Loading
svg
Open

Tips

  • June 21, 2024By Prapattimynk

    Most web application firewalls (WAFs) have limitations for how much data they can process when a request body is sent. This means for HTTP requests that contain a request body (i.e. POST, PUT, PATCH etc), it is usually possible to bypass the WAF by simply prepending junk data. When the request is padded with this

  • June 18, 2024By Prapattimynk

    403JUMP is a tool designed for penetration testers and bug bounty hunters to audit the security of web applications. It aims to bypass HTTP 403 (Forbidden) pages using various techniques. Features Multiple Bypass Techniques Including: Different HTTP Verbs Different Headers Path Fuzzing. Customization: Allows customization of headers and cookies for more targeted testing. Concurrency: Performs

  • June 17, 2024By Prapattimynk

    A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I recommend that you first check my

  • June 16, 2024By Prapattimynk

    With Cassowary you can run a Windows virtual machine and use Windows applications on Linux as if they were native applications, built upon FreeRDP and remote apps technology. If you prefer a setup guide video instead of a wall of text, click here. Please give a star ⭐ or follow this project if you find

  • June 16, 2024By Prapattimynk

    What is keyFinder? keyFinder is chrome extension that searches the DOM for any embedded script link, as script tag may contain keys for specific API(such as Google maps API) and you can add keywords to search for it at any website you visit. Features: it searches the DOM for “src” of scripts and see if

  • June 14, 2024By Prapattimynk

    SQL – Structured Query Language ¶‣ Advanced SQL Injection for AWAE Goal is to master SQL Injection Discovery, Detection and Exploitation Footnotes: Advanced SQL Injection Cheatsheet Rigorous Google Dorking Reddit Dorking Web Security Academy – SQL Injection My Brain + My Experience + My Logic Table of Content - Learning a lil' bit of SQL

  • March 31, 2024By Prapattimynk

    https://github.com/GradientSurfer/Draw2Img A simple web UI for interactive text-guided image to image generation, intended for any age and skill level. Features Requirements Hardware: Operating System: Software: Browser: Internet: Usage Install Clone this repositorygit clone https://github.com/GradientSurfer/Draw2Img.git Install the dependenciespip install . Start Server Start the server, by default it will listen on http://localhost:8080python draw2img/main.py Navigate to the HTTP URL

  • March 26, 2024By Prapattimynk

    https://github.com/mrwadams/attackgen AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation’s details. Features Requirements Installation Option 1: Cloning the Repository Option 2: Using Docker LangSmith Setup If

  • March 15, 2024By Prapattimynk

    https://github.com/projectdiscovery/nuclei-ai-extension Nuclei AI Browser Extension, built on top of cloud.projectdiscovery.io, simplifies the creation of vulnerability templates, by enabling users to extract vulnerability information from any webpages to quickly and efficiently create nuclei templates, saving valuable time and effort. Prerequisite A logged-in account on cloud.projectdiscovery.io is required to use this extension. You can sign up or log in before

  • March 14, 2024By Prapattimynk

    https://arttoolkit.github.io/ A RedTeam Toolkit is an interactive cheat sheet, containing a useful list of offensive security tools and their respective commands/payloads, to be used in red teaming exercises. If you hate constantly looking up the right command to use against a Windows, Linux, or Active Directory environment (like me), this project should help ease the

  • March 11, 2024By Prapattimynk

    https://github.com/HeyPuter/puter Puter is an advanced open-source desktop environment in the browser, designed to be feature-rich, exceptionally fast, and highly extensible. It can be used to build remote desktop environments or serve as an interface for cloud storage services, remote servers, web hosting platforms, and more. Getting Started Local Development git clone https://github.com/HeyPuter/puter cd puter npm

  • February 19, 2024By Prapattimynk

    https://github.com/dupontgu/qr-file-share Share small files from an offline source using only a QR code! Why? Imagine: You want to share a file with a friend nearby. You want to share from a source that does not have internet access – you just want to beam the file directly to your friend. This system lets you embed your file

  • February 5, 2024By Prapattimynk

    https://github.com/AashiqRamachandran/i-am-a-bot This project provides a solution for automatically solving various types of CAPTCHAs using a multi-modal Large Language Model (LLM). It leverages the capabilities of Google’s Vertex AI and a custom set of agents to interpret and solve CAPTCHA challenges. Features Installation Before you can use the CAPTCHA solver, you need to install the required

  • January 28, 2024By Prapattimynk

    https://github.com/spieglt/FlyingCarpet Send and receive files between Android, iOS, Linux, macOS, and Windows over ad hoc WiFi. No shared network or cell connection required, just two devices with WiFi chips in close range. Don’t have a flash drive? Don’t have access to a wireless network? Need to move a file larger than 2GB between different filesystems

  • January 20, 2024By Prapattimynk

    Freeze.rs is a payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze.rs utilizes multiple techniques to not only remove Userland EDR hooks, but to also execute shellcode in such a way that it circumvents other endpoint monitoring controls. https://github.com/Tylous/Freeze.rs Creating A Suspended Process When a process is

  • January 14, 2024By Prapattimynk

    This repository contains an advanced Bash script designed for conducting digital forensics on Linux systems. The script automates the collection of a wide range of system and user data, making it a valuable tool for IT professionals, system administrators, and digital forensic investigators. https://github.com/vm32/Digital-Forensics-Script-for-Linux Features Usage Requirements Security and Privacy Linux Distribution Compatibility The advanced

svg