La3B0z
🕷️ threat level: unknown. targets: undefined. mission: access all areas. system breach is not a bug, it's a feature.
AnounymousJapon
Pinned Repositories
bugbounty-starter-notes
bug bounty hunters starter notes
bugcrowd_university
Open source education content for the researcher community
CVE-2020-0796-RCE-POC
CVE-2020-0796 Remote Code Execution POC
CVE-2021-26855-SSRF-Exchange
CVE-2021-26855 SSRF Exchange Server
mimikatz
A little tool to play with Windows security
recon_profile
SSRFire
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
La3B0z's Repositories
La3B0z/CVE-2021-26855-SSRF-Exchange
CVE-2021-26855 SSRF Exchange Server
La3B0z/403bypasser
automate the procedure of 403 response code bypass
La3B0z/AllVideoPocsFromHackerOne
This script grab public report from hacker one and make some folders with poc videos
La3B0z/apkleaks
Scanning APK file for URIs, endpoints & secrets.
La3B0z/Bot-Bounty
Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell.
La3B0z/Bughound
Static code analysis tool based on Elasticsearch
La3B0z/CISCO-CVE-2020-3452-Scanner-Exploiter
CISCO CVE-2020-3452 Scanner & Exploiter
La3B0z/CrackMapExec
A swiss army knife for pentesting networks
La3B0z/CSS-Exchange
Exchange Server support tools and scripts
La3B0z/CVE-2021-23132
com_media allowed paths that are not intended for image uploads to RCE
La3B0z/CVE-2021-26855
CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. According to Orange Tsai, the researcher who discovered the vulnerabilities, CVE-2021-26855 allows code execution when chained with CVE-2021-27065 (see below). A successful exploit chain would allow an unauthenticated attacker to "execute arbitrary commands on Microsoft Exchange Server through only an open 443 port." More information and a disclosure timeline are available at https://proxylogon.com.
La3B0z/CVE-2021-3129
Laravel debug rce
La3B0z/CVE-2021-3156
PoC for CVE-2021-3156 (sudo heap overflow)
La3B0z/exprolog
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
La3B0z/feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
La3B0z/invoker
Penetration testing utility, and antivirus assessment tool.
La3B0z/pwncat
Fancy reverse and bind shell handler
La3B0z/RCE-Exploit-in-BIG-IP
La3B0z/reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
La3B0z/scilla
🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
La3B0z/SharpLAPS
Retrieve LAPS password from the LDAP
La3B0z/SharpPhish
Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.
La3B0z/sitedorks
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
La3B0z/SkCodecFuzzer
Fuzzing harness for testing proprietary image codecs supported by Skia on Android
La3B0z/slackcat
A simple way of sending messages from the CLI output to your Slack with webhook.
La3B0z/teleman
Telegram cli tool for bot notifications
La3B0z/top25-parameter
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
La3B0z/UAC_Exploit
Escalate as Administrator bypassing the UAC affecting administrator accounts only.
La3B0z/udp2raw-tunnel
A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
La3B0z/XSHOCK
XSHOCK Shellshock Exploit