lazyParam
A simple automation tool with the implementation of multi-threading to check for hidden parameters. This tool is still in testing phase and more implementations are soon to be made. note: Works with python3
Features:
▫️ Fuzz parameters for both GET and POST method
▫️ Multi-threaded (Default: 4)
▫️ Use intensive mode with characters bypassing techniques (beta)
▫️ Check for LFI, RCE and SSTI
https://github.com/aniqfakhrul/lazyParam
@pfk_0day
A simple automation tool with the implementation of multi-threading to check for hidden parameters. This tool is still in testing phase and more implementations are soon to be made. note: Works with python3
Features:
▫️ Fuzz parameters for both GET and POST method
▫️ Multi-threaded (Default: 4)
▫️ Use intensive mode with characters bypassing techniques (beta)
▫️ Check for LFI, RCE and SSTI
https://github.com/aniqfakhrul/lazyParam
@pfk_0day
GitHub
GitHub - aniqfakhrul/lazyParam: A simple automation tool to detect lfi, rce and ssti vulnerability
A simple automation tool to detect lfi, rce and ssti vulnerability - aniqfakhrul/lazyParam
❤2👎1
BYOB
BYOB is an open-source post-exploitation framework for students, researchers and developers. It includes features such as:
▫️ Command & control server with intuitive user-interface
▫️ Custom payload generator for multiple platforms
▫️ 12 post-exploitation modules
https://github.com/malwaredllc/byob
@pfk_0day
BYOB is an open-source post-exploitation framework for students, researchers and developers. It includes features such as:
▫️ Command & control server with intuitive user-interface
▫️ Custom payload generator for multiple platforms
▫️ 12 post-exploitation modules
https://github.com/malwaredllc/byob
@pfk_0day
GitHub
GitHub - malwaredllc/byob: An open-source post-exploitation framework for students, researchers and developers.
An open-source post-exploitation framework for students, researchers and developers. - malwaredllc/byob
👎1
sql injection
An online customer service system based on vue+node+socket+vant+mysql, front and back ends are separated, browser fingerprint is used as the unique id of visitors, built-in chatGPT intelligent reply, uses RSA to encrypt and decrypt data, prevents sql injection, xss, and can send pictures Emoticons, query history messages, leave messages, kick people, etc., more functions are waiting for subsequent updates. Simple and fast deployment, basically I have written notes every few lines, strong readability, currently there are not many functions, welcome for secondary development
https://github.com/Liuergouzi/-
#sqlinjection
@Pfk_0day
An online customer service system based on vue+node+socket+vant+mysql, front and back ends are separated, browser fingerprint is used as the unique id of visitors, built-in chatGPT intelligent reply, uses RSA to encrypt and decrypt data, prevents sql injection, xss, and can send pictures Emoticons, query history messages, leave messages, kick people, etc., more functions are waiting for subsequent updates. Simple and fast deployment, basically I have written notes every few lines, strong readability, currently there are not many functions, welcome for secondary development
https://github.com/Liuergouzi/-
#sqlinjection
@Pfk_0day
CVE-2022-39073
Proof of concept for the command injection vulnerability affecting the ZTE MF286R router, including an RCE exploit.
https://github.com/v0lp3/CVE-2022-39073
#cve #exploit
@Pfk_0Day
Proof of concept for the command injection vulnerability affecting the ZTE MF286R router, including an RCE exploit.
https://github.com/v0lp3/CVE-2022-39073
#cve #exploit
@Pfk_0Day
GitHub
GitHub - v0lp3/CVE-2022-39073: Proof of concept for the command injection vulnerability affecting the ZTE MF286R router, including…
Proof of concept for the command injection vulnerability affecting the ZTE MF286R router, including an RCE exploit. - v0lp3/CVE-2022-39073
REST-Attacker
Automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and report generation - with minimal configuration effort. Additionally, REST-Attacker is designed to be flexible and extensible with support for both large-scale testing and fine-grained analysis.
https://github.com/RUB-NDS/REST-Attacker
Automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and report generation - with minimal configuration effort. Additionally, REST-Attacker is designed to be flexible and extensible with support for both large-scale testing and fine-grained analysis.
https://github.com/RUB-NDS/REST-Attacker
GitHub
GitHub - RUB-NDS/REST-Attacker: REST-Attacker is designed as a proof-of-concept for the feasibility of testing generic real-world…
REST-Attacker is designed as a proof-of-concept for the feasibility of testing generic real-world REST implementations. Its goal is to provide a framework for REST security research. - RUB-NDS/REST...
