Flaviu Popescu's repositories
CVE-2022-28601
A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor
christmas-tree
christmas tree bash script
awesome-web-security
🐶 A curated list of Web Security materials and resources.
AWSGoat
AWSGoat : A Damn Vulnerable AWS Infrastructure
AzureAttackKit
Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information
cariddi
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Certipy
Tool for Active Directory Certificate Services enumeration and abuse
cloudfox
Automating situational awareness for cloud penetration tests.
copy-as-go-request
Burp Suite extension to copy requests as Go
CVE-2021-40444
CVE-2021-40444 PoC
CVE-2022-28986
A Insecure direct object references (IDOR) vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor
FilelessRemotePE
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
hoaxshell
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
katana
A next-generation crawling and spidering framework.
L4sh
Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.
Learn365
The purpose of #Learn365 collection is to create informational content in multiple codecs and share with the community to allow knowledge advent and studying.
malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
ParamSpider
Mining parameters from dark corners of Web Archives
psudohash
Password list generator that focuses on keywords mutated by commonly used password creation patterns
public-pentesting-reports
A list of public penetration test reports published by several consulting firms and academic security groups.
RedTeam-Tactics-and-Techniques
Red Teaming Tactics and Techniques
reverse-ssh
Statically-linked ssh server with reverse shell functionality for CTFs and such
SourcePoint
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
Villain
Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
waymore
Find way more from the Wayback Machine!
weird_proxies
Reverse proxies cheatsheet
xnLinkFinder
A python tool used to discover endpoints (and potential parameters) for a given target