NotSoSecure / Blacklist3r
project-blacklist3r
☆495Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for Blacklist3r
- RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.☆348Updated 2 years ago
- IOXIDResolver.py from AirBus Security☆217Updated last year
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆585Updated 3 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆508Updated 9 months ago
- Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys☆584Updated last year
- Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user☆799Updated last year
- Standalone binaries for Linux/Windows of Impacket's examples☆717Updated last year
- List DTDs and generate XXE payloads using those local DTDs.☆608Updated 8 months ago
- Recover the default privilege set of a LOCAL/NETWORK SERVICE account☆573Updated 4 years ago
- mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socke…☆723Updated 3 years ago
- PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as w…☆918Updated 5 months ago
- That repository contains my updates to the well know java deserialization exploitation tool ysoserial.☆176Updated 2 years ago
- HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite☆711Updated 3 years ago
- linikatz is a tool to attack AD on UNIX☆526Updated last year
- Exfiltrate blind remote code execution output over DNS via Burp Collaborator.☆247Updated last week
- Exchange your privileges for Domain Admin privs by abusing Exchange☆975Updated 4 years ago
- Java RMI Vulnerability Scanner☆828Updated 4 months ago
- A super small jsp webshell with file upload capabilities.☆289Updated 3 years ago
- Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io), LOLBAS (https://github.com/LOLBAS-Proj…☆262Updated last year
- An script to perform kerberos bruteforcing by using impacket☆434Updated 2 years ago
- Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket☆492Updated 2 years ago
- Active Directory ACL exploitation with BloodHound☆701Updated 2 years ago
- Collection of PoC and offensive techniques used by the BlackArrow Red Team☆1,077Updated 3 months ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆802Updated 2 years ago
- Kerberos unconstrained delegation abuse toolkit☆1,134Updated 10 months ago
- A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations,…☆355Updated 3 weeks ago
- ☆730Updated 2 years ago
- JMX enumeration and attacking tool.☆392Updated last month
- Another way to bypass WAF Cheat Sheet (draft)☆415Updated 5 years ago
- Another Windows Local Privilege Escalation from Service Account to System☆1,037Updated 3 years ago