wand3rlust Goto Github PK

adgenerator

Active Directory Generator files for Movement, Pivoting, and Persistence for Pentesters and Ethical Hackers.

anti-virus-evading-payloads

During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!

apologee

APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers (all versions prior to V3.5) and TALON TC BACnet Automation Controllers (all versions prior to V3.5). With a 7.5 CVSS, this exploit allows for an attacker to perform an authentication bypass using an alternate path or channel to access hidden directories in the web server. This repository takes advantage of CVE-2017-9947.

avillaforensics

Avilla Forensics 3.0

awesome-anti-forensic

Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.

awesome-pentest

A collection of awesome penetration testing resources, tools and other shiny things

azureoutlookc2

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Microsoft Graph API for C2 Operations.

blackeye-im

Ultimate phishing tool powered with ngrok and serveo.net

breach-report-collection

A collection of companies that disclose adversary TTPs after they have been breached

btf

This is to be a heavily modified version of Penetration Testers Framework (PTF) for use during Bug Hunting using Debian/Ubuntu.

crocodilehunter

Taking one back for Steve Irwin 　 　 (๑•̀ㅂ•́)و

dpat

Domain Password Audit Tool for Pentesters

enumerating-ics-scada-devices

A compilation of scripts and scans for discovering and enumerating industrial control and SCADA devices. Utilizing open-source tools, I have compiled scans and scripts for targeting Operational Technology (OT) devices and hosts!

flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

frethya

Frethya is a python script which performs image stegnography by encoding and hiding message in EXIF data.

githubc2

Abusing Github API to host our C2 traffic, usefull for bypassing blocking firewall rules if github is in the target white list , and in case you don't have C2 infrastructure , now you have a free one

graylog-install-scripts

Bash scripts to install Graylog Open and its pre-requisites on Lubuntu/Ubuntu 22.04.2 LTS

hacktricks-cloud

hitchhikers-guide-to-url-analysis

Collection of Tools & Techniques for analyzing URLs

hivemind

A centralized repository location of AI training data intended to be used with the Echo framework.

howtohunt

Tutorials and Things to Do while Hunting Vulnerability.

lfisuite

Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

lolapps

LOLAPPS is a compendium of applications that can be used to carry out day-to-day exploitation.

malwaresourcecode

Collection of malware source code for a variety of platforms in an array of different programming languages.

mayorbotc2

My attempt at weaponizing Discord.

metasploit-resource-scripts

msdnsscan

MayorSec DNS Enumeration Tool

msimpersonate

msImpersonate - User account impersonation written in pure Python3

mstoolset

Toolset containing various tools, payloads, and everything in between.

my-presentations

A repository to hold the resources related to my talks/webinars/presentations.