loo9o's Stars
blackarrowsec/Handly
Abuse leaked token handles.
CrowdStrike/psfalcon
PowerShell for CrowdStrike's OAuth2 APIs
Ridter/noPac
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
cve-search/CVE-Search-Docker
Docker Image for CVE-Search
W01fh4cker/CVE-2023-46747-RCE
exploit for f5-big-ip RCE cve-2023-46747
myh0st/scripts
信安之路上涉及的一些脚本
pimps/CVE-2019-2725
WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit
initstring/linkedin2username
OSINT Tool: Generate username lists for companies on LinkedIn
3ndG4me/AutoBlue-MS17-010
This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010
maaaaz/webscreenshot
A simple script to screenshot a list of websites
tenable/poc
Proof of Concepts
pwntester/ysoserial.net
Deserialization payload generator for a variety of .NET formatters
luigigubello/PayloadsAllThePDFs
PDF Files for Web Pentesting
micro-joan/BlackStone
Pentesting Reporting Tool
BishopFox/cloudfox
Automating situational awareness for cloud penetration tests.
initstring/cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Kyuu-Ji/Awesome-Azure-Pentest
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure.
Hari-prasaanth/Web-App-Pentest-Checklist
A OWASP Based Checklist With 500+ Test Cases
horizon3ai/CVE-2023-27532
POC for Veeam Backup and Replication CVE-2023-27532
itm4n/PPLmedic
Dump the memory of any PPL with a Userland exploit chain
zblurx/certsync
Dump NTDS with golden certificates and UnPAC the hash
sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY
Exploit for the CVE-2023-23397
Trackflaw/CVE-2023-23397
Simple PoC of the CVE-2023-23397 vulnerability with the payload sent by email.
Gerenios/AADInternals
AADInternals PowerShell module for administering Azure AD and Office 365
NetSPI/MicroBurst
A collection of scripts for assessing Microsoft Azure security
dafthack/MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
OJ/gobuster
Directory/File, DNS and VHost busting tool written in Go
incogbyte/quickpress
Small tool to automate SSRF wordpress and XMLRPC finder
ShutdownRepo/httpmethods
HTTP verb tampering & methods enumeration
stealthsploit/OneRuleToRuleThemStill
A revamped and updated version of my original OneRuleToRuleThemAll hashcat rule