Stars
Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397)
BillionMail gives you open-source MailServer, NewsLetter, Email Marketing — fully self-hosted, dev-friendly, and free from monthly fees. Join the discord: https://discord.gg/fD6rDkDV
Suite of tools to facilitate attacks against the Jamf macOS management platform.
almounah / evil-go
Forked from golang/goA fork of the Go language with some tweaks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.
🕵️ Python project to crawl for JavaScript files and search for secrets like API keys, authorization tokens, hardcoded password or related.
Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured…
Exploit for CVE-2025-21756 for Linux kernel 6.6.75. My first linux kernel exploit!
Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
🧙♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications
A Python module to bypass Cloudflare's anti-bot page.
Depix is a PoC for a technique to recover plaintext from pixelized screenshots.
ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
A project that demonstrates embedding shellcode payloads into image files (like PNGs) using Python and extracting them using C/C++. Payloads can be retrieved directly from the file on disk or from …
Android malware (.apk) can be spread through a fake PDF document by manipulating the file extension in the WhatsApp application. PoC is available in this repo
Instant Kubernetes-Native Application Observability
lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
A security analysis tool that identifies DNS queries made by browser extensions, empowering security teams to detect and investigate suspicious activities.