Prayog's repositories
bubblewrap
Unprivileged sandboxing tool
kube-bench
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
Red-Teaming-Toolkit
A collection of open source and commercial tools that aid in red team operations.
Gorsair
Gorsair hacks its way into remote docker containers that expose their APIs
injectAllTheThings
Seven different DLL injection techniques in one single project.
the-backdoor-factory
Patch PE, ELF, Mach-O binaries with shellcode (NOT Supported)
CVE-2019-19781
Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]
CVE-2019-11510
Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
hakrevdns
Small, fast tool for performing reverse DNS lookups en masse.
PowerTrick
This is a repository for the public blog with Labs indicators of compromise and code
CVE-2019-11708
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
codex-backend
Codex Gigas malware DNA profiling search engine discovers malware patterns and characteristics assisting individuals who are attracted in malware hunting.
macro_pack
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
ccat
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
shhgit
Ah shhgit! Find GitHub secrets in real time
COMahawk
Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322
es-espana
Free open public domain football data (football.db) for España (Spain) / Europe - Primera División / La Liga, etc.
england
Free open public domain football data for England (and Wales) incl. English Premier League (EPL) etc.
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
data.gov
Data.gov source code and issue tracker
data
APTnotes data
bruteforce-database
Bruteforce database
Exploits
Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
MaliciousMacroMSBuild
Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.
MaliciousMacroGenerator
Malicious Macro Generator
BreachNotes
Various public documents, white-papers, articles, data, analysis, and statistics about breaches and security trends.
awesome-iocs
A collection of sources of indicators of compromise.
p5-app-dubioushttp
use ambiguous HTTP to circumvent security systems
Andspoilt
Run interactive android exploits in linux.
p5-ssl-tools
various standalone perl scripts