defarbs

defarbs.github.io

The official GitHub site for Farbs!

adconnectdump

Dump Azure AD Connect credentials for Azure AD and Active Directory

dompdf-exploit

Exploit for systems running dompdf 0.6.0 or lower. Tested on version 0.6.0 as well as all 0.6.0 beta versions.

A-Red-Teamer-diaries

Red_teaming/Pentesting notes and experiments for a real world engagements

Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Amass

In-depth DNS Enumeration and Network Mapping

SharpCollection

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

chomp-scan

A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.

Cobalt-Strike-CheatSheet

Some notes and examples for cobalt strike's functionality

code-snippets

Various code snippets

CrackMapExec

A swiss army knife for pentesting networks

dearg-thread-ipc-stealth

A novel technique to communicate between threads using the standard ETHREAD structure

domained

Multi Tool Subdomain Enumeration

GTFOBins.github.io

Curated list of Unix binaries that can be exploited to bypass system security restrictions

OSCP-Exam-Report-Template

Modified template for the OSCP Exam. Used it during my passing attempt

OSCPRepo

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' Keepnote. Reconscan in scripts folder.

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Platypus

:hammer: A modern multiple reverse shell sessions manager written in go

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

ROPgadget

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.

ropstar

Automatic exploit generation for simple linux pwn challenges.

sherlock

🔎 Find usernames across social networks

stego-toolkit

Collection of steganography tools - helps with CTF challenges

T.D.P

Using Thread Description To Hide Shellcode

THRecon

Threat Hunting Reconnaissance Toolkit

VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

vulnerable_xss

wdb

An improbable web debugger through WebSockets

windapsearch

Python script to enumerate users, groups and computers from a Windows domain through LDAP queries