ustayready

Elite
@ustayready

divergent thinker/breaker and researcher of stuff

fireprox. AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

2.3k

CredSniper. CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.

1.4k

CredKing. Password spraying using AWS Lambda for IP rotation

666

SharpHose. Asynchronous Password Spraying Tool in C# for Windows Environments

318

python-pentesting. Just a repo of random Python scripts to get pentesters started with the Python language on engagements.

218

golddigger. Python

197

cloudgpt. Vulnerability scanner for AWS customer managed policies using ChatGPT

166

CasperStager. PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.

152

wnfexec. WNF Code Execution Library Using C#

110

ShredHound. Small utility to chunk up a large BloodHound JSON file into smaller files for importing.

97

DirectAI. ChatGPT queries via OpenAI API in your terminal

61

tradecraft. Red Teaming Tradecraft

47

CloudBurst. CloudBurst is a red team framework for interacting with cloud providers to capture, compromise, and exfil data.

37

roguerdp.

32

outpost. AWS Testing and Reporting Management Tool

20

android-app-recovery. Scripts to parse large Android binary images and extracts deleted data from apps

15

redteam-plan. Issues to consider when planning a red team exercise.

14

mavd. Mobile Application Vulnerability Detection

12

physical-analyzer-scripts. Cellebrite Physical Analyzer python scripts to aid analysts with extended functionality

9

Awesome-Cellular-Hacking. Awesome-Cellular-Hacking

7

googlerecon. Google Recon for Pentesting

6

PCredz. This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

6

KingOfBugBountyTips. Go

6

hacktricks. Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

6

Privilege-Escalation. This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

5

cuddlephish. Weaponized Browser-in-the-Middle (BitM) for Penetration Testers

5

pynse. NSE to launch Python Scripts

5

ai-notes. notes for my AI studies, writing, and product brainstorming

4

CredMaster. Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling

4

Nemesis. An offensive data enrichment pipeline

4

injection. Windows process injection methods

4

awesome-canbus. :articulated_lorry: Awesome CAN bus tools, hardware and resources for Cyber Security Researchers, Reverse Engineers, and Automotive Electronics Enthusiasts.

4

XSStrike. Most advanced XSS detection suite.

4

truffleHog. Searches through git repositories for high entropy strings and secrets, digging deep into commit history

4

XtoTwitter. JavaScript

3

awesome-flipperzero. 🐬 A collection of awesome resources for the Flipper Zero device.

3

ConditionalAccessDocumentation. Azure AD Conditional Access Documentation with PowerShell

3

HijackLibs. Project for tracking publicly disclosed DLL Hijacking opportunities.

3

CVE-2020-1472. PoC for Zerologon - all research credits go to Tom Tervoort of Secura

3

qrwifi. QRCode Wifi Generator

3

AllAboutBugBounty. All about bug bounty (bypasses, payloads, and etc)

3

forensicpy. Library for performing mobile device decoding for nibbles and 7-bit decoding

3

oauthseeker. A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office365 users.

3

pyslite. Script for performing SQLite database to Excel workbook conversions

3

r0ak. r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems

3

MiscTools. Miscellaneous Tools

3

wig. WebApp Information Gatherer

3

PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF

3

MoveEdr. Permanently disable EDRs as local admin

3

PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework

2

DriverJack. Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths

2

sandbox-attacksurface-analysis-tools. Set of tools to analyze and attack Windows sandboxes.

2

digraph. A digraph plotter for sequential byte visualization

2

MacMalware. macOS Malware Collection

2

hackaday-u. Course materials for hackaday.io Ghidra training

2

tun2socks. tun2socks - powered by gVisor TCP/IP stack

2

puppeteer. Headless Chrome Node API

2

RedTeamCCode. Red Team C code repo

2

BamboozlEDR. A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.

1
59
Apply