h0ng10

followers

following

stars

@mogwailabs GmbH

Germany

https://mogwailabs.de

Hans-Martin Münch's repositories

evilarc

Create tar/zip archives that can exploit directory traversal vulnerabilities

Language:Python4 10

Java-Deserialization-Cheat-Sheet

The cheat sheet about Java Deserialization vulnerabilities

3 20

el-injection-example-app

A simple example application to exercise EL injections

Language:JavaScript1 20

LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Language:XSLT1 20

pwnworks

Exploitation challenges for CTF

Language:ShellMIT1 20

stickerz

A flask messaging app that is vulnerable to XSS/CSRF

Language:HTML1 2 1

ysoserial

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Language:JavaMIT1 20

Ajax.NET-Professional

Ajax.NET Professional (AjaxPro) is one of the first AJAX frameworks available for Microsoft ASP.NET and is working with many .NET frameworks starting with v1.1. The framework will create proxy classes that are used on client-side JavaScript to invoke methods on the web server with full data type support working on all common web browsers including mobile devices.

Language:C#MIT000

awesome-frida

Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)

CC0-1.0020

awesome-log4shell

An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒

CC0-1.0000

canape

CANAPE Network Testing Tool

Language:PythonGPL-3.0020

CVE-2023-28432_docker

Test environments for CVE-2023-28432, information disclosure in MinIO clusters

010

dhtmlxganttservice

A minimal implementation of the REST service that is used by dhtmlxgantt. Based on Python/Flask

Language:JavaScriptGPL-2.0030

frida-ipa-dump

Yet another frida based iOS dumpdecrypted

Language:JavaScriptMIT010

git-ftp

Uses Git to upload only changed files to FTP servers.

Language:ShellGPL-3.0010

hibernate-orm

Hibernate's core Object/Relational Mapping functionality

Language:Java000

InfoSec-Black-Friday

All the deals for InfoSec related software/tools this Black Friday

000

jackson-rce-via-spel

An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions

Language:Java020

metasploit-framework

Metasploit Framework

Language:RubyNOASSERTION020

metasploit-payloads

Unified repository for different Metasploit Framework payloads

NOASSERTION000

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Language:PythonMIT000

rogue-jndi

A malicious LDAP server for JNDI injection attacks

Language:JavaMIT000

Shuffle

Shuffle: The automation platform for your security stack

Language:JavaScriptAGPL-3.0010

sigma

Generic Signature Format for SIEM Systems

Language:MakefileGPL-3.0020

sliver

Adversary Emulation Framework

Language:GoGPL-3.0000

tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Language:JavaApache-2.0000

TwelveMonkeys

TwelveMonkeys ImageIO: Additional plug-ins and extensions for Java's ImageIO

Language:JavaBSD-3-Clause000

typemonkey

Language:PowerShell010

update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus.

Language:ShellNOASSERTION010

VulHint

VulHint - Static code audit support for sublime text 3

Language:PythonMIT020