Giters
Drew (hoodoer)

hoodoer

Geek Repo

161

followers

13

following

35

stars

Company:TrustedSec

Location:Near salt water

Home Page:https://www.trustedsec.com

Twitter:@hoodoer

Github PK Tool:Github PK Tool

Drew's repositories

JS-Tap

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.

Language:JavaScriptLicense:UnlicenseStargazers:255Issues:2Issues:3

WP-XSS-Admin-Funcs

JavaScript functions intended to be used as an XSS payload against a WordPress admin account.

Language:JavaScriptLicense:UnlicenseStargazers:50Issues:2Issues:0

ENNEoS

Evolutionary Neural Network Encoder of Shenanigans. Obfuscating shellcode with an encoder that uses genetic algorithms to evolve neural networks to contain and output the shellcode on demand.

Language:C++License:MITStargazers:23Issues:1Issues:1

Top-Port-Slicer

Python script to give you subsets of the nmap "top-ports". For example, I want the 10th to 100th most common TCP ports. Spits out a comma separated list you can copy into -p arg for nmap or masscan

Language:PythonLicense:UnlicenseStargazers:17Issues:1Issues:0

XSS-Data-Exfil

Sample code for exfiltrating data through an XSS vulnerability. XSS Payload retrieves sensitive data in victim's browser, then breaks it into chunks. Sends those chunks out as image requests (data in image filename). Example commands and python script to put the original data back together.

Language:JavaScriptLicense:UnlicenseStargazers:13Issues:1Issues:0

postBasedXSS

Demo of various ways to exploit post based reflected XSS

Language:PythonLicense:UnlicenseStargazers:12Issues:1Issues:0

endgame

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

Language:PythonLicense:MITStargazers:10Issues:0Issues:0

checkHostsInScope

Bash script to take a list of domains/subdomains (e.g. from amass) and check if they're in scope based on a file of inscope IP addresses

Language:ShellLicense:UnlicenseStargazers:8Issues:2Issues:0

shellcodeEncryptor

Python script to take any file and create a C header file with that binary data encoded as a char array. Optionally XOR encrypts the data. Helpful for creating custom loaders for shellcode.

Language:PythonLicense:UnlicenseStargazers:7Issues:1Issues:0

proxy-helper-the-sequel

Port/rework of proxy-helper plugin for hak5 Pineapples

Language:TypeScriptStargazers:6Issues:0Issues:0

dragInputClickjacking

Demo of using draggable elements in a clickjacking PoC to "type" user inputs.

Language:HTMLLicense:UnlicenseStargazers:4Issues:0Issues:0

sonicWallBruteForce

Script to brute force logins to SonicWall

Language:PythonLicense:UnlicenseStargazers:3Issues:1Issues:1

rickRollAddressBarPayload

XSS/JavaScript payload that runs the rick roll lyrics through in the browser address bar.

Language:JavaScriptLicense:UnlicenseStargazers:2Issues:0Issues:0

javaScriptDeployer

Example bash script and JavaScript to copy a JavaScript payload into all .js files, but have only one copy run, regardless of how many .js files are included in the rendered page.

Language:ShellLicense:UnlicenseStargazers:1Issues:1Issues:0

javascriptFileEncoder

Encodes a file into JavaScript friendly hex data, useful for adding file uploads to session riding XSS payloads

Language:PythonLicense:UnlicenseStargazers:1Issues:1Issues:0

Normalized-Compression-Distance-NCD-Zlib

Simple C++ header file with a class that uses the Zlib compression algorithm to calculate Normalized Compression Distance (NCD) values

Language:C++Stargazers:1Issues:0Issues:0

plistsubstractor3

Python3 version of plistsubstractor

Language:PythonLicense:BSD-2-ClauseStargazers:1Issues:2Issues:0

WP-XSS-Challenge-Deploy

Python script to help automate deployment of my XSS challenge infrastructure

Language:PythonLicense:UnlicenseStargazers:1Issues:1Issues:0

Auto-Agent

Old school project, neural net autopilot for FlightGear flight sim.

Language:C++Stargazers:0Issues:0Issues:0

base64PlistHunter

Script to extract base64 encoded Binary PLISTs from XML/PLIST files

Language:PythonLicense:UnlicenseStargazers:0Issues:0Issues:0

certgraph

An open source intelligence tool to crawl the graph of certificate Alternate Names

Language:GoLicense:GPL-2.0Stargazers:0Issues:0Issues:0

Coding-Utilities-Cpp

Header files with useful C++ classes for 3-D math, compression, timing, etc. Great for vector math.

Language:C++Stargazers:0Issues:0Issues:0

demoCodeCopier

Script to copy chunks of code to the clipboard in the background based on how far along you are in your demo

Language:PythonLicense:UnlicenseStargazers:0Issues:1Issues:0

graftcp

A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.

Language:CLicense:GPL-3.0Stargazers:0Issues:0Issues:0

Neural-Net-Game

Old school project, neural net game

Language:C++Stargazers:0Issues:0Issues:0

pineapple-modules

The Official WiFi Pineapple Module Repository for the WiFi Pineapple Mark VII

Language:TypeScriptStargazers:0Issues:0Issues:0

pupy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Language:PythonLicense:NOASSERTIONStargazers:0Issues:0Issues:0

shadow-workers

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

Language:JavaScriptLicense:MITStargazers:0Issues:0Issues:0

SleuthQL

Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.

Language:PythonLicense:BSD-3-Clause-ClearStargazers:0Issues:1Issues:0

WebShell

Webshell && Backdoor Collection

Language:PHPLicense:GPL-2.0Stargazers:0Issues:0Issues:0