Pinned Repositories
0day-wordpress-easy-smtp
this is mass scanner 0day wordpress easy smtp
3proxy
3proxy - tiny free proxy server
abrade
A fast Web API scraper written in C++ and built on Boost ASIO
Abusing_Weak_ACL_on_Certificate_Templates
Investigation about ACL abusing for Active Directory Certificate Services (AD CS)
Active-Directory-Exploitation
AllThingsSSRF
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
darkarmour
Windows AV Evasion
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
halosgate-ps
Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
Xeexe-TopAntivirusEvasion
Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable
idfix007's Repositories
idfix007/proxychains-windows
Windows and Cygwin port of proxychains, based on MinHook and DLL Injection
idfix007/Abusing_Weak_ACL_on_Certificate_Templates
Investigation about ACL abusing for Active Directory Certificate Services (AD CS)
idfix007/ADLab
Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.
idfix007/apache_normalize_path
Metasploit-Framework modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50)
idfix007/azureOutlookC2
Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.
idfix007/Beef-Over-AWS
Beef Over AWS is a tool that allows you to use Beef-XSS over WAN securly and anonymously.
idfix007/can-i-take-over-dns
"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
idfix007/covert-tube
Youtube as covert-channel - Control systems remotely and execute commands by uploading videos to Youtube
idfix007/CS-notes
Cobaltstrike notes
idfix007/dark-web-osint-tools
OSINT Tools for the Dark Web
idfix007/Defeat-Defender-V1.2
Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
idfix007/dex
OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
idfix007/EDRHunt
Scan installed EDRs and AVs on Windows
idfix007/ElusiveMice
Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
idfix007/FuzzingPaper
Recent Fuzzing Paper
idfix007/graudit
grep rough audit - source code auditing tool
idfix007/LOLBins
PyQT5 app for LOLBAS and GTFOBins
idfix007/meterpeter
C2 Powershell Command & Control Framework with BuiltIn Commands
idfix007/Penetration-Testing-Tools
A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
idfix007/PetitPotam
Python implementation for PetitPotam
idfix007/power-kill
power-kill is a project that kill protected processes (such as EDR or AV) by injecting shellcode into high privilege processes
idfix007/PrintNightmare-1
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
idfix007/ProxyVulns
[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.
idfix007/SharpWebServer
Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality
idfix007/Shellcode-Injection-Techniques
A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some techniques are better than others at bypassing AV.
idfix007/tomcatWarDeployer
Apache Tomcat auto WAR deployment & pwning penetration testing tool.
idfix007/vimsheet
Vim cheat sheet from beginners to pros
idfix007/webpage2html
save/convert web pages to a standalone editable html file for offline archive/view/edit/play/whatever
idfix007/Whisker
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
idfix007/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.