ ThreatHound.exe is agent based you can push it and run it on multiple servershttps://github.com/MazX0p/ThreatHound
2023-02-20 11:14:00
​​Asset-Discovery-ActionsUse Github Actions to automate Asset Discovery.https://github.com/jayateertha043/Asset-Discovery-Actions
2023-02-20 09:12:00
​​Poc for CVE-2023-23752CMS Joomla - unauthorized access to webservice endpoints.https://github.com/WhiteOwl-Pub/CVE-2023-23752#cve #poc
2023-02-20 08:21:09
​​CRU DataPort Mouse JigglerThe CRU WiebeTech Mouse Jiggler is a plug-and-use device that creates constant mouse activity, preventing a computer from going to sleep while in use. IT professionals and computer forensic investigators use it to prevent password dialog boxes from appearing due to screensavers or sleep mode. With many hard drives now using full-disk encryption, these modes can greatly increase the time and cost of a forensic investigation. By combining the Mouse Jiggler with a WiebeTech HotPlug, investigators can transport a running computer without shutting it down or worrying about logging in. Buy online: 🛒 https://amzn.to/3XOLP1EMouse Jiggler MJ-3:🛒 https://amzn.to/3IhwX6p#mouse #jiggler
2023-02-20 06:21:44
​​HIVEVLAN L2 Pivoting InstrumentThis tool analyzes traffic for VLAN ID for gaining access to other VLAN segments. "HIVE" is completely self-contained and does not create any noise on the air. After traffic analysis, the tool creates virtual VLAN interfaces, to gain access to VLAN segments. https://github.com/c4s73r/HIVE#pentesting #redteam
2023-02-20 05:26:12
​​BHEH's TerminatorZTerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.https://github.com/blackhatethicalhacking/TerminatorZ#pentesting #bugbounty #redteam
2023-02-19 15:18:00
​​cloudcataws cli #pentesting / #redteam snippetsSelection of useful aws cli command snippets for recon, compromise and escalation in aws environments, which I use in engagements. These are by no means covering everthing and every service and are very much work in progress. They do reflect what I see typically and have used in my years doing aws tests.https://github.com/rootcathacking/cloudcat
2023-02-19 14:19:25
♛2Pac ✞ - All Eyez on Me🥀♛ (Gangsta Remix 2023) https://www.youtube.com/watch?v=URYt0TWQfuU #best
2023-02-19 11:14:00
​​CommixAutomated All-in-One OS Command Injection Exploitation Tool.https://github.com/commixproject/commix#best #redteam
2023-02-19 09:12:00
​​burrito_ssl_monitorThis script checks the SSL certificate expiration of a list of URLs and sends a daily report of their expiration status to a Telegram chat.https://github.com/thetrebelcc/burrito_ssl_monitor
2023-02-19 08:47:18
​​Awesome Threat ModelingA curated list of #threat #modeling resources (books, courses - free and paid, videos, tools, tutorials and workshop to practice on) for learning Threat modeling and initial phases of security review.https://github.com/hysnsec/awesome-threat-modelling
2023-02-19 06:23:37
​​Upsi1on ShellPhp #webshell. Some of the functions of this webshell are taken from other webshells.▫️ File manager▫️ Bind shell▫️ Phpinfo▫️ Self removehttps://github.com/n01ep3rz/upsilon-shell#redteam
2023-02-18 22:20:50
♛2Pac ✞ - All Eyez on Me🥀♛ (Gangsta Remix 2023) https://www.youtube.com/watch?v=URYt0TWQfuU#best
2023-02-18 15:18:00
​​AWSTrailGuardTool to check the CloudTrail configuration and the services where trails are sent, to detect potential attacks to CloudTrail logging.https://github.com/adanalvarez/AWSTrailGuard
2023-02-18 11:14:00
​​DetectRaptorA repository to share publicly available bulk Velociraptor detection content in an easy to consume way.https://github.com/mgreen27/DetectRaptor
2023-02-18 09:12:07
​​NimPlant С2This is a new light-weight, first-stage C2 implant written in Nim, with a supporting Python server and Next.JS web GUI.https://github.com/chvancooten/NimPlant#redteam
2023-02-18 09:12:00
​​COFF_With_Exception_handler.cif you've ever wanted to wrap a BOF in an exception handler here is one way to do thathttps://gist.github.com/freefirex/8b202c94fc6c1036aed1402a4dd28db1
2023-02-17 15:18:00
​​HackersCave4StaticAndroidSecA comprehensive resource for Android static analysis and vulnerability assessment. Tutorials, tools, and resources for identifying and mitigating security vulnerabilities in Android applications.https://github.com/krizzsk/HackersCave4StaticAndroidSec
2023-02-17 14:00:47
​​CVE-2023-23752An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.nuclei-templates:https://github.com/thecyberneh/nuclei-templatess/blob/main/cves/2023/CVE-2023-23752.yaml#cve #poc
2023-02-17 11:14:00
​​vss_carverCarves and recreates VSS catalog and store from Windows disk image.https://github.com/mnrkbys/vss_carver
2023-02-17 09:12:00
​​Invoke-GMSAPasswordReader.Net Assembly loader for the GMSAPasswordReaderhttps://github.com/ricardojba/Invoke-GMSAPasswordReader
2023-02-16 18:31:42
​​BackupOperatorToolkitThe BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Adminhttps://github.com/improsec/BackupOperatorToolkit#redteam
2023-02-16 14:30:33
​​Keysy RFID DuplicatorThe Keysy is a pocket-sized device for copying and emulating Low Frequency (125KHz) RFID tags. The device can hold four LF tags, which can be written off the device at a later time onto the Keysy LF tags.Tag reading is simple and takes 20-30 seconds – place the device on top of the target badge, press a few buttons and it will be saved to the button slot you pushed. Tags can be immediately emulated / replayed or written out onto a physical badge.With its discreet looks and card compatibility performance, the Keysy is another solid RFID tool for penetration testers.Buy online: 🛒 https://amzn.to/3E8v2ji#duplicator #rfid
2023-02-16 11:15:00
​​Wizard-LoaderXwizard.exe is a commonly used diagnostic tool for Windows setup and installation, and like other executables, it loads dynamic link libraries (DLLs) to perform various tasks. However, The PoC patch the Xwizard.exe binary on order to make LoadLibrary API load malicious DLL instead of the intended one.https://github.com/ZeroMemoryEx/Wizard-Loader#redteam
2023-02-16 11:14:00
​​TerraLdrA Payload Loader Designed With Advanced Evasion Featureshttps://github.com/NUL0x4C/TerraLdr
2023-02-16 09:12:00
​​Flipper Zero BadUSBRepository for my Flipper Zero badUSB payloadshttps://github.com/I-Am-Jakoby/Flipper-Zero-BadUSB
2023-02-16 07:55:05
CheckHooks-n-loadA Windows stager-cum-PELoader focusing Dynamic EDR Evasion, when Operator wants to Know the the Underlying functions Hooks and then craft Implant based on the previous condition.https://github.com/reveng007/CheckHooks-n-load#pentesting #redteam
2023-02-15 16:53:39
​​Hiding Shellcode In Plain SightThis technique is very simple, a RW memory region 2048 the size of the shellcode is allocated. This region is then filled with randomized data data (RtlGenRandom), the shellcode is then placed randomly somewhere within this massive region each time. This makes it hard for an AV/EDR solution, or an analyst, to simply see where the shellcode is in-memory. To summarize:▫️ Allocate a large PAGE_READWRITE region, 2048 * size of the target shellcode, and align to 0x1000▫️ Fill this allocated region with random data▫️ Write the shellcode to a random location within this region, save position▫️ Change the page permissions to PAGE_EXECUTE▫️ Execute the shellcode (page + position)▫️ Zero the memory where the entire large region is to ensure the data does not persist after being freed, using the RtlZeroMemory macro▫️ Free the region of memoryhttps://github.com/LloydLabs/shellcode-plain-sight
2023-02-15 16:51:42
​​Paruns-FartJust another ntdll unhooking using Parun's Fart technique.https://github.com/MaorSabag/Paruns-Fart
2023-02-15 15:18:01
​​List of API endpoints & objectsA list of 3203 common API endpoints and objects designed for fuzzing.https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d#bugbounty
2023-02-15 12:40:53
2023-02-15 12:40:00
2023-02-15 11:23:55
​​EdgeGPTReverse engineered API of Microsoft's Bing Chathttps://github.com/acheong08/EdgeGPT#GPT
2023-02-15 11:17:42
​​dexiosA secure file encryption utility, written in Rust.Dexios will continue to receive updates. Things are stable for the time being and I consider none of the code broken. In the (somewhat) near future I plan to change the backend entirely and give the CLI a re-write, so that things are both easier to maintain and understand. This will regrettably not be backwards-compatible, but the performance improvements and stability guarantees will be extremely worthwhile.https://github.com/brxken128/dexios
2023-02-15 11:16:41
​​osinttoolsA collection of random #OSINT files.https://github.com/WebBreacher/osinttools
2023-02-15 11:15:26
​​KT9000 RF DetectorThe professional-grade KNIGHT KT9000 anti-spy detector was developed including premium German and US military technology in response to the growing need to protect oneself from many types of security threats. As electronic products become smaller and more intelligent, spy devices like hidden cameras, audio bugs, and GPS trackers are becoming more difficult to detect because of their small size and camouflage. Although these electronic spy devices do have legal uses, many people have started using them to illegally invade privacy and/or obtain sensitive information, leading to private information leaks or the theft of confidential business information. The KNIGHT KT9000 will help you to perform the 3 main functions listed below at an expert level.▫️ Radio Frequency Detection▫️ Magnetic Detection▫️ Camera Discovery ScanUser Manual + Instructional Video here Buy online: 🛒 https://amzn.to/3lvwllD#security #spy #detector
2023-02-15 11:15:00
​​tls-scanAn Internet scale, blazing fast SSL/TLS scanner ( non-blocking, event-driven )A program to scan TLS based servers and collect X.509 certificates, ciphers and related information. It produces results in JSON format. tls-scan is a single threaded asynchronous/event-based program (powered by libevent) capable of concurrently scan thousands of TLS servers. It can be combined with other tools such as GNU parallel to vertically scale in multi-core machines.https://github.com/prbinu/tls-scan
2023-02-15 11:14:00
​​Web Application Cheatsheet (Vulnhub)This cheatsheet is intended for CTF participants and beginners to help them understand web application vulnerability through examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience.https://github.com/Ignitetechnologies/Web-Application-Cheatsheet
2023-02-15 09:12:00
​​Cybersecurity Career Pathhttps://github.com/rezaduty/cybersecurity-career-path
2023-02-14 11:14:00
​​Email Vulnerablity Checker v1.0.0Verify whether the domain is vulnerable to spoofing by Email-vulnerablity-checker▫️ This tool will automatically tells you if the domain is email spoofable or not▫️ you can do single and multiple domain input as well (for multiple domain checker you need to have text file with domains in it)https://github.com/BLACK-SCORP10/Email-Vulnerablity-Checker
2023-02-14 07:09:55
​​WEB API fuzzinghttps://github.com/vulntinker/FUA
2023-02-14 06:58:47
​​SoulExtractionA windows driver library for extracting cert information in windows drivers.https://github.com/gmh5225/Driver-SoulExtraction
2023-02-14 06:46:47
​​D1rkSleepImproved version of EKKO that Encrypts only Image Sections. Sleep obfuscation technique that uses CreateTimerQueueTimer Win32 API.https://github.com/TheD1rkMtr/D1rkSleep#redteam
2023-02-14 06:42:25
​​CallStackMaskerA PoC implementation for dynamically masking call stacks with timers.This repository demonstrates a PoC technique for dynamically spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its call stack with a fake one and then restore the original before resuming execution. Hence, in the same way we can mask memory belonging to our implant during sleep, we can also mask the call stack of our main thread.https://github.com/Cobalt-Strike/CallStackMaskerDetails:https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/
2023-02-13 17:20:00
​​pyOneNotepyOneNote is a lightweight python library to read OneNote files. The main goal of this parser is to allow cybersecurity analyst to extract useful information from OneNote files.https://github.com/DissectMalware/pyOneNote
2023-02-13 12:37:36
​​SparkSpark is a free, safe, open-source, web-based, cross-platform and full-featured RAT (Remote Administration Tool) that allow you to control all your devices via browser anywhere.https://github.com/XZB-1248/Spark#redteam
2023-02-13 12:37:27
​​BeagleBone BlackThe BeagleBone Black is a low-cost, community-supported ARM-based development platform aimed at developers and hobbyists. The BeagleBone Black runs a 1GHz Cortex-A8 CPU and includes hardware-based floating point and 3D acceleration; while much lower-powered than a desktop or laptop system, its affordability makes it an excellent option for a tiny Linux system.The BeagleBone Black provides a microSD card slot for mass storage and if that device is bootable, will use it in preference to the board’s “burned-in” Angstrom or Debian operating system.By default, the Kali Linux BeagleBone Black image contains the kali-linux-default metapackage similar to most other platforms. If you wish to install extra tools please refer to our metapackages page.Buy online: 🛒 https://amzn.to/3JXPIy6🛒 https://alii.pub/6lz457#kali #board #ARM
2023-02-13 09:12:00
​​DCToolboxA PowerShell toolbox for Microsoft 365 security fans.This PowerShell module contains a collection of tools for Microsoft 365 security tasks, Microsoft Graph functions, Azure AD management, Conditional Access, zero trust strategies, attack and defense scenarios, etc.https://github.com/DanielChronlund/DCToolboxDetails:https://danielchronlund.com/2023/02/09/microsoft-365-data-exfiltration-attack-and-defend/
2023-02-12 15:18:06
​​DDoS-Protection-LiteAnti-DDoS-Lite (Anti-Crawler app) is a small PHP app to protect your site against DDoS attack.https://github.com/CleanTalk/anti-ddos-lite
2023-02-12 15:18:05
​​KEV CheckerA basic Python program to check Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Cataloghttps://github.com/santosomar/kev_checker
2023-02-12 15:18:00
​​Nuclei TemplatesCommunity curated list of templates for the nuclei engine to find security vulnerabilities.Templates are the core of the nuclei scanner which powers the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team, as well as contributed by the community. We hope that you also contribute by sending templates via pull requests or Github issues to grow the list.https://github.com/projectdiscovery/nuclei-templates#best #pentesting #bugbounty #redteam
2023-02-12 12:46:07
​​burp-sensive-param-extractor#BurpSuite extension for check and extract sensitive request parameter.https://github.com/theLSA/burp-sensitive-param-extractor
2023-02-12 12:25:16
​​DSTIKE WiFi Duck V2This open source project aims to provide a user-friendly tool to learn about keystroke injection attacks. A microcontroller acts as a USB keyboard that is programmable over WiFi. It’s using the Ducky Script language that Hak5 introduced with the USB Rubber Ducky.A keyboard is trusted by most operating systems by default, which enables for a variety of attacks. Humans might not type very fast, but an automated device like this can. It can open a terminal and mess with your computer in a matter of a milliseconds!Repository:https://github.com/SpacehuhnTech/WiFiDuckBuy online:🛒 https://amzn.to/3XkRlc1🛒 https://alii.pub/6lxy2v#wifi #duck #usb
2023-02-12 11:14:08
​​PowerForensics#PowerShell Digital #Forensicshttps://github.com/Invoke-IR/PowerForensics
2023-02-12 11:14:07
​​SYNgularity1 Exploits and PoC Code for CVEs, Vulnerabilities, etc.https://github.com/SYNgularity1/exploits
2023-02-12 11:14:00
​​enc🔑🔒 A modern and friendly CLI alternative to GnuPG: generate and download keys, encrypt, decrypt, and sign text and files, and more.https://github.com/life4/enc
2023-02-12 10:19:39
​​PaggerA collection of Sub-GHz files generators compatible with the Flipper Zero to handle restaurants/kiosks paging systems.https://github.com/meoker/pagger
2023-02-12 10:14:00