👍1
Fuzztruction
Prototype of a fuzzer that does not directly mutate inputs but instead uses a so-called generator application to produce an input for our fuzzing target
https://github.com/fuzztruction/fuzztruction
Prototype of a fuzzer that does not directly mutate inputs but instead uses a so-called generator application to produce an input for our fuzzing target
https://github.com/fuzztruction/fuzztruction
GitHub
GitHub - fuzztruction/fuzztruction
Contribute to fuzztruction/fuzztruction development by creating an account on GitHub.
Conjur
CyberArk Conjur automatically secures secrets used by privileged users and machine identities
https://github.com/cyberark/conjur
CyberArk Conjur automatically secures secrets used by privileged users and machine identities
https://github.com/cyberark/conjur
GitHub
GitHub - cyberark/conjur: CyberArk Conjur automatically secures secrets used by privileged users and machine identities
CyberArk Conjur automatically secures secrets used by privileged users and machine identities - cyberark/conjur
Hunting-Queries-Detection-Rules
Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
GitHub
GitHub - Bert-JanP/Hunting-Queries-Detection-Rules: KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection…
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rul...
Gold Digger
Gold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.
https://github.com/ustayready/golddigger
Gold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.
https://github.com/ustayready/golddigger
GitHub
GitHub - ustayready/golddigger
Contribute to ustayready/golddigger development by creating an account on GitHub.
CreateRemoteThreadPlus
CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode.
https://github.com/lem0nSec/CreateRemoteThreadPlus
CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode.
https://github.com/lem0nSec/CreateRemoteThreadPlus
GitHub
GitHub - lem0nSec/CreateRemoteThreadPlus: CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function…
CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode. - lem0nSec/CreateRemoteThreadPlus
👍1
pdtm
ProjectDiscovery's Open Source Tool Manager
A simple and easy-to-use golang based tool for managing open source projects from ProjectDiscovery.
https://github.com/projectdiscovery/pdtm
ProjectDiscovery's Open Source Tool Manager
A simple and easy-to-use golang based tool for managing open source projects from ProjectDiscovery.
https://github.com/projectdiscovery/pdtm
GitHub
GitHub - projectdiscovery/pdtm: ProjectDiscovery's Open Source Tool Manager
ProjectDiscovery's Open Source Tool Manager. Contribute to projectdiscovery/pdtm development by creating an account on GitHub.
ADKAVEH — PowerShell tool for AD enumeration & attack simulation
ADKAVEH is a PowerShell noscript that allows security teams to perform enumeration and attack simulation in Active Directory environments. It includes modules for Kerberoasting, AS-REP Roasting, Password Spraying, and optional Windows Defender tamper tests
https://github.com/TryHackBox/ADKAVEH
ADKAVEH is a PowerShell noscript that allows security teams to perform enumeration and attack simulation in Active Directory environments. It includes modules for Kerberoasting, AS-REP Roasting, Password Spraying, and optional Windows Defender tamper tests
https://github.com/TryHackBox/ADKAVEH
GitHub
GitHub - TryHackBox/ADKAVEH: ADKAVEH - One PowerShell noscript for Active Directory discovery and safe attack simulation.
ADKAVEH - One PowerShell noscript for Active Directory discovery and safe attack simulation. - GitHub - TryHackBox/ADKAVEH: ADKAVEH - One PowerShell noscript for Active Directory discovery and safe ...
👍2
🎓 مرجع تخصصی آموزش تست نفوذ و رد تیم TryHackBox
📌 در اینجا، آموزش های خودمون رو همراه با سناریوها و تمرین های واقعی در اختیارتون قرار میدهیم.
📌 شما میتونید در کنار آموزش های تئوری و عملی محور ما، مستقیماً در محیط های کاری ازشون استفاده کنید.
📌 علاوه بر این، نکته های باگ بانتی و مطالب مرتبط دیگه هم همیشه در اختیارتون قرار میگیرد.
✍ از اولین پست های کانال ما شروع کنید به خوندن .
⚠️ پس این فرصت رو از دست ندید!
➖➖➖➖➖➖➖➖➖
🆔 @TryHackBox
📌 در اینجا، آموزش های خودمون رو همراه با سناریوها و تمرین های واقعی در اختیارتون قرار میدهیم.
📌 شما میتونید در کنار آموزش های تئوری و عملی محور ما، مستقیماً در محیط های کاری ازشون استفاده کنید.
📌 علاوه بر این، نکته های باگ بانتی و مطالب مرتبط دیگه هم همیشه در اختیارتون قرار میگیرد.
✍ از اولین پست های کانال ما شروع کنید به خوندن .
⚠️ پس این فرصت رو از دست ندید!
➖➖➖➖➖➖➖➖➖
🆔 @TryHackBox