Script checks provided domains for log4j vulnerability. A token is created with canarytokens.org and passed as header at request for a single domain. Every token is registered with provided email and the specific domain as note. After the script completes check your email inbox for mails from canarytokens IMPORTANT: have to be used with python3 USAGE: - python3 checkLog4J.py --filepath --email REQUIREMENTS: - requests
BF-Hash Herramienta para descifrar hashes por fuerza bruta Instalación git clone
DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas
Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to ex
Simple OSINT script to find Instagram profiles by name and e-mail/phone
Cryptographied Password Manager This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way without using external Service
Monty Hall Problem Simulation monty_hall_sim is a brute-force method of determining the optimal strategy for the Monty Hall Problem. Usage Set boolean
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, It Fuzzes All URLs of target website & then scan them for EAR
Docker-Vulnerability-Check Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software i
unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi
✨ Powerfull & Universal Link Bypasser ✨
GetMail 利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。
Python tool for enumerating directories and for fuzzing
log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.
Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is str
sshmap SSH Tool For OSINT and then Cracking. Linux Systems Only Usage: Scanner Syntax: scanner start/stop/status - Sarts/stops/sho
boring-flutter A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps. Currently only supporting
TTUN Server The self-hostable proxy tunnel. Running Running: docker run -e TUNNEL_DOMAIN=Your tunnel domain -e SECURE=True if using SSL ghcr.io/to
Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t
This bug doesn’t exist on x86: Exploiting an ARM-only race condition How to exploit a double free and get a shell. "Use-After-Free for dummies" In thi
🐞 Log4Scan 🔧 Log4Shell 简单的主动和被动扫描脚本 Log4scan 针对header头和fuzz参数的主动批量扫描,用于大批量黑盒检测
5 Apr 09, 2022
86 Dec 31, 2022
88 Dec 23, 2022
108 Jan 07, 2023
3 Nov 23, 2022
1 Aug 29, 2022
9 Dec 12, 2022
103 Aug 20, 2022
16 Aug 30, 2022
4 Jun 03, 2022
[email protected]">
388 Dec 27, 2022
5 Feb 21, 2022
2 Dec 16, 2021
0 Feb 07, 2022
5 Apr 04, 2022
64 Oct 18, 2022
2 Jan 11, 2022
5 Oct 08, 2022
1.2k Dec 25, 2022
6 Aug 04, 2022