3HiPeR

3HiPeR's Stars

• EnableSecurity/wafw00f

  WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

  Language:Python5.3k933

• mhaskar/DNSStager

  Hide your payload in DNS

  Language:Python603132

• outflanknl/PrintNightmare

  Language:C33269

• nettitude/RunPE

  C# Reflective loader for unmanaged binaries.

  Language:C#41664

• NitinYadav00/My-Nuclei-Templates

  Nuclei Templates - Here you will find the templates I use while hunting

  11634

• AlisamTechnology/ATSCAN

  Advanced dork Search & Mass Exploit Scanner

  Language:Perl1.4k347

• smicallef/spiderfoot

  SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

  Language:Python13k2.3k

• duc-nt/RCE-0-day-for-GhostScript-9.50

  RCE 0-day for GhostScript 9.50 - Payload generator

  Language:Python540109

• owasp-amass/amass

  In-depth attack surface mapping and asset discovery

  Language:Go12k1.9k

• RiccardoAncarani/LiquidSnake

  LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

  Language:C#32746

• mai1zhi2/SharpBeacon

  CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon，其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能

  Language:C#693145

• jellever/StreamDivert

  Redirecting (specific) TCP, UDP and ICMP traffic to another destination.

  Language:C++34871

• nuvious/pam-duress

  A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.

  Language:C1.3k40

• hasherezade/tiny_tracer

  A Pin Tool for tracing API calls etc

  Language:C++1.3k141

• ORCA666/EarlyBird

  injecting cobalt strike shellcode to powershell.exe using EarlyBird Tech

  Language:C4318

• gloxec/CrossC2

  generate CobaltStrike's cross-platform payload

  Language:C2.3k344

• Tylous/SourcePoint

  SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

  Language:Go1k153

• defparam/smuggler

  Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

  Language:Python1.8k294

• PortSwigger/http-request-smuggler

  Language:Java954102

• ticarpi/jwt_tool

  :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens

  Language:Python5.4k667

• projectdiscovery/nuclei

  Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

  Language:Go20.5k2.5k

• topotam/PetitPotam

  PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

  Language:C1.8k285

• Ignitetechnologies/Linux-Privilege-Escalation

  This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.

  770164

• tennc/webshell

  This is a webshell open source project

  Language:PHP10.1k5.6k

• renini/CVE-2021-21972

  CVE-2021-21972

  2

• ambionics/phpggc

  PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

  Language:PHP3.2k496

• nikic/PHP-Parser

  A PHP parser written in PHP

  Language:PHP17k1.1k

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python61.1k14.6k

• DamonMohammadbagher/NativePayload_CBT

  NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)

  Language:C#11419

• zPrototype/bugbounty_stuff

  Language:Python10013