Displaying 1 to 18 from 18 results

h4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more

  •    Java

This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

sAINT - :eye: (s)AINT is a Spyware Generator for Windows systems written in Java.

  •    Java

(s)AINT is a Spyware Generator for Windows systems written in Java. 💻 This project was created only for good purposes and personal use.

dns-rebind-toolkit - A front-end JavaScript toolkit for creating DNS rebinding attacks.

  •    Javascript

DISCLAIMER: This software is for educational purposes only. This software should not be used for illegal activity. The author is not responsible for its use. Don't be a dick. DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN). It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, "smart" thermostats, and other IoT devices. With this toolkit, a remote attacker can bypass a router's firewall and directly interact with devices on the victim's home network, exfiltrating private information and in some cases, even controlling the vulnerable devices themselves.

whonow - A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind

  •    Javascript

A malicious DNS server for executing DNS Rebinding attacks on the fly. whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves. What's great about dynamic DNS Rebinding rules is that you don't have to spin up your own malicious DNS server to start exploiting the browser's Same-origin policy. Instead, everyone can share the same public whonow server running on port 53 of rebind.network.




dojos - This is where the Novoda team do all their hacking

  •    Java

Find the module of the dojo you want to attempt. This will be a module under the root dir. Inside you will either find the default directory or a specific language directory. If you only find the default directory, follow these instructions. Once the folder structure has been updated properly you can continue, make a copy of the default project of whichever language you want to run the kata with.

evilredis - Script for doing evil stuff to Redis servers (for educational purposes only).

  •    Javascript

Script for doing evil stuff to Redis servers (for educational purposes only).

droid_controller - Control the parameters of an Android system with the power of Xposed framework

  •    Java

Control the parameters of an Android system with the power of Xposed framework. 通过Xposed框架控制Android参数。

xss-keylogger - A keystroke logger to exploit XSS vulnerabilities in a site - for my personal Educational purposes only

  •    Javascript

A simple keystroke logger that listens and sends all keystrokes for a user on a Cross-site scripting (XSS) vulnerable page to a remote dashboard page via websockets. The XSS Keylogger project is based on a client side script which is to be embedded in a a vulnerable page that listens to keystrokes on a page, and broadcasts it to an actively running Node server.


Umbrella_android - Digital and Physical Security Advice App

  •    Java

Umbrella is an Android mobile app developed by Security First that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email; securely access the internet; plan secure travel; protect their office/home; conduct counter-surveillance; or deal with kidnapping, arrest or evacuation. Once a situation is chosen, the app outlines what to do and what tools to use given your circumstances. This is followed by a simple checklist of recommended actions that can be customised, saved and shared securely. Umbrella’s dashboard also provides users with an up-to-the-minute account of potential risks in their chosen location. Umbrella is designed for everyone (people looking to increase their security, folks living in high risk areas, regular travellers, business people, techies, journalists, NGO staff, aid workers, human rights defenders, social workers, environmental activists etc).

clojure-hacking-day

  •    Clojure

The list above is inspired by an article “Why Racket? Why Lisp?”. We are going to build a chat web application in ClojureScript using Rum library.

Jenkins-PreAuth-RCE-PoC - :smiling_imp: Jenkins RCE PoC

  •    Java

:smiling_imp: Jenkins RCE PoC. From unauthenticated user to remote code execution - it's a hacker's dream! (Chaining CVE-2019-1003000, CVE-2018-1999002, and more)

research - Hello and welcome to my GitHub account

  •    Javascript

Hello and welcome to my GitHub account. If you'd like to know more about me, this is likely the best place to start

dref - DNS Rebinding Exploitation Framework

  •    Javascript

Head over to the Wiki to get started or check out dref attacking headless browsers for a practical use case.

netmap.js - Fast browser-based network discovery module

  •    Javascript

netmap.js provides browser-based host discovery and port scanning capabilities to allow you to map website visitors' networks. It's quite fast, making use of es6-promise-pool to efficiently run the maximum number of concurrent connections browsers will allow.

CTF-writeups-public - Writeups for infosec Capture the Flag events by team Galaxians

  •    Java

I like to participate in Capture The Flag events; computer security/hacking competitions which generally consist of participants breaking, investigating, reverse engineering and doing anything they can think of to reach the end goal; the flag, which is usually a specific string of text. For a list of upcoming events and more writeups, see CTFtime.

MongoDB-HoneyProxy - A honeypot proxy for mongodb

  •    Javascript

A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.