There are no reviews yet. Be the first to send feedback to the community and the maintainers!
shelling
SHELLING - a comprehensive OS command injection payload generatorpsychoPATH
psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support, single byte generator, payload export.PPID_spoof
An example of how to spawn a process with a spoofed parent PID (Visual C++)icmpsh-s-linux
GNU/Linux version of the https://github.com/inquisb/icmpsh slaveSCARY
PHP Source Code Analyzer written in Perl (taint checking)localdataHog
String-based secret-searching tool (high entropy and regexes) based on truffleHogIntrusive
Intrusive is a realtime log analysis tool designed to perform IDS and anomalies detection functionsparambrute
A little Burp Scanner extension (python) detecting page's parameters (fast binary search).xssValidatorTestCases
A set of test case scripts for xssValidator Burp Extensionapi-ms-win-code-debug-l1-1-0
A sample DLL appending a text file with the list of high integrity/SYSTEM process that loaded it (for issue testing).DFIR
Wykłady stworzone z myślą o studentach Politechniki Opolskiej (Wykrywanie i reagowanie na incydenty bezpieczeństwa).magic_params
A simple helper for generating sets of potential hidden variables used in broken authentication/authorisation and latent verbosity/debug modes in a Burp Intruder-friendly fashion.Windows_persistence
A collection of persistence methods for Windowsdictator
Custom dictionary generation framework intended for enumertion of URL-s (directories, variables). With a bit of adjustment it would also be a good fit for passwords as well. This is currently NOT a Burp extension.poison_exifdata
Simple helper for string exiftags poisoning (either with custom payload or with a holder to use with e.g. Burp Intruder -> Scanner integration).registry_hidden_key
A CPP demo POC based on https://github.com/ewhitehats/InvisiblePersistence/blob/master/InvisibleRegValues_Whitepaper.pdfPattern_Discovery
Very simple and powerful pattern (PCRE) discovery tool for fast and effective log analysis, useful in debugging, SIEM development etc.CVE-2023-38041-POC
Ivanti Pulse Secure Client Connect Local Privilege Escalation CVE-2023-38041 Proof of Conceptcontent_discovery
I am just posting my thoughts on the Content Discovery processmemplunge
# Information disclosure searcher/debugger written by ewilded # This script conducts search over the whole memory allocated by all existing processes (and optionally opened file descriptors), looking for particular string. # The initial application of this script was to facilitate the process of discovering various dependancies and potential information disclosure vulnerabilities. The idea is to put the string which's flow we are interested in into the input of relevant application/service and then look for it in the memory.CVE-2024-0197-POC
Proof of concept for Local Privilege Escalation in Thales Sentinel HASP LDK.ZScaler_msiexec_LPE_2023
My proof of concept for a Local Privilege Escalation via msiexec in ZScaler Client Connector 3.7.2.18vulndev_scripts
Garbage scripts helping with some vulndev tasksMobile
Wykłady stworzone z myślą o studentach Politechniki OpolskiejCVE-2023-37250-POC
PoCtimebased_token_pattern_discovery
A simple script intended for discovery of current timestamp based security token patternsfucking_with_filenames
LFI_sploit
Universl LFI exploit templateCVE-2024-25376-POC
CVE-2024-25376 - Local Privilege Escalation in TUSBAudioLove Open Source and this site? Check out how you can help us