Scans remote JavaScript files with Trufflehog + Semgrep to detect leaked secrets

This Tool To Test Machine Keys In View State

Wordlists for content discovery with special words in different languages

Create tar/zip archives that try to exploit zipslip vulnerability.

XSS and other tools

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.

smbclient-ng, a fast and user friendly way to interact with SMB shares.

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

A collection of tools that I use in CTF's or for assessments

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…

Do tedious things quickly, only asking the minimal arguments. Easily customizable with modules to make your own commands

Fixes Burp Suite's poor TLS stack. Bypass WAF, spoof any browser.

Unauthenticated Remote Code Execution – Bricks <= 1.9.6

A small collection of vulnerable code snippets

A plugin for Burp Suite Pro that uses the GraphQL schema to begin Active Scanning the entire endpoint.

Burp Suite Certified Practitioner Exam Study

Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)

Simple python script that helps you to detect SQL injection "Error based" by sending multiple requests with different payloads and check for 152 regex pattern for different databases.

Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8

Directory scans

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing