Stars
Parse FFUF results in GUI with option to sort based by response code , size , keyword
Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.
A Go (Golang) Backend Clean Architecture project with Gin, MongoDB, JWT Authentication Middleware, Test, and Docker.
Automating situational awareness for cloud penetration tests.
Scan for secrets, endpoints, and other sensitive data after decompiling and deobfuscating Android files. (.apk, .xapk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab, .jadx.kts).
365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.
A modern replacement for Redis and Memcached
A collection of Server-Side Prototype Pollution gadgets and exploits
Awesome secure by default libraries to help you eliminate bug classes!
A repository with 3 tools for pwn'ing websites with .git repositories available
Shikata ga nai (仕方がない) encoder ported into go with several improvements
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
A PowerShell Watch-Command cmdlet for repeatedly running a command or block of code until a change in the output occurs.
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository …
Example DLL to load from Windows NetShell
Programmatically create an administrative user under Windows
Tool for Active Directory Certificate Services enumeration and abuse
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
Extract credentials from lsass remotely
One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
ThePorgs / impacket
Forked from fortra/impacketImpacket is a collection of Python classes for working with network protocols.
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).