unashamedgeek's repositories
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
agartha
a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to spot authentication/authorization issues, and converts Http requests to Javascript for further XSS exploitation and more.
awesome-burp-extensions
A curated list of amazingly awesome Burp Extensions
burp-piper-custom-scripts
Custom scripts for the PIPER Burp extensions.
ChatGPTerminator
ChatGPT in the terminal!
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
client-side-prototype-pollution
Prototype Pollution and useful Script Gadgets
cloudfox
Automating situational awareness for cloud penetration tests.
Ghostwriter
The SpecterOps project management and reporting engine
hosts
đź”’ Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
interactsh
An OOB interaction gathering server and client library
Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy
Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE)
ldapnomnom
Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
lego
Let's Encrypt/ACME client and library written in Go
linsk
đź“‚ Access Linux-native file systems (including LVM and LUKS) on Windows and macOS with help of a lightweight Alpine Linux VM. x86/ARM supported.
My-PoC-Exploits
PoC exploits I wrote. They're as is and I will not offer support
nuclei
Fast and customizable vulnerability scanner based on simple YAML based DSL.
passpie
:closed_lock_with_key: Multiplatform command-line password manager
PowerRemoteDesktop
Remote Desktop entirely coded in PowerShell.
pyscripter-er
A framework built on top of Burp's Python Scripter extension.
reverse_ssh
SSH based reverse shell
SecretFinder
SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files
sj
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
socketsleuth
Burp Extension to add additional functionality for pentesting websocket based applications
SQLRecon
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
sslsplit
Transparent SSL/TLS interception
turbo-intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
unpack-burp
For unpacking base64:ed "Save items"-content from Burp (From search + proxy history)
Vajra
Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure environment. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking techniques all at one place with web UI interfaces.