heascle's Stars
berzerk0/Probable-Wordlists
Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
CoolerVoid/0d1n
Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
phil-opp/blog_os
Writing an OS in Rust
quentinhardy/msdat
MSDAT: Microsoft SQL Database Attacking Tool
649/Memcrashed-DDoS-Exploit
DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
NickstaDB/DeserLab
Java deserialization exploitation lab.
NickstaDB/SerialBrute
Java serialization brute force attack tool.
offensive-security/exploitdb
The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
GrrrDog/Java-Deserialization-Cheat-Sheet
The cheat sheet about Java Deserialization vulnerabilities
x0rz/EQGRP_Lost_in_Translation
Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg
mattiasgeniar/php-exploit-scripts
A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute.
1N3/BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
frohoff/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
java-decompiler/jd-gui
A standalone Java Decompiler GUI
Arrexel/phpbash
A semi-interactive PHP shell compressed into a single file.
D4Vinci/One-Lin3r
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
lparam/xSocks
A secure and fast proxy for protect your network traffic
AlessandroZ/LaZagne
Credentials recovery project
gentilkiwi/mimikatz
A little tool to play with Windows security
federicodotta/Java-Deserialization-Scanner
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
summitt/Nope-Proxy
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
shengqi158/fastjson-remote-code-execute-poc
fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java
mniip/spectre-meltdown-poc
A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities
codingo/NoSQLMap
Automated NoSQL database enumeration and web application exploitation tool.
nixawk/pentest-wiki
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
shekyan/slowhttptest
Application Layer DoS attack simulator
taizilongxu/interview_python
关于Python的面试题
danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
EmpireProject/Empire
Empire is a PowerShell and Python post-exploitation agent.
SpiderLabs/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.