badbiddy's repositories
keyhacks
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
evilarc
Create tar/zip archives that can exploit directory traversal vulnerabilities
DarthSidious
Building an Active Directory domain and hacking it
AndroBugs_Framework
AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.
RedTeamPowershellScripts
Various PowerShell scripts that may be useful during red team exercise
CarbonCopy
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
PowerHub
A web application to transfer PowerShell modules, executables, snippets and files while bypassing AV and application whitelisting
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
AnsiblePlaybooks
A collection of Ansible Playbooks that configure Kali to use Fish & install a number of tools
the-book-of-secret-knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
ptf
The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
ghidra
Ghidra is a software reverse engineering (SRE) framework
discover
For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
app-sec-wiki
Files for appsecwiki.com
hate_crack
A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
big-list-of-naughty-strings
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
pipal
Pipal, THE password analyser
sparta
Network Infrastructure Penetration Testing Tool
pwndb
Search for leaked credentials
autopwn
Specify targets and run sets of tools against them
Red-Teaming-Toolkit
A collection of open source and commercial tools that aid in red team operations.
PrivExchange
Exchange your privileges for Domain Admin privs by abusing Exchange
awesome-exploit-development
A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
lightdmp
Dumps the currently logged on users' password from lightdm --session-child process memory.
ldapdomaindump
Active Directory information dumper via LDAP
payloads
Git All the Payloads! A collection of web attack payloads.