Pinned Repositories
python-verodin-director-api
A simple Python wrapper for the Verodin Director API
AWAE-PREP
This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.
Awesome-Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
clickjack
Simple script to test for clickjacking
cofense-export-parser
Scripts to Parse Cofense/PhishMe Raw Exports
compromised
Tool for comparing a list of email addresses to the haveibeenpwned database to determine if they have been compromised in a public breach
CVE-2019-8997
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.
nexpose-automate_reports
Automatically dump tailored reports for each asset or site in your Nexpose installation using the Nexpose API
nexpose-mac_counter
Sheds light on asset detection accuracy by determining unique MACs found, assets missing MACs, dupes, and the 10 most common dupes.
OSWE-1
OSWE Preparation
nxkennedy's Repositories
nxkennedy/clickjack
Simple script to test for clickjacking
nxkennedy/CVE-2019-8997
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.
nxkennedy/OSWE-1
OSWE Preparation
nxkennedy/AWAE-PREP
This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.
nxkennedy/bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
nxkennedy/cofense-export-parser
Scripts to Parse Cofense/PhishMe Raw Exports
nxkennedy/deephack
deephack
nxkennedy/DPAT
Domain Password Audit Tool for Pentesters
nxkennedy/Malleable-C2-Profiles
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
nxkennedy/malware-1
Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code.
nxkennedy/misc-scripts
miscellaneous scripts in mostly working order
nxkennedy/nessus-mass_downloader
Download reports via the Nessus API
nxkennedy/nessus-report-downloader
nxkennedy/nxkennedy.github.io
nxkennedy/OSINT-Framework
OSINT Framework
nxkennedy/OWASP-Testing-Checklist
OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
nxkennedy/p0wnedShell
PowerShell Runspace Post Exploitation Toolkit
nxkennedy/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
nxkennedy/php-reverse-shell
nxkennedy/python-amazon-simple-product-api
A simple Python wrapper for the Amazon.com Product Advertising API
nxkennedy/python-verodin-director-api-1
A simple Python wrapper for the Verodin Director API
nxkennedy/QuasarRAT
Remote Administration Tool for Windows
nxkennedy/risu-templates
Templates to extract failed DISA STIG checks from Nessus scan reports parsed by Risu
nxkennedy/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
nxkennedy/shakedown
Shakedown scans text files for potentially malicious content. Greatly assists vetting complex security tools/frameworks before running them on a company network. (Talking to you, red teams and security engineers)
nxkennedy/SILENTTRINITY
An asynchronous post-exploitation agent powered by Python, IronPython, C# and .NET's DLR
nxkennedy/trape
People tracker on the Internet: OSINT analysis and research tool by Jose Pino
nxkennedy/Vanquish
Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.
nxkennedy/webshells
Various webshells. We accept pull requests for additions to this collection.
nxkennedy/zeroday-powershell
A PowerShell example of the Windows zero day priv esc