breakthenet

HackMe-File-Upload-Challenges

Hack your friend's online MMORPG game - specific focus, php file upload scripts

CTF-XSS

XSS cookie stealing challenge - single button deploy, just set your custom CTF Flag in the setup process!

Awesome-Hacking

A collection of various awesome lists for hackers, pentesters and security researchers

botnets

This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

CTF-SQL-Injection-AuthCode

SQL Injection bypass auth code challenge - single button deploy, just set your custom CTF Flag in the setup process!

CTF-SQL-Injection-Login

SQL Injection login as admin challenge - single button deploy, just set your custom CTF Flag in the setup process!

CTF-Wordpress-Metasploit

hacking_slot_machines

Hacking slot machines.

trackerjacker

Like nmap for mapping wifi networks you're not connected to, plus device tracking

Bella

A pure python, post-exploitation, data mining tool and remote administration tool for macOS.

CTF-SQL-Truncation

SQL Truncation challenge - single button deploy, just set your custom CTF Flag in the setup process!

kalirouter

intercepting kali router

collisions

Hash collisions

CSS-Keylogging

Chrome extension and Express server that exploits keylogging abilities of CSS.

css3-side-channel-attack

https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/

cve

Gather and update all available and newest CVEs with their PoC.

dns2proxy

Offensive DNS server

dnsd

Dynamic authoritative name server

dref

DNS Rebinding Exploitation Framework

DVCS-Pillage

Pillage web accessible GIT, HG and BZR repositories

GPON

Exploit for Remote Code Execution on GPON home routers (CVE-2018-10562) written in Python. Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work.

jaqen

Jaqen - Simple DNS rebinding

lan-js

Probe LAN devices from a web browser.

Markdown-XSS-Payloads

XSS payloads for exploiting Markdown syntax

PoCs

A list of CVE's with Proof of Concepts

Python-dsstore

A library for parsing .DS_Store files and extracting file names

SecGen

Create randomly insecure VMs

UhOh365

A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.

vuejs-serverside-template-xss

Demo of a Vue.js app that mixes both clientside templates and serverside templates leading to an XSS vulnerability

wifi-cracking

Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat 🖧