I AM NOT RESPONSIBLE HOW YOU USE THIS TOOL.BE LEGAL AND NOT STUPID. This script will make your life easier, and of course faster.
kali-scripts kali-linux shell-script payload-generator payload wifi-testing penetration-testing pentesting pentest-tool wifi-password wpa2-handshake wpa-cracker pixie-dust metasploit-framework eternalblue-doublepulsar-metasploit wifiphisher antivirus-evasion bypass-av bypass-antivirus sqlinjectionrun ./get.sh to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.
payload payloads xss sqli web-attack-payloads passwordsStitch is for education/research purposes only. The author takes NO responsibility and/or liability for how you choose to use any of the tools/source code/any files provided. The author and anyone affiliated with will not be liable for any losses and/or damages in connection with use of ANY files provided with Stitch. By using Stitch or any files included, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again Stitch and ALL files included are for EDUCATION and/or RESEARCH purposes ONLY. Stitch is ONLY intended to be used on your own pentesting labs, or with explicit consent from the owner of the property being tested. This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of system info when the system boots, and option to start keylogger on boot. Payloads created can only run on the OS that they were created on.
reverse-shell cross-platform nsis rat mac-osx keylogger payload"JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The test suite utilizes examples defined in RFC7520 to confirm its JOSE implementation is correct.
verify jwt node browser jose validate jsonwebtoken sign jwk jwe jws jwa encrypt decrypt jwks deno cloudflare-workers cloudflare compact decode detached ec ecdsa eddsa electron embedded flattened general isomorphic json-web-token oct okp payload pem pkcs8 rsa secp256k1 signature spki universal webcrypto workers x509A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework). MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.
msfvenom msfvenom-payload mpc msfpc payload payload-generator payload-generation metasploit-framework metasploit kali kali-linuxCHAOS allow generate payloads and control remote Windows systems. 📚 This project was created only for learning purpose.
payload remote-control malware hacking-tool hacking chaosAwesome XSS stuff. Put this repo on watch. I will be updating it regularly. Yep, confirm because alert is too mainstream.
xss payload xss-payloads payload-list xss-detection xss-cheatsheetIn your node application, require gith and create a gith server. You can specify a port now, or you can use the .listen( portNumber ) method later. Pass an object of how you want to filter gith (if at all) and subscribe to an event.
github payload git-hook post-receiveA collection of various GitHub gists for hackers, pentesters and security researchers
security-gists payload infosec pentest xxe-payloads petya privacyHERCULES is a customizable payload generator that can bypass antivirus software. WARNING: Don't change the location of the HERCULES folder.
hercules bypass-antivirus payload reverse-shell malware meterpreter hackingCross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.
xss xss-payloads xss-vulnerability xss-exploitation xss-detection xss-attacks xss-scanner xss-injection xss-poc xss-scanners website-vulnerability cross-site-scripting reflected-xss-vulnerabilities dom-based self-xss websecurity payloads xss-payload payload bugbountytransform your payload.exe into one fake word doc (.ppt)
office-word-doc spoof-extensions fake-doc-builder payload rtloamber is a reflective PE packer for bypassing security products and mitigations. It can pack regularly compiled PE files into reflective payloads that can load and execute itself like a shellcode. It enables stealthy in-memory payload deployment that can be used to bypass anti-virus, firewall, IDS, IPS products and application white-listing mitigations. If you want to learn more about the packing methodology used inside amber check out below. For more detail about usage, installation and how to decrease detection rate check out WIKI. Developed By Ege Balcı from INVICTUS/PRODAFT.
packer pe crypter stub shellcode shellcode-loader payload malware-research paperezXSS is an easy way to test (blind) Cross Site Scripting. I'm currently busy with building ezXSS 3. The whole application will be re-coded.
payload xss blind screenshot test xss-vulnerability xss-exploitation xss-detection xss-attacks xss-injection xss-scanner blind-xss easy-to-use easyCloak generates a python payload via msfvenom and then intelligently injects it into the python script you specify. To evade basic detection, Cloak breaks the payload into several parts and places it in different places in the code. If you want the victim to run your injected script as root, Cloak can handle that too. Cloak will be further upgraded in future to support a wide range of payloads, platforms and evasion techniques.
backdoor evasion msfvenom payload exploit payload-generatormalware-jail is written for Node's 'vm' sandbox. Currently implements WScript (Windows Scripting Host) context env/wscript.js, at least the part frequently used by malware. Internet browser context is partialy implemented env/browser.js. Runs on any operating system. Developed and tested on Linux, Node.js v6.6.0.
malware-samples wscript deobfuscation angler malware-jail payload-extraction analysis payload malware-analysis malware-research malware-analyzer node malware jail sandboxTypescript helpers (TS <= 2.0) for compiling typescript while specifying --noEmitHelpers within your tsconfig.json.To mitigate this problem Typescript starting from version 1.8 allow us to specify noEmitHelpers: truewhich wont generate these helpers.
typescript emit-helpers payloadIssue a git push in response to a github post-receive hook payload.The github payloads received by this server will be forwarded to the git server running on http://localhost:8051. You can use whichever protocol you like here since github-push-receive just shells out to git.
git http payload github push receive
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.