Pinned Repositories
aggressor_scripts_collection
Collection of various Aggressor Scripts for Cobalt Strike from awesome people. Will be sure to update this repo with credit to each person.
android-security-awesome
A collection of android security related resources
AutoLocalPrivilegeEscalation
An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
AutoNessus
This script communicates with the Nessus API in an attempt to help with automating scans. Depending on the flag issued with the script, you can list all scans, list all policies, start, stop, pause, and resume a scan.
awesome-malware-analysis
A curated list of awesome malware analysis tools and resources
DevSecOps-Studio
Virtual environment for learning DevSecOps
homebrew-pentest
Homebrew Tap - Pen Test Tools
knock
Knock Subdomain Scan
Linux_Exploit_Suggester
Linux Exploit Suggester; based on operating system release number
PaySurf
Paypal CSRF for account takeover.
michalkoczwara's Repositories
michalkoczwara/BloodHound
Six Degrees of Domain Admin
michalkoczwara/bluebox-ng
Pentesting framework using Node.js powers. Specially focused in VoIP/UC.
michalkoczwara/CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
michalkoczwara/clusterd
application server attack toolkit
michalkoczwara/CrackMapExec
A swiss army knife for pentesting networks
michalkoczwara/cs-suite
Cloud Security Suite - One stop tool for auditing the security posture of AWS infrastructure.
michalkoczwara/cuckoo
Cuckoo Sandbox is an automated dynamic malware analysis system
michalkoczwara/DeathStar
Automate getting Domain Admin using Empire (https://github.com/EmpireProject/Empire)
michalkoczwara/DET
(extensible) Data Exfiltration Toolkit (DET)
michalkoczwara/dockerscan
Docker security analysis & hacking tools
michalkoczwara/dvna
Damn Vulnerable NodeJS Application
michalkoczwara/fame
FAME Automates Malware Evaluation
michalkoczwara/fibratus
Tool for exploration and tracing of the Windows kernel
michalkoczwara/fuzzapi
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
michalkoczwara/github-dorks
Collection of github dorks and helper tool to automate the process of checking dorks
michalkoczwara/glastopf
Web Application Honeypot
michalkoczwara/gym-malware
michalkoczwara/HttpPwnly
"Repeater" style XSS post-exploitation tool for mass browser control. Primarily a PoC to show why HttpOnly flag isn't a complete protection against session hijacking via XSS
michalkoczwara/intrigue-core
Identify your attack surface!
michalkoczwara/king-phisher
Phishing Campaign Toolkit
michalkoczwara/koadic
Koadic C3 COM Command & Control - JScript RAT
michalkoczwara/metasploit-framework
Metasploit Framework
michalkoczwara/passionfruit
[WIP] Crappy iOS app analyzer
michalkoczwara/phishing_catcher
Phishing catcher using Certstream
michalkoczwara/pupy
Pupy is an opensource, multi-platform (Windows, Linux, OSX, Android), multi function RAT (Remote Administration Tool) mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from memory.
michalkoczwara/PyExfil
A Python Package for Data Exfiltration
michalkoczwara/SecGen
Create randomly insecure VMs
michalkoczwara/sneaky-creeper
Get your APT on using social media as a tool for data exfiltration.
michalkoczwara/uncaptcha
Defeating Google's audio reCaptcha with 85% accuracy.
michalkoczwara/xsscrapy
XSS spider - 66/66 wavsep XSS detected