Stars
EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.
API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs
One CLAUDE.md file. Keeps Claude responses terse. Reduces output verbosity on heavy workflows. Drop-in, no code changes.
An extension to find callback endpoints in the background while searching the Web
Extract acquisition and subsidiary information from SEC filings
Learn to build exploits against real world CVEs
Linux software for the Stream Deck with support for original Elgato Stream Deck plugins
Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never researched, the technique itself is never mentioned and payloads a…
Access Obsidian vault from anywhere. Self-hosted with Cloudflare Tunnel support and authentication.
A curated list of awesome Android Reverse Engineering training, resources, and tools.
takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities
This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.
Aim 💫 — An easy-to-use & supercharged open-source experiment tracker.
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
Fine-tuning an LLM (T5-small) to solve cryptic crosswords
A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
Tool to inject code into JPEG that has been stuffed through imagecreatefromjpeg in PHP
Sliver CheatSheet for OSEP
a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
Compiled Binaries for Ghostpack
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
True coop multiplayer mod for Noita.
Complete list of LPE exploits for Windows (starting from 2023)