Will's repositories
GoForDorks
Easier way to use advanced search syntax on common search engines like Google, Yandex, DuckDuckGo and more.
tableofrefs
This is an repository created to compress information and make easier to find informations normally used for creating reports on day2day work.
GoMapEnum
User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin
LOTL
Living Off The Land (LOTL) persistent Reverse shell
exfil_server
An basic python exfiltration server (HTTP) to handle with multiple files and save it local with different hash names.
lazy_scripts
Basic javascript snippets to interact with DOM in some web services in order to extract usefull information.
Conferences
Conference slides
android-penetration-testing-cheat-sheet
Work in progress... Thanks for all the stars, I will try to prioritize this project :)
juicyinfo-nuclei-templates
Nuclei (https://github.com/projectdiscovery/nuclei) templates for extracting juicy info from web pages
RedTeam-Tools
Tools and Techniques for Red Team / Penetration Testing
dumpall
一款信息泄漏利用工具,适用于.git/.svn/.DS_Store泄漏和目录列出
MFASweep
A tool for checking if MFA is enabled on multiple Microsoft Services
chisel
A fast TCP/UDP tunnel over HTTP
frida-scripts
Frida Scripts
LoggerPlusPlus-API-Filters
A Collection of Logger++ Filters for Hunting API Vulnerabilities
o365recon
retrieve information via O365 and AzureAD with a valid cred
waymore
Find way more from the Wayback Machine!
PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
subjs
Fetches javascript file from a list of URLS or subdomains.
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc)
sns
IIS shortname scanner written in Go
MSOLSpray
A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
git-dumper
A tool to dump a git repository from a website
imapsprayer
A simple IMAP password sprayer
csrf-poc-generator
this html file creates a csrf poc form to any http request.
zendesk_chat_adapter
Inbenta's public repository
HTTPLeaks
HTTPLeaks - All possible ways, a website can leak HTTP requests