hehacks Goto Github PK

c2hack

C2Hack, sharing tips and tricks for pentesters

can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

chaos-recon

This little script for gathering chaos.projectdiscovery.io recon data in an organized way and finding the daily differences on it

cheatsheetseries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

check-udid

Check UDIDs in .ipa file (Perl script)

clipboard-stalker

Android v6+ application to monitor (stalk) the clipboard and grab the content.

clipboardtoast

Clipboard access notification inspired by iOS 14

cloud-pentesting

cloud-reports

Scans your AWS cloud resources and generates reports. Check out free hosted version:

cloud-service-enum

cloud-wiki

A public cloud security knowledgebase - https://www.secwiki.cloud/

cloud_enum

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

cloudpentestcheatsheets

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

cobalt-product-public-docs

Source for public Cobalt external product documentation

collabfiltrator

Exfiltrate blind remote code execution output over DNS via Burp Collaborator.

combined-wordlists

A combined wordlists for files and directory discovery

command-mobile-penetration-testing-cheatsheet

Mobile penetration testing android command cheatsheet

corsy

CORS Misconfiguration Scanner

crithit

Takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

ctf-writeups

My writeups of various CTFs & security challenges

cyberchef-recipes

A list of cyber-chef recipes

damn-vulnerable-bank

Vulnerable Banking Application for Android

decrypt-cordova-file

Python script to decrypt files encrypted using Cordova in Android app

disable-flutter-tls-verification

A Frida script that disables Flutter's TLS verification

distributed-jwt-cracker

An experimental distributed JWT token cracker built using Node.js and ZeroMQ

droxes

A simple script to turn an Android device/emulator into a test-ready box.

dsdump

An improved nm + Objective-C & Swift class-dump

dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

enterprisepurpleteaming

Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.