OSCE // OSCP // Ethical Hacker & Red Teamer // Full Stack Developer // JavaScript Enthusiast // Staff Member of @BolognaJS // CTF player at @d0nkeys
PEzor. Open-Source Shellcode & PE Packer
2.1krustbuster. A Comprehensive Web Fuzzer and Content Discovery Tool
559x0rro. A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2
139crosser. A Reflected / Stored / DOM XSS Scanner based on Headless Chrome Node API via Puppeteer
40nodebuster. DirBuster for Node.js
20await-to-ts. http://blog.grossman.io/how-to-write-async-await-without-try-catch-blocks-in-javascript/
17http-check. HTTP Header Analysis Vulnerability Tool
14inspector-exploiter. Execute commands via Node.js debug port and inspector protocol
10seh-exploits. Python
9complex-ansible-example. Example of a complex Ansible deploy
8zero-width-fingerprint-detection-extension. A browser extension to detect when zero-width characters are used to fingerprint cut/copied/pasted text.
7evilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
6phra.github.io. SCSS
5AggressorScripts. Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
5PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework
5bof-helper. Python Helper Utilities for SEH Overwrite Based Exploits
5console-caller. Do you want to easily find out which line of your code is printing that thing? This is the right module for you!
5Awesome-Asset-Discovery. List of Awesome Asset Discovery Resources
4obfuscator. ollvm,base on llvm-clang 5.0.2, 6.0.1 , 7.0.1,8.0,9.0,9.0.1,swift-llvm-clang 5.0(waiting support swift obfuscator)
4Wordpresscan. WPScan rewritten in Python + some WPSeku ideas
4802_21. IEEE 802.21 experiment
4gef. GEF - GDB Enhanced Features for exploit devs & reversers
3graphql-apollo-react-chat. JavaScript
3mingw-pe-resources-example. Based on https://bigcode.wordpress.com/2016/12/21/mingw-windows-icon-resource-example/
3detection-rules. Rules for the Detection Engine in Elastic Security
3SuperJumper. Java
3Phantom-Evasion. Python AV evasion tool capable to generate FUD executable even with the most common 32 bit metasploit payload(exe/elf/dmg/apk)
3radare2. UNIX-like reverse engineering framework and command-line toolset
3Recon-AD. Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
2angular2-seed-advanced. An advanced Angular2 seed project with support for ngrx/store, ng2-translate, angulartics2, lodash, NativeScript (*native* mobile), Electron (Mac, Windows and Linux desktop) and more.
2endlessh. SSH tarpit that slowly sends an endless banner
2CS-BOFs. Collection of CobaltStrike beacon object files
2key-fingerprint. Node.js library to easy calculate MD*, SHA*, etc fingerprint of a public/private key in HEX encoding.
2loopback-angular2-boilerplate-OUTDATED. Example of webapp based on LoopBack, Gulp, JSPM, Angular2 & PostCSS
2SharpMove. .NET Project for performing Authenticated Remote Execution
2SharpRDP. Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
2sha1collisiondetection.js. Makefile
2ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
2metasploit2020-five-of-hearts. Metasploit CTF 2020 - Five of Hearts Writeup - RISC-V Buffer Overflow with NX and Canary
2truffleHog. Searches through git repositories for high entropy strings and secrets, digging deep into commit history
2krackattacks-test-ap-ft. Python
2SharpChromium. .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.
2UACME. Defeating Windows User Account Control
2IntruderPayloads. A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
2mimikatz. A little tool to play with Windows security
2Awesome-Profile-README-templates. A collection of awesome readme templates to display on your profile
2phra.
2graphql-faker. 🎲 Mock or extend your GraphQL API with faked data. No coding required.
1nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
1base64-to-uint8array. Convert a base64 string to a Uint8Array in Node and the browser
1odat. ODAT: Oracle Database Attacking Tool
1pentest. :no_entry: offsec batteries included
1SharpHound. The BloodHound C# Ingestor
1Front-End-Checklist. 🗂 The perfect Front-End Checklist for modern websites and meticulous developers
1awesome-security. A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
1