An Evil OIDC Server

DoS python-engineio / socketio via the long polling transport

A collection of AWS penetration testing junk

EMUX Firmware Emulation Framework (formerly ARMX)

An interactive, terminal-based markdown presenter

Tool to pentest spark clusters

Set, add, and clear arbitrary output headers in NGINX http servers

Authenticated SSRF in Grafana

a "Proof of Concept or GTFO" mirror with an extensive index with also whole issues or individual articles as clean PDFs.

🌍 `/usr/bin/qemu-*-static`

WeirdAAL (AWS Attack Library)

A collection of custom security tools for quick needs.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Pre-Built Vulnerable Environments Based on Docker-Compose

Headless vulnerability scanner

Dive into CPython internals, trying to illustrate every detail of CPython implementation

CTF challenges I created

Windows / Linux Local Privilege Escalation Workshop

Password Safe - popular secure and convenient password manager

Binary or Hex to QR Code site

P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Ap…

A tool for spotting publicly accessible S3 buckets

The regex file necessary to build language ports of Browserscope's user agent parser.

Utility for exploiting the one-time pad (OTP) key reuse vulnerability.

A tool for exploring each layer in a docker image

Turns an Arduino (I used a RedStick from Sparkfun) in a cryptography token, allowing you to encrypt and decrypt messages with an unknown secret key using the NaCl encryption algorithm.

Stop your fonts from being fingerprinted. Protect your privacy by only using white-listed fonts.

Just a quick and dirty implementation of a padding oracle attack to decrypt CBC ciphertext

UnoJoy! allows you to easily turn an Arduino Uno (or Mega or Leonardo) into a PS3-compatible USB game controller