Personal collection of scripts and pen testing tools
List of UNIX binaries that can be used to escape low privileged shells. Website can be used to search for interesting binaries and includes code snippets.
List of Windows based exe and dlls that can be used to perform certain actions of a Windows system.
Github repo containing a organised set of payloads. Very usful to find expolits for an enumerated service.
Cheat sheet containing the enumeration basic.
List of 'recipes' used to convert and minipulate text.
Search tool to look through historic boxes covered by Ippsec.
List of reverse shell commands for various languages.
List of static binaries that can be used to easily place on a target system.
https://github.com/andrew-d/static-binaries/tree/master/binaries
Creating my own python static binaries with pyinstaller:
pyinstaller --onefile <script>.py
Note: any missing imports can be added using --hidden-import
. This may be required for some large scripts
Browser extension used to discover tech used on a website.
Attempts to crack zip files protected with weak passwords
Used to search a huge online records of hashes. Used to quickly crack hashes of weak passwords.
Used to create hashes for any provided string. This is useful when write access is avaliable for the database of a Wordpress service.
Breaks down a cert file into its key file parts
Web image forensice investigation tool
Non-web based tool used for viewing and analysing the contents of music audio files.
Used to display non-visible unicode characters
Used to search online records for leaked password email combinations. Can exploit common re-use of passwords between accounts.
Tool allows easy SMTP header spoofing to impersonate any sender. This is normally filtered out by spam filters but can be used on smaller targets.
Tool that allows easy viewing of all redirected requests. This can be used as the endpoint of an XSS attack to view authentication cookies etc.
Useful mostly for signing up to services but can be used a temporary email endpoint.
Similary use-case for temporary email.
Used to convert an assortment of documents to a editable text format.
Search engine for vulnerable IoT devices.