There are no reviews yet. Be the first to send feedback to the community and the maintainers!
instagram-followers-bot
A bot for Instagram. You can follow users using a tag or in a specific location, unfollow those who dont follow-you-back, and follow-back those who follow youNativeDump
Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!!!)wifi-pentesting-guide
WiFi Penetration Testing GuideTrickDump
Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!WhoamiAlternatives
Different methods to get current username without using whoamiadfsbrute
A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.covert-tube
Youtube as covert-channel - Control systems remotely and execute commands by uploading videos to YoutubeSharpCovertTube
Youtube as C2 channel - Control Windows systems uploading videos to Youtubetwitter-followers-bot
A bot for Twitter. You can follow users in a specific location or tweeting specific words and unfollow those who do not follow you back (and are not included in whitelist.txt). Also generates REPORTS!covert-control
Google Drive, OneDrive and Youtube as covert-channels - Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegramwpa2-enterprise-attack
Virtual machines and scripts to attack WPA2-Enterprise networks through Rogue Access Points downgrading the authentication method to GTCinstagram-user-id
Get the user ID of any user in instagramSharpSelfDelete
PoC to self-delete a binary in C#http-protocol-exfil
Exfiltrate files using the HTTP protocol version ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1)p-invoke.net
P/Invoke definitions from the now offline pinvoke.net - Website: https://www.p-invoke.net/spotify-playlist-downloader
Downloading Spotify PlaylistsOSED-prep
Exploits written while preparing for the OSED examddos_simulation
DDoS simulation written in Python using "scapy" and "multiprocessing" libraries. Used for educational purposesTinder-Searcher-and-DB-creation
Tinder user searcher and DB creation. Proof of concept for Tinder security teamsubdoler
Easy subdomain finder from a list of company names, IP ranges or domains.slae32
The SecurityTube Linux Assembly Expert (SLAE) is an online course and certification which focuses on teaching the basics of 32-bit assembly language for the Intel Architecture (IA-32) family of processors on the Linux platform and applying it to InfosecPortswigger-Labs
All Apprentice and Practitioner-level Portswigger labsvulnserver-exploits
Vulnserver exploitsSSSD-creds
Script to extract the cached credentials from SSSD, getting Active Directory credentials from Unix systemsSharpNado
Repository to gather the .NET malware I will be developingSharpObfuscate
Obfuscate payloads using IPv4, IPv6, MAC or UUID stringsntds-analyzer
A tool to analyze Ntds.dit files once the NTLM and LM hashes have been cracked.s7-parser
Parser of the industrial protocol S7 (S7comm) using LibpcapMinidumpParser
C# program to parse Microsoft Minidump files and their streamsSharpNtdllOverwrite
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder, a debugged process or a URLtriangle-position
Triangle a coordinate given 3 or 4 coordinatesjeringuilla
Process injection framework in C#. It uses dynamic function loading using delegates and AES-encryption for strings and payloadsomrs-rce-exploit
Online Marriage Registration System (OMRS) 1.0 - Remote code executionarduino-rubber-ducky-scripts
david hasselhoff wallpaper using arduino pro micropywisam
A Wifi pentesting framework written in PythonGetModuleHandle
GetModuleHandle implementation in C# using only NtQueryInformationProcess by walking the PEBLM_original_password_cracker
Having the NTLM and a cracked LM hash it is possible to get the original password by testing all the combinations of upper and lowercases. This is useful if a ntds.dit file has both NTLM and LM hashesSharpProcessDump
Dump memory regions of a process using NtQueryVirtualMemory and NtReadVirtualMemoryinstagram-liker-all-posts
Like all posts of a user given the username in Instagramubucryptor
File encryptor and decryptor in Linux with Python. Using the same file extensions than Wannacrygithub-bot
Easy bot for starring or branching a huge number of repositories. Using pyGithubwebmin-tor-bruteforce
Script to bruteforce Webmin allowing to rotate the IP address using TorGetProcAddress
GetProcAddress implementation in C# walking the PEB using only NtReadVirtualMemorytextpattern-exploit-rce
