Stars
Materials from the PLC Hacking 101 workshop from the Maritime Hacking Village Defcon 33 (2025)
A tool for logging data/testing devices with a Wiegand Interface. Can be used to create a portable RFID reader or installed directly into an existing installation. Provides access to a web based in…
Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.
The SpecterOps project management and reporting engine
RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
Self contained htaccess shells and attacks
Only the best quality InfoSec-resources shared, based on regular sourcing of publicly available content found on the internet.
Collection of steganography tools - helps with CTF challenges
An Android app that lets you use your access control card cloning devices in the field.
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing.
A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
An exploit for Apache Struts CVE-2017-9805
A PoC for exploiting Guzzle's HTTP_PROXY untrusted read
CVE-2018-6574 POC : golang 'go get' remote command execution during source code build
Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
File upload vulnerability scanner and exploitation tool.
Gives you root on the hostOS, if you're a member of the 'docker' group.
A Python package that demontrates arbitrary code execution during the install process of a Python package.
Monitor linux processes without root permissions
E-mails, subdomains and names Harvester - OSINT
A code-searching tool similar to ack, but faster.