Security related resources
python security related resources
Newest releases
Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
This vulnerability occurs in Outlook 2019 (16.0.13231.20262) installed on Windows 10 1909 x64
Off-the-shelf Solidity smart contracts. Built with my beloved Solidity template.
CVE-2020-16899 - Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
1.3k
Collection of malware source code for a variety of platforms in an array of different programming languages.
Yearn Protocol is a set of Ethereum Smart Contracts focused on creating a simple way to generate high risk-adjusted returns for depositors of various assets via best-in-class lending protocols, liquidity pools, and community-made
CVE-202-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Methodology for high-quality web application security testing
Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions. Relevant testers can use vulma
NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services.
Modern, privacy-friendly, and detailed web analytics that works without cookies or JS.
burpsuite extension for check unauthorized vulnerability
A Clojure library designed to generate secure random numbers for managing secrets. This project is a Python's secret module implementation for Clojure, based on Java's standard library.
mikrot8over: Fast exploitation tool for Mikrotik RouterOS up to 6.38.4
This project was created in order to fight against spammers who are rotting what Hacktoberfest was created for.
References for CKS Exam Objectives - Certified Kubernetes Security Specialist
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
Smart contract that flash borrows from Aave and uses the flash liquidity for arbitrage between Sushiswap and UniswapV2 within the same transaction
Demonstrates that CVE-2020-1472 can be done via RPC/SMB, and not only over RPC/TCP.
Dlls that can be used for side loading and other attack vectors. This Dll will not cause deadlock since it only use functions that are DllMain safe as described below.
Abuse CVE-2020-1472 (Zerologon) to take over a domain and then repair the local stored machine account password.
PoC for Zerologon - all research credits go to Tom Tervoort of Secura
Collection of PoC and offensive techniques used by the BlackArrow Red Team
Checker & Exploit Code for CVE-2020-1472 aka Zerologon.Tests whether a domain controller is vulnerable to the Zerologon attack, if vulnerable, it will resets the Domain Controller's account password to an empty string.
Hackthebox, Vulnhub, TryHackMe and Real World PenTest
Certificate Transparency (CT) is an experimental IETF standard. The goal of it was to allow the public to audit which certificates were created by Certificate Authorities (CA). TLS has a weakness that comes from the large list of
A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472).
Stash for Binary Exploitation and Reverse Engineering Resources
Proof of concept tool to test for the existence of Pulse Secure RCE (CVE-2020-8218) and to encourage further research. This tool was built around the POC from the GoSecure advisory. All credit to them for the finding.
This is a simple program designed in Python, to learn about how some ransomware works, using AES symmetric encryption.
Content-Type that can be used for XSS and some related tricks
Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and S
