ebrandel's Stars
jehna/humanify
Deobfuscate Javascript code using ChatGPT
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
ambionics/phpggc
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
rowyio/rowy
Low-code backend platform. Manage database on spreadsheet-like UI and build cloud functions workflows in JS/TS, all in your browser.
devanshbatham/FavFreak
Making Favicon.ico based Recon Great again !
silence-is-best/c2db
c2 traffic
malwareinfosec/EKFiddle
Your Swiss Army knife to analyze malicious web traffic based on the popular Fiddler web debugger.
ciscocsirt/PW3Query
PW3Query is a serverless query agent and repository for PublicWWW with a focus on proactively generating threat intelligence related to web compromises.
misterch0c/what_is_this_c2
For all these times you're asking yourself "what is this panel again?"
d0nutptr/sic
A tool to perform Sequential Import Chaining
mindedsecurity/JStillery
Advanced JavaScript Deobfuscation via Partial Evaluation
RhinoSecurityLabs/GCPBucketBrute
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
elceef/dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
gwillem/magento-malware-scanner
Scanner, signatures and the largest collection of Magento malware
GTFOBins/GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
HynekPetrak/javascript-malware-collection
Collection of almost 40.000 javascript malware samples
EdOverflow/bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
nahamsec/bbht
A script to set up a quick Ubuntu 17.10 x64 box with tools I use.
vulnersCom/getsploit
Command line utility for searching and downloading exploits
1N3/Sn1per
Attack Surface Management Platform
EdOverflow/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
haccer/subjack
Subdomain Takeover tool written in Go
cailen/elastalert-docker
Docker image with Elastalert on Alpine Linux
hasherezade/bunitu_tests
Scripts for communication with Bunitu Trojan C&Cs
shawarkhanethicalhacker-zz/BruteXSS
BruteXSS - Cross-Site Scripting Bruteforcer
s0md3v/XSStrike
Most advanced XSS scanner.
jwasham/coding-interview-university
A complete computer science study plan to become a software engineer.
egaus/pcap2bro
Given pcap generate bro logs and ingest into ELK
minimaxir/big-list-of-naughty-strings
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.