-
bookmarks
A personal list of various resources for those who are interested in learning about infosec and hacking and keeping themselves up to date. This is by no means a complete nor fresh list, but I occasionally add entries to lists.
★ 187 11mo agoExplain → -
nginx-rift-private-lab
Private Nginx Rift ASLR lab, exploit chain, and demo recordings
Python ★ 75 1mo agoExplain → -
personal-security-checklist-FA ⑂
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy. This is simply a Farsi (machine) translation of the original work by Alicia Sykes, whom deserves the credit.
TypeScript ★ 51 6mo agoExplain → -
mongobleed ⑂
A remote live memory viewer PoC based on the MongoBleed vulnerability primitive!
Python ★ 30 3mo agoExplain → -
stalksnet
A few STUXNET samples and live traffic captures from July 2010 while many stuxnet implants were still operational.
★ 28 1y agoExplain → -
NeoBurp
A PoC Burp extension to merge the power of Neo4j with Burp Suite to identify common attack vectors across large number of hosts and API ednpoints. This is mostly mostly AI generated!
Java ★ 9 1y agoExplain → -
Mr.Apple
An AI agent and chatbot wrapper for python-apple-fm-sdk
Python ★ 2 4mo agoExplain → -
FernetCrack
A basic toolset to identify, extract and crack Fernet encrypted blobs.
Rust ★ 2 6mo agoExplain → -
cheat-sheets ⑂
useful cheat sheets as reference.
Python ★ 2 6mo agoExplain → -
hashcat ⑂
World's fastest and most advanced password recovery utility
★ 2 6mo agoExplain → -
NVChad-SAST
A Neovim SAST workflow plugin for those of us who like doing it the good old TUI way and tired of bloated new "AI Powered" editors. This is NOT meant to find bugs automatically even with the LLM extension. It is meant to be used by humans!
Lua ★ 2 7mo agoExplain → -
find-sec-bugs ⑂
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Java ★ 1 4y agoExplain → -
Android_Spy_App ⑂
This is a android spy app, which uploads user data such as contacts, messages, call log, send message(s), photos, videos, open a browser link etc. Android Rat
★ 1 2y agoExplain → -
PANIX ⑂
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
★ 1 1y agoExplain → -
TM-SGNL-Android ⑂
Unofficial and insecure Signal app, used by senior Trump officials like Mike Waltz, downloaded from the official TeleMessage website
★ 1 1y agoExplain → -
vcenter_saml_login ⑂
A tool to extract the IdP cert from vCenter backups and log in as Administrator
★ 1 2y agoExplain → -
eml-extractor
Extract email attachments from .eml files in given directory.
Python ★ 1 2y agoExplain → -
AFTA_APT15
Iranian AFTA release of IoCs related to APT15 campaign in Iran
YARA ★ 1 1y agoExplain → -
CVE-2024-38077 ⑂
RDL的堆溢出导致的RCE
★ 1 1y agoExplain → -
PDFator ⑂
No description.
★ 1 3y agoExplain → -
wireguard-install ⑂
WireGuard VPN installer for Linux servers
★ 1 6y agoExplain → -
eia0 ⑂
Check LTE Network Cipher Support -- over the air
★ 1 6y agoExplain → -
avanza-mcp
A TUI client for Avanza, developed mainly as an interface for LLM based automation in trading and management of assets. It can also work as an MCP server.
Python ★ 0 6d agoExplain → -
DarkSword ⑂
DarkSword exploit chain dump.
★ 0 3mo agoExplain → -
thc-tips-tricks-hacks-cheat-sheet ⑂
Various tips & tricks
Shell ★ 0 4mo agoExplain → -
quagga ⑂
Service: Quagga in support of vRouter
C ★ 0 4mo agoExplain → -
coruna ⑂
deobfuscated JS and blobs from https://b27[.]icu, first attempt at using claude
★ 0 4mo agoExplain → -
SHIR
Mesh based VPN architecture to facilitate secure internet access over Starlink for domestic and mobile users in Iran, during mass outage times. This is an experimental project and requires technical skills to understand, deploy and troubleshoot.
