Amsterdam, NL

Francesco Soncina

Elite
@phra

OSCE // OSCP // Ethical Hacker & Red Teamer // Full Stack Developer // JavaScript Enthusiast // Staff Member of @BolognaJS // CTF player at @d0nkeys

PEzor. Open-Source Shellcode & PE Packer

2.1k

rustbuster. A Comprehensive Web Fuzzer and Content Discovery Tool

559

x0rro. A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2

139

crosser. A Reflected / Stored / DOM XSS Scanner based on Headless Chrome Node API via Puppeteer

40

nodebuster. DirBuster for Node.js

20

await-to-ts. http://blog.grossman.io/how-to-write-async-await-without-try-catch-blocks-in-javascript/

17

http-check. HTTP Header Analysis Vulnerability Tool

14

inspector-exploiter. Execute commands via Node.js debug port and inspector protocol

10

seh-exploits. Python

9

complex-ansible-example. Example of a complex Ansible deploy

8

zero-width-fingerprint-detection-extension. A browser extension to detect when zero-width characters are used to fingerprint cut/copied/pasted text.

7

evilginx2. Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

6

phra.github.io. SCSS

5

AggressorScripts. Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

5

PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework

5

bof-helper. Python Helper Utilities for SEH Overwrite Based Exploits

5

console-caller. Do you want to easily find out which line of your code is printing that thing? This is the right module for you!

5

Awesome-Asset-Discovery. List of Awesome Asset Discovery Resources

4

obfuscator. ollvm,base on llvm-clang 5.0.2, 6.0.1 , 7.0.1,8.0,9.0,9.0.1,swift-llvm-clang 5.0(waiting support swift obfuscator)

4

Wordpresscan. WPScan rewritten in Python + some WPSeku ideas

4

802_21. IEEE 802.21 experiment

4

gef. GEF - GDB Enhanced Features for exploit devs & reversers

3

graphql-apollo-react-chat. JavaScript

3

mingw-pe-resources-example. Based on https://bigcode.wordpress.com/2016/12/21/mingw-windows-icon-resource-example/

3

detection-rules. Rules for the Detection Engine in Elastic Security

3

SuperJumper. Java

3

Phantom-Evasion. Python AV evasion tool capable to generate FUD executable even with the most common 32 bit metasploit payload(exe/elf/dmg/apk)

3

radare2. UNIX-like reverse engineering framework and command-line toolset

3

Recon-AD. Recon-AD, an AD recon tool based on ADSI and reflective DLL’s

2

angular2-seed-advanced. An advanced Angular2 seed project with support for ngrx/store, ng2-translate, angulartics2, lodash, NativeScript (*native* mobile), Electron (Mac, Windows and Linux desktop) and more.

2

endlessh. SSH tarpit that slowly sends an endless banner

2

CS-BOFs. Collection of CobaltStrike beacon object files

2

key-fingerprint. Node.js library to easy calculate MD*, SHA*, etc fingerprint of a public/private key in HEX encoding.

2

loopback-angular2-boilerplate-OUTDATED. Example of webapp based on LoopBack, Gulp, JSPM, Angular2 & PostCSS

2

SharpMove. .NET Project for performing Authenticated Remote Execution

2

SharpRDP. Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

2

sha1collisiondetection.js. Makefile

2

ysoserial. A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

2

metasploit2020-five-of-hearts. Metasploit CTF 2020 - Five of Hearts Writeup - RISC-V Buffer Overflow with NX and Canary

2

truffleHog. Searches through git repositories for high entropy strings and secrets, digging deep into commit history

2

krackattacks-test-ap-ft. Python

2

SharpChromium. .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.

2

UACME. Defeating Windows User Account Control

2

IntruderPayloads. A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

2

mimikatz. A little tool to play with Windows security

2

Awesome-Profile-README-templates. A collection of awesome readme templates to display on your profile

2

phra.

2

graphql-faker. 🎲 Mock or extend your GraphQL API with faked data. No coding required.

1

nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.

1

base64-to-uint8array. Convert a base64 string to a Uint8Array in Node and the browser

1

odat. ODAT: Oracle Database Attacking Tool

1

pentest. :no_entry: offsec batteries included

1

SharpHound. The BloodHound C# Ingestor

1

Front-End-Checklist. 🗂 The perfect Front-End Checklist for modern websites and meticulous developers

1

awesome-security. A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

1
55
Apply