lscript - The LAZY script will make your life easier, and of course faster.

•    Shell

I AM NOT RESPONSIBLE HOW YOU USE THIS TOOL.BE LEGAL AND NOT STUPID. This script will make your life easier, and of course faster.

payloads - Git All the Payloads! A collection of web attack payloads.

•    Shell

run ./get.sh to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.

mpc - MSFvenom Payload Creator (MSFPC)

•    Shell

A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework). MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

CHAOS - :fire: CHAOS allow generate payloads and control remote Windows systems.

•    Go

CHAOS allow generate payloads and control remote Windows systems. 📚 This project was created only for learning purpose.

AwesomeXSS - Awesome XSS stuff

•    Javascript

Awesome XSS stuff. Put this repo on watch. I will be updating it regularly. Yep, confirm because alert is too mainstream.

gith - simple node server that responds to github post-receive events with meaningful data

•    Javascript

In your node application, require gith and create a gith server. You can specify a port now, or you can use the .listen( portNumber ) method later. Pass an object of how you want to filter gith (if at all) and subscribe to an event.

Awesome-Security-Gists - A collection of various GitHub gists for hackers, pentesters and security researchers

A collection of various GitHub gists for hackers, pentesters and security researchers

HERCULES - HERCULES is a special payload generator that can bypass antivirus softwares.

•    Go

HERCULES is a customizable payload generator that can bypass antivirus software. WARNING: Don't change the location of the HERCULES folder.

xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

•    HTML

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.

backdoorppt - transform your payload.exe into one fake word doc (.ppt)

•    Shell

transform your payload.exe into one fake word doc (.ppt)

Amber - Reflective PE packer.

•    Assembly

amber is a reflective PE packer for bypassing security products and mitigations. It can pack regularly compiled PE files into reflective payloads that can load and execute itself like a shellcode. It enables stealthy in-memory payload deployment that can be used to bypass anti-virus, firewall, IDS, IPS products and application white-listing mitigations. If you want to learn more about the packing methodology used inside amber check out below. For more detail about usage, installation and how to decrease detection rate check out WIKI. Developed By Ege Balcı from INVICTUS/PRODAFT.

ezXSS - ezXSS is an easy way to test (blind) XSS

•    HTML

ezXSS is an easy way to test (blind) Cross Site Scripting. I'm currently busy with building ezXSS 3. The whole application will be re-coded.

Cloak - Cloak can backdoor any python script with some tricks.

•    Python

Cloak generates a python payload via msfvenom and then intelligently injects it into the python script you specify. To evade basic detection, Cloak breaks the payload into several parts and places it in different places in the code. If you want the victim to run your injected script as root, Cloak can handle that too. Cloak will be further upgraded in future to support a wide range of payloads, platforms and evasion techniques.

malware-jail - Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction

•    Javascript

malware-jail is written for Node's 'vm' sandbox. Currently implements WScript (Windows Scripting Host) context env/wscript.js, at least the part frequently used by malware. Internet browser context is partialy implemented env/browser.js. Runs on any operating system. Developed and tested on Linux, Node.js v6.6.0.

ts-helpers - Typescript helpers for compiling typescript while specifying `--noEmitHelpers` within your `tsconfig

•    TypeScript

Typescript helpers (TS <= 2.0) for compiling typescript while specifying --noEmitHelpers within your tsconfig.json.To mitigate this problem Typescript starting from version 1.8 allow us to specify noEmitHelpers: truewhich wont generate these helpers.

subtext - HTTP payload parser

•    Javascript

HTTP payload parser.subtext parses the request body and returns it in a promise.

nanotranslate - Translate with pluralization and variables in under 600b.

•    Javascript

Translate with pluralization and variables in under 600b.

github-push-receive - issue a `git push` in response to a github post-receive hook payload

•    Javascript

Issue a git push in response to a github post-receive hook payload.The github payloads received by this server will be forwarded to the git server running on http://localhost:8051. You can use whichever protocol you like here since github-push-receive just shells out to git.

tar-split - tar archive assembly/disassembly

•    Go

Pristinely disassembling a tar archive, and stashing needed raw bytes and offsets to reassemble a validating original archive. This demonstrates the tar-split integration for docker-1.8. Providing consistent tar archives for the image layer content.

flow-state - A library to easily apply a unidirectional dataflow in your apps with RxJS.

•    Javascript

Dead simple Redux and redux-observable library built with RxJS streams. This is an easy way to introduce a stream-based unidirectional dataflow into your app. In your components dispatch actions by passing the action constant and optionally an action payload. The payload can be any value.