Shell ★ 0 6mo agoExplain → -
awesome-privacy-FA ⑂
🦄 A curated list of privacy & security-focused software and services. Farsi machine translation fork for amni.at website.
★ 0 6mo agoExplain → -
nginx-backdoor ⑂
Example nginx backdoor via malicious plugin
★ 0 4y agoExplain → -
odat ⑂
ODAT: Oracle Database Attacking Tool
★ 0 7mo agoExplain → -
RSC_Detector ⑂
Supports RSC fingerprinting and exploitation of the React component vulnerability CVE-2025-55182.
★ 0 7mo agoExplain → -
CharmingKitten ⑂
Exposing CharmingKitten's malicious activity for IRGC-IO Counterintelligence division (1500)
C# ★ 0 8mo agoExplain → -
dontlookup ⑂
No description.
★ 0 9mo agoExplain → -
elegant-bouncer ⑂
ELEGANTBOUNCER is a detection tool for file-based mobile exploits. This fork adds multiple new features including iMessage and other IM apps attachments extraction and scanning. Check IMPROVEMENTS.md for more details
Rust ★ 0 10mo agoExplain → -
phoenix ⑂
Artifacts for "Phoenix: Rowhammer Attacks on DDR5 with Self-Correcting Synchronization" (IEEE S&P '26)
★ 0 10mo agoExplain → -
wtfps-dump
A fork of https://codeberg.org/joelkoen/wtfps-dump
Rust ★ 0 10mo agoExplain → -
Homework-of-Python ⑂
Python codes of my blog.
★ 0 3y agoExplain → -
gtpdoor-scan ⑂
No description.
★ 0 2y agoExplain → -
TM-SGNL-iOS ⑂
Unofficial and insecure Signal app, used by senior Trump officials like Mike Waltz, downloaded from the official TeleMessage website
★ 0 1y agoExplain → -
wtfps
A fork of wtfps on codeberg
Rust ★ 0 1y agoExplain → -
apple-corelocation-experiments ⑂
Experimenting with Apple's WPS location service
★ 0 1y agoExplain → -
ida_pro_9_b2_fix
A IDA Pro 9.0 Beta 2 macOS x86 Fix Loader
★ 0 1y agoExplain → -
Invoke-SMBRemoting ⑂
Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
★ 0 1y agoExplain → -
pinduoduo_backdoor ⑂
拼多多apk内嵌提权代码,及动态下发dex分析
★ 0 3y agoExplain → -
Ghidra-GoRoutes
A Ghidra script for automating extraction of registered routes in golang binaries
Python ★ 0 1y agoExplain → -
IDA-Pro-SigMaker ⑂
Signature maker plugin for IDA 8.x and 9.x
★ 0 1y agoExplain → -
ScriptAnalyzer
No description.
PowerShell ★ 0 1y agoExplain → -
Veil-Evasion ⑂
Veil Evasion is no longer supported, use Veil 3.0!
★ 0 4y agoExplain → -
Veil ⑂
Veil 3.1.X (Check version info in Veil at runtime)
★ 0 2y agoExplain → -
privilege-escalation-awesome-scripts-suite ⑂
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
★ 0 6y agoExplain → -
hacktricks ⑂
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
★ 0 5y agoExplain → -
xzbot ⑂
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
★ 0 2y agoExplain → -
CanaryTokenScanner ⑂
Script designed to identify Canary Tokens within Microsoft Office documents and Acrobat Reader PDF (docx, xlsx, pptx, pdf).
