HackGit

Home
HackGit

🎓 Open Source Pe*******on Testing Tools
💰 Donate: https://bit.ly/3JV0qDp

05/02/2024

YWH Logo Vulnerable Code Snippets

Code snippets containing several different vulnerabilities to practice your code analysis in a safe dockerized envoriment. The vulnerable code snippets are suitable for all skill levels.

https://github.com/yeswehack/vulnerable-code-snippets

05/02/2024

APIDetector

A powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false-positives. It's particularly useful for security professionals and developers who are engaged in API testing and vulnerability scanning.

https://github.com/brinhosa/apidetector

05/02/2024

Nim-Shell

Reverse shell that can bypass EDR and windows defender detection.

https://github.com/emrekybs/nim-shell

03/02/2024

CVE-2024-21893

is server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

https://github.com/h4x0r-dz/CVE-2024-21893.py

03/02/2024

SiCat

SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems.

https://github.com/justakazh/sicat

03/02/2024

SmuggleFuzz

HTTP/2 based downgrade and smuggle scanner

https://github.com/Moopinger/smugglefuzz

03/02/2024

SQLi_Sleeps

It is a simple script that allows to find SQLi vulnerabilities, obtaining the response time greater than 20 seconds per medium and time-based injection.

https://github.com/HernanRodriguez1/SQLi_Sleeps

02/02/2024

CLZero

A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors.

https://github.com/Moopinger/CLZero

02/02/2024

MetaHub

MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.

https://github.com/gabrielsoltz/metahub

02/02/2024

CVEMap

Navigate the Common Vulnerabilities and Exposures (CVE) jungle with ease using CVEMAP, a command-line interface (CLI) tool designed to provide a structured and easily navigable interface to various vulnerability databases.

https://github.com/projectdiscovery/cvemap

02/02/2024

CVE-2023-22527

RCE (Remote Code Ex*****on) Vulnerability In Confluence Data Center and Confluence Server PoC

https://github.com/Avento/CVE-2023-22527_Confluence_RCE

02/02/2024

ThievingFox

A collection of post-exploitation tools to gather credentials from various password managers and windows utilities. Each module leverages a specific method of injecting into the target process, and then hooks internals functions to gather crendentials.

https://github.com/Slowerzs/ThievingFox

02/02/2024

oss-fuzz-gen

This framework generates fuzz targets for real-world C/C++ projects with various Large Language Models (LLM) and benchmarks them via the OSS-Fuzz platform.

https://github.com/google/oss-fuzz-gen

02/02/2024

Unmanaged .NET Patching

A proof-of-concept for patching managed .NET function from unmanaged code

https://github.com/outflanknl/unmanaged-dotnet-patch

01/02/2024

Frameless BITB

A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.

https://github.com/waelmas/frameless-bitb

01/02/2024

CVE-2023-45779

A set of scripts and artifacts that demonstrate detection and exploitation of Android devices that ship APEXes signed with test keys from AOSP.

https://github.com/metaredteam/rtx-cve-2023-45779

Details:

https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys

01/02/2024

RWCTF6th-RIPTC

Exploit for Real World CTF 6th RIPTC

https://github.com/N1ghtu/RWCTF6th-RIPTC

01/02/2024

Automated Multi UAC bypass

Automated os version selector to run UAC based on OS versions.

https://github.com/x0xr00t/Automated-MUlti-UAC-Bypass

01/02/2024

MyDumbEDR

This repo contains all the necessary files to run the MyDumbEDR and try to bypass.

https://github.com/sensepost/mydumbedr

01/02/2024

BOFHound

Generate compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

https://github.com/coffeegist/bofhound

01/02/2024

Cybersecurity Roadmap

Skills and career roadmap for professionals.

https://github.com/jassics/cybersecurity-roadmap

29/01/2024

RemoteTLSCallbackInjection

This method utilizes TLS callbacks to execute a payload without spawning any threads in a remote process. This method is inspired by Threadless Injection as RemoteTLSCallbackInjection does not invoke any API calls to trigger the injected payload.

https://github.com/Maldev-Academy/RemoteTLSCallbackInjection

29/01/2024

PurpleLab

lab solution, providing a swift setup for professionals to test detection rules, simulate logs, and various security tasks

https://github.com/Krook9d/PurpleLab

29/01/2024

Stardust

An modern 64-bit position independent implant template.

• raw strings

• global instance

• compile time hashing

https://github.com/Cracked5pider/Stardust

Details:

https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design

29/01/2024

EnumSSN

Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction return address in ntdll module by parsing the PEB of the current process (no use of GetModuleHandleA and GetProcAddress).

https://github.com/ProcessusT/EnumSSN

29/01/2024

GraphStrike

A suite of tools that enables 's HTTPS to use Microsoft Graph API for C2 communications.

https://github.com/RedSiege/GraphStrike

29/01/2024

PInvoke.Dev

Code-generated P/Invoke signatures.

https://github.com/ZeroPointSecurity/PInvoke

Web:

https://www.pinvoke.dev/

29/01/2024

Ligolo-mp

A more specialized version of Ligolo-ng, with client-server architecture, enabling pentesters to play with multiple concurrent tunnels collaboratively. Also, with a sprinkle of less important bells and whistles.

https://github.com/ttpreport/ligolo-mp

29/01/2024

SOAPHound

A custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

https://github.com/FalconForceTeam/SOAPHound

29/01/2024

Ultimate-RAT-Collection

For educational purposes only, samples of old & new builders including screenshots!

https://github.com/yuankong666/Ultimate-RAT-Collection

Address

Website

https://t.me/hackgit

Alerts

Be the first to know and let us send you an email when HackGit posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Videos

Extensible Azure Security Tool Later referred as E.A.S.T is tool for assessing Azure and to some extent Azure AD security controls. Primary use case of EAST is Security data collection for evaluation in Azure Assessments. This information (JSON content) can then be used in various reporting tools, which we use to further correlate and investigate the data. https://github.com/jsa2/EAST via https://t.me/HackGit/6545

Shortcuts

Address
Alerts
Videos
Claim ownership or report listing
Want your business to be the top-listed Media Company?

Country:

City:

05/02/2024

05/02/2024

05/02/2024

03/02/2024

03/02/2024

03/02/2024

03/02/2024

02/02/2024

02/02/2024

02/02/2024

02/02/2024

02/02/2024

02/02/2024

02/02/2024

01/02/2024

01/02/2024

01/02/2024

01/02/2024

01/02/2024

01/02/2024

01/02/2024

29/01/2024

29/01/2024

29/01/2024

29/01/2024

29/01/2024

29/01/2024

29/01/2024

29/01/2024

29/01/2024

Address

Website

Alerts

Videos

Shortcuts

Share