​​powershell-backdooObfuscated powershell reverse backdoor with #FlipperZero and USB #RubberDucky payloadsReverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky.https://github.com/Drew-Alleman/powershell-backdoor-generator
2023-02-12 10:13:00
​​CerbereA project to play a little bit with Kerberos on Windows.▫️ Inject ticket▫️ Ask a tgthttps://github.com/OtterHacker/Cerbere
2023-02-11 11:59:50
​​FireflyFirefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target.https://github.com/Brum3ns/firefly#pentesting #bugbounty
2023-02-11 11:57:05
​​ExploitLeakedHandle A utility that identifies handles in unprivileged processes that may have been inherited from a privileged parent process and attempts to leverage them for local privilege escalation.https://github.com/0x00Check/ExploitLeakedHandle#redteam
2023-02-11 11:14:00
​​mobsfscan A static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.https://github.com/MobSF/mobsfscan
2023-02-11 09:12:44
​​trivyFind vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.Trivy (pronunciation) is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.https://github.com/knqyf263/trivyDocumentation:https://aquasecurity.github.io/trivy/v0.37/
2023-02-11 09:12:00
​​Linux Commit AnalyserThis is a hacky little tool I wrote to parse #Linux kernel commits, with security fixes in mind.Lica allows you to parse a Linux repository's commit history, filtering for fixes and looking for specific keywords. I've included some statistics in the output and a naive search for patch coverage if you give it some local kernel sources.https://github.com/sam4k/licaDetails:https://sam4k.com/analysing-linux-kernel-commits
2023-02-10 20:57:38
​​LocalPotatoAnother Local Windows privilege escalation using a new potato technique ;)The LocalPotato attack is a type of NTLM reflection attack that targets local authentication. This attack allows for arbitrary file read/write and elevation of privilege.https://github.com/decoder-it/LocalPotatoDetails:https://www.localpotato.com/localpotato_html/LocalPotato.html#pentesting #redteam
2023-02-10 17:08:54
​​Proxmark3The Proxmark3 is the swiss-army tool of RFID, allowing for interactions with the vast majority of RFID tags on a global scale. Originally built by Jonathan Westhues, the device is now the goto tool for RFID Analysis for the enthusiast. Iceman repository is considered to be the pinnacle of features and functionality, enabling a huge range of extremely useful and convenient commands and LUA scripts to automate chip identification, penetration testing, and programming.Buy online: RDV2 🛒 https://amzn.to/3jG7kUrRDV3 Easy 🛒 https://amzn.to/40CtlUyRDV4 BlueShark 🛒 https://t.me/PentestingShop/95RDV4.01 KIT 🛒 https://ali.ski/6_p9Xk#rfid #nfc
2023-02-10 15:18:07
​​SEBASTiAnA Static and Extensible Black-box Application Security Testing tool for iOS and Android applications.https://github.com/talos-security/SEBASTiAn
2023-02-10 15:18:00
​​Server-Side Request Forgery (SSRF) vulnerable LabThis Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack.https://github.com/incredibleindishell/SSRF_Vulnerable_Lab
2023-02-10 11:14:00
​​Exploiting CVE-2022-39299A Simple CVE-2022-39299 #PoC #exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-samlhttps://github.com/doyensec/CVE-2022-39299_PoC_Generator
2023-02-10 09:12:00
​​DiceCTF 2023 ChallengesThis repository contains all challenges from DiceCTF 2023.https://github.com/dicegang/dicectf-2023-challenges
2023-02-09 15:18:00
​​sqlmapAutomatic SQL injection and database takeover toolsqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.https://github.com/sqlmapproject/sqlmap#best #kali
2023-02-09 11:14:00
​​CredSweeperA tool to detect credentials in any directories or files. CredSweeper could help users to detect unwanted exposure of credentials (such as personal information, token, passwords, api keys etc.) in advance. By scanning lines, filtering, and using AI model as option, CredSweeper reports lines with possible credentials, where the line is, and expected type of the credential as a result.https://github.com/Samsung/CredSweeper
2023-02-09 09:12:00
​​IoT-PTA Virtual environment for Pentesting IoT Deviceshttps://github.com/IoT-PTv/IoT-PT
2023-02-08 19:12:54
HackGit pinned «Pentesting Shop The Hacker's Hardware 📟 https://t.me/PentestingShop»
2023-02-08 19:12:51
Pentesting ShopThe Hacker's Hardware 📟https://t.me/PentestingShop
2023-02-08 19:00:03
​​FilelessPELoaderLoading Remote AES Encrypted PE in memory , Decrypted it and run it.https://github.com/TheD1rkMtr/FilelessPELoader#pentesting #infosec #redteam
2023-02-08 18:25:13
​​UnhookingPatchBypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime.https://github.com/TheD1rkMtr/UnhookingPatch#redteam
2023-02-08 11:28:22
​​LdrDllNotificationHookThis project demonstrates a way to hook all DLL load notifications in a process. It hooks all callbacks which are registered with LdrRegisterDllNotification, including callbacks which are registered after the hook is set.The hook can be used to prevent the original callbacks from being called.https://github.com/m417z/LdrDllNotificationHook
2023-02-08 11:14:00
​​#Cybersecurity guidesCybersecurity policies, procedures, and guides.https://github.com/cyberphor/cybersecurity-guides
2023-02-08 09:12:00
​​CYBERONIXCyberonix is a complete resource hub for Cyber Security Community. Our aim is to make this tool an 1 stop solution for all the Hackers out there to get resources of various topics in Cyber Security. We will keep updating this tool & adding new & updated resources on the go.https://github.com/TeamMetaxone/Cyberonix
2023-02-08 06:29:38
​​ssc-asi-toolsSecurityScorecard Attack Surface Intelligence tools repository with a python suite of tools.▫️ Single Queries▫️ Bulk Lookups▫️ Full JSON logging▫️ Wizard based lookupshttps://github.com/securityscorecard/ssc-asi-tools
2023-02-08 06:25:08
​​BREXXTODONA REXX based mastodon reader for MVS 3.8jThis is an alpha release, mostly a POC, there are bugs, it abends, it S0C4s and S0C1, use at your own risk.https://github.com/mainframed/BREXXTODON
2023-02-07 23:10:28
​​GL-iNET Brume 2 GL-MT2500 / MT2500ABrume 2 — A lightweight and compact security gateway designed for hosting VPN servers. It is an ideal gateway for businesses to monitor, manage, and configure SD-WAN settings via GoodCloud, our remote device management platform, resulting in faster network performance, higher network efficiency, and reduced cost for small and medium-sized enterprises.It comes in two versions: GL-MT2500A which has an aluminium alloy exterior, and GL-MT2500 which is made of ABS material. The device comes with a powerful chipset with higher processing efficiency than the previous generation, an upgrade in VPN encryption speed, and an updated SDK4.0 package.Full Protection for Your Network: Cloudflare encryption supported to protect the privacy. IPv6 and WPA3 security protocol supported. (To enable IPv6 function, please access to Admin Panel -> NETWORK -> IPv6.)Support VPN Cascading: Allow VPN server and VPN client operate simultaneously within the same device, enabling user to access local network servers with accessing public internet as a VPN client in the meantime.Ideal Gateway for Hosting a VPN Server at Home or Office: Access sensitive information stored under a corporate private network or access local files and bypass geo-blocking securely while working remotely.Advanced Hardware Specification: Equipped with 2.5 gigabit WAN port, 1 gigabit LAN port with USB 3.0 port, as well as 8 GByte EMMC (embedded multimedia card) storage for offline data storage.Runs on the latest OpenWrt 21.02 operating system, supporting mass device connection capabilities, and reducing signal interference. You can customize the router and install applications based on your preferences.Buy online: MT2500 🛒 https://amzn.to/3IgreyZMT2500A 🛒 https://amzn.to/3YdiWgNAliexpress MT2500/MT2500A: 🛒 https://alii.pub/6lrvop #vpn #gateway #security #openwrt
2023-02-07 19:46:12
NetworkNightmareIt is a mindmap for conducting network attacks. For the most part, it will be useful to pentesters or red team operators. The mindmap will be maintained and updated by me.▫️ Traffic Hijacking▫️ MiTM Attacks▫️ Dynamic IGP Routing▫️ Configuration Exfiltration▫️ DoS▫️ NAC/802.1X Bypassing▫️ GRE Pivoting▫️ Cisco EEM for hiding user▫️ Authentication Cracking▫️ Information Gathering▫️ Cisco Passwords▫️ VLAN Bypassinghttps://github.com/c4s73r/NetworkNightmare#pentesting #mindmap
2023-02-07 19:42:53
​​ntdlll-unhooking-collectiondifferent ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)https://github.com/TheD1rkMtr/ntdlll-unhooking-collection#redteam #hackers
2023-02-07 19:42:26
​​Secrets Patterns Database 🗄The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets.https://github.com/mazen160/secrets-patterns-db#pentesting #bugbounty
2023-02-07 15:18:00
​​Burp Suite Certified Practitioner Exam StudyMy personal study notes on the PortSwigger Academy Burp Suite Certified Practitioner (BSCP) Exam topics. The acronym BSCP has nice simular ring to it, same as OSCP :)https://github.com/botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study
2023-02-07 11:14:00
​​HellgateLoader_CSharpLoad shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.https://github.com/Kara-4search/HellgateLoader_CSharp
2023-02-07 09:12:00
​​CVE-2022-44268ImageMagick arbitrary file readhttps://github.com/Vulnmachines/imagemagick-CVE-2022-44268#cve #poc
2023-02-06 15:46:23
​​RasmanPotatoAbuse Impersonate Privilege from Service to SYSTEM like other potatoes dohttps://github.com/crisprss/RasmanPotato#redteam
2023-02-06 11:14:00
​​WSAPatchMake WSA(Windows Subsystem for Android) run on Windows 10.https://github.com/cinit/WSAPatch
2023-02-06 10:54:53
​​i-Haklab A hacking laboratory for Termux that contains open source tools for pentesting, scan/find vulnerabilities, explotation and post-explotation recommended by Ivam3 with automation hacking commands and many guides and tutorials to learn use it.https://github.com/ivam3/i-Haklab#pentesting #redteam
2023-02-06 09:53:31
​​MalwareConfigListsJust some lists of Malware Configshttps://github.com/Gi7w0rm/MalwareConfigLists
2023-02-06 09:52:35
​​malware-iocThis repository contains indicators of compromise (IOCs) of our various investigations.https://github.com/prodaft/malware-ioc
2023-02-06 09:52:30
​​Ticwatch Pro 3Smart watch with official Kali NetHunter support.What is Kali NetHunter?Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform. Now it's available for your smartwatch with some limitations.The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks.Beyond the penetration testing tools arsenal within Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, WPS attacks, and much more.NetHunter is an open-source project developed by Offensive Security and the community.Installing NetHunter On the TicWatch Pro 3:https://www.kali.org/docs/nethunter/installing-nethunter-on-the-ticwatch-pro3/Buy online:🛒 https://amzn.to/3RC7PeT🛒 https://ali.ski/Zu0T3#watch #kali #ticwatch
2023-02-06 09:12:07
​​CTFsCTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done.https://github.com/Adamkadaban/CTFs
2023-02-06 09:12:00
​​swagger2burpConvert Swagger openapi.json file to burp suite request files.https://github.com/bolbolabadi/swagger2burp
2023-02-06 07:21:08
BypassAVThis map lists the essential techniques to bypass anti-virus and EDRhttps://github.com/CMEPW/BypassAV#redteam
2023-02-05 19:40:08
​​CVE-2022-44268 Arbitrary File Read PoC - PNG generator.https://github.com/voidz0r/CVE-2022-44268#cve #poc
2023-02-05 17:47:24
​​Flipper Zero BadUsb script collectionTo begin using the scripts, please carefully read the "readme.md" file provided with each script. This file contains important information on how to use the script safely. Keep in mind that some scripts may potentially harm your system, so be cautious and do not run unfamiliar scripts on your personal computer. To test scripts, it is recommended to use a virtual machine for safety.https://github.com/UNC0V3R3D/Flipper_Zero-BadUsbFlipper Zero is available for purchase: https://t.me/PentestingShop/221#pentesting #redteam #hackers
2023-02-05 15:18:00
​​opainjectiOS tool to inject a dylib into a process using both shellcode and ROP methods. (By default ROP method is used, it's superior to the shellcode method in every way but I started with the shellcode method and decided to leave it in).Tested on iOS 14 and 15 (yes you heard that right, but this is actually useless without some sort of PMAP trust level bypass as the dylib will just be mapped as R-- and the process will crash).https://github.com/opa334/opainject
2023-02-05 09:12:00
​​HalmosSymbolic Bounded Model Checker for Ethereum Smart Contracts Bytecodehttps://github.com/a16z/halmosDetails:https://a16zcrypto.com/symbolic-testing-with-halmos-leveraging-existing-tests-for-formal-verification/
2023-02-04 15:18:00
​​IoTSecurity101A Curated list of IoT Security Resourceshttps://github.com/V33RU/IoTSecurity101
2023-02-04 11:14:00
​​Practical #CyberSecurity Resources 🌟https://github.com/brcyrr/PracticalCyberSecurityResources/blob/main/README.md
2023-02-04 10:25:10
​​DLL Sideload without DLL Mainhttps://github.com/shantanu561993/DLL-SideloadDetails:https://www.redteam.cafe/red-team/dll-sideloading/dll-sideloading-not-by-dllmain#pentesting #redteam #hackers #inject
2023-02-04 09:13:00
​​ShrewdEyeShrewdEye (sheye) is a set of utilities bundled into a single automated workflow to improve, simplify, and speed up resource discovery and vulnerabilities finding.https://github.com/zzzteph/sheye#pentesting #bugbounty #redteam
2023-02-04 09:12:00
​​TLDbruteA simple utility to generate domain names with all possible TLDshttps://github.com/Sybil-Scan/TLDbrute
2023-02-04 08:50:46
​​CVE-2023-0045Bypassing Spectre-BTI User Space Mitigations on Linuxhttps://github.com/es0j/CVE-2023-0045#cve
2023-02-04 08:20:37
​​Throwing Star LAN TapThe Throwing Star LAN Tap is a passive Ethernet tap, requiring no power for operation. There are active methods of tapping Ethernet connections (e.g., a mirror port on a switch), but none can beat passive taps for portability.→ Use Ethernet cables to connect the Throwing Star LAN Tap (J1 and J2) in line with a target network to be monitored.→ Use Ethernet cables to connect one or both of the monitoring ports (J3 and J4) to ports on one or two monitoring stations. Each port monitors traffic in one direction only.→ Use your favorite software (e.g., tcpdump or Wireshark) on the monitoring station(s) to capture network traffic.Buy online: 🛒 https://amzn.to/3DFyoKq🛒 https://alii.pub/6lmr6v#lan #ethernet #sniffing
2023-02-04 06:41:21
​​RevWhoixA simple utility to perform reverse WHOIS lookups using whoisxml APIhttps://github.com/Sybil-Scan/revwhoix
2023-02-03 18:52:07
​​NTDLLReflectionBypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported APIs from the export table.https://github.com/TheD1rkMtr/NTDLLReflection#pentesting #redteam
2023-02-03 15:18:00
​​Pytractor ToolIt is a tool for collecting subdomains and endpoints.Features:▫️ collect endpoints▫️ subdomains▫️ web archieve▫️ Virus Total▫️ robots.txthttps://github.com/N0LL101/Pytractor
2023-02-03 13:09:01
​​Nmap-PeekAn easy way to preview the content of an XML nmap file, in VS Code.A simple side view of your XMl nmap file. The extensions prints all the basic information retrieved from an nmap scan.The status of each port, is represented with different colors. Green for open, red for closed, light blue for filtered and gray for mixed responses like closed|filtered etc. In case the ports disclose the OS of the host, a related icon will be presented 👇https://github.com/marduc812/vscode-nmap-peek
2023-02-03 12:57:41
​​BlueTeam-ToolsThis github repository contains a collection of 35+ tools and resources that can be useful for blue teaming activities.Some of the tools may be specifically designed for blue teaming, while others are more general-purpose and can be adapted for use in a blue teaming context.https://github.com/A-poc/BlueTeam-Tools#blueteam
2023-02-03 09:12:00
​​injectAmsiBypassCobalt Strike Beacon Object File (BOF) that bypasses AMSI in a remote process with code injection.https://github.com/boku7/injectAmsiBypass
2023-02-02 20:08:20
​​CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator.https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC#cve
2023-02-02 17:04:38
CVE-2023-21608Adobe Acrobat Reader Remote Code Execution ExploitThis bug was Use after Free caused during resetForm operation while handling object memory references.https://github.com/hacksysteam/CVE-2023-21608Details:https://hacksys.io/blogs/adobe-reader-resetform-cagg-rce-CVE-2023-21608#cve
2023-02-02 15:18:00
​​certwatcherCertWatcher is a tool for capturing and tracking certificate transparency logs, using YAML templates and Selenium. The tool helps to detect and analyze phishing sites, and is designed to make it easy to use for security professionals and researchers.https://github.com/drfabiocastro/certwatcher
2023-02-02 12:41:00
​​FinGenA #ChatGPT based penetration testing findings generator.https://github.com/Stratus-Security/FinGen#pentesting #bugbounty #redteam #hackers
2023-02-02 12:27:53
​​auto-reconTools for auto enumeration subdomain, dns, host alive.https://github.com/1amkaizen/auto-recon
2023-02-02 12:07:24
HackGit pinned «​​Wise — The international account Join over 13 million people and businesses, in more than 170 countries, who use Wise to send, spend, convert, and receive money internationally. Wise is for anyone — travelers, immigrants, freelancers, organisations — whose…»
2023-02-02 12:07:18
​​Wise — The international accountJoin over 13 million people and businesses, in more than 170 countries, who use Wise to send, spend, convert, and receive money internationally.Wise is for anyone — travelers, immigrants, freelancers, organisations — whose money crosses borders. We’re 8x cheaper on average than leading banks. And a lot faster, too.Cheaper and faster money transfers:▫️ Send money to over 80 countries▫️ For a super-low fee, you get the real exchange rate, like on Google, for every money transfer• 50% of transfers are instant or arrive within an hour▫️ Secure your transfers with two-factor authenticationA debit card to spend worldwide:▫️ Spend or withdraw money in more than 200 countries▫️ If you don’t have the local currency, we’ll auto-convert what you have with the lowest possible price▫️ Freeze and unfreeze your card, and update your virtual card whenever you likeCreate your Wise account 💳#promo
2023-02-02 09:13:00
​​DefaScanA python tool that will scrape the internet for your given google dork queries using APIs and alert using the email provied during rutime.https://github.com/RamXtha/DefaScan
2023-02-02 09:12:00
​​tactical-exploitationModern tactical exploitation toolkit.https://github.com/0xdea/tactical-exploitation
2023-02-01 12:27:00
​​Cobalt Strike Beacon NotifierA #Cobalt Strike Beacon Notifier Via #Telegram #Bot.Features:▫️ Showing the Name of the Current User▫️ Showing the Computer Name of the Current User▫️ Showing the Type and Version of the Operating System▫️ Showing the Type of the Process Exec Name▫️ Showing the Internal IP of the System▫️ Showing the Enternal IP of the Systemhttps://github.com/lynxbinz/CS-Beacon-Notifier
2023-02-01 12:08:21
​​Thanks Mobile HackerWe want to give credit to the creators of the videos we used in our posts.▫️ t.me/androidMalware ▫️ youtube.com/@mobilehacker▫️ instagram.com/mobile_hacker0#video #channel
2023-02-01 11:14:00
​​THC's favourite Tips, Tricks & Hacks (Cheat Sheet)A collection of our favourite tricks. Many of those tricks are not from us. We merely collect them.We show the tricks 'as is' without any explanation why they work. You need to know Linux to understand how and why they work.https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet
2023-02-01 11:09:14
​​Dependency-ConfusionAll About Dependency Confusion Attack, (Detecting, Finding, Mitigating)https://github.com/x1337loser/Dependency-Confusion
2023-02-01 10:32:15
​​Cheap BadUSB - Digispark ATtiny85 Arduino boardBesides using it as a Rubber Ducky or hardware password vault, you can start your own projects such as POV display, LED lights controller, IoT gadgets, etc. Digispark allows to connect external modules and operate with them such as Bluetooth, motion, temperature sensors, Wi-Fi, etc.Testing 20 most popular mobile phone PINs (based on SANS institute findings) in 6 minutes using Digispark ATtiny85 board 👇 Based on the research, 26% of all phones can be cracked with these 20 four-digit passcodes.Buy online:🛒 https://amzn.to/3wN80ds🛒 https://ali.ski/13u_Kq#usb #board #badusb
2023-02-01 09:12:05
​​azure-mindmapThe purpose of this map is to list all possible compromise paths when faced with an Azure environment during a cloud security engagement.https://github.com/CMEPW/azure-mindmap#cybersecurity #infosec
2023-02-01 09:12:00
​​TimeExceptionA tool to find folders excluded from AV real-time scanning using a time oracle.https://github.com/bananabr/TimeException
2023-01-31 15:18:08
​​PrivilegerPrivileger allows you to work with privileges in Windows as easily as possible. https://github.com/MzHmO/Privileger#pentesting #Windows #redteam
2023-01-31 15:18:07
​​MimirTrue P2P messenger on top of Yggdrasil Networkhttps://github.com/Revertron/Mimir#privacy
2023-01-31 15:18:00
​​python-tufA Framework for Securing Software Updatehttps://github.com/theupdateframework/python-tuf
2023-01-31 11:15:00
​​Bountystrike-shA collection of bash and python scripts that installs common bug bounty tools, performs recon scans and continous asset discovery.https://github.com/BountyStrike/Bountystrike-sh#bugbounty
2023-01-31 11:14:05
​​CyberPipeAn easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.Functions:▫️ Capture a memory image with DumpIt for Windows,▫️ Capture a triage image with KAPE,▫️ Check for encrypted disks,▫️ Recover the active BitLocker Recovery key,▫️ Save all artifacts, output, and audit logs to USB or source network drive.Prerequisites:https://github.com/dwmetz/CyberPipe
2023-01-31 11:14:00
​​RemComSvc obfuscation PoChttps://gist.github.com/snovvcrash/123945e8f06c7182769846265637fedb
2023-01-31 09:13:00
​​OutpostAWS Testing and Reporting ManagementOutpost is a simple tool to generate AWS configuration files for AssumeRole, a testing capability for verifying accounts work, and a report generator for ScoutSuite scan results.▫️ Run ScoutSuite▫️ Parse the results▫️ ✨Generate Report Findings✨https://github.com/ustayready/outpost
2023-01-31 09:12:01
​​astaroth-deobfuscatorIDA python script for deobfuscating Astaroth/Guildma injector DLLhttps://github.com/dodo-sec/astaroth-deobfuscator
2023-01-31 09:12:00
​​RToolZA Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.https://github.com/OmriBaso/RToolZ#pentesting #redteam
2023-01-30 15:19:00
​​Sublist115rA python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist115r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist115r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.https://github.com/elpirata111/Hacking-tools#Donate t.me/hackgit🍻»»»
2023-01-30 15:18:00
​​Json Value ExtractorCmd line utility that accepts json via standard in (piping) and extracts values from json fields.https://github.com/theflakes/jve
2023-01-30 12:34:06
HackRF One + Portapack H2 Mayhem.The HackRF is an exceptionally capable software defined radio (SDR) transceiver, but naturally you need to connect it to a computer to actually do anything with it. So the PortaPack was developed to turn it into a stand-alone device with the addition of a touchscreen LCD, a few buttons, and a headphone jack. With all the hardware in place, it’s just a matter of installing a firmware capable enough to do some proper RF hacking on the go.Enter MAYHEM, an evolved fork of the original PortaPack firmware that the developers claim is the most up-to-date and feature packed version available. Without ever plugging into a computer, this firmware allows you to receive, decode, and re-transmit a dizzying number of wireless protocols. From firing off the seating pagers at a local restaurant to creating a fleet of phantom aircraft with spoofed ADS-B transponders, MAYHEM certainly seems like it lives up to the name.Detailed blog post about installing and using MAYHEM on the HackRF/PortaPack, complete with a number of real-world examples that show off just a handful of possible applications for the project. Jamming cell phones, sending fake pager messages, and cloning RF remotes is just scratching the surface of what’s possible.Example of use: exploitation of a Honda vulnerability Honda's Remote Keyless System (CVE-2022-27254)Firmware to open any and all Tesla vehicle charging ports in range!Buy online: 🛒 https://alii.pub/6lfodk🛒 https://amzn.to/3kRIrFF#hackrf #radio #sdr #spoofing
2023-01-30 11:15:00
​​Windows 11 Debloat / Privacy GuideThis guide is meant for advanced users who wants to get rid off Windows 11's bloatware and telemetry, if you have no experience of such thing then you can consider this guide for ease.▫️ Get rid of bloatware▫️ Disable most of the telemetry▫️ Gain performance▫️ Optimize Windows 11 for gaming as well as productivity▫️ Strip Windows 11 to barebones (In Advanced removal below)https://github.com/TheWorldOfPC/Windows11-Debloat-Privacy-Guide
2023-01-30 11:14:00
​​Dell Driver EoP (CVE-2021-21551)Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.This exploit was tested on Windows 10 v1511.https://github.com/nanabingies/CVE-2021-21551#cve
2023-01-30 09:13:00
​​bbFuzzing.txtA unique vocabulary that is 70% generated with OpenAI ChatGPT.The remaining 30% is a compilation of dictionaries from Bo0om, circuit and other bugbounters.https://github.com/reewardius/bbFuzzing.txt#bugbounty #ChatGPT
2023-01-30 09:12:00
​​APT-HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . APT-Hunter use pre-defined detection rules and focus on statistics to uncover abnormalities which is very effective in compromise assessment . the output produced with timeline that can be analyzed directly from Excel, Timeline Explorer, Timesketch, etc...https://github.com/ahmedkhlief/APT-Hunter
2023-01-29 15:18:00
​​Linux Security and Hardening Security Guidehttps://github.com/In4n1s357/Linux-Security-and-Hardening-Security-Guide
2023-01-29 12:51:22
​​SeManage Volume #ExploitThis exploit grants full permission on C:\ drive for all users on the machine.▫️ Enables the privilege in the token▫️ Creates handle to .\C: with SYNCHRONIZE | FILE_TRAVERSE▫️ Sends the FSCTL_SD_GLOBAL_CHANGE to replace S-1-5-32-544 with S-1-5-32-545https://github.com/CsEnox/SeManageVolumeExploit
2023-01-29 12:44:10
HackGit pinned «​​OnePlus 7 Pro OnePlus 7 Pro is the best phone you can use with Kali Nethunter. It is bundled with the Qualcomm SM8150 Snapdragon 855+ chipset along with 8GB RAM and Adreno 640 GPU. It also has a 90Hz AMOLED 6.57 inches display with 1080 x 2400 pixel resolution.…»
2023-01-29 12:44:02
​​OnePlus 7 ProOnePlus 7 Pro is the best phone you can use with Kali Nethunter. It is bundled with the Qualcomm SM8150 Snapdragon 855+ chipset along with 8GB RAM and Adreno 640 GPU.It also has a 90Hz AMOLED 6.57 inches display with 1080 x 2400 pixel resolution. As for storage, you have the option to choose between the 128GB and 256GB variants. Keep in mind, this phone doesn’t have a Memory card slot.When it comes to networking, the OnePlus 7 supports Wi-Fi 802.11 a/b/g/n/ac network standards. Moreover, having Bluetooth 5.0 is of utter importance as there is no 3.5mm jack included in the device.Lastly, the battery of this phone is 3800mAh Li-Po which supports 30W fast charging and 30T Warp Charge.OnePlus 7 is heavily supported by the Kali Nethunter community and is also the recommended high-end device for Nethunter. You can also find the installation instructions for Nethunter on OnePlus 7 in the official Nethunter documentation.Buy online:🛒 https://amzn.to/3kQlLWd🛒 https://alii.pub/6leekh#kali #mobile
2023-01-29 11:21:34
​​PayClipYou can use this tool to transfer payloads to the clipboard so you can use them more quickly.https://github.com/bwiko/PayClip
2023-01-29 11:14:00
​​ludvigSecurity scanner using YARA.https://github.com/FrodeHus/ludvig
2023-01-29 09:13:00
​​hackebdsThis tool is used for backdoor and shellcode generation for various architecture devices.https://github.com/doudoudedi/hackEmbedded#redteam
2023-01-29 09:12:00
​​PHP Antimalware ScannerAMWScan is a free tool to scan php files and analyze your project to find any malicious code inside it.https://github.com/marcocesarato/PHP-Antimalware-Scanner
2023-01-28 12:06:11
​​YARD Stick OneYet Another Radio Dongle can transmit or receive digital wireless signals at frequencies below 1 GHz. It uses the same radio circuit as the popular IM-Me. The radio functions that are possible by customizing IM-Me firmware are now at your fingertips when you attach YARD Stick One to a computer via USB. Great for listening on RF emitters and transmitting on ISM bands.YARD Stick One comes with RfCat firmware installed, courtesy of Atlas. RfCat allows you to control the wireless transceiver from an interactive Python shell or your own program running on your computer.Repository:https://github.com/greatscottgadgets/yardstickBuy online:🛒 https://amzn.to/3WNO9W1🛒 https://alii.pub/6lbzti#radio #usb #transceiver
2023-01-28 11:14:07
​​jsoupThe Java HTML parser, built for HTML editing, cleaning, scraping, and XSS safety.jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.https://github.com/jhy/jsoup
2023-01-28 11:14:00
​​pentesting-resourcesResources for ethical hacking, pentesting and other offsec tools.https://github.com/Root-Down-Digital/pentesting-resources
2023-01-28 09:13:00
RemoteShellCodeInjectionThis will help you inject a shellcode hosted as text remotly into a process.https://github.com/soufianetahiri/RemoteShellCodeInjection#pentesting #redteam
2023-01-28 09:12:00
​​ExploitsA handy collection of my public exploits, all in one place.https://github.com/0xdea/exploits#redteam #cve #exploit
2023-01-27 15:18:00
​​CryptomatorMulti-platform transparent client-side encryption of your files in the cloud.https://github.com/cryptomator/cryptomatorDownload https://cryptomator.org/downloads/#cybersecurity
2023-01-27 11:15:00
​​Capacapa detects capabilities in executable files. You run it against a PE, ELF, .NET module, or shellcode file and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.https://github.com/mandiant/capa
2023-01-27 11:14:00
​​GUACGUAC aggregates software security metadata into a high fidelity graph database.https://github.com/guacsec/guac
2023-01-27 09:48:31
​​NativePayload_PE1NativePayload_PE1/PE2 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing RWX to X or RX or (both) [Bypassing AVs].https://github.com/DamonMohammadbagher/NativePayload_PE1#redteam
2023-01-27 09:29:59
linWinPwn Active Directory Vulnerability ScannerlinWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script uses a number of tools and serves as wrapper of them. Tools include: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump, certipy, silenthound, and others.https://github.com/lefayjey/linWinPwn#pentesting #redteam #ad #best
2023-01-27 09:13:00
​​Awesome-Bugbounty-WriteupsA curated list of #bugbounty writeups (Bug type wise).https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
2023-01-27 09:12:00
​​Burp IIS Tilde Enumeration ScannerThis extension will add an Active Scanner check for detecting IIS Tilde Enumeration vulnerability and add a new tab in the #Burp UI to manually exploit the vulnerability.https://github.com/cyberaz0r/Burp-IISTildeEnumerationScanner
2023-01-27 08:08:14
​​GrypeA vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.https://github.com/anchore/grype#best
2023-01-27 07:16:28
​​CVE-2023-24055 PoC (KeePass 2.5x)An attacker who has write access to the KeePass configuration file can modify it and inject malicious triggers, e.g to obtain the cleartext passwords by adding an export trigger.https://github.com/alt3kx/CVE-2023-24055_PoC#cve #poc
2023-01-27 07:11:19
