FunΓ€sdalen

Jonas Lejon

Elite
@jonaslejon

πŸ”’ Cyber Sec

malicious-pdf. πŸ’€ Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh

4.1k

tor-fingerprint. Tor Browser and Tails version fingerprint PoC

138

lolcrawler. Headless web crawler for bugbounty and penetration-testing/redteaming

40

Pentest-Tools.

12

awesome-pentest. A collection of awesome penetration testing resources, tools and other shiny things

9

ct-monitor. Certificate Transparency Log Monitor

8

dirs3arch. HTTP(S) directory/file brute forcer

6

api-hacker. Reads and Swagger/OpenAPI JSON file and routes the requests via Burp Suite

5

powershell-backdoor-generator. Reverse backdoor written in PowerShell and obfuscated with Python. It generates payloads for popular hacking devices like Flipper Zero and Hak5 USB Rubber Ducky, and changes its signature after every build for evasion.

4

ad-autopwn. AD AutoPwn v4.10.0 β€” automated AD attack chain, zero-auth to Domain Admin. Discover/Kerberoast/AS-REP/AD CS ESC1-16/Shadow Creds/RBCD+KCD/Ghost-SPN/TGS-rewrite/Dollar-Ticket/WPAD/WSUS/PXE/SCCM/BloodHound auto-action/Loot/DCSync/DPAPI + Synacktiv 2026 reflection (CVE-2025-58726/2026-24294/2026-26128). Authorized pentesting only.

4

apt10. APT / Cloud Hopper Yara rules

3

PyShell. Multiplatform Python WebShell

3

SecLists. SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

3

ssh-eol-checker. Nmap SSH Banner EOL Checker - Identifies Ubuntu and Debian versions from SSH banners and checks their EOL status

3

homebrew-cask. 🍻 A CLI workflow for the administration of macOS applications distributed as binaries

2

jonaslejon.

2

EmailChecker. Disposable email detection library for PHP

2

keepass-dump. CLI to dump a KeePass database

1

Kalkun. Open Source Web based SMS Management

1

awesome-wordpress. A curated list of amazingly awesome WordPress resources, themes, plugins and shiny things. Inspired by awesome-php.

1

pizero-usb-hid-keyboard. Fake a raspberry pi zero w to look like a keyboard to a Windows 10 PC

1

pcap-mitm-fuzz0r. Fuzz servers and clients using pcaps or mitm based approaches

1

subfinder. Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

1

lockc. Making containers more secure with eBPF and Linux Security Modules (LSM)

1

maltrail. Malicious traffic detection system

1

burp_log_parser. Python script to parse Burp Suite log files

1

openvpn-fingerprint. OpenVPN Fingerprinting Tool

1
27
Apply