lc8992

lc8992's Stars

• ghostty-org/ghostty

  👻 Ghostty is a fast, feature-rich, and cross-platform terminal emulator that uses platform-native UI and GPU acceleration.

  Language:Zig23.8k569

• JumpsecLabs/TokenSmith

  TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of the box with many popular Azure post exploitation tools.

  Language:Go19832

• CyberSecurityUP/GCP-Pentest-Checklist

  23057

• RhinoSecurityLabs/GCP-IAM-Privilege-Escalation

  A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

  Language:Python35974

• S3cur3Th1sSh1t/PowerSharpPack

  Language:PowerShell1.5k307

• garrettfoster13/pre2k

  Language:Python30434

• dafthack/MSOLSpray

  A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.

  Language:PowerShell926172

• dafthack/CloudPentestCheatsheets

  This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

  2.6k517

• rvrsh3ll/cors-anywhere

  CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request.

  Language:JavaScript11

• SpecterOps/AzureHound

  Azure Data Exporter for BloodHound

  Language:Go59980

• dafthack/GraphRunner

  A Post-exploitation Toolset for Interacting with the Microsoft Graph API

  Language:PowerShell1k113

• f-bader/TokenTacticsV2

  A fork of the great TokenTactics with support for CAE and token endpoint v2

  Language:PowerShell23529

• dirkjanm/ROADtools

  A collection of Azure AD/Entra tools for offensive and defensive security purposes

  Language:Python2k274

• Flangvik/TeamFiltration

  TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

  Language:C#1.1k125

• rvrsh3ll/TokenTactics

  Azure JWT Token Manipulation Toolset

  Language:PowerShell61198

• ExAndroidDev/fakemeeting

  Creates and sends fake meeting invite

  Language:Python5515

• lanjelot/patator

  Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

  Language:Python3.6k799

• RUB-NDS/Terrapin-Scanner

  This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

  Language:Go96066

• hausec/Bloodhound-Custom-Queries

  Custom Query list for the Bloodhound GUI based off my cheatsheet

  762124

• knavesec/CredMaster

  Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling

  Language:Python993132

• cwolff411/RedTeamVillage-SSHTunnels

  Slides, documentation, and files from my presentation at Red Team Village for HackerOne's hacktivitycon.

  354

• emtunc/SlackPirate

  Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace

  Language:Python730105

• epi052/feroxbuster

  A fast, simple, recursive content discovery tool written in Rust.

  Language:Rust6.1k509

• Pennyw0rth/NetExec

  The Network Execution Tool

  Language:Python3.5k398

• pentestmonkey/php-reverse-shell

  Language:PHP2.3k1.9k

• chipik/SAP_GW_RCE_exploit

  SAP Gateway RCE exploits

  Language:Python15045

• irsdl/IIS-ShortName-Scanner

  latest version of scanners for IIS short filename (8.3) disclosure vulnerability

  Language:Java1.5k253

• davidtavarez/pwndb

  Search for leaked credentials

  Language:Python1.3k242

• hahwul/XSpear

  🔱 Powerfull XSS Scanning and Parameter analysis tool&gem

  Language:Ruby1.2k227

• Kevin-Robertson/Inveigh

  .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

  Language:C#2.6k449