There are no reviews yet. Be the first to send feedback to the community and the maintainers!
instagram-followers-bot
A bot for Instagram. You can follow users using a tag or in a specific location, unfollow those who dont follow-you-back, and follow-back those who follow youwifi-pentesting-guide
WiFi Penetration Testing GuideNativeDump
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)WhoamiAlternatives
Different methods to get current username without using whoamiadfsbrute
A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.covert-tube
Youtube as covert-channel - Control systems remotely and execute commands by uploading videos to Youtubetwitter-followers-bot
A bot for Twitter. You can follow users in a specific location or tweeting specific words and unfollow those who do not follow you back (and are not included in whitelist.txt). Also generates REPORTS!covert-control
Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or TelegramSharpCovertTube
Youtube as C2 - Control Windows systems uploading videos to Youtubewpa2-enterprise-attack
Virtual machines and scripts to attack WPA2-Enterprise networks through Rogue Access Points downgrading the authentication method to GTCinstagram-user-id
Get the user ID of any user in instagramhttp-protocol-exfil
Exfiltrate files using the HTTP protocol version ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1)p-invoke.net
P/Invoke definitions from the now offline pinvoke.net - Website: https://www.p-invoke.net/spotify-playlist-downloader
Downloading Spotify Playlistsddos_simulation
DDoS simulation written in Python using "scapy" and "multiprocessing" libraries. Used for educational purposesOSED-prep
Exploits written while preparing for the OSED examsubdoler
Easy subdomain finder from a list of company names, IP ranges or domains.slae32
The SecurityTube Linux Assembly Expert (SLAE) is an online course and certification which focuses on teaching the basics of 32-bit assembly language for the Intel Architecture (IA-32) family of processors on the Linux platform and applying it to InfosecTinder-Searcher-and-DB-creation
Tinder user searcher and DB creation. Proof of concept for Tinder security teamvulnserver-exploits
Vulnserver exploitsntds-analyzer
A tool to analyze Ntds.dit files once the NTLM and LM hashes have been cracked.SharpObfuscate
Obfuscate payloads using IPv4, IPv6, MAC or UUID stringss7-parser
Parser of the industrial protocol S7 (S7comm) using LibpcapPortswigger-Labs
All Apprentice and Practitioner-level Portswigger labsSSSD-creds
Script to extract the cached credentials from SSSD, getting Active Directory credentials from Unix systemstriangle-position
Triangle a coordinate given 3 or 4 coordinatesSharpNado
Repository to gather all .NET malware related code snippets or programs I will developMinidumpParser
C# program to parse Microsoft Minidump files and their streamsomrs-rce-exploit
Online Marriage Registration System (OMRS) 1.0 - Remote code executionarduino-rubber-ducky-scripts
david hasselhoff wallpaper using arduino pro micropywisam
A Wifi pentesting framework written in Pythonjeringuilla
Process injection framework in C#. It uses dynamic function loading using delegates and AES-encryption for strings and payloadsSharpNtdllOverwrite
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder, a debugged process or a URLinstagram-liker-all-posts
Like all posts of a user given the username in Instagramubucryptor
File encryptor and decryptor in Linux with Python. Using the same file extensions than Wannacrygithub-bot
Easy bot for starring or branching a huge number of repositories. Using pyGithubwebmin-tor-bruteforce
Script to bruteforce Webmin allowing to rotate the IP address using Tortextpattern-exploit-rce
Textpattern <= 4.8.3 Remote code execution (Authenticated)LM_original_password_cracker
Having the NTLM and a cracked LM hash it is possible to get the original password by testing all the combinations of upper and lowercases. This is useful if a ntds.dit file has both NTLM and LM hashesSharpSelfDelete
PoC to self-delete a binary in C#SharpProcessDump
Dump memory regions of a process using NtQueryVirtualMemory and NtReadVirtualMemoryGetProcAddress
GetProcAddress implementation in C# walking the PEB using only ReadProcessMemorycoinhive-example
