cptee's Stars
trustedsec/unicorn
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
Fahrj/reverse-ssh
Statically-linked ssh server with reverse shell functionality for CTFs and such
fuzzdb-project/fuzzdb
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
PortSwigger/java-serialized-payloads
YSOSERIAL Integration with burp suite
pwntester/ysoserial.net
Deserialization payload generator for a variety of .NET formatters
frizb/MSF-Venom-Cheatsheet
Single Page Cheatsheet for common MSF Venom One Liners
spaze/hashes
Magic hashes – PHP hash "collisions"
silentsignal/rsa_sign2n
Deriving RSA public keys from message-signature pairs
wallarm/jwt-secrets
kunte0/phar-jpg-polyglot
Phar + JPG Polyglot generator and playground (CTF CODE)
PortSwigger/serialization-examples
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
ambionics/phpggc
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
ReekElderblood/URL-Hunter
Check out this JavaScript code that extracts URLs from a web page and linked scripts! Perfect for web scraping and penetration testing
massgravel/Microsoft-Activation-Scripts
A Windows and Office activator using HWID / Ohook / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.
jhaddix/tbhm
The Bug Hunters Methodology
sam5epi0l/Beginner-Bug-Bounty-Automation
Many script that can be modified according to your needs for Information Gathering and Asset discovery in Bug Bounty Hunting (Pull requests are welcome!)
kh4sh3i/smartrecon
smartrecon is a powerful shell script to automate the recon and finding common vulnerabilities for bug hunter
vavkamil/awesome-bugbounty-tools
A curated list of various bug bounty tools
gwen001/github-subdomains
Find subdomains on GitHub.
owasp-amass/amass
In-depth attack surface mapping and asset discovery
tomnomnom/meg
Fetch many paths for many hosts - without killing the hosts
HeyM1ke/ValorantClientAPI
Information on Valorant's Private/In-Game API
newbit1/rootAVD
Script to root AVDs running with QEMU Emulator from Android Studio
NVISOsecurity/MagiskTrustUserCerts
A Magisk/KernelSU module that automatically adds user certificates to the system root CA store
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
squizlabs/PHP_CodeSniffer
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
leonhartX/gas-github
sync gas code to github
TryCatchHCF/PacketWhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
fortra/impacket
Impacket is a collection of Python classes for working with network protocols.