TartarusLabs

James Fell's starred repositories

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Language:PythonMIT57813 18070

CyberChef

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

Language:JavaScriptApache-2.026851 383 937

A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

CC0-1.05162 223 9

Veil

Veil 3.1.X (Check version info in Veil at runtime)

Language:PythonGPL-3.03915 175 410

Cobra

Source Code Security Audit (源代码安全审计)

Language:PythonMIT3121 156 980

phpggc

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

Language:PHPApache-2.03098 63 58

openvas-scanner

This repository contains the scanner component for Greenbone Community Edition.

Language:CGPL-2.02996 87 152

ScareCrow

ScareCrow - Payload creation framework designed around EDR bypass.

Language:GoMIT2682 77 68

kiterunner

Contextual Content Discovery Tool

Language:GoAGPL-3.02492 40 48

gospider

Gospider - Fast web spider written in Go

Language:GoMIT2419 49 60

nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

Language:CSSGPL-3.02354 58 87

windows-syscalls

Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)

Language:HTML2033 78 5

GraphQLmap

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

Language:PythonMIT1321 21 27

Android-InsecureBankv2

Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities

Language:JavaMIT1211 520

DotNetToJScript

A tool to create a JScript file which loads a .NET v2 assembly from memory.

Language:C#GPL-3.01191 46 13

DarkLoadLibrary

LoadLibrary for offensive operations

Language:C1019 25 8

Cronos-Rootkit

Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.

Language:C++MIT816 24 13

gym-malware

Language:PythonMIT608 50 11

java-deserialization-exploits

A collection of curated Java Deserialization Exploits

Language:Python589 43 5

process_doppelganging

My implementation of enSilo's Process Doppelganging (PE injection technique)

Language:C565 19 3

afl-cov

Produce code coverage results with gcov from afl-fuzz test cases

Language:PythonGPL-2.0461 24 46

Generic-University

Vulnerable API

Language:PHP375 17 15

apkinfector

Advanced Android AV Evasion Tool Written In Python 3 that can Embed/Bind meterpreter APK to any Legitimate APK

Language:Python275 15 11

Shellcoding

Shellcoding utilities

Language:C215 130

osmedeus-base

Build your own reconnaissance system with Osmedeus Next Generation

Language:ShellMIT172 10 11

CACTUSTORCH

CACTUSTORCH: Payload Generation for Adversary Simulations

Language:Visual Basic75 50

Coyote

Coyote is a standalone C# post-exploitation implant for maintaining access to compromised Windows infrastructure during red team engagements using DNS tunneling.

Language:C#GPL-3.019 10

Expeditus

Expeditus is a loader that executes shellcode on a target Windows system. It combines several offensive techniques in order to attempt to do this with some level of stealth.

Language:C#GPL-3.011 1 1

Crypto-Tricks

This repo is a collection of proof-of-concepts, examples, essays and experiments in cryptography, cryptanalysis, steganography and covert channels that I originally wrote in 2015.

Language:PythonGPL-3.06 10

Burp-Request-Signer

Burp extension to sign Payment Gateway API requests by calculating a variation of a HMAC-SHA512 and adding it to the request.

Language:PythonGPL-3.04 10