dieberge Goto Github PK

230-oob

An Out-of-Band XXE server for retrieving file contents over FTP.

active-directory-exploitation-cheat-sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

amass

In-depth Attack Surface Mapping and Asset Discovery

autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

awesome-cybersec-resources

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

awesome-pentest

A collection of awesome penetration testing resources, tools and other shiny things

awesome-red-teaming

List of Awesome Red Teaming Resources

backslash-powered-scanner

Finds unknown classes of injection vulnerabilities

bugbounty-cheatsheet

A list of interesting payloads, tips and tricks for bug bounty hunters.

bypass-clm

PowerShell Constrained Language Mode Bypass

checkplease

Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.

chisel

A fast TCP/UDP tunnel over HTTP

cloakify

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

collaborator-everywhere

A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator

commix

Automated All-in-One OS Command Injection Exploitation Tool.

creds

Some usefull Scripts and Executables for Pentest & Forensics

crtp-cheatsheet

Cheatsheet for the commands learned in Attack and Defense Active Directory Lab

ctf-katana

This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.

dalfox

🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility

dnscan

docem

Uility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids)

domdig

DOM XSS scanner for Single Page Applications

dotdotpwn

DotDotPwn - The Directory Traversal Fuzzer

dotnettojscript

A tool to create a JScript file which loads a .NET v2 assembly from memory.

dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

evasion

AV EVASION TECHNIQUES

evil-winrm

The ultimate WinRM shell for hacking/pentesting

fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.

hackbrowserdata

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.