Daniel Underhay

Advanced
@dunderhay

git-rotate. Leveraging GitHub Actions to rotate IP addresses during password spraying attacks to bypass IP-Based blocking

152

CCTV-v380-pro. Research on v380 Pro CCTV IP Camera

120

entraspray. Password spraying tool for Microsoft Online accounts (Entra/Azure/O365)

70

phishsticks. A framework for OAuth 2.0 device code authentication grant flow phishing

47

CVE-2020-5902. Python script to exploit F5 Big-IP CVE-2020-5902

36

adfspray. ADFS Brute-Force Login Script

11

devicecode_phishing. OAuth Device Code Authorization Phishing Script

11

gophish-notifications. A webhook server to send email notifications when a target has submitted credentials to a Gophish landing page.

5

recon. Bash shell script to perform domain recon using various tools

4

evilginx3-phishlets.

4

evilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

4

Kawaiicon-Box-CTF-2019. Box challenge for Kawaiicon 2019

3

Secret-Santa-for-Hackers. Python

3

mct-to-mfd. Convert .mct file format to .mfd - which can be uploaded to Chameleon Mini

2

jwt_tool. :snake: A toolkit for testing, tweaking and cracking JSON Web Tokens

2

redirect.rules. Quick and dirty dynamic redirect.rules generator

2

dunderhay.github.io. HTML

1

access-control. A reference of the different types of access control card readers and which countries they're commonly found in

1

dump. PowerShell

1

RFID-Field-Detector. Open source PCB the size of a credit card that is capable of detecting the field generated by a RFID reader and identify if it is a LF(125kHz) or HF/NFC(13.56MHz) reader.

1
20
Apply