0xBrAinsTorM's Stars
terjanq/Tiny-XSS-Payloads
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
D35m0nd142/LFISuite
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
ignis-sec/Pwdb-Public
A collection of all the data i could extract from 1 billion leaked credentials from internet.
jseidl/usernamer
Pentest Tool to generate usernames/logins based on supplied names.
peass-ng/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
christophetd/Adaz
:wrench: Deploy customizable Active Directory labs in Azure - automatically.
mxrch/penglab
🐧 Abuse of Google Colab for cracking hashes.
Flangvik/BetterSafetyKatz
Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
Anon-Exploiter/SUID3NUM
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
snyk/zip-slip-vulnerability
Zip Slip Vulnerability (Arbitrary file write through archive extraction)
kmkz/Pentesting
Tricks for penetration testing
Flangvik/NetLoader
Loads any C# binary in mem, patching AMSI + ETW.
kmkz/exploit
Exploits and advisories
pimps/ysoserial-modified
That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
AlDanial/cloc
cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.
NotSoSecure/Blacklist3r
project-blacklist3r
pwntester/ysoserial.net
Deserialization payload generator for a variety of .NET formatters
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
GreatSCT/GreatSCT
The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team.
dafthack/MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
nu11secur1ty/Windows10Exploits
Microsoft » Windows 10 : Security Vulnerabilities
1N3/PowerExfil
A collection of data exfiltration scripts for Red Team assessments.
Kevin-Robertson/Powermad
PowerShell MachineAccountQuota and DNS exploit tools
samratashok/RACE
RACE is a PowerShell module for executing ACL attacks against Windows targets.
t94j0/satellite
easy-to-use payload hosting
sc0tfree/mentalist
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
davidprowe/BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
Kevin-Robertson/Invoke-TheHash
PowerShell Pass The Hash Utils
0xdea/tactical-exploitation
Modern tactical exploitation toolkit.
sosdave/KeyTabExtract
Extracts Key Values from .keytab files