nettoolbox

NetToolbox - Network Security Toolkit A comprehensive, modern...

Time-Constrained Intelligent Adversaries for Automation Vulnerability Testing: a Multi-Robot Patrol Case Study

Simulating hostile attacks of physical autonomous systems can be a useful tool to examine their robustness to attack and inform vulnerability-aware design. In this work, we examine this through the lens of multi-robot patrol, by presenting a machine learning-based adversary model that observes...

kali-linux-cheatsheet

It is an offensive tool for penetration testing. The repository contains a Kali Linux Cheat Sheet for Penetration Testers, which provides quick references, commands, and techniques for various aspects of penetration testing. The cheat sheet covers topics such as reconnaissance and enumeration,...

Beebeeto-framework

This is a Python framework for building and executing proof-of-concept POC exploits, specifically targeting the HttpFileServer HFS vulnerability. The framework is called Beebeeto and is maintained by the n0tr00t security team. The framework provides a set of tools and libraries for creating and...

JustTryHarder

This is a cheat sheet repository for the PWK Pentester's Workbench course and the OSCP Offensive Security Certified Professional exam. It is inspired by PayloadAllTheThings. The repository contains various tools, scripts, and resources for penetration testing and exploitation. The repository...

Exploit for Out-of-bounds Read in Openssl

It is an exploit module/toolkit targeting OpenSSL versions vulnerable to CVE-2014-0160, also known as the Heartbleed vulnerability. The tool, ssltest.py, scans multiple hosts for this vulnerability in an efficient multi-threaded manner without exploiting the server. The probable entry point is th...

scripts

This repository contains a collection of scripts written by AverageSecurityGuy for use in penetration testing engagements. The scripts are categorized into various folders, each containing a specific type of script, such as password brute forcing, cloud interaction, database testing, enumeration,...

offensiveinterview

It is an offensive tool for penetration testing and red teaming. The repository contains a collection of interview questions to screen offensive red team/pentest candidates, categorized into open-ended, knowledge-based, and scenario-based questions. The questions cover various topics such as...

wazuh

This repository is an open-source security platform called Wazuh, which provides unified XDR and SIEM protection for endpoints and cloud workloads. The repository contains various files and templates for issue reporting, testing, and integration with external services. The probable entry points f...

sinatra

This is a Sinatra repository, a DSL for creating web applications in Ruby with minimal effort. The repository contains various files, including a .github/workflows/test.yml file that defines a GitHub Actions workflow for testing, and a Gemfile that lists dependencies for the project. The Gemfile...

disable_eval

This is a Ruby gem called "disableeval" that provides a method to protect against eval-related security vulnerabilities. The gem is designed to prevent remote code execution RCE attacks by disabling the eval method and its variants. The gem provides two main components: 1. A Rack middleware that...

hackingtool

This is an offensive tool for penetration testing and hacking. It is a collection of various tools for different types of attacks, including information gathering, web attacks, SQL injection, phishing, and more. The tool is written in Python and is designed to be run on Linux systems, including...

JNDIExploit

This is a Java-based exploit tool for JNDI Java Naming and Directory Interface injection vulnerabilities. The tool is designed to inject a payload into the JNDI repository, allowing an attacker to execute arbitrary code on the target system. The tool is based on the Rogue JNDI project and support...

Exploit for CVE-2007-2447

Internship Project 2 — Penetration Testing on Metasploitable2...

marshalsec

It is an offensive tool for Java deserialization vulnerabilities. The repository contains a Java tool called "marshalsec" that exploits Java object deserialization vulnerabilities, allowing for remote code execution. The tool includes payload generators for various Java serialization libraries,...

Pikachu

This is a proof-of-concept PoC exploit for a vulnerable web application system called Pikachu. The system contains a variety of common web security vulnerabilities, including SQL injection, cross-site scripting XSS, cross-site request forgery CSRF, remote code execution RCE, and more. The...

wazuh

This repository is an issue template for Wazuh, a free and open-source platform for threat prevention, detection, and response. The repository contains various templates for reporting bugs, making feature requests, and testing integration and component tests. The templates are organized by...

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...

metasploit-framework

This repository is an offensive tool for Metasploit Framework. It is a collection of files and workflows used to build and test the Metasploit Framework, a penetration testing tool. The repository contains various templates for reporting issues, suggesting new features, and submitting pull...

Exploit for CVE-2025-31125

🔐 Vite/Vue JS Exploitation Toolkit =============================...