Textpattern <= 4.8.3 Remote code execution (Authenticated)StealthyEnv
Stealthier alternative to whoami.exe in C#, it gets environment variables from PEB (PRTL_USER_PROCESS_PARAMETERS)SharpADS
Read, write and delete Alternate Data Streams (ADS) within NTFS, to hide malicious payloadsCESP-ADCS-cheatsheet
Cheatsheet for Altered Security's CESP ADCS courseipv4info_scraper
Get the IP blocks and domains from a company name by scrapping IPv4infoSharpEA
Read, write and delete Extended Attributes (EAs) within NTFS, to hide malicious payloadscoinhive-example
Easy example using Coinhive in a simple pagegoogle-recaptcha-bypass
Trying to bypass Google Recaptcha. Different approaches in every commit, most of them not working heheh D:BOF_Files
Repository to gather the BOF files I will be developinggoNtdllOverwrite
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged processCVE-2019-19033
CVE-2019-19033 description and scripts to check the vulnerability in Jalios JCMS 10 (Authentication Bypass)username-generator
Generate list of possible usernames for attacks such as password sprayingmlhe_psnr
It converts (MP4 -> YUV) and (MP4 -> MLHE -> YUV). Then it calculates the PSNRNoSQL-injection-example
MongoDB injection examplenodejs_webshell
Node.js webshell created using AngularJS. It is a MEAN app (MongoDB + Express + AngularJs + Node.js) with a CLI in a text boxlsass-dumper
Dump lsass.exe generating a file with the hostname and date in txt format using C++.CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration (CVE-2021-31159) - https://ricardojoserf.github.io/CVE-2021-31159/dns-exfiltration
Notes and custom scripts for DNS exfiltrationbotnet-ssh-control
Botnet Command and Control (C&C) controlled via SSH. Based in Paramiko librarywordpress-custom-bruteforce
Script to bruteforce Wordpress allowing to rotate the IP address using Tortwitter-detector
Create a Twitter listener to detect people tweeting specific words or in a location, then analyze the users data.instagram-access-token
Get the access token of your Instagram Appelgamal-golang
A Golang implementation of Elgamal algorithm: encryption, decryption and signature generation and verificationrop-emporium-exploits
Rop Emporium - Exploits and brief Walkthroughsdni-spain-wordlist
DNI (Spanish ID card) generator and wordlistslsass-dumper-csharp
Custom lsass.exe dump using C#: XOR-encoding, Dynamic function resolution, using NTAPIs...CVE-2021-40845
AlphaWeb XE, the embedded web server running on AlphaCom XE, has a vulnerability which allows to upload PHP files leading to RCE once the authentication is successful - https://ricardojoserf.github.io/CVE-2021-40845/GetModuleHandleRemote
GetModuleHandle implementation in C# for remote processes using only NTAPIsricardojoserf.github.io
My blog :)niidoru
Framework for Process Injection in Windows using Gowriteups
Vulnhub and HTB writeupsGetProcessByName
Get process handle(s) from process name using NtGetNextProcess and GetProcessImageFileNameurl-storing-android-app
App for storing urls (developed in ~2014)location-android-app
Location Android Application (developed in the summer of 2017)random
Random stuffpylangame
Game to learn vocabulary in any language using Google Translator APIteleasistencia-App_PE
App Android y Procesador de Eventos para un sistema de TeleasistenciaGuardPagesHooking
C# implementation of Guard Pages API Hookingelgamal-python
A Python implementation of Elgamal algorithm: encryption, decryption and signature generation and verificationtextpattern-bruteforce
Script to bruteforce websites using TextPattern CMS.non-ms-binaries
Code snippet to create a process using the "PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON" flaggo-GetProcessByName
Get process handle(s) from process name using NtGetNextProcess and GetProcessImageFileNametwitter-database-generation
Twitter database generation using Tweepy librariessitc_nahr
Twitter Sentiment Anallysis for SITCglobal-app
App developed for a bus company in 2014 using Apache Cordova ,updated in 2017. Sending a request to an url and scraping the responsefile-hider
Hide your files in infinite folders. It creates one folder for every character recursively, so the true file gets stored in the initial route and in the other folders a fake file (with the same name and size) gets stored.ricardojoserf
Github profile readmeLove Open Source and this site? Check out how you can help us