January 15, 20255 min read
June 21, 2024By Prapattimynk
Most web application firewalls (WAFs) have limitations for how much data they can process when a request body is sent. This means for HTTP requests that contain a request body (i.e. POST, PUT, PATCH etc), it is usually possible to bypass the WAF by simply prepending junk data. When the request is padded with this
June 18, 2024By Prapattimynk
403JUMP is a tool designed for penetration testers and bug bounty hunters to audit the security of web applications. It aims to bypass HTTP 403 (Forbidden) pages using various techniques. Features Multiple Bypass Techniques Including: Different HTTP Verbs Different Headers Path Fuzzing. Customization: Allows customization of headers and cookies for more targeted testing. Concurrency: Performs
June 17, 2024By Prapattimynk
A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I recommend that you first check my
June 16, 2024By Prapattimynk
With Cassowary you can run a Windows virtual machine and use Windows applications on Linux as if they were native applications, built upon FreeRDP and remote apps technology. If you prefer a setup guide video instead of a wall of text, click here. Please give a star ⭐ or follow this project if you find
June 16, 2024By Prapattimynk
What is keyFinder? keyFinder is chrome extension that searches the DOM for any embedded script link, as script tag may contain keys for specific API(such as Google maps API) and you can add keywords to search for it at any website you visit. Features: it searches the DOM for “src” of scripts and see if
June 14, 2024By Prapattimynk
SQL – Structured Query Language ¶‣ Advanced SQL Injection for AWAE Goal is to master SQL Injection Discovery, Detection and Exploitation Footnotes: Advanced SQL Injection Cheatsheet Rigorous Google Dorking Reddit Dorking Web Security Academy – SQL Injection My Brain + My Experience + My Logic Table of Content - Learning a lil' bit of SQL
March 31, 2024By Prapattimynk
https://github.com/GradientSurfer/Draw2Img A simple web UI for interactive text-guided image to image generation, intended for any age and skill level. Features Requirements Hardware: Operating System: Software: Browser: Internet: Usage Install Clone this repositorygit clone https://github.com/GradientSurfer/Draw2Img.git Install the dependenciespip install . Start Server Start the server, by default it will listen on http://localhost:8080python draw2img/main.py Navigate to the HTTP URL
March 26, 2024By Prapattimynk
https://github.com/mrwadams/attackgen AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation’s details. Features Requirements Installation Option 1: Cloning the Repository Option 2: Using Docker LangSmith Setup If
March 15, 2024By Prapattimynk
https://github.com/projectdiscovery/nuclei-ai-extension Nuclei AI Browser Extension, built on top of cloud.projectdiscovery.io, simplifies the creation of vulnerability templates, by enabling users to extract vulnerability information from any webpages to quickly and efficiently create nuclei templates, saving valuable time and effort. Prerequisite A logged-in account on cloud.projectdiscovery.io is required to use this extension. You can sign up or log in before
March 14, 2024By Prapattimynk
https://arttoolkit.github.io/ A RedTeam Toolkit is an interactive cheat sheet, containing a useful list of offensive security tools and their respective commands/payloads, to be used in red teaming exercises. If you hate constantly looking up the right command to use against a Windows, Linux, or Active Directory environment (like me), this project should help ease the
March 11, 2024By Prapattimynk
https://github.com/HeyPuter/puter Puter is an advanced open-source desktop environment in the browser, designed to be feature-rich, exceptionally fast, and highly extensible. It can be used to build remote desktop environments or serve as an interface for cloud storage services, remote servers, web hosting platforms, and more. Getting Started Local Development git clone https://github.com/HeyPuter/puter cd puter npm
February 19, 2024By Prapattimynk
https://github.com/dupontgu/qr-file-share Share small files from an offline source using only a QR code! Why? Imagine: You want to share a file with a friend nearby. You want to share from a source that does not have internet access – you just want to beam the file directly to your friend. This system lets you embed your file
February 5, 2024By Prapattimynk
https://github.com/AashiqRamachandran/i-am-a-bot This project provides a solution for automatically solving various types of CAPTCHAs using a multi-modal Large Language Model (LLM). It leverages the capabilities of Google’s Vertex AI and a custom set of agents to interpret and solve CAPTCHA challenges. Features Installation Before you can use the CAPTCHA solver, you need to install the required
January 28, 2024By Prapattimynk
https://github.com/spieglt/FlyingCarpet Send and receive files between Android, iOS, Linux, macOS, and Windows over ad hoc WiFi. No shared network or cell connection required, just two devices with WiFi chips in close range. Don’t have a flash drive? Don’t have access to a wireless network? Need to move a file larger than 2GB between different filesystems
January 20, 2024By Prapattimynk
Freeze.rs is a payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze.rs utilizes multiple techniques to not only remove Userland EDR hooks, but to also execute shellcode in such a way that it circumvents other endpoint monitoring controls. https://github.com/Tylous/Freeze.rs Creating A Suspended Process When a process is
January 14, 2024By Prapattimynk
This repository contains an advanced Bash script designed for conducting digital forensics on Linux systems. The script automates the collection of a wide range of system and user data, making it a valuable tool for IT professionals, system administrators, and digital forensic investigators. https://github.com/vm32/Digital-Forensics-Script-for-Linux Features Usage Requirements Security and Privacy Linux Distribution Compatibility The advanced
APKDeepLens artificial-intelligence ARTToolkit Audit BIBT BITB Burpsuite Bypass EDR Captcha Solver Clone Websites Digital Forensics Dnsbruter Draw2Img Email Osint error-based SQL injection Extension File Transfer Flying Carpet hacking gadgets HTML Smuggling IDOR Information Gathering Labs Linux Maltrail networking Network security Osint PDF Tool Pentesting Tool PiAlert Piper puter pyWebCopy QR File Share Scan Android SQL injection SSRF System logs Text To Voice Threat Tool Toolkit TREVORproxy Voice Clone