Mohammed Farhan's repositories
phishsticks
A framework for OAuth 2.0 device code authentication grant flow phishing
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
bash-dev-tcp
collection of scripts using /dev/tcp
CanIBeSpoofed
CanIBeSpoofed is a console project utilising functionality built for the https://caniphish.com/free-phishing-tools/email-spoofing-test website. This project facilitates scanning of domains to gain visibility over email supply chain and SPF/DMARC vulnerabilities.
CodeExecutionOnWindows
A list of ways to execute code on Windows using legitimate Windows tools
docker-sneaky-gophish
Docker for the latest gophish with stealth configuration from sneaky_gophish
Evilginx2-Phishlets
Evilginx2 Phishlets version (0.2.3) Only For Testing/Learning Purposes
evilgophish
evilginx2 + gophish
exploit
Exploits and advisories
GadgetToJScript
A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
GOAD
game of active directory
GoPhish-Templates
GoPhish Templates that I have retired and/or templates I've recreated.
iker
An ike-scan wrapper to simplify penetration testing IKE and encourage stronger IKE implementations.
Infosec_Reference
An Information Security Reference That Doesn't Suck
nmap-nse-modules
My collection of nmap nse modules
pacu
PACU - Phishing Automation & Campaigning Utility
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Penetration-Testing-Tools
A collection of more than a 140+ tools, scripts, cheatsheets and other loots that I've developed over years for Penetration Testing and IT Security audits purposes. Most of them came handy at least once during my real-world engagements.
Phishious
An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
public-pentesting-reports
Curated list of public penetration test reports released by several consulting firms and academic security groups
ScatterBrain
Suite of Shellcode Running Utilities
secrets-patterns-db
Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
SniperPhish
SniperPhish - The Web-Email Spear Phishing Toolkit
SpamFilterBypass
Neat spam filter bypass for multiple vendors
spf-bypass
This project demonstrates SPF-bypass techniques utilised by phishers to abuse domains that haven't been secured by DMARC.