Security related resources

CVE-2022-21907 - Double Free in http.sys driver Summary An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request he

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17. Detail HTTP

CVE-2021-32099 SQLi Bypass login Useful when trying to read User Flag on Pandora.htb CVE-2021-32099 SQLi allow attacker bypass login. Target Exploit o

Mobile & IOT Malware, Spyware, & Forensic Analysis Author: Jonathan Scott Twitter: @jonathandata1 Version 1.0 This repository contains methods, and to

open-source-web-scanners A list of open source web security scanners on GitHub. General Purpose Web Scanners Main Site Last Commit Committers Stars Ar

🅼🅰🅳🅴 🆆🅸🆃🅷 🅿 🆈🆃🅷🅾🅽 🆅 🅿 🅷🅸🆂🅷🅴🆁 [+] 𝕯𝖊𝖘𝖈𝖗𝖎𝖕𝖙𝖎𝖔𝖓 : Ultimate phishing tool ,A beginners friendly, Automated phishing tool

Volatile Fast and easy way to rollout on multiple GitLab project file a particular content. Why ? After looking for a tool to simply enforce a develop

Program Features - 📌 Hack all Android phones. - 📌 Failure to detect antivirus. - 📌 Superior encryption - 📌 Source provided - 📌 100 ٪ FUD - 📌 It

README This small script takes any decklist from an MTGO list and pulls all card images as jpg or png files into your directory. If you like this pr

Phishing Email Analysis Useful tools MX Lookup Online URL/Attachment Analysis Tools AnyRun Browserling Hybrid Analysis urlscan Reputation Check Virust

This is a Password database I made for myself, as I want to keep all my passwords in the same place. but still protected, shall anyone get access to the file. And so I made this simple password database, that can encrypt, decrypt

Cuckoo 3 Cuckoo 3 is a Python 3 open source automated malware analysis system. For setup instructions, please refer to our documentation. This is a de

Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to

ClickJackPoc This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets . Once the Target i

Tenssens - OSINT Framework Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free

Discord-BotnetClient Embed C&C botnet into the discord client. Working trought websocket c&c server. How to use. pip3 install websocket_server colored

CLICK-Jack It is a automatic tool to find Clickjacking Vulnerability in various Web applications. What is Clickjacking ? Clickjacking, also known as a

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi

Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. Crossing the Log4j Horizon - A Vulnerability With No Retu

3ds Ghidra Scripts These are ghidra scripts to help with 3ds reverse engineering. Features: Labels, comments (when inlined), and bookmarks svc use Lab

CVE-2021-42342 RCE

CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv

Ψ Information Gathering Through Link STILL TESTING About Psi Gets The Information About browser and Device of User. Get exact location and cam snap. H

Malware Arcane Repository of notes and scripts I use when doing malware analysis Qakbot Some scripts that can be useful when dealing with Qakbot fiddb

Lnkbomb Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon fi

Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

NOTE: For more recent development, check out Michel Oosterhof's fork Kippo Kippo is a medium interaction SSH honeypot designed to log brute force atta

ssh-audit ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and o

Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more. Another Log4j on the fire: Unifi Why? Proof of c

ShadowCoerce MS-FSRVP coercion abuse PoC Credits: Lionel GILLES (a.k.a. Topotam) Source: https://twitter.com/topotam77/status/1475701014204461056 Expl

CVE-2021-44733: Fuzzing and exploitation of a use-after-free in the Linux kernel TEE subsystem Recently a use-after-free vulnerability was discovered

Linux Security and Monitoring Scripts These are a collection of security and monitoring scripts you can use to monitor your Linux installation for sec