Gitworm

Gitworm's Stars

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python60.5k1.8k014.5k

• GTFOBins/GTFOBins.github.io

  GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

  Language:HTML10.7k144471.3k

• 1N3/Sn1per

  Attack Surface Management Platform

  Language:Shell8k3333341.8k

• lgandx/Responder

  Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

  Language:Python5.4k144183769

• s0md3v/Arjun

  HTTP parameter discovery suite.

  Language:Python5.2k86143791

• Hackplayers/evil-winrm

  The ultimate WinRM shell for hacking/pentesting

  Language:Ruby4.4k810605

• TheWover/donut

  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

  Language:C3.5k78105629

• almandin/fuxploider

  File upload vulnerability scanner and exploitation tool.

  Language:Python3k680493

• skelsec/pypykatz

  Mimikatz implementation in pure Python

  Language:Python2.8k71100377

• An0nUD4Y/blackeye

  The ultimate phishing tool with 38 websites available!

  Language:HTML2.1k26101.5k

• neex/phuip-fpizdam

  Exploit for CVE-2019-11043

  Language:Go1.8k3725247

• p3nt4/Invoke-SocksProxy

  Socks proxy, and reverse socks server using powershell.

  Language:PowerShell775237168

• infodox/python-pty-shells

  Python PTY backdoors - full PTY or nothing!

  Language:Python737333214

• StrangerealIntel/CyberThreatIntel

  Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups

  Language:JavaScript702782135

• lclevy/firepwd

  firepwd.py, an open source tool to decrypt Mozilla protected passwords

  Language:Python5922914113

• Raikia/UhOh365

  A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.

  Language:Python590238101

• mandatoryprogrammer/sonar.js

  A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.

  Language:JavaScript540391776

• creaktive/tsh

  Tiny SHell - An open-source UNIX backdoor (I'm not the author!)

  Language:C535223125

• sensepost/DNS-Shell

  DNS-Shell is an interactive Shell over DNS channel

  Language:Python521350133

• threatland/TL-TROJAN

  A collection of source code for various RATs, Stealers, and other Trojans.

  420341139

• p3nt4/Nuages

  A modular C2 framework

  Language:JavaScript394161080

• outflanknl/Excel4-DCOM

  PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)

  Language:PowerShell32128075

• dorkerdevil/CVE-2019-11932

  double-free bug in WhatsApp exploit poc

  Language:C26816578

• misterch0c/what_is_this_c2

  For all these times you're asking yourself "what is this panel again?"

  25015253

• matterpreter/Shhmon

  Neutering Sysmon via driver unload

  Language:C#22111036

• NuID/nebulousAD

  NebulousAD automated credential auditing tool.

  Language:Python15515220

• threatland/TL-FRAUD

  A collection of fraud related tools for research.

  Language:HTML14510052

• zodiacon/ApiSetView

  API Set Viewer

  Language:C++847023

• skelsec/pypykatz_wasm

  pypykats in your browser

  Language:Python542011

• x1tan/CVE-2019-13025

  Connect Box CH7465LG (CVE-2019-13025)

  Language:Python38326