m0chan's repositories
m0chan.github.io
m0chan.github.io
Red-Teaming-Toolkit
A collection of open source and commercial tools that aid in red team operations.
Red-Team-Infrastructure-Wiki
Wiki to collect Red Team infrastructure hardening resources
log4j-scan
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
CVE-2021-44228-PoC-log4j-bypass-words
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches
Log4j2-CVE-2021-44228
Remote Code Injection In Log4j
BetterSafetyKatz
Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
log4shell-everywhere
A Burp Suite extension which augments your proxy traffic by injecting log4shell payloads into headers
macro_pack
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
TrustTrees
A Tool for DNS Delegation Trust Graphing
HelpColor
Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
TREVORspray
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!