NotSoSecure / Blacklist3r

Related projects ⓘ

Alternatives and complementary repositories for Blacklist3r

• noperator / CVE-2019-18935
  RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
  ☆348Updated 2 years ago
• mubix / IOXIDResolver
  IOXIDResolver.py from AirBus Security
  ☆217Updated last year
• BishopFox / GadgetProbe
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆585Updated 3 years ago
• whitel1st / docem
  A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
  ☆508Updated 9 months ago
• 0xacb / viewgen
  Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
  ☆584Updated last year
• Ridter / noPac
  Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
  ☆799Updated last year
• ropnop / impacket_static_binaries
  Standalone binaries for Linux/Windows of Impacket's examples
  ☆717Updated last year
• GoSecure / dtd-finder
  List DTDs and generate XXE payloads using those local DTDs.
  ☆608Updated 8 months ago
• itm4n / FullPowers
  Recover the default privilege set of a LOCAL/NETWORK SERVICE account
  ☆573Updated 4 years ago
• blackarrowsec / mssqlproxy
  mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socke…
  ☆723Updated 3 years ago
• leechristensen / SpoolSample
  PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as w…
  ☆918Updated 5 months ago
• pimps / ysoserial-modified
  That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
  ☆176Updated 2 years ago
• synacktiv / HopLa
  HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
  ☆711Updated 3 years ago
• CiscoCXSecurity / linikatz
  linikatz is a tool to attack AD on UNIX
  ☆526Updated last year
• 0xC01DF00D / Collabfiltrator
  Exfiltrate blind remote code execution output over DNS via Burp Collaborator.
  ☆247Updated last week
• dirkjanm / PrivExchange
  Exchange your privileges for Domain Admin privs by abusing Exchange
  ☆975Updated 4 years ago
• qtc-de / remote-method-guesser
  Java RMI Vulnerability Scanner
  ☆828Updated 4 months ago
• SecurityRiskAdvisors / cmd.jsp
  A super small jsp webshell with file upload capabilities.
  ☆289Updated 3 years ago
• nccgroup / GTFOBLookup
  Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io), LOLBAS (https://github.com/LOLBAS-Proj…
  ☆262Updated last year
• TarlogicSecurity / kerbrute
  An script to perform kerberos bruteforcing by using impacket
  ☆434Updated 2 years ago
• tothi / rbcd-attack
  Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket
  ☆492Updated 2 years ago
• fox-it / aclpwn.py
  Active Directory ACL exploitation with BloodHound
  ☆701Updated 2 years ago
• blackarrowsec / redteam-research
  Collection of PoC and offensive techniques used by the BlackArrow Red Team
  ☆1,077Updated 3 months ago
• assetnote / blind-ssrf-chains
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆802Updated 2 years ago
• dirkjanm / krbrelayx
  Kerberos unconstrained delegation abuse toolkit
  ☆1,134Updated 10 months ago
• volkandindar / agartha
  A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations,…
  ☆355Updated 3 weeks ago
• Wh04m1001 / DFSCoerce
  ☆730Updated 2 years ago
• qtc-de / beanshooter
  JMX enumeration and attacking tool.
  ☆392Updated last month
• Bo0oM / WAF-bypass-Cheat-Sheet
  Another way to bypass WAF Cheat Sheet (draft)
  ☆415Updated 5 years ago
• antonioCoco / RoguePotato
  Another Windows Local Privilege Escalation from Service Account to System
  ☆1,037Updated 3 years ago