Pinned Repositories
endgame
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
ENNEoS
Evolutionary Neural Network Encoder of Shenanigans. Obfuscating shellcode with an encoder that uses genetic algorithms to evolve neural networks to contain and output the shellcode on demand.
JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
postBasedXSS
Demo of various ways to exploit post based reflected XSS
proxy-helper-the-sequel
Port/rework of proxy-helper plugin for hak5 Pineapples
Top-Port-Slicer
Python script to give you subsets of the nmap "top-ports". For example, I want the 10th to 100th most common TCP ports. Spits out a comma separated list you can copy into -p arg for nmap or masscan
WP-XSS-Admin-Funcs
JavaScript functions intended to be used as an XSS payload against a WordPress admin account.
XSS-Data-Exfil
Sample code for exfiltrating data through an XSS vulnerability. XSS Payload retrieves sensitive data in victim's browser, then breaks it into chunks. Sends those chunks out as image requests (data in image filename). Example commands and python script to put the original data back together.
hoodoer's Repositories
hoodoer/JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
hoodoer/WP-XSS-Admin-Funcs
JavaScript functions intended to be used as an XSS payload against a WordPress admin account.
hoodoer/ENNEoS
Evolutionary Neural Network Encoder of Shenanigans. Obfuscating shellcode with an encoder that uses genetic algorithms to evolve neural networks to contain and output the shellcode on demand.
hoodoer/Top-Port-Slicer
Python script to give you subsets of the nmap "top-ports". For example, I want the 10th to 100th most common TCP ports. Spits out a comma separated list you can copy into -p arg for nmap or masscan
hoodoer/postBasedXSS
Demo of various ways to exploit post based reflected XSS
hoodoer/XSS-Data-Exfil
Sample code for exfiltrating data through an XSS vulnerability. XSS Payload retrieves sensitive data in victim's browser, then breaks it into chunks. Sends those chunks out as image requests (data in image filename). Example commands and python script to put the original data back together.
hoodoer/endgame
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
hoodoer/checkHostsInScope
Bash script to take a list of domains/subdomains (e.g. from amass) and check if they're in scope based on a file of inscope IP addresses
hoodoer/shellcodeEncryptor
Python script to take any file and create a C header file with that binary data encoded as a char array. Optionally XOR encrypts the data. Helpful for creating custom loaders for shellcode.
hoodoer/proxy-helper-the-sequel
Port/rework of proxy-helper plugin for hak5 Pineapples
hoodoer/dragInputClickjacking
Demo of using draggable elements in a clickjacking PoC to "type" user inputs.
hoodoer/sonicWallBruteForce
Script to brute force logins to SonicWall
hoodoer/rickRollAddressBarPayload
XSS/JavaScript payload that runs the rick roll lyrics through in the browser address bar.
hoodoer/javaScriptDeployer
Example bash script and JavaScript to copy a JavaScript payload into all .js files, but have only one copy run, regardless of how many .js files are included in the rendered page.
hoodoer/javascriptFileEncoder
Encodes a file into JavaScript friendly hex data, useful for adding file uploads to session riding XSS payloads
hoodoer/Normalized-Compression-Distance-NCD-Zlib
Simple C++ header file with a class that uses the Zlib compression algorithm to calculate Normalized Compression Distance (NCD) values
hoodoer/plistsubstractor3
Python3 version of plistsubstractor
hoodoer/WP-XSS-Challenge-Deploy
Python script to help automate deployment of my XSS challenge infrastructure
hoodoer/Auto-Agent
Old school project, neural net autopilot for FlightGear flight sim.
hoodoer/base64PlistHunter
Script to extract base64 encoded Binary PLISTs from XML/PLIST files
hoodoer/certgraph
An open source intelligence tool to crawl the graph of certificate Alternate Names
hoodoer/Coding-Utilities-Cpp
Header files with useful C++ classes for 3-D math, compression, timing, etc. Great for vector math.
hoodoer/demoCodeCopier
Script to copy chunks of code to the clipboard in the background based on how far along you are in your demo
hoodoer/graftcp
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
hoodoer/Neural-Net-Game
Old school project, neural net game
hoodoer/pineapple-modules
The Official WiFi Pineapple Module Repository for the WiFi Pineapple Mark VII
hoodoer/pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
hoodoer/shadow-workers
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
hoodoer/SleuthQL
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
hoodoer/WebShell
Webshell && Backdoor Collection