Pinned Repositories
AutoBlue
This is some no-bs public exploit code that generates valid shellcode for the eternal blue exploit and scripts out the event listener with the metasploit multi-handler.
CVE-2021-1675-LPE
Local Privilege Escalation Edition for CVE-2021-1675
CVE-2021-21985_PoC
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
CVE-2021-3156
Description Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
dirtycow
Dirty Cow is a silly name, but it's a serious Linux kernel problem. According to the Red Hat bug report, "a race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings
InstagramHacked
Instagram-Py Instagram-py performs slick brute force attack on Instagram without any type of password limiting and also resumes your attack in ease. —DeathSec
OSINT
Collections of Tools, Bookmarks, and other guides created to aid in OSINT collection
Repo-Burpsuite
💥 All the power of PayloadsAllTheThings, without the overhead. This extension adds autocompletion support and useful payloads in Burp Suite to make your intrusion easier.
ScarperSocial
Scrape emails, phone numbers and social media accounts from a website. You can use the found information to gather more information or just find ways to contact the site.
WhatsAppHACK-RCE
Whatsapp remote code execution CVE-2019-11932 https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
kal1gh0st's Repositories
kal1gh0st/WhatsAppHACK-RCE
Whatsapp remote code execution CVE-2019-11932 https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
kal1gh0st/ScarperSocial
Scrape emails, phone numbers and social media accounts from a website. You can use the found information to gather more information or just find ways to contact the site.
kal1gh0st/InstagramHacked
Instagram-Py Instagram-py performs slick brute force attack on Instagram without any type of password limiting and also resumes your attack in ease. —DeathSec
kal1gh0st/AutoBlue
This is some no-bs public exploit code that generates valid shellcode for the eternal blue exploit and scripts out the event listener with the metasploit multi-handler.
kal1gh0st/Active-Directory
Active Directory is one of the most common uses for PowerShell. I have personally been building Active Directory scripts using VBScript and PowerShell for over a decade. Here’s a big sample of Active Directory PowerShell scripts to do all kinds of stuff!
kal1gh0st/Cipherishing
Advanced phishing tool used for session & credential grabbing and bypassing 2FA using man-in-the-middle attack with standalone reverse proxy server.
kal1gh0st/DDoS-Repository
Questa è una raccolta di svariati tools o strumenti per aiutarti a costruire le diverse tipologie di attacco Denial of service che esistono. Scritto completamente in python, tranne che per uno strumento dove si è usato golang
kal1gh0st/GenericPy
in this repository there are only generic python scripts where you can get ideas for other projects
kal1gh0st/kal1gh0st
my_personal_repository
kal1gh0st/log4j-detect
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
kal1gh0st/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
kal1gh0st/MonitorForti
FortiGateXXXX CLI command sets in the Debug flow
kal1gh0st/MyLog4Shell
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreading
kal1gh0st/PowerShell
The aim of this deployment project is summarize in a single example some tips and suggestions published on https://www.scriptinglibrary.com
kal1gh0st/Python-pty-shells
The following is a collection of bind and reverse shells which give you a fully working PTY.
kal1gh0st/AutoVPN
Ciao, oggi ti lo spiego e ti mostro come realizzare il tuo strumento VPN su Linux. Questo strumento è scritto in Bash, analizza l'elenco di VPN Gate e quindi si connette a configurazioni casuali.
kal1gh0st/Bash
Scripting Library is a collection of scripts and experiences shared by IT Pros, Developers, DevOps and Geeks across Linux and Windows OS with BaSH, PowerShell and Python from all over the world.
kal1gh0st/CVE-2021-40444_CAB_archives
CVE 2021 40444 Windows Exploit services.dll
kal1gh0st/CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行
kal1gh0st/CVE-2021-44228-Scanner
Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
kal1gh0st/devicon
Set of icons representing programming languages, designing & development tools
kal1gh0st/DockerScan
Prototype Pollution Scanner made in Golang
kal1gh0st/Ghidra
Ghidra Script Development. In order to write a script: Ghidra script must be written in Java. Your script class must extend ghidra.app.script.GhidraScript. You must implement the run() method. This is where you insert your script-specific code. You should create a description comment at the top of the file. Each description line should start with "//".
kal1gh0st/milksense
:v:
kal1gh0st/MishManners
kal1gh0st/mobsfscan
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
kal1gh0st/mvt
MVT is a forensic tool to look for signs of infection in smartphone devices
kal1gh0st/nse-log4shell
Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
kal1gh0st/UnifiController-backup
You’ll need to create a Backblaze account aswell as a Bucket. At the time of writing this is completely free. With the account created, head over to the B2 page and sign up using the same email address. Verify your email, setup your phone number as well as the not needed but highly recommended two-factor authentication option
kal1gh0st/Windows-Exploit-2021-1811
DESCRIPTION This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.