Qymaen's Stars
ohpe/juicy-potato
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
BuffaloWill/oxml_xxe
A tool for embedding XXE/XML exploits into different filetypes
Ne0nd0g/merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
volatilityfoundation/community
Volatility plugins developed and maintained by the community
quentinhardy/odat
ODAT: Oracle Database Attacking Tool
D35m0nd142/LFISuite
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
FuzzySecurity/PowerShell-Suite
My musings with PowerShell
samratashok/nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Alamot/code-snippets
Various code snippets
Genetic-Malware/Ebowla
Framework for Making Environmental Keyed Payloads (NO LONGER SUPPORTED)
breenmachine/RottenPotatoNG
New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.
foxglovesec/RottenPotato
RottenPotato local privilege escalation from service account to SYSTEM
huntergregal/mimipenguin
A tool to dump the login password from the current linux user
yandex/gixy
Nginx configuration static analyzer
drk1wi/Modlishka
Modlishka. Reverse Proxy.
psypanda/hashID
Software to identify the different types of hashes -
infosecn1nja/AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
RsaCtfTool/RsaCtfTool
RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data
angristan/openvpn-install
Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
sullo/nikto
Nikto web server scanner
rasta-mouse/Sherlock
PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
EnableSecurity/sipvicious
SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks against PBX systems especially through identification, scanning, extension enumeration and password cracking.
tennc/fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
pentestmonkey/unix-privesc-check
Automatically exported from code.google.com/p/unix-privesc-check
rebootuser/LinEnum
Scripted Local Linux Enumeration & Privilege Escalation Checks
s4n7h0/xvwa
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
trustedsec/unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
dirtycow/dirtycow.github.io
Dirty COW
infodox/python-pty-shells
Python PTY backdoors - full PTY or nothing!
jordansissel/xdotool
fake keyboard/mouse input, window management, and more