PSAsyncShell – PowerShell Asynchronous TCP Reverse Shell
PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell.Unlike other reverse shells, all the communication and execution flow...
Tools
Pax – CLI Tool For PKCS7 Padding Oracle Attacks
Exploit padding oracles for fun and profit!Pax (PAdding oracle eXploiter) is a tool for exploiting padding oracles in order to:Obtain...
SCodeScanner – Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. The...
OSRipper – AV Evading OSX Backdoor And Crypter Framework
OSripper is a fully undetectable Backdoor generator and Crypter which specialises in OSX M1 malware. It will also work on...
Kam1n0 – Assembly Analysis Platform
Kam1n0 v2.x is a scalable assembly management and analysis platform. It allows a user to first index a (large) collection...
CATS – REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints
REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort!Comprehensive: tests...
FISSURE – Frequency Independent SDR-based Signal Understanding and Reverse Engineering
Frequency Independent SDR-based Signal Understanding and Reverse EngineeringFISSURE is an open-source RF and reverse engineering framework designed for all skill...
DeathSleep – A PoC Implementation For An Evasion Technique To Terminate The Current Thread And Restore It Before Resuming Execution, While Implementing Page Protection Changes During No Execution
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing...
XLL_Phishing – XLL Phishing Tradecraft
With Microsoft's recent announcement regarding the blocking of macros in documents originating from the internet (email AND web download), attackers...
SharpImpersonation – A User Impersonation Tool – Via Token Or Shellcode Injection
This was a learning by doing project from my side. Well known techniques are used to built just another impersonation...
SDomDiscover – A Easy-To-Use Python Tool To Perform DNS Recon
_____ ____ ____ _ / ___// __ ____ ____ ___ / __ (_)_____________ _ _____ _____ __ / / /...
PersistenceSniper – Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines
PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences...
Nim-RunPE – A Nim Implementation Of Reflective PE-Loading From Memory
A Nim implementation of reflective PE-Loading from memory. The base for this code was taken from RunPE-In-Memory - which I...
GraphCrawler – GraphQL Automated Security Testing Toolkit
Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint.NEW: Can search for endpoints for you using...
Gohide – Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption
Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption.Obfuscation ModesSession Cookie HTTP GET (http-client)Set-Cookie Session Cookie HTTP/2...
ForceAdmin – Create Infinite UAC Prompts Forcing A User To Run As Admin
ForceAdmin is a c# payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The...
Coercer – A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. FeaturesAutomatically detects...
noPac – Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-2021-42278 +...
BeatRev – POC For Frustrating/Defeating Malware Analysts
BeatRev Version 2Disclaimer/LiabilityThe work that follows is a POC to enable malware to "key" itself to a particular victim in...
ApacheTomcatScanner – A Python Script To Scan For Apache Tomcat Server Vulnerabilities
A python script to scan for Apache Tomcat server vulnerabilities. FeaturesMultithreaded workers to search for Apache tomcat servers.Multiple target source...
Aced – Tool to parse and resolve a single targeted Active Directory principal’s DACL
Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound...
Autodeauth – A Tool Built To Automatically Deauth Local Networks
A tool built to automatically deauth local networks Tested on Raspberry Pi OS and Kali Linux Setup $ chmod +x...
Awesome-Password-Cracking – A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security
A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the...
Masky – Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory
Masky is a Masky also provides options that are commonly provided by such tools (thread number, authentication mode, targets loaded...