Python ★ 0 2y agoExplain → -
fpmachine ⑂
python driver for fingerprint machine (ZKTeco biometrics)
★ 0 4y agoExplain → -
LaZagne ⑂
Credentials recovery project
★ 0 2y agoExplain → -
HackBrowserData ⑂
Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。
★ 0 2y agoExplain → -
SAGEMCOM-FAST-5370e-TELIA ⑂
This is my personal wiki for hacking the router firmware used by (Sagemcom)F@ast Version 3.43.2 delivered from Sagemcom
★ 0 5y agoExplain → -
natslipstream ⑂
NAT Slipstream attack code samples
★ 0 5y agoExplain → -
downfall ⑂
No description.
★ 0 2y agoExplain → -
BloodHoundQueries ⑂
No description.
★ 0 3y agoExplain → -
BloodHound-Queries ⑂
Custom queries list for BloodHound
★ 0 3y agoExplain → -
awesome-tunneling ⑂
List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.
★ 0 3y agoExplain → -
EDRSandblast ⑂
No description.
★ 0 3y agoExplain → -
keyhacks ⑂
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
★ 0 3y agoExplain → -
ExploitRemotingService ⑂
A tool to exploit .NET Remoting Services
★ 0 3y agoExplain → -
bugstropics ⑂
Supporting material for the "Hunting Bugs In The Tropics" DEFCON 30 talk
★ 0 3y agoExplain → -
Blackout ⑂
kill anti-malware protected processes (BYOVD)
★ 0 3y agoExplain → -
APT_REPORT ⑂
Interesting APT Report Collection And Some Special IOC
★ 0 3y agoExplain → -
openvpn ⑂
This is fork of OpenVPN project. DO NOT USE THIS REPOSITORY!
C ★ 0 3y agoExplain → -
tika ⑂
[DONT USE THIS FORK!] The Apache Tika toolkit detects and extracts metadata and text from over a thousand different file types (such as PPT, XLS, and PDF).
★ 0 3y agoExplain → -
unarcrypto ⑂
unarcrypto is an educational tool to depict cryptography usage in zip, rar and 7zip archives
★ 0 7y agoExplain → -
updog ⑂
Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.
Python ★ 0 4y agoExplain → -
jansi ⑂
Jansi is a small java library that allows you to use ANSI escape sequences to format your console output which works even on windows.
★ 0 4y agoExplain → -
core ⑂
Home repository for .NET Core
★ 0 4y agoExplain → -
dependency-check
OWASP Dependency Check build releases
★ 0 4y agoExplain → -
Empire ⑂
Empire is a PowerShell and Python post-exploitation agent.
★ 0 6y agoExplain → -
PowerShell-AD-Recon ⑂
PowerShell Scripts I find useful
★ 0 10y agoExplain → -
weblogicScanner ⑂
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883
★ 0 5y agoExplain → -
openvpn-install ⑂
OpenVPN road warrior installer for Debian, Ubuntu and CentOS
Shell ★ 0 4y agoExplain → -
socks5 ⑂
A toy socks 5 server written in Python
★ 0 5y agoExplain → -
busyboxpermental
nothing to see here.
C ★ 0 4y agoExplain → -
DeviseDoor ⑂
RoR / Devise PoC in memory Backdoor
★ 0 11y agoExplain → -
krbrelayx ⑂
Kerberos unconstrained delegation abuse toolkit
★ 0 5y agoExplain → -
gressgraph ⑂
visualize your iptables firewall
★ 0 6y agoExplain → -
flint ⑂
Fork of Matasano's flint
★ 0 16y agoExplain → -
FIRST ⑂
No description.
★ 0 7y agoExplain → -
lumen ⑂
A private Lumina server for IDA Pro
★ 0 5y agoExplain → -
rmiscout ⑂
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
★ 0 5y agoExplain → -
PowerProxy ⑂
PowerShell SOCKS proxy with reverse proxy capabilities
★ 0 6y agoExplain → -
PowerCat-1 ⑂
A PowerShell TCP/IP swiss army knife.
