njahrckstr
Penetration Tester | Network & Web Application Vulnerability Researcher/tester | OSCP | OSWP | GIAC GREM | R&D Engineer
USA
Pinned Repositories
assetfinder
Find domains and subdomains related to a given domain
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
Cheatsheet-God
Penetration Testing / OSCP Biggest Reference Bank / Cheatsheet
OSWA
A collection of useful commands, scripts and resources for the OSWA (WEB-200) exam of Offensive Security
PentestScripts
Some scripts for penetration testing
Privilege_Escalation
PyCk
A collection of useful Python hacking scripts for beginners
Red-Team-Exercises
Red-Team-Management
Windows_Kernel_Sploit_List
njahrckstr's Repositories
njahrckstr/chrome-spy-extension
A Chrome extension that will steal literally everything it can
njahrckstr/MacDirtyCowDemo
Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source.
njahrckstr/Red-Team-Exercises
njahrckstr/RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
njahrckstr/redteamguides.github.io
Red Team Guides
njahrckstr/SpamChannel
Spoof emails from any domain using MailChannels (+2 Million)
njahrckstr/AM0N-Eye-C2
njahrckstr/awesome-osint
:scream: A curated list of amazingly awesome OSINT
njahrckstr/chainbreaker
Mac OS X Keychain Forensic Tool
njahrckstr/citrix-exploits
Repository to store exploits created by Assetnotes Security Research team
njahrckstr/CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
njahrckstr/CVE-2023-50164
A scanning utility and PoC for CVE-2023-50164
njahrckstr/CVE-2023-50164-Apache-Struts-RCE
A critical security vulnerability, identified as CVE-2023-50164 (CVE: 9.8) was found in Apache Struts, allowing attackers to manipulate file upload parameters that can potentially lead to unauthorized path traversal and remote code execution (RCE).
njahrckstr/cvss-bt
Enriching the NVD CVSS scores to include Temporal & Threat Metrics
njahrckstr/GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
njahrckstr/interactsh
An OOB interaction gathering server and client library
njahrckstr/malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
njahrckstr/NimPlant
A light-weight first-stage C2 implant written in Nim.
njahrckstr/NtlmThief
Extracting NetNTLM without touching lsass.exe
njahrckstr/Nuitka
Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, and 3.11. You feed it your Python app, it does a lot of clever things, and spits out an executable or extension module.
njahrckstr/okta_scim_attack_tool
njahrckstr/OSCE-Complete-Guide
OSWE, OSEP, OSED
njahrckstr/PassDetective
PassDetective is a command-line tool that scans shell command history to detect mistakenly written passwords, API keys, and secrets. Using regular expressions, it helps prevent accidental exposure of sensitive information in your command history.
njahrckstr/Pentest-Cheat-Sheets
A collection of snippets of codes and commands to make your life easier!
njahrckstr/Python-for-Security
njahrckstr/recaptcha-phish
Phishing with a fake reCAPTCHA
njahrckstr/redcanary-mac-monitor
Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displaying them graphically, with an expansive feature set designed to reduce noise.
njahrckstr/SharpTokenFinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
njahrckstr/waf-bypass
Check your WAF before an attacker does
njahrckstr/Windows_LPE_AFD_CVE-2023-21768
LPE exploit for CVE-2023-21768