A tool to use novel locations to extract metadata from Office documents.

A list of open source web security scanners

A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.

National Rick Astley Hotline

A fast TCP/UDP tunnel over HTTP

Scripts to extract files from SCM directories left on web servers

Sloc, Cloc and Code: scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go

Count lines of code quickly.

cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.

A list of "secrets" from JWT sample code and readme files.

Proof of Concepts

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Simple, reliable, and efficient distributed task queue in Go

GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems.

Elegant Scraper and Crawler Framework for Golang

Assists in mass exportation of Nessus scans

CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs

Screenshot Shenanigans

Proof of concept code to go with my OTS Certificate blog post

Snowden Archive: The SIDtoday Files

Python script for converting nmap reports into XLS

Vulnerable SAML infrastructure training applicaiton

Most advanced XSS scanner.

My journey to learning Go

Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!

🎯 Prevent RubberDucky (or other keystroke injection) attacks

Patch and build VMware tools automatically