plaxx + pentest   178

A collection of security related toolsets. GhostPack has 7 repositories available. Follow their code on GitHub.
c#  powershell  pentest  internal  tools  security  infosec  smb  powerup  dump 
4 days ago by plaxx
wagiro/BurpBounty: Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro. - wagiro/BurpBounty
burp  tool  plugin  web  appsec  pentest 
17 days ago by plaxx
mazen160/struts-pwn_CVE-2018-11776: An exploit for Apache Struts CVE-2018-11776
An exploit for Apache Struts CVE-2018-11776. Contribute to mazen160/struts-pwn_CVE-2018-11776 development by creating an account on GitHub.
struts  exploit  apache  poc  pentest 
26 days ago by plaxx
GitHub - zerosum0x0/koadic: Koadic C3 COM Command & Control - JScript RAT
Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.
windows  post-exploitation  pentest  rat  rootkit  jscript  vbscript 
february 2018 by plaxx
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
security  mitre  dfir  pentest  reference  ttp 
january 2018 by plaxx
hfiref0x/UACME: Defeating Windows User Account Control
Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.
security  uac  bypass  windows  privilege-escalation  pentest  exploit  vulnerability 
september 2017 by plaxx
Port-knocking Backdoor | memset's blog
raw socket port knocking connect back backdoor
backdoor  linux  unix  C  opensource  how-to  pentest  malware 
august 2017 by plaxx
internetwache/GitTools: A repository with 3 tools for pwn'ing websites with .git repositories available
able to gather files and intel from an exposed .git/ folder even if webserver has directory listing disabled
git  extract  dump  pentest  recon 
april 2016 by plaxx
« earlier      
per page:    204080120160

related tags

3com  802.11  active  active-directory  ad  addon  agent  aireplay  aireplay-ng  analytics  android  antivirus  apache  application  appsec  archive  arp  article  attack  audit  auditing  authentication  authorization  automation  autorun  av-bypass  aws  azure  backdoor  backtrack  bash  beef  benchmark  binary  blackhat  blog  browser  bruteforce  bug  builder  burp  bypass  C  c#  capture  challenge  charts  cheatsheet  check  chrome  cli  cloud  cmd  collection  command-injection  commercial  community  comparison  configuration  cracking  crawler  credentials  cross-platform  ctf  dashboard  data  database  datamining  debugger  debugging  deserialization  development  dfir  dictionary  dirbuster  discovery  distro  dns  documentation  docx  dom  domain  dropper  drupal  dsniff  dump  dvwa  electronics  email  embedded  engine  enumeration  evaluation  evasion  example  execution  exercises  exploit  exploitation  exploits  extension  extensions  extract  f-secure  facebook  file  fingerprint  firefox  flash  forensics  framework  free  fronting  funny  fuzzer  games  gdb  git  github  gnome  go  go-lang  google  googledork  gpo  gui  h3c  hackfest  hacking  hardening  hardware  headers  honeypot  hostap  how-to  hp  hpp  hta  http  https  ics  ids  image  information  infosec  infra  infrastructure  injection  interactive  internal  internet  ios  iot  ipv6  iwl4965  java  javascript  jobs  jscript  juggling  kerberos  keys  learning  lfi  library  link  linux  list  livecd  local  lotus  mac  malware  man-in-the-browser  man-in-the-middle  mdns  memory  metasploit  meterpreter  mitm  mitre  mobile  module  msfvenom  mssql  nbns  nc  ncat  netbios  netcat  netflix  network  networking  nmap  nse  ntlm  ntp  ntpd  obfuscation  online  opencore  openmoko  opensoruce  opensource  openssh  os  osx  owasp  packer  papers  pass-the-hash  passive  password  passwords  pauldotcom  payload  pcap  pdf  penetration  pentest  pentesting  perl  persistence  phishing  phone  php  physical  pivot  platform  playground  plugin  plugins  poc  poison  poisonning  post-exploitation  post-message  powershell  powerup  preg  presentation  privacy  privilege  privilege-escalation  privileges  proxy  ptrace  puzzle  python  QA  rails  rat  rce  rcp  reader  recon  recovery  red-team  reference  regex  report  research  resource  reverse-engineering  reverse-shell  rfid  rogue  roles  rootkit  rop  RoR  ruby  sample  sandbox  scada  scan  scaner  scanner  scanning  scraping  scrawlr  screenshot  script  scripts  search  security  serialization  server  servers  service  shell  shellcode  sidejacking  sinatra  sip  slack  smb  sniffer  sniffing  social  social-engineering  socket  software  some  spider  sql  sql-injection  sqli  sqlmap  sqlninja  ssh  ssl  ssti  standard  stealth  steganography  story  struts  sudo  swap  switch  sysadmin  system  talk  tcp  team  technique  telnet  template  test  testing  tips  tls  tool  tools  training  tricks  ttp  tty  tunnel  tutorial  uac  ubuntu  udp  unix  updates  usb  user-enumeration  vbscript  video  virtualbox  visualization  vlan  vm  voip  vulnerability  vulnerability-research  vulnerable  waf  web  web-based  web-shell  webapp  webdav  webdev  webkit  webservices  websocket  wep  whitelisting  wifi  wiki  windows  wireless  wordlist  wpa  wpad  xfr  xss  xxe 

Copy this bookmark: