Lists (6)
C2/Post Exploitation Frameworks
Various C2 frameworks that I have experimented with and found useful.Code Review
Source code review and static analysis for vulnerability discoveryFuzzing
Fuzzing and dynamic analysis for vulnerability discoveryMobile
Resources for pentesting Android and iPhone appsPhishing
Phishing tools, social engineering, maldocs etcWireless
Tools for auditing wifi, bluetooth, zigbee etcStars
A revamped and updated version of my original OneRuleToRuleThemAll hashcat rule
Expeditus is a loader that executes shellcode on a target Windows system. It combines several offensive techniques in order to attempt to do this with some level of stealth.
A collection of curated Java Deserialization Exploits
ScareCrow - Payload creation framework designed around EDR bypass.
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
CACTUSTORCH: Payload Generation for Adversary Simulations
A tool to create a JScript file which loads a .NET v2 assembly from memory.
This repo is a collection of proof-of-concepts, examples, essays and experiments in cryptography, cryptanalysis, steganography and covert channels that I originally wrote in 2015.
Burp extension to sign Payment Gateway API requests by calculating a variation of a HMAC-SHA512 and adding it to the request.
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Coyote is a standalone C# post-exploitation implant for maintaining access to compromised Windows infrastructure during red team engagements using DNS tunneling.
nodejsscan is a static security code scanner for Node.js applications.
Veil 3.1.X (Check version info in Veil at runtime)
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Advanced Android AV Evasion Tool Written In Python 3 that can Embed/Bind meterpreter APK to any Legitimate APK
Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
Produce code coverage results with gcov from afl-fuzz test cases
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Develo…
My implementation of enSilo's Process Doppelganging (PE injection technique)
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
This repository contains the scanner component for Greenbone Community Edition.
Build your own reconnaissance system with Osmedeus Next Generation