Andrew's repositories
burp_xss_restriction_bypass_checker
XSS filter bypass extension for PortSwigger Burp Suite.
AFL
american fuzzy lop - a security-oriented fuzzer
api_final_yatube
API Yatube – приложение, при помощи которого можно взаимодействовать с статьями, комментариями и подписываться на авторов. Авторизация выполняется при помощи JWT-токенов.
api_yamdb
API YaMD – проект, который собирает отзывы пользователей на различные художественные произведения при помощи API.
chainbreaker
Mac OS X Keychain Forensic Tool
chisel
A fast TCP/UDP tunnel over HTTP
CMSmap
CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
CutyCaptList
Python script for creating screenshots with the CutyCapt Kali Linux utility from the list
homework_bot
Бот, который проверяет статусы проектов при помощи Telegram API.
ip-location-checker
This script uses https://ipwhois.io/ and prints IP geolocation from the list.
CVE-2023-25690-POC
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
dnsmap
Scan for subdomains using bruteforcing techniques
git-dumper
A tool to dump a git repository from a website
GitTools
A repository with 3 tools for pwn'ing websites with .git repositories available
idacode
An integration for IDA and VS Code which connects both to easily execute and debug IDAPython scripts.
IKEv2-setup
Set up Ubuntu Server 20.04 (or 18.04) as an IKEv2 VPN server
infra_actions
Учебный проект для изучения работы GitHub Actions (Яндекс Практикум)
jest-dom
:owl: Custom jest matchers to test the state of the DOM
jwt_tool
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
mimikatz
A little tool to play with Windows security
pwn_jenkins
Notes about attacking Jenkins servers
RockYou2021.txt
RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!
RsaCtfTool
RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
simple-php-web-shell
Tiny PHP Web shell for executing unix commands from web page
static-analysis
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
volatility
An advanced memory forensics framework
yatube_project
Yatube – cоциальная сеть, разработанная на фреймворке Django.