Keep calm and hack something, but remember to wear a ninja mask for added stealth. π±βπ€π
burpgpt. A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.
2.3kwirespy. Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).
658jwtcat. A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
334openapi-parser. Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
209xmlrpc-bruteforcer. Multi-threaded XMLRPC brute forcer using amplification attacks targeting WordPress installations prior to version 4.4.
146flarequench. Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.
65sci. Framework designed to automate the process of assembly code injection (trojanising) within Android applications.
48spyware. An Android RAT that collects various sensitive information in real-time and send them to the attacker databse.
47smbaudit. Perform various SMB-related attacks, particularly useful for testing large Active Directory environments.
42pentest2xlsx. Excel parser for various pentesting tools.
31google-authenticator. Burp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).
30clm-rout. A C# program featuring an all-in-one bypass for CLM, AppLocker and AMSI using Runspace.
23vulcan. A PowerShell script that simplifies life and therefore... phishing.
19ness6nmap2xlsx. XLSX parser for nessus and nmap scan results.
12testssl2xlsx. Excel parser for testssl scan results.
12copy-as-powershell-requests. Copy as PowerShell request(s) plugin for Burp Suite (approved by PortSwigger for inclusion in their official BApp Store).
10Mobile-Security-Framework-MobSF. Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
10bloodhound-utils. A collection of utility scripts/files designed to extend/facilitate Bloodhound capabilities.
9HackAllTheThings. Cheatsheets, References, and notes on various red teaming/pentesting topics.
8openvpn-stat. Display OpenVPN connected clients and their associated routing information in a user-friendly fashion.
7raadef. An extensible Rust-based exploitation framework designed to audit/attack AzureAD environments.
7powershell-utils. A collection of PowerShell scripts for pentesting activities.
6OSEP-Code-Snippets. A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
6phishstat. Generate various type of statistics from phishing engagement results.
5docker_burp-enterprise. Attempt at dockerizing Burp Enterprise v2022.4.
5corellium-utils. A collection of utility scripts leveraging the Corellium API and designed to facilitate mobile pentesting.
5centralized-messaging. Centralized messaging system.
4distributed-chat. Distributed chat system.
4solstice-pod-cves. Various CVEs for Solstice Pod from Mersive Technologies.
4cve-2017-12945. Exploit for CVE-2017-12945.
4xor-crypter. XOR file encryptor.
3Active-Directory-Exploitation-Cheat-Sheet. A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
3c-q. Interactive, multi-users, multi-sessions web platform for quiz and courses.
3net-ninny-proxy. Web proxy coupled with a URL-based and content-based filter.
3open-wc. Open Web Components: guides, tools and libraries for modern web development and web components
2PortRanger. Converts an unordered (e.g. grepped) network ports to a condensed range/list that is suitable for nmap and other tools.
2GLPI. Gestionnaire libre de parc informatique (Free Management of Computer Equipment).
2web. Guides, tools and libraries for modern web development.
2OSCP-Exam-Report-Template-Markdown. :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
2mui-treasury. A collection of ready-to-use components based on Material-UI
2refine. A React Framework for building internal tools, admin panels, dashboards & B2B apps with unmatched flexibility.
2create. Repository for `npm init @open-wc`
1PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework
1dotfiles. A collection of dotfiles.
1notistack. Highly customizable notification snackbars (toasts) that can be stacked on top of each other
1React-Native-Login-Screen-Tutorial. JavaScript
1badge-readme. Add badges in your Readme
1aress31. A β¨specialβ¨ place that offers an insight into a subset of my work.
1