Naresh Kumar's repositories
TakeOver-v1
Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability.
put2win
Script to automatize shell upload by PUT HTTP method to get meterpreter
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
pentest
:no_entry: offsec batteries included
can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Security-Research
Exploits written by the Rhino Security Labs team
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
randomrepo
Repo for random stuff
struts-pwn_CVE-2018-11776
An exploit for Apache Struts CVE-2018-11776
S3Scanner
Scan for open AWS S3 buckets and dump the contents
CVE-2018-15685
POC for CVE-2018-15685
PowerShdll
Run PowerShell with rundll32. Bypass software restrictions.
BurpSuite_Pro_v1.7.32
BurpSuite_Pro_v1.7.32
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
ephemera-miscellany
Ephemera and other documentation associated with the 1337list project.
subfinder
SubFinder is a subdomain discovery tool that can enumerate massive amounts of valid subdomains for any target. It has a simple modular architecture and has been aimed as a successor to sublist3r project.
Android_Kernel_CVE_POCs
A list of my CVE's with POCs
mailinabox
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
jpexs-decompiler
JPEXS Free Flash Decompiler
TheLastSliceGame
Do you have what it takes to deliver the famous Bitcoin pizza in this retro arcade-style game? The Last Slice will put your skills to the test as you play through 3 levels of pizza-delivering mayhem. The goal is simple. Deliver the Bitcoin pizza and collect your tip, now worth $10,000. So, who will nab The Last Slice?
AutoSQLi
An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.
TheDoc
TheDoc is a simple but very useful SQLMAP automator with built in admin finder, hash cracker(using hashca) and more!
GPON
Python exploit for Remote Code Executuion on GPON home routers (CVE-2018-10562). Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work.
cecil
Cecil is a library to inspect, modify and generate .NET programs and libraries.
lpeworkshop
Windows / Linux Local Privilege Escalation Workshop