A tool for automatically gathering sensitive information from exposed Jenkins servers
☆104Dec 8, 2022Updated 3 years ago
Alternatives and similar repositories for Jenkins-Pillage
Users that are interested in Jenkins-Pillage are comparing it to the libraries listed below
Sorting:
- Scan secrets from Continuous Integration Build Logs☆53Oct 14, 2019Updated 6 years ago
- A Burp extension to show the Collaborator client in a tab☆36Dec 23, 2022Updated 3 years ago
- Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)☆135Jan 15, 2020Updated 6 years ago
- Transparently log all data passed into known JavaScript sinks - Sink Logger extension for Burp.☆49Jul 20, 2022Updated 3 years ago
- My solutions in Python for Corelan's Exploit Writing Tutorials☆13Jun 2, 2016Updated 9 years ago
- Generate pentest reports based on github issues.☆16Dec 8, 2022Updated 3 years ago
- Merge results from NMAP and Masscan into one CSV file☆18Jun 19, 2018Updated 7 years ago
- Scan for and exploit Consul agents☆39Jun 11, 2019Updated 6 years ago
- CVE-2019-12949☆26Jun 28, 2019Updated 6 years ago
- Script to test for Cisco ASA path traversal vulnerability (CVE-2018-0296) and extract system information.☆206Feb 15, 2024Updated 2 years ago
- PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)☆25Dec 1, 2018Updated 7 years ago
- Automates credential skimming from service accounts in Windows Registry☆78Sep 29, 2020Updated 5 years ago
- Multithreaded Padding Oracle Attack on Oracle OAM (CVE-2018-2879)☆25Aug 6, 2019Updated 6 years ago
- CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.☆532Mar 7, 2022Updated 4 years ago
- Burp Suite Extension to monitor new scope☆200Mar 31, 2021Updated 4 years ago
- Pypykatz agent implemented in .NET☆84Mar 15, 2019Updated 6 years ago
- Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys☆657Feb 1, 2025Updated last year
- Python automation of Docker.sock abuse☆211Dec 8, 2022Updated 3 years ago
- HTML5 WebSocket message fuzzer☆148Nov 23, 2018Updated 7 years ago
- Discover target social media profiles☆81Sep 26, 2022Updated 3 years ago
- 🔵 Ethereum and BNB (BSC) Mev bot - Arbitrage☆357Updated this week
- Burp Suite extension to discover assets from HTTP response.☆232Jan 22, 2025Updated last year
- Some scripts and exploits☆148Jul 9, 2018Updated 7 years ago
- ☆102May 5, 2020Updated 5 years ago
- Jsdir is a Burp Suite extension that extracts hidden paths from js files and beautifies it for further reading.☆122Sep 12, 2020Updated 5 years ago
- A proof of concept for delivering webbugs via AWS lambda☆46Sep 10, 2018Updated 7 years ago
- Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process.☆44Aug 7, 2020Updated 5 years ago
- Inject .Net payloads into other .Net assemblies on disk☆61Dec 12, 2019Updated 6 years ago
- SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt…☆195Jun 30, 2019Updated 6 years ago
- Slides and Code for the BHUSA 2019 talk: Flying a False Flag☆238Nov 8, 2019Updated 6 years ago
- Tool for assessing on-premises Microsoft servers authentication such as ADFS, Skype, Exchange, and RDWeb☆148Dec 3, 2020Updated 5 years ago
- Collection of metasploit modules☆69Mar 1, 2017Updated 9 years ago
- Extract the password of the current user from flow (keylogger, config file, ..) Use SSPI to get a valid NTLM challenge/response and test …☆59Mar 8, 2019Updated 7 years ago
- This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit c…☆575Jan 22, 2020Updated 6 years ago
- Check for know iframeBuster XSS☆12Sep 25, 2024Updated last year
- Library Secruity dependency Checker☆12Sep 13, 2019Updated 6 years ago
- Notes about attacking Jenkins servers☆2,091Jul 10, 2024Updated last year
- The SSH Multiplex Backdoor Tool☆65Oct 21, 2019Updated 6 years ago
- List (or plunder) private repos/gists to which a token has access, including those of other users☆10Jan 29, 2022Updated 4 years ago