Drew's repositories
JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
WP-XSS-Admin-Funcs
JavaScript functions intended to be used as an XSS payload against a WordPress admin account.
Top-Port-Slicer
Python script to give you subsets of the nmap "top-ports". For example, I want the 10th to 100th most common TCP ports. Spits out a comma separated list you can copy into -p arg for nmap or masscan
XSS-Data-Exfil
Sample code for exfiltrating data through an XSS vulnerability. XSS Payload retrieves sensitive data in victim's browser, then breaks it into chunks. Sends those chunks out as image requests (data in image filename). Example commands and python script to put the original data back together.
postBasedXSS
Demo of various ways to exploit post based reflected XSS
checkHostsInScope
Bash script to take a list of domains/subdomains (e.g. from amass) and check if they're in scope based on a file of inscope IP addresses
shellcodeEncryptor
Python script to take any file and create a C header file with that binary data encoded as a char array. Optionally XOR encrypts the data. Helpful for creating custom loaders for shellcode.
proxy-helper-the-sequel
Port/rework of proxy-helper plugin for hak5 Pineapples
dragInputClickjacking
Demo of using draggable elements in a clickjacking PoC to "type" user inputs.
sonicWallBruteForce
Script to brute force logins to SonicWall
rickRollAddressBarPayload
XSS/JavaScript payload that runs the rick roll lyrics through in the browser address bar.
javaScriptDeployer
Example bash script and JavaScript to copy a JavaScript payload into all .js files, but have only one copy run, regardless of how many .js files are included in the rendered page.
javascriptFileEncoder
Encodes a file into JavaScript friendly hex data, useful for adding file uploads to session riding XSS payloads
Normalized-Compression-Distance-NCD-Zlib
Simple C++ header file with a class that uses the Zlib compression algorithm to calculate Normalized Compression Distance (NCD) values
plistsubstractor3
Python3 version of plistsubstractor
WP-XSS-Challenge-Deploy
Python script to help automate deployment of my XSS challenge infrastructure
Auto-Agent
Old school project, neural net autopilot for FlightGear flight sim.
base64PlistHunter
Script to extract base64 encoded Binary PLISTs from XML/PLIST files
certgraph
An open source intelligence tool to crawl the graph of certificate Alternate Names
Coding-Utilities-Cpp
Header files with useful C++ classes for 3-D math, compression, timing, etc. Great for vector math.
demoCodeCopier
Script to copy chunks of code to the clipboard in the background based on how far along you are in your demo
graftcp
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
Neural-Net-Game
Old school project, neural net game
pineapple-modules
The Official WiFi Pineapple Module Repository for the WiFi Pineapple Mark VII
pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
shadow-workers
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
WebShell
Webshell && Backdoor Collection