babywyrm's repositories
PrivFu
Kernel mode WinDbg extension and PoCs for token privilege investigation.
NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
gohttpserver
The best HTTP Static File Server, write with golang+vue
bane
this is a python module that contains functions and classes which are used to test the security of web/network applications. it's coded on pure python and it's a very intelligent tool ! It can easily detect: XSS (reflected/stored), RCE (Remote Code/Command Execution), SSTI, SSRF, CORS Misconfigurations, File Upload, CSRF, Path Traversal... and more
PingRAT
PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.
SigmaPotato
SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.
firecracker-containerd
firecracker-containerd enables containerd to manage containers as Firecracker microVMs
isolated-vm
Secure & isolated JS environments for nodejs
cheatsheet-kubernetes-A4
:book: Kubernetes CheatSheets In A4
trufflehog
Find credentials all over the place
naabu
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Blue-Team-Notes
You didn't think I'd go and leave the blue team out, right?
vulnerable-node
A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
multi-account-security-assessment-via-prowler
This solutions facilitates rapid deployment of Prowler, full AWS Organization analysis, and finding processing as part of a security posture report.
crowdsec
CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
impacket
Impacket is a collection of Python classes for working with network protocols.
Awesome-Cybersecurity-Handbooks
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
CVE-2023-25690-POC
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.
WSPCoerce
PoC to coerce authentication from Windows hosts using MS-WSP
sysinternals
Content for sysinternals.com
Exegol
Fully featured and community-driven hacking environment
phpggc
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
cs-aws-waf-bouncer
Crowdsec bouncer for AWS WAF
SSRFmap
Automatic SSRF fuzzer and exploitation tool
deepce
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
jwt-hack
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
pyjson_tricks
Extra features for Python's JSON: comments, order, numpy, pandas, datetimes, and many more! Simple but customizable.
sbom-utility
Utility that provides an API platform for validating, querying and managing BOM data