Lead offensive security engineer, bug hunter, blockchain, and AI enthusiast - sharing security-related code in my free time.
penetration-testing-cheat-sheet. Work in progress...
830php-reverse-shell. PHP shells that work on Linux OS, macOS, and Windows OS.
565wifi-penetration-testing-cheat-sheet. Work in progress...
545android-penetration-testing-cheat-sheet. Work in progress...
484ios-penetration-testing-cheat-sheet. Work in progress...
419invoker. Penetration testing utility and antivirus assessment tool.
314powershell-reverse-tcp. PowerShell scripts for communicating with a remote host.
300forbidden. Bypass 4xx HTTP response status codes and more. The tool is based on Python Requests, PycURL, and HTTP Client.
257malware-apk. As a bug hunter, are your bug bounty reports getting rejected because you don't use a "malicious" Proof of Concept (PoC) app to exploit the vulnerabilities? I've got you covered!
146evil-twin. Learn how to set up a fake authentication web page on a fake WiFi network.
125php-ransomware. PHP ransomware that encrypts your files, as well as file and directory names.
114keylogger. Windows OS keylogger with a hook mechanism (i.e. with a keyboard hook procedure).
84java-reverse-tcp. JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.
68chat-app. Multithreading TCP server and client communicating over TCP/IP - Windows Forms Application.
52xss-catcher. Simple API for storing all incoming XSS requests and various XSS templates.
49phishing-mobile-app. Phishing mobile application made in React Native for both Android and iOS devices.
33chad. Search Google Dorks like Chad. / Broken link hijacking tool.
33dns-exfiltrator. Exfiltrate data with DNS queries. Based on CertUtil and NSLookup.
24secure-website. Secure website with a registration, sign in, session management, and CRUD controls.
23file-scraper. Scrape files for sensitive information, and generate an interactive HTML report. Based on Rabin2.
18scrapy-scraper. Web crawler and scraper based on Scrapy and Playwright's headless browser.
17nagooglesearch. Not another Google searching tool.
14metagoofeel. Web crawler and downloader based on GNU Wget.
12amounts. Generate a wordlist to fuzz amounts or any other numerical values.
11wordlist-extender. Extend wordlist by appending digits and special characters to each word.
10jwt-bf. Brute force a JWT token. Script uses multithreading.
9memory-dumper. Dump a process memory and extract data based on regular expressions.
9websocket-bf. Brute force a REST API query through WebSocket. Based on cURL.
8domain-extractor. Extract valid or partially valid domain names and IPs from malicious or invalid URLs.
8property-lister. Extract and convert property list files from SQLite database files and from other property list files.
8malware-droppers. Custom malware droppers written in multiple languages.
7dnsrecon-chunked. Brute force subdomains in multiple smaller iterations. Based on DNSRecon.
7file-shredder. PowerShell script for shredding files.
7pre-master-secret-key. Set up all you need to capture pre-master secret keys to decrypt SSL in Wireshark.
7bot-safe-agents. A library for fetching a list of bot-safe user agents.
5browser-extension-automation. Run a browser extension in a sandboxed web browser and without any fear of corrupting or loosing your real data.
5transporter. Send packets through raw sockets.
5auto-recon. Not another auto-reconnaissance framework.
5solidity-learning. Work in progress...
4ivan-sincek. My profile info.
4unquoted-service-paths. List unquoted service paths and start, stop, or restart services as needed.
3uninstall-msi-products. Uninstall a specific or all MSI products.
2css-dictionary-attack. Example on how to steal information with CSS from web forms.
2nagooglesearch-playwright. Not another Google searching tool.
1threat-modeling-agent-skills. Easy-to-use, high-efficiency threat modeling agent skills.
1