Easy example using Coinhive in a simple pagegoogle-recaptcha-bypass
Trying to bypass Google Recaptcha. Different approaches in every commit, most of them not working heheh D:StealthyEnv
Stealthier alternative to whoami.exe in C#, it gets environment variables from PEB (PRTL_USER_PROCESS_PARAMETERS)username-generator
Generate list of possible usernames for attacks such as password sprayingmlhe_psnr
It converts (MP4 -> YUV) and (MP4 -> MLHE -> YUV). Then it calculates the PSNRNoSQL-injection-example
MongoDB injection exampleipv4info_scraper
Get the IP blocks and domains from a company name by scrapping IPv4infoSharpEA
Read, write and delete Extended Attributes (EAs) within NTFS, to hide malicious payloadsGetModuleHandle
GetModuleHandle implementation in C# using only NtQueryInformationProcess by walking the PEBnodejs_webshell
Node.js webshell created using AngularJS. It is a MEAN app (MongoDB + Express + AngularJs + Node.js) with a CLI in a text boxlsass-dumper
Dump lsass.exe generating a file with the hostname and date in txt format using C++.CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration (CVE-2021-31159) - https://ricardojoserf.github.io/CVE-2021-31159/SharpADS
Read, write and delete Alternate Data Streams (ADS) within NTFS, to hide malicious payloadsbotnet-ssh-control
Botnet Command and Control (C&C) controlled via SSH. Based in Paramiko librarywordpress-custom-bruteforce
Script to bruteforce Wordpress allowing to rotate the IP address using TorCESP-ADCS-cheatsheet
Cheatsheet for Altered Security's CESP ADCS coursetwitter-detector
Create a Twitter listener to detect people tweeting specific words or in a location, then analyze the users data.instagram-access-token
Get the access token of your Instagram Appelgamal-golang
A Golang implementation of Elgamal algorithm: encryption, decryption and signature generation and verificationdni-spain-wordlist
DNI (Spanish ID card) generator and wordlistsCVE-2021-40845
AlphaWeb XE, the embedded web server running on AlphaCom XE, has a vulnerability which allows to upload PHP files leading to RCE once the authentication is successful - https://ricardojoserf.github.io/CVE-2021-40845/dns-exfiltration
Notes and custom scripts for DNS exfiltrationrandom
Random stuffpylangame
Game to learn vocabulary in any language using Google Translator APItextpattern-bruteforce
Script to bruteforce websites using TextPattern CMS.rop-emporium-exploits
Rop Emporium - Exploits and brief Walkthroughslsass-dumper-csharp
Custom lsass.exe dump using C#: XOR-encoding, Dynamic function resolution, using NTAPIs...GetModuleHandleRemote
GetModuleHandle implementation in C# for remote processes using only NTAPIsricardojoserf.github.io
My blog :)goNtdllOverwrite
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged processwriteups
Vulnhub and HTB writeupsGetProcessByName
Get process handle(s) from process name using NtGetNextProcess and GetProcessImageFileNameurl-storing-android-app
App for storing urls (developed in ~2014)location-android-app
Location Android Application (developed in the summer of 2017)teleasistencia-App_PE
App Android y Procesador de Eventos para un sistema de TeleasistenciaGuardPagesHooking
C# implementation of Guard Pages API Hookingelgamal-python
A Python implementation of Elgamal algorithm: encryption, decryption and signature generation and verificationnon-ms-binaries
Code snippet to create a process using the "PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON" flagniidoru
Framework for Process Injection in Windows using Gogo-GetProcessByName
Get process handle(s) from process name using NtGetNextProcess and GetProcessImageFileNametwitter-database-generation
Twitter database generation using Tweepy librariessitc_nahr
Twitter Sentiment Anallysis for SITCglobal-app
App developed for a bus company in 2014 using Apache Cordova ,updated in 2017. Sending a request to an url and scraping the responsefile-hider
Hide your files in infinite folders. It creates one folder for every character recursively, so the true file gets stored in the initial route and in the other folders a fake file (with the same name and size) gets stored.Love Open Source and this site? Check out how you can help us