Pinned Repositories
aggressor_scripts_collection
Collection of various Aggressor Scripts for Cobalt Strike from awesome people. Will be sure to update this repo with credit to each person.
android-security-awesome
A collection of android security related resources
AutoLocalPrivilegeEscalation
An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
AutoNessus
This script communicates with the Nessus API in an attempt to help with automating scans. Depending on the flag issued with the script, you can list all scans, list all policies, start, stop, pause, and resume a scan.
awesome-malware-analysis
A curated list of awesome malware analysis tools and resources
DevSecOps-Studio
Virtual environment for learning DevSecOps
homebrew-pentest
Homebrew Tap - Pen Test Tools
knock
Knock Subdomain Scan
Linux_Exploit_Suggester
Linux Exploit Suggester; based on operating system release number
PaySurf
Paypal CSRF for account takeover.
michalkoczwara's Repositories
michalkoczwara/MalwrAgent
michalkoczwara/backdoorme
powerful auto-backdooring utility
michalkoczwara/BloodHound
Six Degrees of Domain Admin
michalkoczwara/CloudFail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
michalkoczwara/clusterd
application server attack toolkit
michalkoczwara/cowrie
Cowrie SSH/Telnet Honeypot
michalkoczwara/CrackMapExec
A swiss army knife for pentesting networks
michalkoczwara/cs-suite
Cloud Security Suite - One stop tool for auditing the security posture of AWS infrastructure.
michalkoczwara/cuckoo
Cuckoo Sandbox is an automated dynamic malware analysis system
michalkoczwara/cve-search
cve-search - a tool to perform local searches for known vulnerabilities
michalkoczwara/DeathStar
Automate getting Domain Admin using Empire (https://github.com/EmpireProject/Empire)
michalkoczwara/DET
(extensible) Data Exfiltration Toolkit (DET)
michalkoczwara/django-admin-honeypot
A fake Django admin login screen to notify admins of attempted unauthorized access.
michalkoczwara/fame
FAME Automates Malware Evaluation
michalkoczwara/fuzzapi
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
michalkoczwara/github-dorks
Collection of github dorks and helper tool to automate the process of checking dorks
michalkoczwara/glastopf
Web Application Honeypot
michalkoczwara/gym-malware
michalkoczwara/king-phisher
Phishing Campaign Toolkit
michalkoczwara/koadic
Koadic C3 COM Command & Control - JScript RAT
michalkoczwara/leviathan
wide range mass audit toolkit
michalkoczwara/passionfruit
[WIP] Crappy iOS app analyzer
michalkoczwara/punydomaincheck
Puny Domain Name Check
michalkoczwara/pupy
Pupy is an opensource, multi-platform (Windows, Linux, OSX, Android), multi function RAT (Remote Administration Tool) mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from memory.
michalkoczwara/PyExfil
A Python Package for Data Exfiltration
michalkoczwara/sneaky-creeper
Get your APT on using social media as a tool for data exfiltration.
michalkoczwara/struts-pwn
An exploit for Apache Struts CVE-2017-5638
michalkoczwara/viper
Binary analysis framework
michalkoczwara/WiFi-Pumpkin
Framework for Rogue Wi-Fi Access Point Attack
michalkoczwara/xsscrapy
XSS spider - 66/66 wavsep XSS detected