Near salt water

Drew

Expert
@hoodoer

Hacking things, coding things. Principal Consultant at Blackthorne

JS-Tap. JavaScript beacons and C2 to be used for XSS payload or post exploitation implants on webapp servers or desktop software to monitor users and maintain persistence. Browser extension, electron app, and node/bun app implants are included.

469

WP-XSS-Admin-Funcs. JavaScript functions intended to be used as an XSS payload against a WordPress admin account.

58

DragonHash. Demo code JavaScript POC that tricks user into sending Windows hash to responder

37

MCP-ASD. MCP Attack Surface Detector - Burp plugin to make manual testing of MCP servers easier in Burp Suite

30

ENNEoS. Evolutionary Neural Network Encoder of Shenanigans. Obfuscating shellcode with an encoder that uses genetic algorithms to evolve neural networks to contain and output the shellcode on demand.

24

XSS-Data-Exfil. Sample code for exfiltrating data through an XSS vulnerability. XSS Payload retrieves sensitive data in victim's browser, then breaks it into chunks. Sends those chunks out as image requests (data in image filename). Example commands and python script to put the original data back together.

22

Top-Port-Slicer. Python script to give you subsets of the nmap "top-ports". For example, I want the 10th to 100th most common TCP ports. Spits out a comma separated list you can copy into -p arg for nmap or masscan

18

postBasedXSS. Demo of various ways to exploit post based reflected XSS

18

ColonelClustered. A Java Burp Plugin that performs text clustering on responses to identify outliers/groups based on the actual content of the server responses, say from an Intruder run.

12

endgame. An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

12

checkHostsInScope. Bash script to take a list of domains/subdomains (e.g. from amass) and check if they're in scope based on a file of inscope IP addresses

8

proxy-helper-the-sequel. Port/rework of proxy-helper plugin for hak5 Pineapples

8

shellcodeEncryptor. Python script to take any file and create a C header file with that binary data encoded as a char array. Optionally XOR encrypts the data. Helpful for creating custom loaders for shellcode.

7

NEAT_Thesis. An implementation in C++ of novelty search in competitive coevolution using NEAT (Neuroevolution of augmenting topologies)

4

dragInputClickjacking. Demo of using draggable elements in a clickjacking PoC to "type" user inputs.

3

sonicWallBruteForce. Script to brute force logins to SonicWall

3

rickRollAddressBarPayload. XSS/JavaScript payload that runs the rick roll lyrics through in the browser address bar.

2

WP-XSS-Challenge-Deploy. Python script to help automate deployment of my XSS challenge infrastructure

1

javascriptFileEncoder. Encodes a file into JavaScript friendly hex data, useful for adding file uploads to session riding XSS payloads

1

plistsubstractor3. Python3 version of plistsubstractor

1

javaScriptDeployer. Example bash script and JavaScript to copy a JavaScript payload into all .js files, but have only one copy run, regardless of how many .js files are included in the rendered page.

1

Normalized-Compression-Distance-NCD-Zlib. Simple C++ header file with a class that uses the Zlib compression algorithm to calculate Normalized Compression Distance (NCD) values

1

Web_Crypto_API_Demo. Demo server and client-side JavaScript code for how to use Web Crypto API to do application level encryption for your web traffic.

1
23
Apply