0xTomTom

followers

following

stars

TomTom's starred repositories

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Language:PythonMIT60369 18330

ILSpy

.NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!

Language:C#21339 712 2403

twint

An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

Language:PythonMIT15745 328 1173

owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Language:PythonCC-BY-SA-4.011651 423 1095

Empire

Empire is a PowerShell and Python post-exploitation agent.

Language:PowerShellBSD-3-Clause7411 488 781

monkey

Infection Monkey - An open-source adversary emulation platform

Language:PythonGPL-3.06635 241 1522

PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

Language:RustMIT5840 52 287

GOAD

game of active directory

Language:PowerShellGPL-3.05118 78 187

Invoke-Obfuscation

PowerShell Obfuscator

Language:PowerShellApache-2.03696 138 53

bounty-targets-data

This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports

OffensiveNim

My experiments in weaponizing Nim (https://nim-lang.org/)

Language:NimBSD-2-Clause2816 69 29

no-defender

A slightly more fun way to disable windows defender + firewall. (through the WSC api)

GPL-3.01858 19 7

hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

Language:GoMIT1423 19 9

mortar

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

Language:PascalMIT1399 29 24

Corsy

CORS Misconfiguration Scanner

Language:PythonGPL-3.01346 31 22

TREVORspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

Language:PythonGPL-3.01026 17 28

evilarc

Create tar/zip archives that can exploit directory traversal vulnerabilities

Language:Python970 150

chainbreaker

Mac OS X Keychain Forensic Tool

Language:PythonGPL-2.0820 37 26

bbrf-client

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

Language:PythonMIT610 25 99

SME

sippts

Set of tools to audit SIP based VoIP Systems

Language:PythonGPL-3.0430 16 29

CVE-2021-3493

Ubuntu OverlayFS Local Privesc

Language:C405 4 1

Ninjasploit

A meterpreter extension for applying hooks to avoid windows defender memory scans

Language:C238 12 2

vulcan

a tool to make it easy and fast to test various forms of injection

Language:C++172 130

Nimplant

A cross-platform implant written in Nim

Language:NimBSD-3-Clause168 12 6

nl-kat-coordination

Repo nl-kat-coordination for minvws

Language:PythonEUPL-1.2123 23 1788

nl-covid19-notification-app-ios

Language:SwiftEUPL-1.2120 20 36

virtualseccons

An ongoing list of virtual cybersecurity conferences.

nl-covid19-notification-lab-ios

iOS app for experiments with GAEN and Bluetooth protocols

Language:SwiftEUPL-1.24 170