TheGetch's repositories
Burp-Suite-Pro-Scan-Profiles
Custom scan profiles for use with Burp Suite Pro
Penetration-Testing-Methodology
This repo contains my pentesting template that I have used in PWK and for current assessments. The template has been formatted to be used in Joplin
Burp-Suite-Certified-Practitioner-Prep
Materials used in preperation for the BSCP certification from PortSwigger
Application-Pentest-Methodology
Methodoloy for pentesting web applications.
Penetration-Testing-Resources
Random binaries and programs used during pentesting
Hack-Tools
The all-in-one Red Team extension for Web Pentester 🛠
Pentest-Mapper
A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities
RedTeaming_CheatSheet
Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
BlackNote
Ephemeral secret sharing webpage
Bug-bounty
Ressources for bug bounty hunting
cobalt-arsenal
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
CVE-2022-23378
Authenticated reflected XSS in TastyIgniter version v3.2.2.
CVE-2022-29597
The RRS v500 application is vulnerable to a Local File Inclusion (LFI) vulnerability.
CVE-2022-29598
The RRS v500 application is vulnerable to a reflected Cross-Site Scripting (XSS) vulnerability.
endgame
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
MAAS
Malware As A Service
Malleable-CS-Profiles
A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
sgn
Shikata ga nai (仕方がない) encoder ported into go with several improvements
ThreadlessInject
Threadless Process Injection using remote function hooking.