This is your work, valued

somewhere

Yeeb

Expert
@Yeeb1

Penetration Tester, Red Teamer, and CTF Player with hands-on Incident Response experience and a passion for offensive security.

SockTail. Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s embedded client (tsnet). Zero config, no daemon, no persistence - just a fast way in.

568

SharpLansweeperDecrypt. Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance.

47

shelf. The Shelf is a repository containing various tools, exploits, and scripts that I’ve gathered over the years. These are small but useful utilities for hacking, automation, and configurations that didn't justify their own repo but are too handy to lose. Useful for quick tasks, testing, or competitive hacking.

36

mythic_tailscale. Tailscale/Headscale C2 profile and agent for Mythic

25

MagicBOFs. A small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.

21

SharpRDPlusSnatcher. Exploits a flaw in Remote Desktop Plus by monitoring and decrypting temporary .rdp files in %localappdata%/Temp, revealing credentials used in remote desktop sessions.

18

mythic_awss3. A Mythic C2 Profile that uses AWS S3 for command and control communication with per-execution credential isolation.

13

CTFdCLI. Command-line interface for CTFd competitions: sync challenges, submit flags, and track progress.

10

mythic_netbird. NetBird mesh VPN C2 profile and Stymphalian demo agent for Mythic

10

EvenWorseGuest. Fork of nyxgeek's bad_guest.ps1 which outputs into JSON and has some basic analytics added.

9

BlazorRazor. Tools Suite to Dump Microsoft .NET Blazor Applications and Run some (basic) Analysis

5

DeathTrooperDecryption. DeathTrooperDecryption is a toolset for decrypting and analyzing encrypted communications in the Empire C2 framework. It's intended to decode staging data, command outputs, session keys, and cookies from captured Empire agent traffic.

5

SquidSideOut. SquidSideOut is a Go-based tool that performs internal port scanning by routing probes through a Squid or any HTTP proxy. It can enumerate localhost ports on the proxy host or scan remote targets reachable via the proxy to discover open services.

4

ProxmoxAuthForge. A Python script designed for generating authentication tokens for Proxmox VE (Virtual Environment). The script automates the process of creating 'PVEAuthCookie' and 'PMGAuthCookie', with the private key typically found at /etc/pve/priv/authkey.key for PVE and /etc/pmg/pmg-authkey.key for PMG

4

BluePhishProxy. The Phish is the Bait. Identify security infrastructure by deploying intentionally suspicious links that bait scanners and blue teams. Fingerprints automated systems to optimize your actual campaign delivery.

4

filezilla2hashcat. This script converts FileZilla hashes into a format compatible with Hashcat (PBKDF2-HMAC-SHA256) for cracking. Additionally, it can parse users.xml or server.xml files to extract hashes, salts, and iterations automatically.

3

HTB-Discord. HackTheBot is a Discord bot that posts Hack The Box updates - such as new machines, challenges, and platform notices - directly into your Discord server, with OSINT details and optional link archiving.

3

ASP.NETIdentity2hashcat. Converts ASP.NET Identity (PBKDF2+HMAC-SHA1 and PBKDF2+HMAC-SHA256) to Hashcat format

2

CVE-2023-27532-RCE-Only. Modified Exploit for CVE-2023-27532 against Veeam Backup & Replication

2

WinSSHTermVaultRecovery. A tool for cracking WinSSHTerm vault master passwords, with a wordlist.

2

NetExec. The Network Execution Tool

1

DavineLuLinvega. Python tools for quickly sharing command outputs, files, and clipboard content to Discord.

1

GraphSpy. Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

1

NimPlanted. A Python script to recover the AES key and decrypt agent traffic from the NimPlant C2 server by exploiting the limited keyspace of the XOR key used in pre-crypto operations.

1