mgcfish's repositories
exploitation-course
Offensive Software Exploitation Course
JNDI-Injection-Exploit
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
AllVideoPocsFromHackerOne
This script grab public report from hacker one and make some folders with poc videos
bbscope
Scope gathering tool for HackerOne, Bugcrowd, and Intigriti!
pwn_jenkins
Notes about attacking Jenkins servers
Sparty-2.0
An MS Sharepoint and Frontpage Auditing Tool
certgraph
An open source intelligence tool to crawl the graph of certificate Alternate Names
AutoRecon-1
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
Cobalt-Strike-CheatSheet
Some notes and examples for cobalt strike's functionality
AzureMasterClass
Repo for the Azure Master Class
BetterSafetyKatz
Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
pentesting-cookbook
A set of recipes useful in fast-paced pentesting / red teaming scenarios
dooked
DNS and Target HTTP History Local Storage and Search
ote
Generate Email, Register for anything, Get the OTP/Link
jwt-hack
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
cobalt_strike_extension_kit
Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
Awesome-Bugbounty-Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Depix
Recovers passwords from pixelized screenshots
pantagrule
large hashcat rulesets generated from real-world compromised passwords
webscan
Browser-based network scanner & local-IP detection
wstunnel
Tunneling over websocket protocol - Static binary available
pwncat
Fancy reverse and bind shell handler
javaweb-sec
攻击Java Web应用-[Java Web安全]
all-the-package-names
🔤 A list of all the public package names on npm. Updated daily.