Documentation and scripts to properly enable Windows event logs.

shFlags is a port of the Google gflags library for Unix shell.

Prototype Pollution and useful Script Gadgets

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A tool for IDN homograph attacks and detection.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

Public Roadmap | huntr.dev

A test suite built with Mocha/Chai to test for behavioral differences between image libraries for the web

Forensics artefact collection tool for systems running Microsoft Windows

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Wordlists for Bug Bounty

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Bruteforce HTTP Authentication

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

A Tool for Domain Flyovers

XSS Fuzzer is a tool which generates XSS payloads based on user-defined vectors and fuzzing lists.

A Python3 based single-file subdomain enumerator

a "Proof of Concept or GTFO" mirror with an extensive index with also whole issues or individual articles as clean PDFs.

list of sql-injection and XSS strings

Scripts that are useful for me on pen tests

PHP Webshell with handy features

Writeups for HacktheBox 'boot2root' machines

hydra

A XSS Payload in a gif file