Lists (15)
Stars
E-mails, subdomains and names Harvester - OSINT
Fast subdomains enumeration tool for penetration testers
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
Automatic SSTI detection tool with interactive interface
Fetch all the URLs that the Wayback Machine knows about for a domain
PowerSploit - A PowerShell Post-Exploitation Framework
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…
Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
socks4 reverse proxy for penetration testing
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Pass you eJPT Study Guide, here you have all tools and content you need!
Six Degrees of Domain Admin
Password decryption tool for the McAfee SiteList.xml file
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
lgandx / Responder
Forked from SpiderLabs/ResponderResponder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…
jSQL Injection is a Java application for automatic SQL database injection.