Proxying DLL Loads For Hiding ETWTI Stack Tracing.https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing/Proxy-DLL-Loads:https://github.com/paranoidninja/Proxy-DLL-Loads#pentesting #redteam
2023-01-26 15:18:00
​​FIR Fast Incident Response is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents.FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It was tailored to suit our needs and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit.https://github.com/certsocietegenerale/FIR
2023-01-26 14:24:31
​​CVE-2022-34689CryptoAPI spoofing vulnerabilityThe repository contains code for two types of PoCs: one exploiting Chrome v48 and another focusing on the vulnerable MD5 check in crypt32.dll.https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689Details:https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi#cve #poc
2023-01-26 11:16:13
​​CVE-2023-24055POC and Scanner for CVE-2023-24055.https://github.com/deetl/CVE-2023-24055#cve
2023-01-26 11:14:10
​​EYSOFT Webcam CoverWhether you want to protect your smartphone, laptop or desktop computer, this 5-pack of webcam privacy covers is an excellent choice. The cover is durable and easy to install using the provided double-sided tape. To cover the viewfinder, all you need to do is slide the black circle within the cover to the left.Measuring only 0.022 inches in thickness which will not interfere with closing lid of your laptop. It adheres with double sided tape and can be removed if needed. Moreover, it will sustain through the wear and tear and remain strongly adhesive.Not only suitable for computer, PC, laptops, Mac, iPad, Android tablet and all in one desktop, also can be used in most models of smartphones.Buy online: 🛒 $5.99 https://amzn.to/3Hca2c4#camera #privacy #covers
2023-01-26 11:14:07
​​opencveOpenCVE is a platform used to locally import the list of CVEs and perform searches on it (by vendors, products, CVSS, CWE...).Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE.https://github.com/opencve/opencve
2023-01-26 11:14:00
​​BSidesRomaSecurityBsides Roma Conference Repohttps://github.com/SecurityBsidesIT/BSidesRoma
2023-01-26 09:13:00
​​PyCriptPycript is a Burp Suite extension that enables users to encrypt and decrypt requests for manual and automated application penetration testing. It also allows users to create custom encryption and decryption logic using JavaScript and Node.js, allowing for a tailored encryption/decryption process for specific needs.https://github.com/Anof-cyber/PyCript
2023-01-26 09:12:00
​​Gato (Github Attack TOolkit)Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization.The tool also allows searching for and thoroughly enumerating public repositories that utilize self-hosted runners. GitHub recommends that self-hosted runners only be utilized for private repositories, however, there are thousands of organizations that utilize self-hosted runners.https://github.com/praetorian-inc/gato
2023-01-25 15:18:00
​​Hekatomb A python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.https://github.com/Processus-Thief/HEKATOMB#ad
2023-01-25 11:15:00
​​IntroLabsThese are the labs for my Intro class. Yes, this is public. Yes, this is intentional.https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md
2023-01-25 11:14:00
​​threat-intelThis repository contains IoCs related to Volexity public threat intelligence blog posts and tools published by Volexity's threat intelligence team.https://github.com/volexity/threat-intel
2023-01-25 09:49:38
​​Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.Buy online: 🛒 $299.98 https://amzn.to/3DfmfLU#rfid #nfc
2023-01-25 09:47:42
​​burp-rest-apiREST/JSON API to the Burp Suite security tool.https://github.com/vmware/burp-rest-api
2023-01-25 09:12:05
​​ExtAnalysisBrowser Extension Analysis Framework - Scan, Analyze Chrome, firefox and Brave extensions for vulnerabilities and intels.https://github.com/Tuhinshubhra/ExtAnalysis
2023-01-25 09:12:00
​​robots-txt-parser pycollect robots.txt endpoint for allowed and disallowed endpoints from a list of subdomainshttps://github.com/smackerdodi/robots-txt-parser.py
2023-01-24 15:18:00
​​Hackng Articles — Cyber MindmapThis repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them.https://github.com/Ignitetechnologies/Mindmap
2023-01-24 11:14:00
​​wstgThe Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.https://github.com/OWASP/wstg
2023-01-24 09:24:00
​​WD 5TB My Passport Portable Hard DriveThe My Passport™ drive is trusted, portable storage that gives you the confidence and freedom to drive forward in life. With a new, stylish design that fits in the palm of your hand, there’s space to store, organize, and share your photos, videos, music, and documents.The My Passport™ drive’s built-in 256-bit AES hardware encryption with password protection helps keep your digital life's contents secure. Just activate password protection and set your own personalized password using WD Discovery™.Buy online: 🛒 -21% $117.99 https://amzn.to/3WGTuyIWD 5TB My Passport for Mac:🛒 -22% $124.99 https://amzn.to/3R1oGqY#usb #hdd #encryption
2023-01-24 09:12:00
​​AzBeltStandalone DLL and sliver extension for enumerating Azure related credentials, primarily on AAD joined machines.https://github.com/daddycocoaman/AzBelt
2023-01-23 16:55:11
​​SQLi-Hunter-v2SQLi Hunter v2 is a python program that checks for SQL (and Blind) injection vulnerability in URL's. The program is designed to be easy to use, practical and beneficial. The intention of this tool is to include it in your ethical Bug Bounty Hunting methodology. Please do not use this tool on any website without having its permission.https://github.com/3a7/SQLi-Hunter-v2
2023-01-23 16:52:45
​​CVE-2021-20294-POCA flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack BoF, OOB write of arbitrary data supplied by the attacker.https://github.com/tin-z/CVE-2021-20294-POC#cve #poc
2023-01-23 16:49:45
​​Inline-Execute-PEInline-Execute-PE is a suite of Beacon Object Files (BOF's) and an accompanying Aggressor script for #CobaltStrike that enables Operators to load unmanaged Windows executables into Beacon memory and execute them, retrieving the output and rendering it in the Beacon console.https://github.com/Octoberfest7/Inline-Execute-PE#redteam
2023-01-23 11:14:00
​​PhoneSploit ProPhoneSploit with Metasploit Integration.An All-In-One hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.https://github.com/azeemidrisi/phonesploit-pro
2023-01-23 09:13:00
​​BLintBLint is a Binary Linter to check the security properties, and capabilities in your executables. It is powered by lief.https://github.com/AppThreat/blint
2023-01-23 09:12:00
​​PopeyeA Kubernetes Cluster SanitizerPopeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what's deployed and not what's sitting on disk. By scanning your cluster, it detects misconfigurations and helps you to ensure that best practices are in place, thus preventing future headaches.https://github.com/derailed/popeye
2023-01-22 15:19:00
​​About Cloud ScoutCloud Scout is a plugin which works on top of BloodHound, leveraging its visualization capabilities in order to visualize cross platform attack paths.https://github.com/SygniaLabs/security-cloud-scout
2023-01-22 15:18:00
​​shosubgoSmall tool to Grab subdomains using Shodan api.https://github.com/incogbyte/shosubgo
2023-01-22 11:14:05
​​CredsSome usefull Scripts and Executables for Pentest & ForensicsMost Scripts/Executables are Windows / Domain specific.https://github.com/S3cur3Th1sSh1t/Creds
2023-01-22 11:14:00
​​AerleonGenerate firewall configs for multiple firewall platforms from a single platform-agnostic configuration language through a command line tool and Python API.Aerleon is a fork of Capirca with the following enhancements 👇https://github.com/aerleon/aerleon
2023-01-22 09:12:07
​​CVE-2023-0179 PoCThis repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 5.5 to 6.2-rc3, although the exploit was tested on 6.1.6.https://github.com/TurtleARM/CVE-2023-0179-PoC#cve #poc
2023-01-22 09:12:00
​​APCLdrPayload Loader With Evasion Features.https://github.com/NUL0x4C/APCLdr
2023-01-21 15:18:00
​​pdtmProjectDiscovery's Open Source Tool ManagerA simple and easy-to-use golang based tool for managing open source projects from ProjectDiscovery.https://github.com/projectdiscovery/pdtm
2023-01-21 11:14:00
​​PTAAgentDumpA tool for checking malicious use of stolen pass-through authentication (PTA) agent certificates. The tool shows how many active certificates exists per agent.https://github.com/secureworks/PTAAgentDump
2023-01-21 09:12:00
​​LogonTracerInvestigate malicious Windows logon by visualizing and analyzing Windows event log.https://github.com/JPCERTCC/LogonTracerDemo:https://www.youtube.com/watch?v=aX-vTd7-moY
2023-01-20 09:12:00
​​Gold DiggerGold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.https://github.com/ustayready/golddigger
2023-01-20 07:53:37
​​CVE-2022-47966POC for CVE-2022-47966 affecting multiple ManageEngine products👇https://github.com/horizon3ai/CVE-2022-47966Nuclei templates:https://github.com/projectdiscovery/nuclei-templates/pull/6564/files
2023-01-17 11:15:00
​​gmailc2A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions.C2 Feature:▫️ Persistence (type persist)▫️ Shell Access ▫️ System Info (type info)▫️ More Features Will Be AddedFeatures:▫️ FUD Ratio 0/40▫️ Bypass Any EDR's Solutions▫️ Bypass Any Network Restrictions▫️ Commands Are Being Sent in Base64 And Decoded on server side▫️ No More Tcp Shitshttps://github.com/machine1337/gmailc2
2023-01-17 11:14:00
​​Hunting-Queries-Detection-RulesDefender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
2023-01-17 10:11:58
​​EvilCrow KeyloggerEvil Crow Keylogger is a physical keylogger device for professionals and cybersecurity enthusiasts. This WiFi keylogger with Micro SD slot, based on the Atmega32U4 microcontroller and the ESP32-PICO module.Repository:https://github.com/joelsernamoreno/EvilCrow-KeyloggerBuy online: 🛒 https://ali.ski/Xf5tcE#USB #wifi
2023-01-17 09:13:00
​​OffensivePipelineOfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the resulting binary and generate a shellcode.https://github.com/Aetsu/OffensivePipeline#dotnet #obfuscate #inject #bypass #av
2023-01-17 09:12:00
​​Windows LPE PoCshttps://github.com/dbgsymbol/windows_lpe_pocs
2023-01-16 11:14:00
​​Automation_Bug_HuntingSome Bug Hunting automation Basic scripts using python (LFI, Error SQLI, Blind SSRF, SSTI, Open Redirect, OS Command Injection).https://github.com/Mostafa-Elguerdawi/Automation_Bug_Hunting
2023-01-16 09:12:00
​​tau-researchThe project will serve as a central repository for VMware Threat Analysis Unit (TAU) to share threat intelligence with the security community, such as threat indicators of compromises (IoCs) and the corresponding scripts/tools TAU developed to extract the IoCs. The IoCs are typically used/discussed in TAU's published research papers such as repo…https://github.com/vmware-samples/tau-research
2023-01-15 09:12:00
​​WriteupsDifferent hacking Platforms writeups!!https://github.com/a-fai1ur3/Writeups
2023-01-14 15:19:00
​​cheatsheetsCollection of knowledge about information security.https://github.com/r1cksec/cheatsheets#cybersecurity #infosec
2023-01-14 15:18:00
​​PowerShell-Deobfuscation-ExerciseAn exercise to practice deobfuscating PowerShell Scripts.https://github.com/trevormiller6/PowerShell-Deobfuscation-Exercise
2023-01-14 11:15:00
​​CVE-2022-46169Exploit to CVE-2022-46169 vulnerability on Cacti 1.2.19https://github.com/Anthonyc3rb3ru5/CVE-2022-46169#cve #exploit
2023-01-14 11:14:05
​​asta-decryptThis is a simple script that implements the decryption routine for the encrypted final stage used by the Astaroth/Guildma malware family.Astaroth uses an AutoIT script with an embedded DLL that writes the final payload to disk as db.temp and injects it into a hollow process.https://github.com/dodo-sec/asta-decrypt.py
2023-01-14 11:14:00
​​anti_RoyalPoweshell tool to check for partially encrypted files with various techniques and sandbox them for analysis.https://github.com/shadowdevnotreal/anti_Royal
2023-01-14 09:12:00
​​CVE-2022-28944EMCO Software Multiple Products Unauthenticated Update Remote Code Execution Vulnerability.https://github.com/gerr-re/cve-2022-28944
2023-01-13 15:18:00
​​code-inspectorJava code inspector for web vulnerability scan.https://github.com/4ra1n/code-inspector
2023-01-13 11:14:00
​​T95-H616-Malware"Pre-Owned" malware in ROM on T95 Android TV Boxhttps://github.com/DesktopECHO/T95-H616-Malware
2023-01-13 10:45:51
​​SUDO_KILLERA tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.https://github.com/TH3xACE/SUDO_KILLER#linux #sudo
2023-01-13 10:04:34
​​Alfa AWUS036ACHMThis adapter looks like a basic everday wifi adapter but it is not! I have tested many adapters and this adapter has the longest range of any modern dual band adapter that I have tested. If you need long range or an adapter that can run 24/7/365 and never miss a beat, this adapter is worth a look. Don't buy it for speed as it is a AC600 adapter, but if looking for range, great AP mode support, great monitor mode support and reliability, take a look.My opinion is that this adapter is the single best adapter available for use with Kali Linux or other distros used for pen testing and security analysis. Compared to the Alfa AWUS036ACH, the Alfa AWUS036ACHM has better range, costs less and is supported with in-kernel drivers making it the better choice for Linux users. It comes with the required USB2 cable and a clip that allows you to mount the adapter in various locations. Overall, the Alfa AWUS036ACHM is a solid performer. Highly recommended.Buy online: 🛒 https://amzn.to/3W9BkW3#alfa #wifi #adapter
2023-01-13 09:13:00
​​WPAxFuzzA full-featured open-source Wi-Fi fuzzerhttps://github.com/efchatz/WPAxFuzz
2023-01-13 09:12:00
​​stackplzThis work on eBPF for reversing on Android. https://github.com/SeeFlowerX/stackplz
2023-01-12 15:18:00
sast-scanScan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application, and infrastructure code in a single fast scan without the need for any remote server. Scan is purpose built for workflow integration with nifty features such as automatic build breaker, results baseline and PR summary comments. Scan products are open-source under a GNUhttps://github.com/ShiftLeftSecurity/sast-scan
2023-01-12 11:14:00
​​slitherSlither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.https://github.com/crytic/slither
2023-01-12 09:13:00
​​nuclearpondNuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.▫️ Output results to your terminal, as json, or to an S3▫️ Specify threads and parallel invocations in any desired number of batches▫️ Specify any Nuclei arguments just like you would locally▫️ Specify a single host or from a file▫️ Run the http server to take scans from the API▫️ Run the http server to the status of the scans▫️ Query findings through Athena for searchinghttps://github.com/DevSecOpsDocs/nuclearpond
2023-01-12 09:12:00
​​BinwalkBinwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.https://github.com/ReFirmLabs/binwalk
2023-01-11 15:19:00
Secret HandshakeA prototype malware C2 channel using x509 certificates over mTLSI always wondered if threat actors ever used x509 certificates as part of their C2 communication, not to encrypt the network traffic but to actually embed the C2 communication in the x509 cert. After searching for something like this in the wild for 5 years I finally decided to just code it myself to see if it's possible...it ishttps://github.com/jconwell/secret_handshake#malware
2023-01-11 15:18:00
​​Python parser for #Cobalt Strike stagersUse parse_stager_config.py to search a file for Cobalt Strike stager shellcode. If shellcode is found, it will be extracted in JSON format.https://github.com/stairwell-inc/cobalt-strike-stager-parser
2023-01-11 11:14:36
HackGit pinned «​​Flipper Zero Flipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you…»
2023-01-11 11:14:00
​​Black-ToolInstall the tools and start hacking Attackinghttps://github.com/mrprogrammer2938/Black-Tool
2023-01-11 10:38:56
​​Flipper ZeroFlipper ZeroFlipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.Buy online: 🛒 https://amzn.to/3Qyw6la#rfid #nfc
