mmg1's repositories
NetblockTool
Find netblocks owned by a company
ADCSPwn
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
Bug-bounty
Ressources for bug bounty hunting
client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
cspp-tools
Client-Side Prototype Pollution Tools
Dell-Driver-EoP-CVE-2021-21551
Dell Driver EoP (CVE-2021-21551)
grype
A vulnerability scanner for container images and filesystems
jspanda
client-side prototype pullution vulnerability scanner
kubestriker
A Blazing fast Security Auditing tool for Kubernetes
MeterPwrShell
Automated Tool That Generate The Perfect Powershell Payload
Mitigating-Obsolete-TLS
Guidance for mitigating obsolete Transport Layer Security configurations. #nsacyber
moodlescan
Tool for scan vulnerabilities in Moodle platforms
PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
plution
Prototype pollution scanner using headless chrome
powershell-android-utils
PowerShell module providing utility commands to manipulate a APK file on Windows
ppfuzz
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
PPScan
Client Side Prototype Pollution Scanner
RCE-0-day-for-GhostScript-9.50
RCE 0-day for GhostScript 9.50 - Payload generator
rengine
reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.
robots-disallowed-dict-builder
Script generating a dictionary containing the most common DISALLOW clauses from robots.txt file found on CISCO Top 1 million sites
SerialDetector
A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications
SigFlip
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
svn-extractor
simple script to extract all web resources by means of .SVN folder exposed over network.
SysWhispers2
AV/EDR evasion via direct system calls.
Whisker
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
wordlists-8
Wordlists for Fuzzing
XXE-study
This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.