★ 0 9y agoExplain → -
powercat ⑂
netshell features all in version 2 powershell
★ 0 6y agoExplain → -
checkra1n_patch_A10_A11 ⑂
Patch of checkra1n 11.0 to enable jailbreak for A10 and A11 devices running iOS 14.
★ 0 5y agoExplain → -
semgrep ⑂
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
★ 0 5y agoExplain → -
burpcollaborator-docker ⑂
This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server.
★ 0 6y agoExplain → -
BUSSide ⑂
The BUSSide Badge
★ 0 7y agoExplain → -
linuxprivchecker ⑂
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
★ 0 6y agoExplain → -
APT34 ⑂
APT34/OILRIG leak
ASP ★ 0 7y agoExplain → -
BurpSuiteLoggerPlusPlus ⑂
Burp Suite Logger++: Log activities of all the tools in Burp Suite
Java ★ 0 6y agoExplain → -
freddy ⑂
Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans
Java ★ 0 6y agoExplain → -
ysoserial ⑂
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Java ★ 0 6y agoExplain → -
IMSI-catcher ⑂
This program show you IMSI numbers of cellphones around you.
★ 0 6y agoExplain → -
mrspicky ⑂
MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.
★ 0 6y agoExplain → -
attack-surface-detector-cli ⑂
No description.
Java ★ 0 6y agoExplain → -
blazer ⑂
Burp Suite AMF Extension
★ 0 7y agoExplain → -
pwnagotchi ⑂
(⌐■_■) - Deep Reinforcement Learning instrumenting bettercap for WiFI pwning.
★ 0 6y agoExplain → -
apple_bleee ⑂
Apple BLE research
Python ★ 0 7y agoExplain → -
WeblogicScan ⑂
增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618,CVE-2019-2729检测,Python3支持
Python ★ 0 7y agoExplain → -
Weblogic ⑂
Weblogic CVE-2019-2725 CVE-2019-2729 Getshell 命令执行
Python ★ 0 7y agoExplain → -
poiwer ⑂
POI exploitation!
PHP ★ 0 7y agoExplain → -
spotbugs
No description.
XSLT ★ 0 7y agoExplain → -
sekey ⑂
Use Touch ID / Secure Enclave for SSH Authentication!
Rust ★ 0 7y agoExplain → -
distal-examples ⑂
Examples for Distal (Paxos inside)
Scala ★ 0 12y agoExplain → -
shadowbroker ⑂
The Shadow Brokers "Lost In Translation" leak
Python ★ 0 9y agoExplain → -
debian-ssh ⑂
Debian OpenSSL Predictable PRNG (CVE-2008-0166)
Shell ★ 0 9y agoExplain → -
roca ⑂
ROCA (Censys.io patch): Infineon RSA vulnerability
Python ★ 0 8y agoExplain → -
Censys_x509
Generating PEM files from Censys.io x509 JSON scan databases.
Python ★ 0 8y agoExplain → -
rejava ⑂
taken as-is from http://rejava.sourceforge.net/ (2016-09-19)
Java ★ 0 9y agoExplain → -
spiderfoot ⑂
SpiderFoot, the open source footprinting and intelligence-gathering tool.
Python ★ 0 9y agoExplain → -
ZeroNet ⑂
ZeroNet - Decentralized websites using Bitcoin crypto and BitTorrent network
Python ★ 0 9y agoExplain → -
serializekiller ⑂
Mass scanner for the Java serialize bug
Python ★ 0 9y agoExplain → -
labs ⑂
Vulnerability Labs for security analysis
Python ★ 0 9y agoExplain → -
ikeforce ⑂
No description.
Python ★ 0 9y agoExplain → -
vim
No description.
Vim script ★ 0 9y agoExplain → -
SmartThingsPublic ⑂
SmartThings open-source DeviceTypeHandlers and SmartApps code
Groovy ★ 0 9y agoExplain → -
EQGRP ⑂
Decrypted content of eqgrp-auction-file.tar.xz
Perl ★ 0 9y agoExplain → -
ida-sploiter ⑂
IDA Sploiter is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's capabilities as an exploit development and vulnerability research tool.
