-
Agentic-Behavior-Labs Public
Experiments grounded in cognitive psychology and I/O psych repeated for multi-agentic systems
Python The Unlicense UpdatedMar 30, 2026 -
JS-Tap Public
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom Java…
-
MCP-ASD Public
MCP Attack Surface Detector - Burp plugin to make manual testing of MCP servers easier in Burp Suite
-
hoodoer-bio-page Public
Static HTML linking my repose, blogs, talks, etc.
HTML The Unlicense UpdatedFeb 23, 2026 -
bitwiseMunitionsPage Public
Static HTML page for bitwise munitions domain
HTML The Unlicense UpdatedJan 3, 2026 -
ColonelClustered Public
A Java Burp Plugin that performs text clustering on responses to identify outliers/groups based on the actual content of the server responses, say from an Intruder run.
-
DragonHash Public
Demo code JavaScript POC that tricks user into sending Windows hash to responder
-
Web_Crypto_API_Demo Public
Demo server and client-side JavaScript code for how to use Web Crypto API to do application level encryption for your web traffic.
-
YoutubeSearcher Public
Python script to leverage a YouTube search API to create CSV files of searches. Links to videos, titles, description, unique IDs and more are put into the CSV file to import into Excel.
Python The Unlicense UpdatedNov 2, 2024 -
proxy-helper-the-sequel Public
Port/rework of proxy-helper plugin for hak5 Pineapples
-
pineapple-modules Public
Forked from hak5/pineapple-modulesThe Official WiFi Pineapple Module Repository for the WiFi Pineapple Mark VII
TypeScript UpdatedJan 9, 2024 -
dragInputClickjacking Public
Demo of using draggable elements in a clickjacking PoC to "type" user inputs.
-
rickRollAddressBarPayload Public
XSS/JavaScript payload that runs the rick roll lyrics through in the browser address bar.
-
base64PlistHunter Public
Script to extract base64 encoded Binary PLISTs from XML/PLIST files
Python The Unlicense UpdatedSep 6, 2023 -
postBasedXSS Public
Demo of various ways to exploit post based reflected XSS
-
plistsubstractor3 Public
Python3 version of plistsubstractor
-
javaScriptDeployer Public
Example bash script and JavaScript to copy a JavaScript payload into all .js files, but have only one copy run, regardless of how many .js files are included in the rendered page.
-
checkHostsInScope Public
Bash script to take a list of domains/subdomains (e.g. from amass) and check if they're in scope based on a file of inscope IP addresses
-
XSS-Data-Exfil Public
Sample code for exfiltrating data through an XSS vulnerability. XSS Payload retrieves sensitive data in victim's browser, then breaks it into chunks. Sends those chunks out as image requests (data …
-
certgraph Public
Forked from lanrat/certgraphAn open source intelligence tool to crawl the graph of certificate Alternate Names
Go GNU General Public License v2.0 UpdatedFeb 24, 2021 -
endgame Public
Forked from DavidDikker/endgameAn AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
-
sonicWallBruteForce Public
Script to brute force logins to SonicWall
-
WP-XSS-Admin-Funcs Public
JavaScript functions intended to be used as an XSS payload against a WordPress admin account.
-
shadow-workers Public
Forked from shadow-workers/shadow-workersShadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
JavaScript MIT License UpdatedAug 12, 2020 -
graftcp Public
Forked from hmgle/graftcpA flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
C GNU General Public License v3.0 UpdatedMay 27, 2020 -
WebShell Public
Forked from xl7dev/WebShellWebshell && Backdoor Collection
PHP GNU General Public License v2.0 UpdatedApr 6, 2020 -
demoCodeCopier Public
Script to copy chunks of code to the clipboard in the background based on how far along you are in your demo
Python The Unlicense UpdatedMar 8, 2020 -
WP-XSS-Challenge-Deploy Public
Python script to help automate deployment of my XSS challenge infrastructure
-
javascriptFileEncoder Public
Encodes a file into JavaScript friendly hex data, useful for adding file uploads to session riding XSS payloads
-
shellcodeEncryptor Public
Python script to take any file and create a C header file with that binary data encoded as a char array. Optionally XOR encrypts the data. Helpful for creating custom loaders for shellcode.
{{ message }}