Mark Gillanders's repositories
BloodHound.py
A Python based ingestor for BloodHound
cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
CVE-2022-26134
Atlassian Confluence (CVE-2022-26134) - Unauthenticated Remote code execution (RCE)
exploit-writing-for-oswe
Tips on how to write exploit scripts (faster!)
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
ldeep
In-depth ldap enumeration utility
Markdown-XSS-Payloads
XSS payloads for exploiting Markdown syntax
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
multi-juicer
Host and manage multiple Juice Shop instances for security trainings and Capture The Flags
offensivesecurity
Scripts for offensive security
oscp_exam-ai-tips
A Python script that scrapes Reddit for OSCP success stories and uses OpenAI to extract 4 key strategies from students who passed the exam.
OSCPleo
Knowledge for OSCP
PassTheCert
Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
penelope
Penelope Shell Handler
pentest-arsenal
A collection of tools that I use in CTF's or for assessments
pkgx
Run Anything
pwntools
CTF framework and exploit development library
pwst-resources
Resources for Students in the Practical Webapp Security and Testing course
pywhisker
Python version of the C# tool for "Shadow Credentials" attacks
RedTeaming_CheatSheet
Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
restler-fuzzer
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
s3-account-search
S3 Account Search
SharpHound
C# Data Collector for BloodHound
stratus-red-team
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
TJ-OPT
This repo contains my pentesting template that I have used in PWK and for current assessments. The template has been formatted to be used in Obsidian
Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
Whisker
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
xss-payload-list
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List