MX's Projects
API Security Projecto aims to present unique attack & defense methods in API Security field
Fastes Email:Pass Checker on the planet.
Azure Data Exporter for BloodHound
This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/)
Automatically brute force all services running on a target.
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
just idea, no cp pls
Config files for my GitHub profile.
Shellcode launcher for AV bypass
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
EasyPen is a GUI program which helps pentesters do target discovery, vulnerability scan and exploitation
EMBA - The firmware security analyzer
Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
evilginx2 + gophish
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
Spoofing desktop login applications with WinForms and WPF
Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
An OSINT Geolocalization tool for Telegram that find nearby users and groups 📡🌍🔍
Abusing Github API to host our C2 traffic, usefull for bypassing blocking firewall rules if github is in the target white list , and in case you don't have C2 infrastructure , now you have a free one
绕过AV/EDR的代码例子(Code example to bypass AV/EDR)
The Havoc Framework
HVNC for Cobalt Strike
HiddenVM — Use any desktop OS without leaving a trace.
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹2000+,暴力破解协议10余种。
Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second