James Fell's starred repositories
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Awesome-Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
openvas-scanner
This repository contains the scanner component for Greenbone Community Edition.
kiterunner
Contextual Content Discovery Tool
nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
windows-syscalls
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
GraphQLmap
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
Android-InsecureBankv2
Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
DotNetToJScript
A tool to create a JScript file which loads a .NET v2 assembly from memory.
DarkLoadLibrary
LoadLibrary for offensive operations
Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
java-deserialization-exploits
A collection of curated Java Deserialization Exploits
process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
Generic-University
Vulnerable API
apkinfector
Advanced Android AV Evasion Tool Written In Python 3 that can Embed/Bind meterpreter APK to any Legitimate APK
Shellcoding
Shellcoding utilities
osmedeus-base
Build your own reconnaissance system with Osmedeus Next Generation
CACTUSTORCH
CACTUSTORCH: Payload Generation for Adversary Simulations
Crypto-Tricks
This repo is a collection of proof-of-concepts, examples, essays and experiments in cryptography, cryptanalysis, steganography and covert channels that I originally wrote in 2015.
Burp-Request-Signer
Burp extension to sign Payment Gateway API requests by calculating a variation of a HMAC-SHA512 and adding it to the request.