brianwrf

Security Researcher

Pinned Repositories

CVE-2018-11788
Apache Karaf XXE Vulnerability (CVE-2018-11788)
38 1 06
HackRequests
It is a dedicated requests lib that supports cookie, headers, get/post, etc. And it also supports rendering the response (e.g. Javascript, CSS, etc.) of GET requests by using PhantomJs enginee.
Language:Python85 6 029
hackUtils
It is a hack tool kit for pentest and web security research.
Language:Python513 30 5223
myPadBuster
It is a Python+Perl script to exploit ASP.net Padding Oracle vulnerability.
Language:Perl19 3 014
RootHelper
A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.
Language:Shell46 4 045
S2-053-CVE-2017-12611
A simple script for exploit RCE for Struts 2 S2-053(CVE-2017-12611)
Language:Python36 7 125
SambaHunter
It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).
Language:Python55 4 027
WinSystemHelper
A tool that checks and downloads scripts that will aid with privilege escalation on a Windows system.
Language:Batchfile169 14 190
WordPress_4.9.8_RCE_POC
A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943.
74 2 221
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Language:Java50 4 022

brianwrf's Repositories

brianwrf/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Language:Java50 4 022
brianwrf/CVE-2017-4878-Samples
CVE-2017-4878 Samples - http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
18 3 09
brianwrf/xsshunter
The XSS Hunter service - a portable version of XSSHunter.com
Language:JavaScript5 2 0
brianwrf/Awesome-Red-Teaming
List of Awesome Red Teaming Resources
3 2 04
brianwrf/AwesomeSOC
This repository is a set of articles about what SOC is and how SOC is working in a big Internet firm.
3 4 0
brianwrf/Infosec_Reference
An Information Security Reference That Doesn't Suck
Language:Python2 2 0
brianwrf/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
2 2 05
brianwrf/JavaDeserH2HC
Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
Language:Java1 2 0
brianwrf/meltdown-exploit
Language:C1 1 01
brianwrf/monkey
Infection Monkey - An automated pentest tool
Language:Python1 2 0
brianwrf/SpectreExploit
SpectreExploit POC
Language:C11
brianwrf/tinyproxy
tinyproxy - a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems
Language:C1 2 01
brianwrf/asyncssh
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. It requires Python 3.4 or later and the Python cryptography library for some cryptographic functions.
Language:Python2 01
brianwrf/awesome-yara
A curated list of awesome YARA rules, tools, and people.
2 0
brianwrf/BloodHound
Six Degrees of Domain Admin
Language:PowerShell2 0
brianwrf/CACTUSTORCH
CACTUSTORCH: Payload Generation for Adversary Simulations
Language:Visual Basic2 0
brianwrf/CVE-2017-0199
Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Language:Python
brianwrf/dmca
Repository with text of DMCA takedown notices as received. GitHub does not endorse or adopt any assertion contained in the following notices. Users identified in the notices are presumed innocent until proven guilty. Additional information about our DMCA policy can be found at
2 0
brianwrf/Empire
Empire is a PowerShell and Python post-exploitation agent.
Language:PowerShell2 0
brianwrf/FindFrontableDomains
Search for potential frontable domains
Language:Python
brianwrf/homebrew-cask
🍻 A CLI workflow for the administration of macOS applications distributed as binaries
Language:Ruby2 0
brianwrf/Loki
Loki - Simple IOC and Incident Response Scanner
Language:Python
brianwrf/nishang
Nishang - PowerShell for penetration testing and offensive security.
Language:PowerShell
brianwrf/Office-DDE-Payloads
Collection of scripts and templates to generate Office documents embedded with the DDE, macro-less command execution technique.
Language:Python2 0
brianwrf/oxml_xxe
A tool for embedding XXE/XML exploits into different filetypes
Language:Ruby
brianwrf/RedTeamPowershellScripts
Powershell script that search through the Windows event logs for specific user
Language:PowerShell2 0
brianwrf/reverse-shell
Reverse Shell as a Service
Language:JavaScript1
brianwrf/SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
Language:Python2 0
brianwrf/Veil
Veil 3.0
Language:Python2 0
brianwrf/vulhub
Docker-Compose file for vulnerability environment
Language:Shell2 0