La3B0z
🕷️ threat level: unknown. targets: undefined. mission: access all areas. system breach is not a bug, it's a feature.
AnounymousJapon
Pinned Repositories
bugbounty-starter-notes
bug bounty hunters starter notes
bugcrowd_university
Open source education content for the researcher community
CVE-2020-0796-RCE-POC
CVE-2020-0796 Remote Code Execution POC
CVE-2021-26855-SSRF-Exchange
CVE-2021-26855 SSRF Exchange Server
mimikatz
A little tool to play with Windows security
recon_profile
SSRFire
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
La3B0z's Repositories
La3B0z/ActiveDirectoryAttackTool
ADAT is a small tool used to assist CTF players and Penetration testers with easy commands to run against an Active Directory Domain Controller. This tool is is best utilized using a set of known credentials against the host.
La3B0z/AtomPePacker
A Highly capable Pe Packer
La3B0z/AzureAD_Autologon_Brute
Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
La3B0z/CVE-2021-35215
SolarWinds Orion Platform ActionPluginBaseView 反序列化RCE
La3B0z/cve-2022-23131-exp
Zabbix SSO Bypass
La3B0z/CVE-2022-2992
Authenticated Remote Command Execution in Gitlab via GitHub import
La3B0z/CVE-2022-35914-poc
La3B0z/CVE-2022-39952
POC for CVE-2022-39952
La3B0z/CVE-2022-40684
A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager
La3B0z/CVE-2023-23397-POC-Powershell
La3B0z/CVE-2025-24813-POC
CVE-2025-24813-POC JSP Web Shell Uploader
La3B0z/deepdarkCTI
Collection of Cyber Threat Intelligence sources from the deep and dark web
La3B0z/Exploit-Microsoft-Exchange-Server-
Zero-day vulnerabilities affecting Microsoft Exchange Server
La3B0z/FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
La3B0z/firefox_decrypt
Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
La3B0z/GAP-Burp-Extension
Burp Extensions
La3B0z/ghorg
Quickly clone an entire org/users repositories into one directory - Supports GitHub, GitLab, Bitbucket, and more 🥚
La3B0z/HackBrowserData
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
La3B0z/Havoc
The Havoc Framework
La3B0z/lahcen
La3B0z/linWinPwn
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
La3B0z/MANSPIDER
Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
La3B0z/mitm6
pwning IPv4 via IPv6
La3B0z/orbitaldump
A simple multi-threaded distributed SSH brute-forcing tool written in Python
La3B0z/Real-Time-Voice-Cloning
Clone a voice in 5 seconds to generate arbitrary speech in real-time
La3B0z/Resources-For-OSCP
OSCP
La3B0z/scodescanner
SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.
La3B0z/security-tools
My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
La3B0z/STE
Shodan Target Extractor
La3B0z/telegram-list
List of telegram groups, channels & bots // Список интересных групп, каналов и ботов телеграма // Список чатов для программистов