Python ★ 0 9y agoExplain → -
equation_drug ⑂
Random dump of interesting stuff from the Equation Drug leak
★ 0 9y agoExplain → -
sctpscan ⑂
SCTP network scanner for discovery and security
C ★ 0 12y agoExplain → -
evilbts ⑂
Rogue GSM BTS For Fun And Profit
HTML ★ 0 10y agoExplain → -
xcat ⑂
Automate XPath injection attacks to retrieve documents
Python ★ 0 10y agoExplain → -
nmap ⑂
Network Mapper - Security Scanner
C ★ 0 14y agoExplain → -
inception ⑂
Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.
Python ★ 0 13y agoExplain → -
fuzzdb ⑂
Official FuzzDB project repository
PHP ★ 0 10y agoExplain → -
phpcs-security-audit ⑂
No description.
PHP ★ 0 10y agoExplain → -
tplmap ⑂
Automatic Server-Side Template Injection Detection and Exploitation Tool
Python ★ 0 10y agoExplain → -
mimikittenz ⑂
A post-exploitation powershell tool for extracting juicy info from memory.
PowerShell ★ 0 10y agoExplain → -
deblaze ⑂
Performs method enumeration and interrogation against flash remoting end points.
Python ★ 0 10y agoExplain → -
vsaq ⑂
VSAQ is an interactive questionnaire application to assess the security programs of third parties.
JavaScript ★ 0 10y agoExplain → -
Responder ⑂
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
Python ★ 0 10y agoExplain → -
nishang ⑂
Nishang - PowerShell for penetration testing and offensive security.
PowerShell ★ 0 10y agoExplain → -
ruby-idology ⑂
Ruby interface to the IDology API
Ruby ★ 0 12y agoExplain → -
hexhosts ⑂
No description.
C ★ 0 10y agoExplain → -
patator ⑂
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Python ★ 0 10y agoExplain → -
ovpn-to-apc ⑂
Convert OpenVPN profiles to an APC file that can be imported into a Sophos/Astaro UTM
Shell ★ 0 10y agoExplain → -
MifareClassicTool ⑂
An Android NFC-App for reading, writing, analysing, etc. Mifare Classic RFID-Tags.
Java ★ 0 10y agoExplain → -
BreakingBricks ⑂
Some tools used in the Ruxcon / Kiwicon presentation "Breaking Bricks and Plumbing Pipes: Cisco ASA a Super Mario Adventure."
Ruby ★ 0 11y agoExplain → -
various ⑂
No description.
★ 0 11y agoExplain → -
pupy ⑂
Pupy is a remote administration tool with an embeded Python interpreter, allowing its modules to load python packages from memory and transparently access remote python objects. The payload is a reflective DLL and leaves no trace on disk
Python ★ 0 10y agoExplain → -
reaver-wps-fork-t6x ⑂
No description.
C ★ 0 11y agoExplain → -
the-backdoor-factory ⑂
Patch PE, ELF, Mach-O binaries with shellcode
Python ★ 0 11y agoExplain → -
Pomf ⑂
Simple file uploading and sharing, source for the now shut down site Pomf.se
JavaScript ★ 0 11y agoExplain → -
thc-hydra ⑂
hydra
C ★ 0 11y agoExplain → -
dnscat2-powershell ⑂
A Powershell port of dnscat2, a DNS covert channel tool.
PowerShell ★ 0 11y agoExplain → -
PowerSploit ⑂
PowerSploit - A PowerShell Post-Exploitation Framework
★ 0 12y agoExplain → -
webshell ⑂
This is a webshell open source project
★ 0 12y agoExplain → -
FinFly-Web ⑂
No description.
★ 0 12y agoExplain → -
proxmark3 ⑂
Proxmark 3
C ★ 0 12y agoExplain →
No repos match these filters.