Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys

Trying to hack into keyboards

Simple websites vulnerable to Server Side Template Injections(SSTI)

Bypassing disabled exec functions in PHP (c) CRLF

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Exploit written in Python for CVE-2018-15473 with threading and export formats

Google CTF

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM

Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper us…

A Python module to bypass Cloudflare's anti-bot page.

This is a webshell open source project

A PowerShell script for helping to find vulnerable settings in AD Group Policy. (deprecated, use Grouper2 instead!)

A tool that implements the Golden SAML attack

SSRF (Server Side Request Forgery) testing resources

A list of public penetration test reports published by several consulting firms and academic security groups.

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

The modern Java bytecode editor

Scripts-Scanner de hardening de SO (Linux, OpenBSD, FreeBSD, apache, PHP e outros)

Deserialization payload generator for a variety of .NET formatters

Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Primitive tool for exploring/querying Java classes via the Tinkerpop Gremlin graph traversal language

Exploit PoC for Spring RCE issue (CVE-2011-2894)

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

A list of my CVE's with POCs

This is a weaponized WSUS exploit

Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…