2023-01-11 09:12:00
​​SEMA ToolChain using Symbolic Execution for Malware Analysis.https://github.com/csvl/SEMA-ToolChain
2023-01-10 15:18:00
​​CoffLoaderIt's just un implementation of in-house CoffLoader supporting #CobaltStrike standard BOF and BSS initialized variables.Look at the main.c file to change the BOF and its parameters. CobalStrike handles the BOF parameter in a special way, the Arg structure is here to pass parameters easier.https://github.com/OtterHacker/CoffLoader
2023-01-10 11:15:00
​​UEFI Firmware ParserThe UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials.https://github.com/theopolis/uefi-firmware-parser
2023-01-10 11:14:00
​​Chrome V8 RCE CVE-2021-38003https://github.com/SpiralBL0CK/Chrome-V8-RCE-CVE-2021-38003#cve #RCE
2023-01-10 09:17:01
​​OffGrid USB Data BlockerThe USB Data Blocker grants devices immunity from viruses or invasion when used to connect to untrusted USB ports. This handy tech accessory blocks unpermitted data transfer to ensure that a device’s information is not stolen by outsiders. The USB connector also boasts lightning-fast charging capabilities. Use the USB Data Blocker to plug into any port in full faith that your device and data are safe from nonconsensual surveillance.This small converter plays a big role in data protection when on the go. A USB Data Blocker liberates individuals from fear and avoidance of unknown power sources so they can plug in whenever and wherever.Buy online: 🛒 7$ https://amzn.to/3k8N1is#usb #security
2023-01-10 09:13:00
​​REST-AttackerAutomated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and report generation - with minimal configuration effort. Additionally, REST-Attacker is designed to be flexible and extensible with support for both large-scale testing and fine-grained analysis.https://github.com/RUB-NDS/REST-Attacker
2023-01-10 09:12:00
​​confusedTool to check for dependency confusion vulnerabilities in multiple package management systemshttps://github.com/visma-prodsec/confused
2023-01-09 15:18:00
​​Brute_PupA web-hunting tool with bruteforce capabilities, and hooked into GoWitness.Bruteforce multiple petabytes of potential sites and subdirectories, then check every combination for existence, and if it exists go take a picture! This usage is a bit extreme, but this is certainly a cool and functional apparatus for dirbusting/bruteforcing/OSINT.https://github.com/7RIXx/Toolbelt/tree/main/Brute_Pup
2023-01-09 11:14:00
​​ModSecurity BackdoorThis is a proof-of-concept of malicious software running inside of ModSecurity WAF.https://github.com/azurit/modsecurity-backdoor
2023-01-09 11:11:35
​​COOKAn overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.https://github.com/glitchedgitz/cook
2023-01-09 11:06:19
​​cth_wordlistsEach pentester has to build his own wordlists...https://github.com/sorokinpf/cth_wordlists
2023-01-09 10:22:45
Microsoft Exchange: OWASSRF + TabShell (CVE-2022-41076)The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103eDetails:https://blog.viettelcybersecurity.com/tabshell-owassrf/#owa #ssrf #tabshell #poc
2023-01-09 09:12:06
​​all InfoSec news - SourcesA list of online news & info sources in the InfoSec/Cybersecurity space with their website + RSS feed. This is an extract of all the sources aggregated from on the allinfosecnews.com website.https://github.com/foorilla/allinfosecnews_sources
2023-01-09 09:12:05
​​AmsiBypassHookManagedAPIA new AMSI Bypass technique using .NET ALI Call Hooking.https://github.com/pracsec/AmsiBypassHookManagedAPI
2023-01-09 09:12:00
​​brc4Unpack Brute Ratel (BRC4) stager and extract config also tries to find the rc4 key in case of encrypted confighttps://github.com/matthw/malware_analysis/tree/main/brc4
2023-01-07 15:18:00
​​ThothAutomate recon for red team assessments.Thoth is a very modular tool that automates the execution of tools during a reconnaissance assessment. Using multithreading, several tools are executed simultaneously. The use of different modules can be adapted on the fly by using module names or risk level as a filter.https://github.com/r1cksec/thoth
2023-01-07 11:14:00
TLS PoisonA tool that allows for generic SSRF via TLS, as well as CSRF via image tags in most browsers. The goals are similar to SNI injection, but this new method uses inherent behaviors of TLS, instead of depending upon bugs in a particular implementation.https://github.com/jmdx/TLS-poison
2023-01-07 09:13:00
​​ccatCloud Container Attack Tool (CCAT) is a tool for testing security of container environments.https://github.com/RhinoSecurityLabs/ccat#redteam #hackers
2023-01-07 09:12:00
​​NTLMReconidentify commonly accessible NTLM authentication endpointsA tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints.https://github.com/praetorian-inc/NTLMRecon
2023-01-06 15:18:00
​​Nessus2HostA program written in Go that takes a #Nessus XML file and extracts the hosts in IP:PORT format.https://github.com/MantisSTS/Nessus2Host
2023-01-06 11:14:05
​​reverse_engineering_toolsVarious code samples and useful tips and tricks from reverse engineering and malware analysis fields.https://github.com/alexey-kleymenov/reverse_engineering_tools
2023-01-06 11:14:00
​​Network Information Hiding and Network Steganography 101A free online class on network information hiding/steganography/covert channels that I teach at the FernUniversität in Hagen, Germany, and HS Worms, Germany.https://github.com/cdpxe/Network-Covert-Channels-A-University-level-Course
2023-01-06 10:11:18
​​zsyscallThis is my implementation of the Hell's Gate VX technique.The main difference with the original implementation is the use of the zsyscall procedure instead of HellsGate and HellDescent for using syscalls.https://gitlab.com/Zer1t0/zsyscall
2023-01-06 09:30:09
​​ALFA AWUS036ACSCompact dual-band WiFi USB adapter that works according to 802.11ac and features data rates of up to 600Mbps. The AWUS036ACS WiFi USB adapter supports all common standards (IEEE 802.11a/b/g/n/ac) and is fully backwards compatible with the older WiFi standards.AWUS036ACS is the cheapest USB Wireless Adapter available in the market which supports dual-band 2.4 and 5Ghz. It supports both monitor mode and packet injection mode.Buy online: 🛒 https://amzn.to/3VPBVvN#adapter #wifi #alfa
2023-01-06 09:12:05
​​System Programming RoadmapA roadmap to teach myself compiler dev, malware #reverse engineering, exploitation and kernel dev fundamentalshttps://github.com/ujjwal-kr/system-programming-roadmap
2023-01-06 09:12:00
​​#Nuclei template generator for #WordPress pluginshttps://github.com/ricardomaia/nuclei-template-generator-for-wordpress-pluginsTOP 200 WordPress Plugins Detection:https://github.com/projectdiscovery/nuclei-templates/pull/6202
2023-01-05 15:19:00
​​VerSprite Security Researchhttps://github.com/VerSprite/research
2023-01-05 15:18:00
​​sub-scoutA simple bash script to automate your inital #recon and extend your attack surface using popular tools made by infosec community.https://github.com/0xAkashsky/sub-scout
2023-01-05 11:15:00
​​XSSFireA standalone Blind XSS Script.https://github.com/SeifElsallamy/XSSFire
2023-01-05 11:14:00
​​HellsHall Another Way To Fetch Clean Syscallshttps://github.com/Maldev-Academy/HellHall
2023-01-05 10:13:28
​​Bluefruit LE SnifferThis Bluefruit LE Friend is programmed with a special firmware image that turns it into an easy to use Bluetooth Low Energy sniffer. You can passively capture data exchanges between two BLE devices, pushing the data into Wireshark, the open source network analysis tool, where you can visualize things on a packet level, with useful descriptors to help you make sense of the values without having to crack open the 2000 page Bluetooth 4.0 Core Specification every time.Plug it into your development machine, fire up the special sniffer bridge SW, select the device you want to sniff, and it will fire up Wireshark for you and start pushing data in via a live stream (using Nordic's Windows software), or save to a pcap file that you can analyze with Wireshark later.The sniffer firmware cannot be used with the the Nordic DFU bootloader firmware, which means that if you want to reprogram this devices you must use a J-Link + SWD adapter! You cannot over-the-air reprogram it.Buy online:🛒 https://amzn.to/3Z7sjiZ🛒 https://bit.ly/3SulFzw#bluetooth
2023-01-05 09:32:36
​​PassTheCertSometimes, Domain Controllers do not support PKINIT. This can be because their certificates do not have the Smart Card Logon EKU. However, several protocols, including LDAP, support Schannel, thus authentication through TLS. We created a small Proof-of-Concept tool that allows authenticating against an LDAP/S server with a certificate to perform different attack actions.More information in the accompanying blog post.https://github.com/AlmondOffSec/PassTheCert
2023-01-05 09:12:05
​​CVE-2022-46164Basic POC exploit for CVE-2022-46164https://github.com/stephenbradshaw/CVE-2022-46164-poc
2023-01-05 09:12:00
​​RedLineStealerAn analysis of the famous info stealer RedLinehttps://github.com/amr-git-dot/RedLineStealer
2023-01-04 15:18:00
​​vxsigAutomatically generate AV byte signatures from sets of similar binaries.https://github.com/google/vxsig
2023-01-04 11:15:00
Power Me UpThis is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not be responsible for your actions. Also this reverse shell currently is not detected by Windows Defender. If you want to use this make sure to detup a Digital Ocean VPS and have the script connect back there or your C2. Happy Hacking!https://github.com/ItsCyberAli/PowerMeUp
2023-01-04 11:14:00
​​LearingMaterialsThis is a repository of training materials and interesting reads for everything related to Malware Analysis.https://github.com/lasq88/LearingMaterials/blob/main/MalwareAnalysis.md
2023-01-04 10:30:17
​​VAULTCARD The most advanced RFID protection for your wallet. With contactless card payments growing in popularity, our personal data is increasingly at risk of interception by fraudsters. VAULTCARD™ is a credit-card-sized tool, which can be placed inside a wallet to block electromagnetic signals – guaranteeing protection against RFID theft, while still enabling the use of contactless payments.Buy online: 🛒 https://amzn.to/3ifjaEf#rfid #card
2023-01-04 09:13:00
​​owasp-mastgThe Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).https://github.com/OWASP/owasp-mastg
2023-01-04 09:12:00
​​PhishimA phishing tool which reduces configuration time and bypasses most types of MFA by running a chrome tab on the server that the user unknowingly interacts with.https://github.com/jackmichalak/phishim
2023-01-03 15:18:00
​​Invoke-Retractor Build a Seatbelt executable containing only commands you specify.https://github.com/Wra7h/PowerShell-Scripts
2023-01-03 11:14:00
​​Open-CyKG An Open Cyber Threat Intelligence Knowledge GraphOpen-CyKG is a framework that is constructed using an attention-based neural Open Information Extraction (OIE) model to extract valuable cyber threat information from unstructured Advanced Persistent Threat (APT) reports. More specifically, we first identify relevant entities by developing a neural cybersecurity Named Entity Recognizer (NER) that aids in labeling relation triples generated by the OIE model. Afterwards, the extracted structured data is canonicalized to build the KG by employing fusion techniques using word embeddings.https://github.com/IS5882/Open-CyKG
2023-01-03 09:12:00
​​Dockle Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start.https://github.com/goodwithtech/dockle
2023-01-02 15:19:00
KENZERAutomated web assets enumeration & scanning.▫️ Subdomain Enumeration using Subfinder, Amass, CerteX, TLSX, DNSX, NXScan, & ShuffleDNS▫️ Port Enumeration using NXScan (Shodan, Netlas, Naabu & Nmap)▫️ Web Enumeration using HttpX, Favinizer, Domlock, Gau, GoSpider, URLhunter & Waymore▫️ Web Vulnerability Scanning using Jaeles, Wapiti, ZAP, Nuclei, Rescro & DalFox▫️ Backup Files Scanning using Fuzzuli▫️ Git Repository Enumeration & Scanning using RepoHunt & Trufflehog▫️ Web Screenshot Identification using Shottie & Perceptic▫️ WAF Detection & Avoidance using WafW00f & Nuclei▫️ Reputation Scoring using DomREP (GreyNoise, URLHaus, PhishTank)▫️ Every task can be distributed over multiple machineshttps://github.com/ARPSyndicate/kenzer
2023-01-02 12:22:29
HackGit pinned «​​Crypto Bot Use only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly. @CryptoBot»
2023-01-02 12:22:23
​​Rust - ReflectiveLoader64#mimikatz and #metasploit payloads are working nicelyhttps://github.com/winsecurity/Offensive-Rust/tree/main/peloader64/src
2023-01-02 12:21:58
​​Crypto BotUse only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly.@CryptoBot
2023-01-02 11:20:32
​​DimorfDimorf is a #ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´shttps://github.com/Ort0x36/Dimorf
2023-01-02 11:14:00
​​WDBFontOverwriteProof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.https://github.com/ginsudev/WDBFontOverwrite#cve #ios
2023-01-02 10:29:16
​​Evil Crow RF V2Evil Crow RF V2 is a radiofrequency hacking device for pentest and Red Team operations, this device operates in the following radiofrequency bands:▫️ 300Mhz-348Mhz▫️ 387Mhz-464Mhz▫️ 779Mhz-928Mhz▫️ 2.4GHzEvil Crow RF V2 has two CC1101 radiofrequency modules, these modules can be configured to transmit or receive on different frequencies at the same time. Additionally, Evil Crow RF V2 has a NRF24L01 module for other attacks.Evil Crow RF V2 allows the following attacks:▫️ Signal receiver▫️ Signal transmitter▫️ Replay attack▫️ URH parse▫️ MousejackingRepository:https://github.com/joelsernamoreno/EvilCrowRF-V2Buy online:🛒 https://amzn.to/3jzPRMS🛒 https://ali.ski/WNHHSN#radio #rf
2023-01-02 09:12:39
​​jenkins-strike#Cobalt Strike profile generator using Jenkins to automate the heavy lifting.https://github.com/RomanRII/jenkins-strike
2023-01-02 09:12:00
​​security-toolsA very opinionated list of security tools.https://github.com/mttaggart/security-tools
2022-12-31 19:04:53
​​Happy New Year!!! 🥂 🍾 🍻 🍷May the new year bless you with health, wealth, and happiness. ❤️ ❤️ ❤️You can leave your gifts here :) 🤭 🎁
2022-12-31 11:14:00
​​fwallowerAnalyze Windows Firewall outbound blocks and selectively allow traffichttps://github.com/scriptjunkie/fwallower
2022-12-31 09:12:00
​​Log4Shell-Scanner-ExploitBash script to identify the #Log4j CVE-2021-44228 vulnerability remotely.https://github.com/julian911015/Log4j-Scanner-Exploit
2022-12-30 11:14:05
​​scriptkiddi3Streamline your recon and vulnerability detection process with SCRIPTKIDDI3, A recon and initial vulnerability detection tool built using shell script and open source tools.https://github.com/thecyberneh/scriptkiddi3
2022-12-30 11:14:00
​​#WireGuard #ESP32WireGuard implementation for ESP32 Arduinohttps://github.com/ciniml/WireGuard-ESP32-Arduino
2022-12-30 09:14:47
HackGit pinned «Some of our posts will appear exclusively on Twitter»
2022-12-30 09:13:00
​​DNS Analysis ServerTools to assess #DNS security.https://github.com/The-Login/DNS-Analysis-Server
2022-12-30 09:12:00
​​Penetration Testing Study NotesThis repo contains all my penetration testing study notes, penetration testing tools, scripts, techniques, tricks and also many scripts that I found them useful from all over the internet.https://github.com/wwong99/pentest-notes
2022-12-30 09:09:35
Some of our posts will appear exclusively on Twitter
2022-12-29 18:39:51
Happy New Year!In the New Year, never forget to thank your past years because they enabled you to reach today! Without the stairs of the past, you cannot arrive at the future!Mehmet Murat Ildan
2022-12-29 15:19:00
​​TinyArgParserTinyArgParser is a command processing program, it has less than 300 lines of code, it supports command line parameter processing and help generation.https://github.com/BeichenDream/SharpTinyArgParser
2022-12-29 15:18:00
​​HackVaultThis is a container repository for my defensive/offensive hacks.https://github.com/0xSobky/HackVault
2022-12-29 11:15:00
​​paA simple #password manager. encryption via age, written in portable posix shell.https://github.com/biox/pa
