Pinned Repositories
csp-auditor
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
DLLPasswordFilterImplant
DLL Password Filter Implant with Exfiltration Capabilities
dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
malboxes
Builds malware analysis Windows VMs so that you don't have to.
php7-opcache-override
Security-related PHP7 OPcache abuse tools and demo
pyrdp
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
pywsus
Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.
template-injection-workshop
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
WSuspicious
WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
xxe-workshop
Workshop given at Hack in Paris 2019
GoSecure's Repositories
GoSecure/pyrdp
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
GoSecure/dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
GoSecure/php7-opcache-override
Security-related PHP7 OPcache abuse tools and demo
GoSecure/pywsus
Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.
GoSecure/template-injection-workshop
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
GoSecure/xxe-workshop
Workshop given at Hack in Paris 2019
GoSecure/ldap-scanner
Checks for signature requirements over LDAP
GoSecure/frida-xamarin-unpin
A Frida script to bypass Xamarin certificate pinning implementations
GoSecure/presentations
Material from presentations done by GoSecure researchers
GoSecure/linkedin-osint
A simple proof of concept that demonstrate how emails can easily be tie to LinkedIn profile
GoSecure/request-smuggling-workshop
GoSecure/unicode-pentester-cheatsheet
An easy to navigate list of unicode characters that have risky transformations 💥
GoSecure/zap-autodecode-view
ZAP plugin demonstrating custom view for WebSocket messages.
GoSecure/goinsecure-deserialization
Accompanying material needed for the workshop
GoSecure/malware-ioc
Indicators of Compromise (IOCs) for malware we have researched
GoSecure/burp-fuzzy-encoding-generator
Quickly test various encoding for a given value in Burp Intruder
GoSecure/fq-pyrdp
fq format for parsing PyRDP replays
GoSecure/Nimcrypt2
.NET, PE, & Raw Shellcode Packer/Loader Written in Nim
GoSecure/peas
PEAS is a Python 2 library and command line application for running commands on an ActiveSync server e.g. Microsoft Exchange.
GoSecure/pwndoc
Pentest Report Generator
GoSecure/SharpHound3
C# Data Collector for the BloodHound Project, Version 3
GoSecure/gosecure.github.io
GoSecure/hack400tool
hack400tool
GoSecure/missing-security-controls
GoSecure/ScoutSuite
Multi-Cloud Security Auditing Tool
GoSecure/Spray365
Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.
GoSecure/csp-evaluator
GoSecure/jupyterhub-workshop-environment
Opinionated JupyterHub deployment for workshops relying on GitHub for Authentication
GoSecure/jupyterhub-workshop-environment-legacy
Opinionated JupyterHub deployment for workshops relying on GitHub for Authentication
GoSecure/notebooks
Cybersecurity Research Jupyter Notebooks for the Community