This is your work, valued

Panagiotis Chartas

Elite
@t3l3machus

Penetration Tester, Cybersecurity Researcher.

Villain. Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

4.4k

hoaxshell. A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

3.5k

psudohash. Generates millions of keyword-based password mutations in seconds.

1.4k

toxssin. An XSS exploitation command-line interface and payload generator.

1.4k

PowerShell-Obfuscation-Bible. A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.

1.2k

eviltree. A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.

407

pentest-pivoting. A compact guide to network pivoting for penetration testings / CTF challenges.

227

wwwtree. A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.

181

BabelStrike. The purpose of this tool is: 1. to transliterate and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages, common problem occurring from scraped employee name lists (e.g. from Linkedin). 2. to transliterate a wordlist that may include words/phrases written in multiple (non-Englis

140

Synergy-httpx. A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).

140

ACEshark. ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminating the need for tools like accesschk.exe or other non-native binaries.

126

CVE-2023-22960. This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both username-password and PIN authentication.

90

OWASP-Testing-Guide-Checklist. OWASP based Web Application Security Testing Checklist

86

undust.py. undust is a URL pattern generator that helps uncover archived, backup, and temporary files left behind on web servers. Given a URL, it generates the most common archive, temp and backup file name variants.

54

Awesome-AI.

48

cybersec-service-metrics. A spreadsheet designed to automatically generate Key Performance Indicators (charts) for Cyber Security Services based on documented data, powered by formulas (no MACROS). Ideal for Team leaders / Managers of small-medium sized organizations.

31

ssh-log-alert. Receive email alerts on successful ssh logins based on a predefined IP whitelist OR a predefined IP country origin whitelist (using mailgun)

27

kcbrute. Basic brute-force script targeting the standard Keycloak Admin/User Console browser login flow.

26

t3l3machus.

26

gmail-ssh-log-alert. Receive email alerts on successful ssh logins based on a predefined IP whitelist OR a predefined IP country origin whitelist (using gmail)

26

reverse-shell-generator. Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

18

YouTube-Example-Scripts. Python

9

periodic-table-offensive-security. A visual reference of 118 essential red team tools, frameworks & standards, organized like a periodic table. Includes a printable PDF version.

6

nuclei-templates. Community curated list of templates for the nuclei engine to find security vulnerabilities.

5

pentest-arsenal. A collection of tools that I use in CTF's or for assessments

4

.github.

3

HaxorTechTones. HaxorTechTones YouTube channel labs and more.

2

resolvers.

1

t3l3machus.github.io. HTML

1