Pinned Repositories
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Aggressor-VYSEC
Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
bash-dev-tcp
collection of scripts using /dev/tcp
blobfinder
Identify Azure blobs using a wordlist of account name and container name strings
phishsticks
A framework for OAuth 2.0 device code authentication grant flow phishing
mdfarhan's Repositories
mdfarhan/phishsticks
A framework for OAuth 2.0 device code authentication grant flow phishing
mdfarhan/Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
mdfarhan/bash-dev-tcp
collection of scripts using /dev/tcp
mdfarhan/blobfinder
Identify Azure blobs using a wordlist of account name and container name strings
mdfarhan/CanIBeSpoofed
CanIBeSpoofed is a console project utilising functionality built for the https://caniphish.com/free-phishing-tools/email-spoofing-test website. This project facilitates scanning of domains to gain visibility over email supply chain and SPF/DMARC vulnerabilities.
mdfarhan/CodeExecutionOnWindows
A list of ways to execute code on Windows using legitimate Windows tools
mdfarhan/docker-sneaky-gophish
Docker for the latest gophish with stealth configuration from sneaky_gophish
mdfarhan/Evilginx2-Phishlets
Evilginx2 Phishlets version (0.2.3) Only For Testing/Learning Purposes
mdfarhan/evilgophish
evilginx2 + gophish
mdfarhan/EvilGoReport
A Python script to collect campaign data from Gophish and generate a report when using Evilginx
mdfarhan/exploit
Exploits and advisories
mdfarhan/GadgetToJScript
A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
mdfarhan/GOAD
game of active directory
mdfarhan/GoPhish-Templates
GoPhish Templates that I have retired and/or templates I've recreated.
mdfarhan/iker
An ike-scan wrapper to simplify penetration testing IKE and encourage stronger IKE implementations.
mdfarhan/Infosec_Reference
An Information Security Reference That Doesn't Suck
mdfarhan/nmap-nse-modules
My collection of nmap nse modules
mdfarhan/pacu
PACU - Phishing Automation & Campaigning Utility
mdfarhan/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
mdfarhan/Penetration-Testing-Tools
A collection of more than a 140+ tools, scripts, cheatsheets and other loots that I've developed over years for Penetration Testing and IT Security audits purposes. Most of them came handy at least once during my real-world engagements.
mdfarhan/PhishingTemplates
mdfarhan/Phishious
An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
mdfarhan/public-pentesting-reports
Curated list of public penetration test reports released by several consulting firms and academic security groups
mdfarhan/red_team_tool_countermeasures
mdfarhan/ScatterBrain
Suite of Shellcode Running Utilities
mdfarhan/secrets-patterns-db
Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
mdfarhan/SniperPhish
SniperPhish - The Web-Email Spear Phishing Toolkit
mdfarhan/SpamFilterBypass
Neat spam filter bypass for multiple vendors
mdfarhan/spf-bypass
This project demonstrates SPF-bypass techniques utilised by phishers to abuse domains that haven't been secured by DMARC.
mdfarhan/TikiTorch
Process Hollowing