Gitworm

Gitworm's Stars

• swisskyrepo/PayloadsAllTheThings

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

  Language:Python61.6k1.8k014.7k

• GTFOBins/GTFOBins.github.io

  GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

  Language:HTML10.9k147481.3k

• 1N3/Sn1per

  Attack Surface Management Platform

  Language:Shell8.1k3303351.9k

• lgandx/Responder

  Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

  Language:Python5.5k144186777

• s0md3v/Arjun

  HTTP parameter discovery suite.

  Language:Python5.3k87144797

• Hackplayers/evil-winrm

  The ultimate WinRM shell for hacking/pentesting

  Language:Ruby4.6k810614

• TheWover/donut

  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

  Language:C3.6k79106640

• almandin/fuxploider

  File upload vulnerability scanner and exploitation tool.

  Language:Python3.1k690496

• skelsec/pypykatz

  Mimikatz implementation in pure Python

  Language:Python2.9k70104380

• An0nUD4Y/blackeye

  The ultimate phishing tool with 38 websites available!

  Language:HTML2.1k26101.5k

• neex/phuip-fpizdam

  Exploit for CVE-2019-11043

  Language:Go1.8k3725249

• p3nt4/Invoke-SocksProxy

  Socks proxy, and reverse socks server using powershell.

  Language:PowerShell777237168

• infodox/python-pty-shells

  Python PTY backdoors - full PTY or nothing!

  Language:Python740333214

• StrangerealIntel/CyberThreatIntel

  Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups

  Language:JavaScript704782135

• lclevy/firepwd

  firepwd.py, an open source tool to decrypt Mozilla protected passwords

  Language:Python6022914114

• Raikia/UhOh365

  A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.

  Language:Python591238101

• mandatoryprogrammer/sonar.js

  A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.

  Language:JavaScript541391775

• creaktive/tsh

  Tiny SHell - An open-source UNIX backdoor (I'm not the author!)

  Language:C538223127

• sensepost/DNS-Shell

  DNS-Shell is an interactive Shell over DNS channel

  Language:Python521350133

• threatland/TL-TROJAN

  A collection of source code for various RATs, Stealers, and other Trojans.

  422341141

• p3nt4/Nuages

  A modular C2 framework

  Language:JavaScript401161081

• outflanknl/Excel4-DCOM

  PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)

  Language:PowerShell32128074

• dorkerdevil/CVE-2019-11932

  double-free bug in WhatsApp exploit poc

  Language:C26916577

• misterch0c/what_is_this_c2

  For all these times you're asking yourself "what is this panel again?"

  25215253

• matterpreter/Shhmon

  Neutering Sysmon via driver unload

  Language:C#22211036

• NuID/nebulousAD

  NebulousAD automated credential auditing tool.

  Language:Python15415220

• threatland/TL-FRAUD

  A collection of fraud related tools for research.

  Language:HTML14510054

• zodiacon/ApiSetView

  API Set Viewer

  Language:C++848024

• skelsec/pypykatz_wasm

  pypykats in your browser

  Language:Python542011

• x1tan/CVE-2019-13025

  Connect Box CH7465LG (CVE-2019-13025)

  Language:Python38326