oxagast / oxasploits
A number of exploits and tools I've written for CVEs accredited to Marshall Whittaker/oxagast
☆4Updated this week
Alternatives and similar repositories for oxasploits:
Users that are interested in oxasploits are comparing it to the libraries listed below
- A python-based padding oracle tool☆20Updated 6 months ago
- ☆12Updated last year
- Cisco CallManager User Enumeration☆15Updated 2 years ago
- A parallel scanner that utilises axiom to spin up servers and parallel scan using masscan.☆16Updated 4 years ago
- Poc script for ProxyShell exploit chain in Exchange Server☆18Updated 2 years ago
- ☆20Updated 5 years ago
- Drakus allows you to monitor the artifacts and domains used in a Red Team exercise to see if they have been uploaded to certain online ma…☆13Updated 4 years ago
- Supporting material for the "Hunting Bugs In The Tropics" DEFCON 30 talk☆9Updated 2 years ago
- The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application pen…☆10Updated 8 years ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆19Updated 4 years ago
- Tapir: a tool to search through NIST CVE database, with cache and regex.☆15Updated 2 years ago
- Exfiltrate files using the HTTP protocol version ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1)☆21Updated 3 years ago
- Burp Suite Extension useful to inspect UPnP security☆16Updated 3 years ago
- A basic proxylogon scanner☆27Updated 3 years ago
- Burp Suite extension for extracting metadata from files☆20Updated 4 years ago
- This is a proof-of-concept of malicious software running inside of ModSecurity WAF.☆32Updated 2 years ago
- SMB Auto Relay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environme…☆47Updated 4 years ago
- Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest …☆19Updated 4 years ago
- ☆17Updated 4 years ago
- Exploit POC for CVE-2024-22026 affecting Ivanti EPMM "MobileIron Core"☆11Updated 9 months ago
- OSINT tool abusing SecurityTrails domain suggestion API to find potentially related domains by keyword and brute force.☆25Updated last year
- Exfiltrate data with DNS queries. Based on CertUtil and NSLookup.☆22Updated last year
- Identify common attack paths to get Domain Administrator☆22Updated 5 years ago
- Easily-guessable Password Generator for Password Spray Attack☆20Updated 4 years ago
- Exchange your privileges for Domain Admin privs by abusing Exchange☆16Updated 4 years ago
- pwncat windows c2 components☆19Updated 3 years ago
- Converts JBoss/Wildfly management users properties file to hashcat format compatible with mode 20☆12Updated 4 years ago
- Simple C2 over the Trello API☆38Updated 2 years ago
- ☆21Updated last year
- OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threat research tea…☆18Updated 3 years ago