breakthenet's repositories
HackMe-File-Upload-Challenges
Hack your friend's online MMORPG game - specific focus, php file upload scripts
Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
CTF-SQL-Injection-AuthCode
SQL Injection bypass auth code challenge - single button deploy, just set your custom CTF Flag in the setup process!
CTF-SQL-Injection-Login
SQL Injection login as admin challenge - single button deploy, just set your custom CTF Flag in the setup process!
hacking_slot_machines
Hacking slot machines.
trackerjacker
Like nmap for mapping wifi networks you're not connected to, plus device tracking
CTF-SQL-Truncation
SQL Truncation challenge - single button deploy, just set your custom CTF Flag in the setup process!
kalirouter
intercepting kali router
collisions
Hash collisions
CSS-Keylogging
Chrome extension and Express server that exploits keylogging abilities of CSS.
css3-side-channel-attack
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
cve
Gather and update all available and newest CVEs with their PoC.
dns2proxy
Offensive DNS server
dnsd
Dynamic authoritative name server
dref
DNS Rebinding Exploitation Framework
DVCS-Pillage
Pillage web accessible GIT, HG and BZR repositories
GPON
Exploit for Remote Code Execution on GPON home routers (CVE-2018-10562) written in Python. Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work.
jaqen
Jaqen - Simple DNS rebinding
lan-js
Probe LAN devices from a web browser.
Markdown-XSS-Payloads
XSS payloads for exploiting Markdown syntax
PoCs
A list of CVE's with Proof of Concepts
Python-dsstore
A library for parsing .DS_Store files and extracting file names
SecGen
Create randomly insecure VMs
UhOh365
A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.
vuejs-serverside-template-xss
Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability
wifi-cracking
Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat đź–§