2022-12-29 11:14:00
​​Moneta A live usermode memory analysis tool for Windows with the capability to detect malware IOCs.https://github.com/forrest-orr/moneta
2022-12-29 09:13:00
​​ASRenumCobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations.https://github.com/mlcsec/ASRenum-BOF#cobalt #bof
2022-12-29 09:12:00
​​Burp Extension - IpLoggerIpLogger is a basic Burp Extension that will make a request to https://api.ipify.org every time Burp is opened and will store the IP and date in iplogger.json.https://github.com/bsysop/IpLogger
2022-12-28 15:18:00
​​Security ExplainedSecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning. Below are the various activities and formats planned under SecurityExplained series:▫️ Tweets explaining interesting security stuff▫️ Blogs/Tutorials/How-To-Guides about different tools/techniques/attacks▫️ Security Discussion Spaces/Meets▫️ Monthly Mindmap/Mindmap based explainers for different attacks/techniques▫️ My Pentesting Methodology Breakdown▫️ Giveaways and Community Engagement▫️ GitHub Repository to Maintain "SecurityExplained"▫️ Public & Free to Access▫️ Newsletterhttps://github.com/harsh-bothra/SecurityExplained
2022-12-28 11:14:00
​​HENloWebKit+Kernel #exploit chain for all PS Vita firmwareshttps://github.com/TheOfficialFloW/HENlo
2022-12-28 09:33:35
​​Steganography ToolkitThis project is a Docker image useful for solving Steganography challenges as those you can find at #CTF platforms like hackthebox.eu. The image comes pre-installed with many popular tools (see list below) and several screening scripts you can use check simple things (for instance, run check_jpg.sh image.jpg to get a report for a JPG file).https://github.com/DominicBreuker/stego-toolkit
2022-12-28 09:21:34
​​Imaginary C2Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware.Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.By using this tool, an analyst can feed the malware consistent network responses (e.g. C&C instructions for the malware to execute). Additionally, the analyst can capture and inspect HTTP requests towards a domain/IP which is off-line at the time of the analysis.https://github.com/felixweyne/imaginaryC2
2022-12-27 11:15:00
​​WordlistsReal-world infosec wordlists, updated regularlyThese wordlists are based on the source code of the CMSes/servers/frameworks listed here. The current wordlists include:▫️ Wordpress▫️ Joomla▫️ Drupal▫️ Magento▫️ Ghost▫️ Tomcathttps://github.com/trickest/wordlists
2022-12-27 11:14:00
​​S T E R R AA unique SOCMINT tool to get informations on an instagram account from its following | followershttps://github.com/novitae/sterraxcyl
2022-12-27 09:25:00
​​pypykatzModified version of Pypykatz to print encrypted credentials.https://github.com/ly4k/PypykatzDetails:https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
2022-12-27 09:13:00
​​PassTheChallengeRecovering NTLM hashes from Credential Guard. Read more about the techniques here.https://github.com/ly4k/PassTheChallenge
2022-12-27 09:12:00
​​Exploit-For-CVE-2022-36067This repo contains payload for the CVE-2022-36067https://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067
2022-12-27 08:28:33
​​CJMCU BadUSB with MicroSDThis is one of the last developments related to rubberducky or badusb devices. This device is based on the ATMEGA32U4 microprocessor which is able to emulate many USB modes like HID, used for injecting key presses to the target system.The main processor is based on Arduino Leonardo R3 development board and the improvement is that a microSD card slot is included to allow storing many different payloads. The microSD card has to be FAT32 formatted in order to be recognized.Repository:https://github.com/asciiterminal/CJMCU_ATMEGA32U4_BADUSBBuy online:🛒 https://amzn.to/3jy7pZK🛒 https://ali.ski/R8vW3#usb #badusb #atmega32u4
2022-12-27 07:06:03
​​Awesome Incident ResponseA curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.Digital Forensics and Incident Response (DFIR) teams are groups of people in an organization responsible for managing the response to a security incident, including gathering evidence of the incident, remediating its effects, and implementing controls to prevent the incident from recurring in the future. https://github.com/Correia-jpv/fucking-awesome-incident-response
2022-12-27 06:59:39
​​Bug Bounty Dorks List of Google Dorks to search for companies that have a responsible disclosure program or bug bounty program which are not affiliated with known bug bounty platforms such as HackerOne or Bugcrowd. https://github.com/sushiwushi/bug-bounty…
2022-12-27 06:59:02
​​Bug Bounty DorksList of Google Dorks to search for companies that have a responsible disclosure program or bug bounty program which are not affiliated with known bug bounty platforms such as HackerOne or Bugcrowd.https://github.com/sushiwushi/bug-bounty-dorks
2022-12-26 15:18:00
​​APT_REPORTInteresting apt report & sample & malware & technology & intellegence collectionhttps://github.com/blackorbird/APT_REPORT
2022-12-26 14:44:18
HackGit pinned «​​Crypto Bot Use only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly. @CryptoBot»
2022-12-26 14:44:14
​​Crypto BotUse only the official Telegram #Bot to buy, sell, store, and pay with cryptocurrency directly.@CryptoBot
2022-12-26 11:14:00
​​Sample vulnerable RepoJust a sample REST api to test with ShiftLeft. Don't deploy this in production.Some technologies used:▫️ TypeScript▫️ Koa▫️ aws-sdk v2 and v3 (DynamoDB, S3, SES)https://github.com/HooliCorp/vulnerable-aws-koa-app
2022-12-26 10:07:21
​​rp++A fast ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries. https://github.com/0vercl0k/rp
2022-12-26 09:12:07
​​SpoolSploitA collection of Windows print spooler exploits containerized with other utilities for practical exploitation.https://github.com/BeetleChunks/SpoolSploit
2022-12-26 09:12:00
​​ASKJoeAskJoe is a tool that utilizes ChatGPT to assist researchers wanting to use Ghidra as their malware analysis tool. With its capabilities, ChatGPT highly simplifys the practice of reverse engineering, allowing researchers to better detect and mitigate threats.https://github.com/securityjoes/ThreatResearch
2022-12-25 09:13:00
​​Network ScannerUniversal Network Scanner is a multi-brand ultra-fast network discovery tool based on multicast and broadcast discovery. This network discovery scanner is implemented based on a flexible framework to ease implementation of any vanilla discovery IP protocol such as SSDP/UPnP, mDNS, proprietary discovery protocols, etc.https://github.com/julienblitte/UniversalScanner
2022-12-25 09:12:00
​​Mail Log ManipulationExploit script to get RCE by using LFI and Mail log poisoninghttps://github.com/Ananthavijay/Mail-log-Manipulation
2022-12-25 08:51:07
​​dnscrypt-proxy A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). ▫️ dnscrypt-proxy documentation ← Start here ▫️ DNSCrypt project home page ▫️ Discussions…
2022-12-25 08:50:46
​​dnscrypt-proxyA flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH).▫️ dnscrypt-proxy documentation ← Start here▫️ DNSCrypt project home page▫️ Discussions▫️ DNS-over-HTTPS and DNSCrypt resolvers▫️ Server and client implementations▫️ DNS stamps▫️ FAQhttps://github.com/DNSCrypt/dnscrypt-proxy#DNS #privacy
2022-12-25 08:50:42
​​WiFi Pineapple Mark VII by Hak5The Hak5 WiFi Pineapple is a highly advanced WiFi auditing and MITM platform. The original "RougeAP" device - the WiFi Pineapple provides an end-to-end workflow to bring WiFi clients from their trusted network to your rouge network.Hak5's latest generation V7 brings sees updates in three key area: performance, management tools and framework upgrades.The PineAP suite is a cross-platform control panel for the WiFi Pineapple devices, providing fine-grained control over all elements of your audit.The elegance of the WiFi Pineapple Platform is in its simplicity. Previously onerous, inefficient and prone to collateral damage - WiFi Auditing and Offensive Operations are now highly targeted, covert and very simple.Advanced mitm attacks: Perfectly mimicks target networks, allowing for seamless client capture via the highly targeted deAuth mechanisms. Once captured, all standard network vectors are available: DNSSpoofing, Packet Capture, etc.Wifi reconnaissance: Covertly discover, visualise and map WiFi networks and client hierarchies. Build lists of existing networks, and even client historical SSID connections. Continuously scan, add notes, filter clients, networks, logs and more.Automated wifi infiltration: Capture and pipe WiFi Encryption credentials in pcap / hashcat or JTR formats. WEP, WPA & WPA Enterprise.Highly targeted, highly covert: Keep your "Get Out of Jail Free" letter firmly in your pocket. The PineAP suite allows for fine-grained, highly targeted actions, ensuring no detection and no collateral damage.Buy online: 🛒 https://amzn.to/3Wpnpfo🛒 https://ali.ski/_jqbke#wifi #network
2022-12-25 07:54:23
​​bloodyADbloodyAD is an Active Directory privilege escalation swiss army knifeThis tool can perform specific LDAP/SAMR calls to a domain controller in order to perform #AD privesc.bloodyAD supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket or certificates and binds to LDAP services of a domain controller to perform AD privesc.It is designed to be used transparently with a SOCKS proxy.https://github.com/CravateRouge/bloodyAD
2022-12-24 11:14:00
​​Hardened mallocThis is a security-focused general purpose memory allocator providing the malloc API along with various extensions. It provides substantial hardening against heap corruption vulnerabilities. The security-focused design also leads to much less metadata overhead and memory waste from fragmentation than a more traditional allocator design. It aims to provide decent overall performance with a focus on long-term performance and memory usage rather than allocator micro-benchmarks. It offers scalability via a configurable number of entirely independent arenas, with the internal locking within arenas further divided up per size class.https://github.com/GrapheneOS/hardened_malloc
2022-12-24 09:13:00
​​CredzCheckrTesting default web credentials.https://github.com/c0dejump/CredzCheckr
2022-12-24 09:12:00
​​DC3-MWCPDC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names. A parser module is usually created per malware family. DC3-MWCP is designed to help ensure consistency in parser function and output, ease parser development, and facilitate parser sharing. DC3-MWCP supports both analyst directed analysis and large-scale automated execution, utilizing either the native python API, a REST API, or a provided command line tool. DC3-MWCP is authored by the Defense Cyber Crime Center (DC3).https://github.com/dod-cyber-crime-center/DC3-MWCP
2022-12-23 09:13:00
​​Cairo-FuzzerCairo Smart Contract FuzzerA tool designed for smart contract developers to test the security. It can be used as an independent tool or as a library.▫️ Run cairo contract▫️ Run cairo contract with hints implemented in cairo-rs▫️ Replayer of fuzzing corpus▫️ Minimizer of fuzzing corpus▫️ Load old corpus▫️ Handle multiple arguments▫️ Load a folder of inputs/crashes files▫️ CLI▫️ Run Cairo-fuzzer using a config file instead of CLI▫️ Workspace architecturehttps://github.com/FuzzingLabs/cairo-fuzzer
2022-12-23 09:12:00
​​gitSome#OSINT tool to extract email addresses and other useful info from various GitHub sources.▫️ Provide a user account to extract emails from associated repos▫️ Provide an org account to extract emails from associated repos▫️ Provide a domain to extract related emails from public commits, issues, and other sourceshttps://github.com/chm0dx/gitSome
2022-12-22 15:18:01
​​SquarePhishSquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes.https://github.com/secureworks/squarephish
2022-12-22 15:18:00
​​Copilot, for your terminalA CLI tool that generates shell scripts from a human readable description.https://github.com/m1guelpf/plz-cli
2022-12-22 11:14:05
​​Golden NuggetsBurp Suite Extension to easily create Wordlists based off URI, URI Parameters and Single Words (Minus the Domain)https://github.com/GainSec/GoldenNuggets-1
2022-12-22 11:14:00
​​Dolos JShttps://github.com/fkasler/dolosjs
2022-12-22 09:12:00
​​BlinsideBlindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory. This will result in a clean and unhooked ntdll which then could be copied to our process and unhook the original ntdll.https://github.com/CymulateResearch/Blindside
2022-12-21 15:19:00
​​hackGPTOpenAI and #ChatGPT to do hackerish things by NoDataFoundhttps://github.com/NoDataFound/hackGPT
2022-12-21 15:18:00
​​PHPGGC A library of unserialize() payloads along with a tool to generate them, from command line or programmatically. https://github.com/ambionics/phpggc
2022-12-21 12:24:48
​​USB NinjaUSB Ninja is an information security and penetration testing tool that looks and functions just like a regular USB cable (both power and data) until a wireless remote control triggers it to deliver your choice of attack payload to the host machine. In essence, USB Ninja is the next step in the evolution of BadUSB, embedding the attack in the USB cable itself.Emulating keyboard and mouse actions, payloads can be completely customized and can be highly targeted. Undetectable by firewalls, AV software (depending on payload of course) or visual inspection, the USB Ninja is an ideal tool for penetration testers, police and government.Wireless trigger device for the USB Ninja. Can trigger two different payloads via toggle buttons. Accepts RP-SMA antennas if you want greater distances for remote payload triggering. Documentation:https://usbninja.com/help/Buy online:🛒 Cable https://ali.ski/IjDEv4🛒 Bluetooth Remote https://ali.ski/aVNHh#usb #badusb #cable
2022-12-21 11:14:00
​​CloudmareCloudmare is a simple tool to find the origin servers of websites protected by Cloudflare, Sucuri, or Incapsula with a misconfiguration DNS.https://github.com/mrh0wl/Cloudmare
2022-12-21 09:12:00
​​MSI DumpA tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.▫️ Quickly determine whether file is suspicious or not.▫️ List all MSI tables as well as dump specific records▫️ Extract Binary data, all files from CABs, scripts from CustomActions▫️ scan all inner data and records with YARA rules▫️ Uses file/MIME type deduction to determine inner data typehttps://github.com/mgeeky/msidump
2022-12-21 07:10:00
​​VultrieverVulnerability scoring with NmapA small tool that allows you to convert to Excel and JSON formats the results of using the #Nmap scanner in conjunction with the built-in Vulners snap-in. It was created to automate the process of inventory of open ports and running network services on the server and scoring of existing vulnerabilities determined based on the versions of the software used. Implemented the use of Vultriever from the terminal and as an imported module in native Python scripts.In the process, Vultriever collects and provides the following information about the server in a structured form:▫️ Server IP address▫️ Network port number▫️ Network port status▫️ Protocol used by the network port▫️ Network service operating on the network port and its version▫️ Vulnerability CVE-identifier▫️ Vulnerability rating▫️ URL-link to the description of the vulnerability on the platform Vulners.comhttps://github.com/MalwareHunters/vultriever
2022-12-20 15:18:00
​​Overlord – Red Teaming AutomationOverlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules (e.g. C2, Email Server, HTTP web delivery server, Phishing server etc.) and the full infra / modules and scripts will be generated automatically on a cloud provider of choice. Currently supports AWS and Digital Ocean. The tool is still under development and it was inspired and uses the Red-Baron Terraform implementation found on Github.https://github.com/qsecure-labs/overlordA demo infrastructure was set up in our blog post: https://qsecure.com.cy/resources/publications/overlord/.For the full documentation of the tool visit the Wiki tab at: https://github.com/qsecure-labs/overlord/wiki.
