Pinned Repositories
DOMCLOB
🕵️♂️ DOMClob: DOM Clobbering Vulnerability Scanner
InfoSecUberWik
A massive curated list of curated lists of various info sec/pen testing tools, resources, and tricks covering multiple verticals.
Log4j-Payloads
nexporter
nexporter: export & explore Nessus professional scan data.
SISTEE
🕵️♂️ CSTIScan: Client-Side Template Injection (SISTEE) Scanner
Spring4Shell-cURL
cURL configs for exploiting Spring4Shell
UNISNOOP
Unleash the power of Unicode Normalization detection! 🚀
webql
🌩Using CodeQL To Conduct JavaScript Security Analysis Against Modern Web Applications
fireproxng
Next generation fireprox AWS API endpoint creation utility.
queencitycyber's Repositories
queencitycyber/Log4j-Payloads
queencitycyber/Spring4Shell-cURL
cURL configs for exploiting Spring4Shell
queencitycyber/webql
🌩Using CodeQL To Conduct JavaScript Security Analysis Against Modern Web Applications
queencitycyber/nexporter
nexporter: export & explore Nessus professional scan data.
queencitycyber/queencitycyber.github.io
queencitycyber/Dynamic-DTD
A python Flask app that generates dynamic DTDs for easy out-of-band data exfiltration.
queencitycyber/kevtrends
Using CISA's Known Exploited Vulnerabilities Catalog (KEV) to search for vulnerabilities, exposures, CVE-ID's, and keywords.
queencitycyber/owa_info
QuickOWA
queencitycyber/DOMCLOB
🕵️♂️ DOMClob: DOM Clobbering Vulnerability Scanner
queencitycyber/jwtjuggler
JWTJuggler (JOT JUGGLER): JWT & Authentication Testing Harness
queencitycyber/SCEPTER
🔱SCEPTER: Stealthy Credential Expert Probing Tool for Enumeration and Reconnaissance
queencitycyber/SISTEE
🕵️♂️ CSTIScan: Client-Side Template Injection (SISTEE) Scanner
queencitycyber/UNISNOOP
Unleash the power of Unicode Normalization detection! 🚀
queencitycyber/AH2021Workshop
Malware development for red teaming workshop
queencitycyber/amber
Reflective PE packer.
queencitycyber/bbot
A recursive internet scanner for hackers.
queencitycyber/bseept
Burp Suite Enterprise Edition Power Tools
queencitycyber/CredSniper
CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
queencitycyber/docs
Centralized docs of ProjectDiscovery
queencitycyber/exploit-writing-for-oswe
Tips on how to write exploit scripts (faster!)
queencitycyber/herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
queencitycyber/ncrack
DNSSEC Zone Walking
queencitycyber/offat
Tests your API automatically for common API vulnerabilities. Project is still Work In Progress. PRs are appreciated.
queencitycyber/parkeddomains
queencitycyber/PrintNightmare
queencitycyber/queencitycyber
queencitycyber/Robber
Robber is open source tool for finding executables prone to DLL hijacking
queencitycyber/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
queencitycyber/Smapper
a drop-in replacement for Nmap powered by shodan.io
queencitycyber/Spray365
Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.