Pinned Repositories
bmc_bladelogic
BMC Bladelogic RSCD exploits including remote code execution - CVE-2016-1542, CVE-2016-1543, CVE-2016-5063
burp-extender-api-kotlin
Burp Extender API - Unofficial Kotlin version
BurpelFish
BurpelFish - Adds Google Translate to Burp's Context Menu. "Babel Fish" language translation for app-sec testing in other languages.
dell-emc_recoverpoint
Exploits for Dell EMC RecoverPoint enterprise data protection platform
dp_crypto
Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)
HexyRunner
Takes raw hex shellcode (e.g. msfvenom hex format) from a cmd line arg, text file, or URL download and runs it.
MixedUp
Mixed Mode Assembly PoC with sample payloads in DLLMain
RAU_crypto
Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)
target-redirector
Target Redirector is a Burp Suite Extension written in Kotlin, which redirects all Burp requests destined for a chosen target to a different target of your choice. The hostname/IP, port and protocol (HTTP/HTTPS) can all be configured to an alternative destination.
waf-cookie-fetcher
WAF Cookie Fetcher is a Burp Suite extension written in Python, which uses a headless browser to obtain the values of WAF-injected cookies which are calculated in the browser by client-side JavaScript code and adds them to Burp's cookie jar. Requires PhantomJS.
bao7uo's Repositories
bao7uo/RAU_crypto
Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935)
bao7uo/dp_crypto
Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)
bao7uo/target-redirector
Target Redirector is a Burp Suite Extension written in Kotlin, which redirects all Burp requests destined for a chosen target to a different target of your choice. The hostname/IP, port and protocol (HTTP/HTTPS) can all be configured to an alternative destination.
bao7uo/bmc_bladelogic
BMC Bladelogic RSCD exploits including remote code execution - CVE-2016-1542, CVE-2016-1543, CVE-2016-5063
bao7uo/HexyRunner
Takes raw hex shellcode (e.g. msfvenom hex format) from a cmd line arg, text file, or URL download and runs it.
bao7uo/waf-cookie-fetcher
WAF Cookie Fetcher is a Burp Suite extension written in Python, which uses a headless browser to obtain the values of WAF-injected cookies which are calculated in the browser by client-side JavaScript code and adds them to Burp's cookie jar. Requires PhantomJS.
bao7uo/dell-emc_recoverpoint
Exploits for Dell EMC RecoverPoint enterprise data protection platform
bao7uo/MixedUp
Mixed Mode Assembly PoC with sample payloads in DLLMain
bao7uo/burp-extender-api-kotlin
Burp Extender API - Unofficial Kotlin version
bao7uo/nf_conntrack-for-scanners
Alters the nf_conntrack settings profile to make it suitable for scanners such as nmap, nessus, etc
bao7uo/smooth-drop-shadow
Copies images, adding a smooth drop shadow, with enlargement to accommodate. Requires GIMP.
bao7uo/PortRanger
Converts an unordered (e.g. grepped) network ports to a condensed range/list that is suitable for nmap and other tools.
bao7uo/BurpelFish
BurpelFish - Adds Google Translate to Burp's Context Menu. "Babel Fish" language translation for app-sec testing in other languages.
bao7uo/redacterm
Edit terminal output ready for screenshots - highlight key areas and redact sensitive info.
bao7uo/mx-direct-mail-sender
Sends a direct email, with no relay required, by looking up the MX record and delivering the message to one of the resulting mail servers.
bao7uo/reGeorg
The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
bao7uo/Keylogger
A simple keylogger for Windows, Linux and Mac
bao7uo/picelf
Embed shellcode directly into a minimally sized ELF file
bao7uo/bao7uo.github.io
My GitHub Pages
bao7uo/burp-extender-api
Burp Extender API
bao7uo/cybersecurity-prime-resources
Cybersecurity resources for newcomers
bao7uo/desktop_refresh
Does what it says on the tin. Windows XP thru 10.
bao7uo/nccfsas
Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.
bao7uo/o365-attack-toolkit
A toolkit to attack Office365
bao7uo/Sharpmad
C# version of Powermad
bao7uo/SharpUp
SharpUp is a C# port of various PowerUp functionality.
bao7uo/virtualenvy
Simple script to facilitate python packages and any dependencies to run from source