2022-12-20 15:17:00
​​axiomAxiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security.https://github.com/pry0cc/axiom
2022-12-20 14:17:00
​​SEH HelperA Binary Ninja helper for exploring structured exception handlers in PEs.https://github.com/EliseZeroTwo/SEH-Helper
2022-12-20 12:15:00
​​URLClassLoader hot jar swappingThe following example code shows the ability to hot jar swap an already loaded JAR-file and get code execution by abusing the fact that inner classes still access the JAR file when invoked, as long as the inode does not change.https://github.com/fransr/hot-jar-swapping-urlclassloader
2022-12-20 11:18:35
​​blockchain hacker toolkitthe resources in this repository are from my own research, which is intermittent and boundless. therefore, no guarantees, no promises; use it at your own risk.https://github.com/go-outside-labs/blockchain-hacking
2022-12-20 11:15:00
​​subrutSubrut is the super fast tool for brute forcing subdomains. From arg2u with.https://github.com/arg2u/subrut
2022-12-20 11:14:00
​​IHKEY RansomwareIHKEY is a complete #Ransomware project built while I was learning about malwares For encryption I used AES for encrypt files and RSA for encrypt the Private key along with IV The Ransomware demonstrate how hackers can built there own Ransomware for encrypt files on windows systemshttps://github.com/moe-ih/IHkey
2022-12-20 09:49:00
​​OwlyshieldAn AI antivirus written in RustOwlyshield is an open-source AI-driven #antivirus engine written in Rust. Static analysis as performed by AV is only able to detect known threats, explaining why hackers are adapting so quickly and ransom attacks surging. We provide an embedded behavioural analysis AI that is able to detect and kill ransomwares in their very early execution.https://github.com/SitinCloud/Owlyshield
2022-12-20 09:39:47
​​If you like what we do support us! 🥷https://www.buymeacoffee.com/HackGitTON: UQAAZ1BFX5OsybSryoFunzyJN3F7oKWMbZNPlwMTcVK8mEzABTC: 1987zNaVX53v7tzpKRRde84uXbDYjuNykL
2022-12-20 09:23:13
​​BBSSRF Bug Bounty SSRF is a powerful tool to check SSRF OOB connection.The testing field must contain "BBSSRF" and this tool will automatically change it to dynamically generated payloads.▫️ Generating dynamic payloads▫️ Testing Single URL▫️ Testing URLs list▫️ Testing request file▫️ STDIN input supported▫️ Threading requests▫️ Intercept request using proxyhttps://github.com/z3dc0ps/BBSSRF
2022-12-20 08:29:25
​​clifclif is a command-line interface (CLI) application fuzzer, pretty much what wfuzz or ffuf are for web. It was inspired by sudo vulnerability CVE-2021-3156 and the fact that for some reasons, Google's afl-fuzz doesn't allow for unlimited argument or option specification.https://github.com/0x4ndy/clif
2022-12-20 08:27:42
​​ninja_shell v2.1Secure shell using port Knocking technique with AES256-GCM.https://github.com/CoolerVoid/ninja_shellPort knocking from the scratch:https://antonio-cooler.gitbook.io/coolervoid-tavern/port-knocking-from-the-scratch
2022-12-19 15:18:00
​​SOLDRSOLDR is an Endpoint Detection and Response system which consists of centralised management part with extensive Web UI and Agents being installed on endpoint systems. SOLDR allows you not only to configure security policies but also write your own modules and make detection of the comprehensive security events as well as do almost instant response on the security alarms.https://github.com/vxcontrol/soldr
2022-12-19 12:20:45
​​powershell-obfuscationA simple and effective powershell obfuscaiton tool bypass Anti-Virus.https://github.com/H4de5-7/powershell-obfuscation
2022-12-19 12:14:43
​​NFC KillThe world's only RFID fuzzing tool.While the NFCKill is tuned to cover the most common Low and High Frequencies of RFID: 125KHz - 13.56MHz. Likewise, it is able to inductively couple with most devices that contain an form of coil.▫️ Securely disable RFID badges. ▫️ Test and harden RFID hardware▫️ Audit access control failure modes▫️ Test and reduce the attack surface for pen-test customers▫️ Single Discharge Mode (Standard + Professional Versions)▫️ Continuous Discharge Mode (Professional Version only)Buy online: 🛒 https://ali.ski/xffYk#RFID
2022-12-19 08:11:00
​​VenomVenom is a C++ library that is meant to give an alternative way to communicate, instead of creating a socket that could be traced back to the process, it creates a new "hidden" (there is no window shown) detached edge process (edge was chosen because it is a browser that is installed on every Windows 10+ and won't raise suspicious) and stealing one of its sockets to perform the network operations.The benefit of creating a detached browser process is that there is no danger that it will be closed accidentally by the user and the sockets exist but not communicating with any site, therefore avoiding possible collisions.https://github.com/Idov31/Venom
2022-12-18 11:14:00
​​octosuiteA framework fro gathering osint on GitHub users, repositories and organizationshttps://github.com/bellingcat/octosuite
2022-12-18 10:32:41
​​linux_injectorA simple ptrace-less shared library injector for x64 Linux.https://github.com/namazso/linux_injector
2022-12-18 10:32:04
​​blinkblink is a virtual machine for running statically-compiled x86-64-linux programs on different operating systems and hardware architectureshttps://github.com/jart/blink
2022-12-18 10:31:36
​​Packet SquirreThe Pocket Squirrel is a miniaturised man-in-the-middle multi-tool. Multiple configurable payloads. Designed to slip into target networks, it's a compact fully-featured Linux computer: that you control with the flip of a switch.Out-of-the box, the Pocket Squirrel is configured to provide fully-featured packet sniffing, DNS Spoofing, Reverse Shell / VPN, and a root shell access.Central to the Packet Squirrel is its 4-way switch: Each switch position represents a configurable mode of operation. Flick the switch and trigger a specific payload. The configurable push-button and RGB LED provides instant incognito deployment and feedback of payloads.Documentation:https://docs.hak5.org/packet-squirrel/Buy online: 🛒 https://ali.ski/OfuvV#lan #remote #network
2022-12-18 09:12:00
​​MacDirtyCowDemoGet root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source.https://github.com/zhuowei/MacDirtyCowDemo
2022-12-17 15:19:00
​​ShellclearThe idea behind shellclear is to provide a simple and fast way to secure you shell commands history.https://github.com/rusty-ferris-club/shellclear
2022-12-17 12:15:00
​​CVE-2003-0358Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges > via a long -s command line option.https://github.com/snowcra5h/CVE-2003-0358#cve
2022-12-17 11:14:00
​​SCPASophisticated cyber penetration attacks is a series of advanced techniques, notes and guidance that will help you to prepare as a hacker on your journey.https://github.com/ghostsec420/scpa
2022-12-17 09:12:00
​​The RemClip projectRemClip is a C# project which permits to steal user clipboard data and send it to a remote web server under attacker control.https://github.com/Processus-Thief/RemClip
2022-12-17 08:30:07
​​AzureHoundThe BloodHound data collector for Microsoft Azurehttps://github.com/BloodHoundAD/AzureHound#ad
2022-12-16 17:20:00
​​Bug Bounty ScriptA BASH Script to automate the installation of the most popular bug bounty tools, the main purpose of this script is to run it on temporary/disposable virtual machines in the cloud.https://github.com/hakrishi/bug-bounty-tools
2022-12-04 11:14:08
​​IKEA Vindriktning WisBlock HackThis repository holds the code to connect a WisBlock RAK4631 to an IKEA Vindriktning air quality sensor and send the aire quality data over LoRaWAN to your LNS of choice. The code also expects a Bosch BME680 sensor connected to the WisBlock using a WisBlock Environment Sensor (RAK1906).These are the components required for this hack:▫️ IKEA Vindriktning▫️ RAKwireless WisBlock Mini Base Board (RAK19003)▫️ RAKwireless nRF52840 Core (RAK4631)▫️ RAKwireless Environment Sensor (RAK1906)▫️ A JST1.0 battery connector and some wire▫️ USB Type-C cable to flash the WisBlockhttps://github.com/xoseperez/wisblock-vindriktning
2022-12-04 11:14:07
​​cvedataA collection of CVE and related data. This python package is caught somewhere between a data collection tool and a CVE data API. Much more the former than the latter.https://github.com/clearbluejar/cvedata
2022-12-04 11:14:00
​​CVE-2022-2650Brute Force on wger workout application v2.0https://github.com/HackinKraken/CVE-2022-2650#cve
2022-12-04 09:24:13
HackGit pinned «​​Raspberry Pi 4 Model B - Miniature Hacking Station! Raspberry Pi 4 Model B was released with specs including either 1 GB, 2 GB, 4 GB, or 8 GB of memory, a Broadcom BCM2711B0 quad-core A72 SoC, a USB Type-C power supply, and dual Micro-HDMI outputs. Performance…»
2022-12-04 09:24:09
​​Raspberry Pi 4 Model B - Miniature Hacking Station!Raspberry Pi 4 Model B was released with specs including either 1 GB, 2 GB, 4 GB, or 8 GB of memory, a Broadcom BCM2711B0 quad-core A72 SoC, a USB Type-C power supply, and dual Micro-HDMI outputs. Performance and hardware changes aside, the Pi 4 Model B runs Kali Linux just as well, if not better, than its predecessors. It also includes support for Wi-Fi hacking on its internal wireless card.For hackers interested in a cheap Kali Linux computer capable of hacking Wi-Fi without a separate wireless network adapter, the Pi 4 Model B is a great way to run Kali without needing a virtual machine. Thanks to the number of Wi-Fi hacking tools included in Kali Linux, the new Pi 4 Model B represents a complete Ethernet and Wi-Fi hacking kit for beginners.The reasons for using a Raspberry Pi as a hacking computer are many. Previous Raspberry Pi versions have proved that it doesn't take expensive hardware to run tools in Kali Linux. Virtual machines can behave unpredictably, especially when working with Wi-Fi hacking. Plus, it's sometimes more straightforward to run Kali on hardware rather than in a virtual machine.Another advantage to the Raspberry Pi is that it can easily be used in combination with a device like an unmodified iPhone or Android smartphone. If your smartphone supports creating a Wi-Fi hotspot, it's simple to connect the Pi to your hotspot and control it over SSH. If your smartphone can't create a hotspot, the Pi can also host its own Wi-Fi network, allowing you to join the network created by the Pi on your phone and SSH into it on the go.One of the most exciting things about using a Raspberry Pi for hacking is the add-on of the Nexmon firmware. The addition makes it possible to put the built-in Wi-Fi network adapter into monitor mode. That means it's possible to do things like grab WPA handshakes, listen in on Wi-Fi traffic, and execute attacks like WPS-Pixie without needing a separate compatible Wi-Fi network adapter.For someone interested in getting started with Wi-Fi hacking, the Raspberry Pi 4 Model B provides a Kali-supported Wi-Fi network adapter and an onboard computer capable of basic cracking and MiTM attacks in a single package. The increase in speed and power of the Pi 4 Model B make it a more capable networking device as well as a more capable computer.Hack WiFi with a Raspberry Pi and Kali Linux:https://www.youtube.com/watch?v=PqRVo2niA_8Buy online: 🛒 https://amzn.to/3XXH9Yw🛒 https://ali.ski/QMVRo#raspberrypi #kali #bord
2022-12-04 09:12:00
​​PrintNotifyPotatoAnother potato, using PrintNotify COM service for lifting rightsFor Windows 10 - 11 Windows Server 2012 - 2022https://github.com/BeichenDream/PrintNotifyPotato
2022-12-04 08:12:00
​​telerReal-time HTTP Intrusion Detectionteler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. ❤️https://github.com/kitabisa/teler
2022-12-04 08:11:00
​​SideLOADRA "simple" script to perform DLL sideloading using Python.https://github.com/Pascal-0x90/sideloadr
2022-12-04 08:01:39
​FrostByte Project that combines different defense evasion techniques to build better #redteam payloads Large blobs of shellcode like Cobalt Strike's Stageless shellcode will no longer reside on an unsigned DLL on disk, irrespective of the obfuscation /…
2022-12-03 16:20:00
​​BumbleCryptA Bumblebee-inspired CrypterThe BumbleCrypt is inspired by Bumblebee's crypter, in Bumblebee's case the main Bumblebee DLL is been loaded in the memory and executed in the following way:▫️ Decrypts and writes the payload in the Heap▫️ Hooks three NtApi's - NtOpenFile, NtCreateSection and NtMapViewOfSection▫️ Calls LoadLibraryW("gdiplus.dll") which triggers the inline hooks as the above three API's are been used by LoadLibrary() to load any library.▫️ The inline hooks and LoadLibrary itself then loads the main Bumblebee DLL in place of "gdiplus.dll"▫️ At last, the control is been transferred to the exported function "SetPath" of the main Bumblebee DLLhttps://github.com/knight0x07/BumbleCrypt
2022-12-03 16:19:00
​​s3-inspectorTool to check AWS S3 bucket permissions.https://github.com/clario-tech/s3-inspector
2022-12-03 15:19:00
​​Pen-AndroThis Script will automate the process of installing all necessary tools & tasks for Android Pentesting i.e Moving Burpsuite Certificate, Installing Adb frida server, APKs like proxy toggle, proxydroid, adbwifi.https://github.com/raoshaab/Pen-Andro
2022-12-03 15:18:00
​​AmsiHookerHookers are cooler than patches.simple eicar test sample but you know what to do with it lmao. first hooks amsi, pushes eicar through, then disables hook and does it again.https://github.com/jfmaes/AmsiHooker
2022-12-03 11:15:00
​​FrigateNVR With Realtime Object Detection for IP CamerasA complete and local NVR designed for Home Assistant with AI object detection. Uses OpenCV and Tensorflow to perform realtime object detection locally for IP cameras.https://github.com/blakeblackshear/frigate
2022-12-03 11:14:00
​​Pywirt Python Windows Incident Response ToolkitWith this application, it is aimed to accelerate the incident response processes by collecting information in windows operating systems via winrm.https://github.com/anil-yelken/pywirt
2022-12-03 09:13:00
​​WiretapWiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.In this diagram, the client has generated and installed a WireGuard configuration file that will route traffic destined for through a WireGuard interface. Wiretap is then deployed to the server with a configuration that connects to the client as a WireGuard peer. The client can then interact with resources local to the server as if on the same network.https://github.com/sandialabs/wiretap
2022-12-03 09:12:05
​​BluffyBluffy is a utility which was used in experiments to bypass Anti-Virus products (statically) by formatting shellcode into realistic looking data formats.https://github.com/preemptdev/bluffyt.me/hackgit
2022-12-03 09:12:00
​​Notus ScannerNotus Scanner detects vulnerable products in a system environment. The scanning method is to evaluate internal system information. It does this very fast and even detects currently inactive products because it does not need to interact with each of the products.https://github.com/greenbone/notus-scanner
2022-12-03 08:56:07
Impacket Collection of #Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. Packets can be constructed…
2022-12-03 07:10:00
​​Ethical Hacking LabsThis is a collection of tutorials and labs made for ethical hacking students, cybersecurity students, network and sys-admins. These tutorials accompany the resources of CEH content and different resources across the internet.https://github.com/Samsar4/Ethical-Hacking-Labs
2022-12-02 15:19:00
StowawayStowaway is a Multi-hop proxy tool for security researchers and pentesters.Users can easily proxy their network traffic to intranet nodes (multi-layer),break the restrction and manipulate all the nodes that under your control XDFeatures:▫️ More user-friendly interaction, support command auto-completion/search history▫️ Obvious node topology▫️ Clear information display of nodes▫️ Active/Passive connection between nodes▫️ Support reconnection between nodes▫️ Nodes can be connected through socks5 proxy▫️ Nodes can be connected through ssh tunnel▫️ TCP/HTTP can be selected for inter-node traffic▫️ Multi-hop socks5 traffic proxy forwarding, support UDP/TCP, IPV4/IPV6▫️ Nodes can access arbitrary host via ssh▫️ Remote shell▫️ Upload/download files▫️ Port local/remote mapping▫️ Port Reuse▫️ Open/Close all the services arbitrarily▫️ Authenicate each other between nodes▫️ Traffic encryption with AES-256-GCM▫️ Compared with v1.0, the file size is reduced by 25%▫️ Multiple platforms support(Linux/Mac/Windows/MIPS/ARM)https://github.com/lz520520/Stowaway/blob/master/README_EN.md
2022-12-02 15:18:01
​​Awesome On-Chain Forensic HandBookIn this article I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology: Linkhttps://github.com/OffcierCia/On-Chain-Investigations-Tools-List
2022-12-02 15:18:00
​​megmeg is a tool for fetching lots of URLs but still being 'nice' to servers.It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.You get lots of results quickly, but non of the individual hosts get flooded with traffic.https://github.com/tomnomnom/meg
2022-12-02 11:15:00
​​Domain HunterDomain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass reputation based web filters and network egress restrictions for phishing and C2 related tasks.This Python based tool was written to quickly query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like Symantec Site Review (BlueCoat), IBM X-Force, and Cisco Talos. The primary tool output is a timestamped HTML table style report.Features:▫️ Retrieve specified number of recently expired and deleted domains (.com, .net, .org) from ExpiredDomains.net▫️ Note: You will need credentials from expireddomains.net for full functionality▫️ Retrieve available domains based on keyword search from ExpiredDomains.net▫️ Perform reputation checks against the Symantec WebPulse Site Review (BlueCoat), IBM x-Force, and Cisco Talos▫️ Sort results by domain age (if known) and filter for reputation▫️ Text-based table and HTML report output with links to reputation sources and Archive.org entryhttps://github.com/threatexpress/domainhunter
2022-12-02 11:14:00
​​JA3 Fingerprint RepositoryJA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.https://github.com/LeargasSecurity/ja3-fingerprint-repository
2022-12-02 08:12:24
​​DomainDoucheAbusing SecurityTrails domain suggestion API to find potentially related domains by keyword and brute force.https://github.com/n0kovo/DomainDouche
2022-12-02 07:11:00
​​Prelude BuildPrelude Build is an easy-to-use IDE - purpose built for authoring, testing and verifying security tests for use in real environments. Our goal is to provide a consistent and repeatable way to write, verify and deploy tests for any scale.https://github.com/preludeorg/build
2022-12-02 07:10:00
​​The real uncrackablesIt seems that when it comes to mobile, real good challenges are very few out there. The real objective of a challenge is to actually learn something out of it and not keep hiding flags in the assets :). In fact some of the challenges won't have flags but real solutions as they will to be based on real scenarios like: "hey, how you exploit this ?"I'll keep adding cool crackmes in this repo, so.. penterers and CTFers stay tuned....https://github.com/Ch0pin/uncrackable
2022-12-01 15:19:00
​​GsecWeb Security Scanner & Exploitation.Passive Scan:▫️ Find assets with shodan▫️ RapidDNS to get subdomains▫️ Certsh to enumerate subdomains▫️ DNS enumeration▫️ Waybackurls to fetch old links▫️ Normal / Agressive ScanDomain http code:▫️ Web port scanning▫️ Server information▫️ HTTP security header scanner▫️ CMS security identifier / misconfiguration scanner▫️ Technology scanner▫️ Programming Language check▫️ Path Traversal scan▫️ Nuclei vulnerability scanninghttps://github.com/gotr00t0day/Gsec
2022-12-01 15:18:00
​​End-to-End Demo with Baysehttps://github.com/BayseIntelligence/e2e_demo
2022-12-01 14:01:31
Thank you all so much for being with us! There are already 5,000 of us! And it's already a small army :)
2022-12-01 11:14:03
​​stackroxStackRox Kubernetes Security PlatformThe StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment. StackRox integrates with every stage of container lifecycle: build, deploy and runtime.The StackRox Kubernetes Security platform is built on the foundation of the product formerly known as Prevent, which itself was called Mitigate and Apollo. You may find references to these previous names in code or documentation.https://github.com/stackrox/stackrox
2022-12-01 11:14:00
​​Python Pickle Malware ScannerSecurity scanner detecting Python Pickle files performing suspicious actions.https://github.com/mmaitre314/picklescan
2022-12-01 10:39:57
​​Ticwatch Pro 3 UltraSmart watch with official Kali NetHunter support.What is Kali NetHunter?Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform. Now it's available for your smartwatch with some limitations.The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks.Beyond the penetration testing tools arsenal within Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, WPS attacks, and much more.NetHunter is an open-source project developed by Offensive Security and the community.Installing NetHunter On the TicWatch Pro:https://www.kali.org/docs/nethunter/installing-nethunter-on-the-ticwatch-pro/Buy online:🛒 https://amzn.to/3VmFeeB🛒 https://ali.ski/Zu0T3#watch #kali #ticwatch
2022-12-01 07:36:57
​​YaraToolsThis repo houses a large set of open-source YARA signatures that have been evaluated on a set of 284,181 legitimate and malicious portable executable files. The Get-YaraMatches PowerShell script can be used to scan new files and enrich the results with additional information such as information gain and the source text for the matching signature. This gives users more information to determine if a file is legitimate or malicious.https://github.com/pracsec/YaraToolsView the documentation here: https://practicalsecurityanalytics.com/home/tools/yaratools/
2022-12-01 07:34:11
​​HiveV5 file decryptor PoCThe work done in the last few months has been necessary to reveal the malicious file encryption mechanism of Hive v5-5.2. The work was divided into two parts▫️ Keystream decryption▫️ File decryption using the decrypted keystreamhttps://github.com/reecdeep/HiveV5_file_decryptor
2022-12-01 07:31:04
​​SnapFuzzA scalable fuzzing infrastructure that finds security and stability issues in software.Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz.https://github.com/google/clusterfuzzAn Efficient Fuzzing Framework for Network Applications:https://google.github.io/clusterfuzz/#trophies
2022-12-01 07:21:30
​​Slash Automated doxer toolSlash supports social media search (over 180 websites) , forum search , pastebin leak search , github commit search. New will be added soon... Also slash scrapes multiple informations from important websites as : Name , Bio , Location , Website , User Info... And it extracting Phone Number - Email Adress from Bios...Slash include threading modules. It make slash faster than others. It means, it search social media,github commit,forums,pastebin in same time.https://github.com/redc86/slash
2022-12-01 07:20:02
​​D4TA-HUNTER #Osint Framework for #KALIA tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking.In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees, subdomains and IP's of servers.https://github.com/micro-joan/D4TA-HUNTER
2022-11-30 15:19:00
​​The PenTesters Framework (PTF)A Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As #pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.https://github.com/trustedsec/ptfFor a video tutorial on how to use PTF, check out our Vimeo page here: https://vimeo.com/137133837
2022-11-30 15:18:00
CVE-2022-21661POC Video | WordPress Core 5.8.2 - 'WP_Query' SQL Injection.https://github.com/APTIRAN/CVE-2022-21661#cve #poc
2022-11-30 11:15:00
​​Hacktoria-CTF-WriteUpsTHE KILLER CLOWN:https://github.com/s1l1c0np1r4t3/Hacktoria-CTF-WriteUps/blob/main/Easy/TheKillerClown.mdPRISONER OF WAR:https://github.com/s1l1c0np1r4t3/Hacktoria-CTF-WriteUps/blob/main/Easy/PrisonerOfWar.mdLOST AT SEA:https://github.com/s1l1c0np1r4t3/Hacktoria-CTF-WriteUps/blob/main/Easy/LostAtSea.mdWow, that's cool.) author: @s1l1c0np1r4t3x#OSINT #RedTeam
2022-11-30 11:14:00
​​Namaste!This repository contains some of the most exhaustive wordlists for enumeration, gathered from a lot of wordlists available on the Internet.https://github.com/HacktivistRO/Bug-Bounty-Wordlists
2022-11-30 07:28:49
​​pycryptPython Based Crypter That Can Bypass Any Kinds Of Antivirus Productshttps://github.com/machine1337/pycrypt
2022-11-30 07:20:14
​​ForgeCertForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ~45 days after the whitepaper was published.https://github.com/GhostPack/ForgeCert#ad
2022-11-30 07:04:37
Get-InjectedThreadEx – Detecting Thread Creation Trampolines.https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolinesPowerShell detection script:https://github.com/jdu2600/Get-InjectedThreadEx
2022-11-30 06:54:15
​​YApi-ExploitYApi boolean-based injection exploit.https://github.com/Anthem-whisper/YApi-Exploit#cve #exploit
2022-11-30 06:50:22
​​subzufsubzuf is a subdomain brute-force fuzzer coupled with an immensly simple but effective DNS reponse-guided algorithm. It utilizes a provided set of input data, like a tailored wordlist or historical DNS/TLS records, to accurately synthesize more corresponding domain names and expand them even further in a loop based on information gathered during DNS scan. This somewhat different approach to subdomain enumeration in most cases allows to discover more subdomains with significantly reduced time and resources.In short, subzuf can be summarized by the following:▫️ Generates carefully selected candidates and uncover completely new subdomains during DNS enumeration scans▫️ Efficient multi-threaded DNS client capable of resolving thousands of domains per second▫️ Wildcard detection in two modes: filter (default, slightly slower but accurate) and reject (resource-saving)▫️ Accepts wordlist or domain names or a mix of both as input▫️ Requires essentially no configuration or fine-tuning▫️ Works right of out the box - no external dependencies or bizzare requirements▫️ Easily chainable with other toolshttps://github.com/elceef/subzuf
2022-11-29 15:18:00
​​octosuiteA framework fro gathering osint on GitHub users, repositories and organizationshttps://github.com/bellingcat/octosuite#OSINT
2022-11-29 11:15:00
​​PyramidPyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some Python evasion properties and looking as a legit Python application usage. https://github.com/naksyn/Pyramid
2022-11-29 11:14:00
​​otpOne Time Password utilities Go / GolangOne Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, GitHub, Facebook, Salesforce and many others.The otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.https://github.com/pquerna/otp
2022-11-29 09:52:27
​​Proxmark3The Proxmark3 is the swiss-army tool of RFID, allowing for interactions with the vast majority of RFID tags on a global scale. Originally built by Jonathan Westhues, the device is now the goto tool for RFID Analysis for the enthusiast. Iceman repository is considered to be the pinnacle of features and functionality, enabling a huge range of extremely useful and convenient commands and LUA scripts to automate chip identification, penetration testing, and programming.https://github.com/RfidResearchGroup/proxmark3Buy online: RDV2 🛒 https://amzn.to/3OND3hKRDV3 Easy 🛒 https://amzn.to/3GYfhNVRDV4 BlueShark 🛒 https://t.me/PentestingShop/95RDV4.01 KIT 🛒 https://ali.ski/6_p9Xk#rfid #nfc
2022-11-29 06:58:31
​​WordlistsInfosec Wordlists.https://github.com/xajkep/wordlists
2022-11-29 06:53:58
​​EvilTreeA standalone python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches. Created for two main reasons:▫️ While searching for secrets in files of nested directory structures, being able to visualize which files contain user provided keywords/regex patterns and where those files are located in the hierarchy of folders, provides a significant advantage.▫️ "tree" is an amazing tool for analyzing directory structures. It's really handy to have a standalone alternative of the command for post-exploitation enumeration as it is not pre-installed on every linux distro and is kind of limited on Windows (compared to the UNIX version).https://github.com/t3l3machus/eviltree
2022-11-28 15:18:00
​​RansomwhereA Proof of Concept #ransomware sample that encrypts your files to test out your ransomware detection & prevention strategies. If no arguments are provided, ransomwherewill automatically execute the encrypt mode without deleting the original files.https://github.com/hazcod/ransomwhere
2022-11-28 13:42:44
​​wwwtreeA utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.https://github.com/t3l3machus/wwwtreeVideo Presentation:https://www.youtube.com/watch?v=iog-eb_N0Hg
2022-11-28 12:29:54
​​ServicesMain goal - let disable/stop serviceses like WinDefend, which inot easy task from "mmc services.msc" - need have 'NT SERVICE\WinDefend' AND 'NT SERVICE\TrustedInstaller' sids in token.https://github.com/rbmm/Services
2022-11-28 11:20:50
​​SharkTapUSB Ethernet SnifferThe SharkTap allows you to sniff an Ethernet link without using an Ethernet port on your PC. This is ideal for newer portables without an Ethernet jack, but is also a benefit if you don’t want to switch a port between network and debugging purposes.A 'Test Access Port' allows you to see the packets on an ethernet link. Directly supports 10-, 100- or 1000Base-T links.Intended to be used with the open source Wireshark program, or equivalent.The Gen2 SharkTapUSB features 'carbon copy' copper repeater technology for minimum impact on the monitored network. The carbon copies of bi-directional data are aggregated onto a single wired or USB Test Access Port (TAP)Power-over-ethernet pass through. (For power-fail bypass, search "SharkTapBYP") 750mA current. Non-conductive plastic cover. Auto cross-over for cables.Buy online: 🛒 https://amzn.to/3VerYIQ#sniffer #lan #ethernet #usb
2022-11-28 11:14:05
​​PurposeSome simple IP lists to use in firewall tools like pfBlockerNG. These lists exist elsewhere but may not be in a format that is useable for me.I primarily use these lists to block grey noise in my firewall loghttps://github.com/SilvrrGIT/IP-Lists
2022-11-28 11:14:00
​​PafishPafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do.https://github.com/a0rtega/pafish
2022-11-28 11:13:59
​​YARA in a nutshellYARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a. rule, consists of a set of strings and a boolean expression which determine its logic. Let's see an example:https://github.com/VirusTotal/yara
2022-11-28 10:13:00
​​CVE-2022-39425Vulnerability in Oracle VM VirtualBox <6.1.40 (Core)https://github.com/bob11vrdp/CVE-2022-39425#cve #poc
2022-11-28 09:23:41
​​When an N-Day turns into a 0day. (Part 1 of 2)Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers.https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
2022-11-28 09:12:00
​​stegoWiperA powerful and flexible active attack for disrupting stegomalwarehttps://github.com/mindcrypt/stegowiper
2022-11-28 08:26:56
​​Empire Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server, Starkiller.Features:▫️ Server/Client Architecture for Multiplayer Support▫️ Supports GUI & CLI Clients▫️ Fully encrypted communications▫️ HTTP/S, Malleable HTTP, OneDrive, Dropbox, and PHP Listeners▫️ Massive library (400+) of supported tools in PowerShell, C#, & Python▫️ Donut Integration for shellcode generation▫️ Modular plugin interface for custom server features▫️ Flexible module interface for adding new tools▫️ Integrated obfuscation using ConfuserEx 2 & Invoke-Obfuscation▫️ In-memory .NET assembly execution▫️ Customizable Bypasses▫️ JA3/S and JARM Evasion▫️ MITRE ATT&CK Integration▫️ Integrated Roslyn compiler (Thanks to Covenant)▫️ Docker, Kali, Ubuntu, and Debian Install Supporthttps://github.com/BC-SECURITY/Empire#best #kali
2022-11-27 15:19:00
​​Red Teaming ToolkitThis repository contains cutting-edge open-source security tools (OST) that will help you during adversary simulation and as information intended for threat hunter can make detection and prevention control easier. The list of tools below that could be potentially misused by threat actors such as APT and Human-Operated Ransomware (HumOR). If you want to contribute to this list send me a pull request.https://github.com/infosecn1nja/Red-Teaming-Toolkit
2022-11-27 15:18:00
​​Dynamic RPC proxyProxy requests to different Ethereum RPC servers and optionally alter the request.https://github.com/shark0der/rpc-proxy
2022-11-27 12:15:01
​​Cobalt Strike Community KitCobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be challenging to locate. Community Kit is a central repository of extensions written by the user community to extend the capabilities of Cobalt Strike. The Cobalt Strike team acts as the curator and provides this kit to showcase this fantastic work.https://github.com/Cobalt-Strike/community_kit#cobalt
2022-11-27 11:15:00
​​Dismap Asset discovery and identification toolDismap positioning is an asset discovery and identification tool. It can quickly identify protocols and fingerprint information such as web/tcp/udp, locate asset types, and is suitable for internal and external networks. It assists red team personnel to quickly locate potential risk asset information, and assist blue team personnel to detect Suspected Fragile Assetshttps://github.com/zhzyker/dismap
2022-11-27 11:14:00
​​Linux ForensicsEverything related to Linux #Forensicshttps://github.com/ashemery/LinuxForensics
2022-11-27 09:51:16
​​PSEditEdit PowerShell scripts directly in your terminal.▫️ IntelliSense▫️ Syntax Higlighting▫️ Format on Save▫️ Script Execution▫️ Error View▫️ Syntax Error Viewhttps://github.com/ironmansoftware/pseditt.me/hackgit
2022-11-27 08:36:57
​​HeliosHelios is a fully trustless, efficient, and portable Ethereum light client written in Rust.Helios converts an untrusted centralized RPC endpoint into a safe unmanipulable local RPC for its users. It syncs in seconds, requires no storage, and is lightweight enough to run on mobile devices.The entire size of Helios's binary is 13Mb and should be easy to compile into WebAssembly. This makes it a perfect target to embed directly inside wallets and dapps.https://github.com/a16z/helios
2022-11-27 08:23:24
​​minikerberosKerberos manipulation library in pure Python.https://github.com/skelsec/minikerberosThis is the public repository of minikerberos, for latest version and updates please consider supporting us through https://porchetta.industries/
2022-11-27 07:51:58
​​MistbornA secure platform for easily standing up and managing your own cloud services: including firewall, ad-blocking, and multi-factor WireGuard VPN access.https://gitlab.com/cyber5k/mistborn#cybersecurity #vpn
2022-11-26 15:19:00
​​inject-assemblyExecute .NET in an Existing ProcessThis tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly.There are two components of inject-assembly:1. BOF initializer: A small program responsible for injecting the assembly loader into a remote process with any arguments passed. It uses BeaconInjectProcess to perform the injection, meaning this behavior can be customized in a Malleable C2 profile or with process injection BOFs (as of version 4.5).2. PIC assembly loader: The bulk of the project. The loader will initialize the .NET runtime, load the provided assembly, and execute the assembly. The loader will create a new AppDomain in the target process so that the loaded assembly can be totally unloaded when execution is complete.Communication between the remote process and Beacon occurs through a named pipe. The Aggressor script generates a pipe name and then passes it to the BOF initializer.https://github.com/kyleavery/inject-assembly
2022-11-26 15:18:00
​​LOLBASLiving Off The Land Binaries and ScriptsThe goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.https://github.com/LOLBAS-Project/LOLBASDetails:https://lolbas-project.github.io/
2022-11-26 11:14:00
​​QuickSand Version 2QuickSand Python Package and Command Line ToolQuickSand is a Python-based analysis framework to analyze suspected malware documents to identify exploits in streams of different encodings or compressions. QuickSand supports documents, PDFs, Mime/Email, Postscript and other common formats. A built-in command line tool can process a single document or directory of documents.QuickSand scans within the decoded streams of documents and PDFs using Yara signatures to identify exploits or high risk active content.https://github.com/tylabs/quicksand
2022-11-26 10:16:35
​​shotlooterShotlooter tool is developed to find sensitive data inside the screenshots which are uploaded to https://prnt.sc/ (via the LightShot software) by applying OCR and image processing methods.https://github.com/utkusen/shotlooter