::1

stark0de

Advanced
@stark0de

Infosec addict, aspirant red teamer and not so super-l33t

nginxpwner. Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.

1.6k

ocr-recon. This tool is useful to find a particular string in a list of URLs using tesseract's OCR (Optical Character Recognition) capabilities

31

regsave. This tool is useful in case you want to evade the detection based on simple rules when trying to dump the SAM, SYSTEM or SECURITY hives using the typical reg.exe save command.

10

zip-symlink-payload-creator. This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

8

pe-tools. This repository contains various tools useful for offensive operations (reversing, etc) regarding the PE (Portable Executable) format

6

ippsec-cli. This a simple tool to query the awesome ippsec.rocks website from your terminal

6

internalipcheck. Python

4

tokenpriv. A simple script to check the privileges included in your access token

3

ciphercheck. This tool checks if a specific TLS ciphersuite is able to bypass a WAF

3

taller-bugbounty-honeysec. Python

3

logcat-strings. Simple tool to look in real time for possible information leaks in an Android app's logs

2

emailissuescheck. Simple tool to check for SPF, DMARC and DKIM issues in a list of domains

2

azure-finder. Simple script to find all Azure-based assets given a domain list

2

msrpcbruteforce. Simple tool to perform bruteforce and dictionary attacks to MS-RPC services

1

endpointpdfextractor. Simple file to create wordlists out of PDF documents (for example of PDFs of some product's docs)

1
15
Apply