Stars
Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
Simple websites vulnerable to Server Side Template Injections(SSTI)
Bypassing disabled exec functions in PHP (c) CRLF
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Exploit written in Python for CVE-2018-15473 with threading and export formats
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM
Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper us…
A Python module to bypass Cloudflare's anti-bot page.
A PowerShell script for helping to find vulnerable settings in AD Group Policy. (deprecated, use Grouper2 instead!)
SSRF (Server Side Request Forgery) testing resources
A list of public penetration test reports published by several consulting firms and academic security groups.
Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
Scripts-Scanner de hardening de SO (Linux, OpenBSD, FreeBSD, apache, PHP e outros)
Deserialization payload generator for a variety of .NET formatters
Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language
Proof-of-concept codes created as part of security research done by Google Security Team.
Exploit PoC for Spring RCE issue (CVE-2011-2894)
An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector