Remake of CVE-2020-9484 by Pentestical

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

real time face swap and one-click video deepfake with only a single image

a signal handler race condition in OpenSSH's server (sshd)

A simple go Proof of Concept to start a new shell as TrustedInstaller

Run a program as TrustedInstaller (SYSTEM)

Blazing fast, advanced Padding Oracle exploit

A couple of different scripts, made to automate attacks against NoSQL databases.

ASIC and FPGA miner in c for bitcoin

Autofill Phishing

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

Analyze your tryhackme progress!

nodejsscan is a static security code scanner for Node.js applications.

Bookmarklet to find endpoints easily with one click

Official DeepSound repository migrated from jpinsoft.net. DeepSound is a freeware steganography tool and audio converter that hides secret data into audio files. The application also enables you to…

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

A PoC exploit for CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution (RCE)

The FindMy Flipper app turns your FlipperZero into an AirTag or other tracking device, compatible with Apple AirTags and Samsung SmartTag and Tile Trackers. It uses the BLE beacon to broadcast, all…

A simple and stealthy reverse shell written in Nim that bypasses Windows Defender detection. This tool allows you to establish a reverse shell connection with a target system. Use responsibly for e…

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

🤖🏴‍☠️ radare2 plugin for GPT-4 🦜. Solve crackmes automatically 🪄

CVE-2024-21413 PoC for THM Lab

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

LLaMA: Open and Efficient Foundation Language Models

Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)

Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!

Python version of the C# tool for "Shadow Credentials" attacks

Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.