Weaponized web shell

Massive Mobile Security Framework

LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

CVE-2023-0386在ubuntu22.04上的提权

The most powerful CRLF injection (HTTP Response Splitting) scanner.

Automating Juicy Potato Local Privilege Escalation CMD exploit for penetration testers.

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Contextual Content Discovery Tool

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

A tool created to speed up Privilege Escalation with SeImpersonate

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

Official Black Hat Arsenal Security Tools Repository

An ansible playbook that sets up a tricked-out zsh & vim environment

Experimenting with Ansible

Repo with files used in https://cmrodriguez.me/blog/nsc-bypass-2/

Minimal docker container of Parrot OS for running an automated scan & pentest report.

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote …

Username tools for penetration testing

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

SCADA StrangeLove Default/Hardcoded Passwords List

SSTI Payload Generator

PHP Webshell with handy features

Clone this repo to build Frida

Tiny PHP Web shell for executing unix commands from web page