Repository of notes and scripts I use when doing malware analysis
Some scripts that can be useful when dealing with Qakbot
My personnal GhidraFunctionIdDb.
Hope it can save you some time ! Will be updated once in a while.
Generated with FunctionIdHashFunction.py and consumed by FunctionIdMatcher.py
CVE-2021-26084 - Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user and in some in
Keylogger this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows a
IMPORTANT: Please contact us before you use any styling or content shown here! Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition -
Take Note! With the exception of issues and PRs regarding changes to hosts/data/StevenBlack/hosts, all other issues regarding the content of the produ
Python Port Scanner This script tries to check if it's possible to make a connection with the specific endpoint port. This is very useful to ensure se
First run: Copy headers (with cookies) of POST license request from browser to headers.py like dictionary. pip install -r requirements.txt # if doesn'
check_mkExtension to check for log4j2 CVE-2021-44228 This Plugin wraps around logpresso/CVE-2021-44228-Scanner (Apache License 2.0) How it works Run i
About This is an IDA Pro (Interactive Disassembler) plugin allowing to automatically analyze and annotate Linux kernel alternatives (content of .altin
Apache OFBiz rmi反序列化EXP(CVE-2021-26295) 目前仅支持nc弹shell 将ysoserial.jar放置在同目录下,py3运行,根据提示输入漏洞url,你的vps地址和端口 第二次使用建议删除exp.ot 本工具仅用于安全测试,禁止未授权非法攻击站点,否则后果自负
This a simple tool XSS Detection Suite for CTFs games
CVE-2021-21972 % python3 /tmp/CVE_2021_21972.py -i /tmp/urls.txt -n 8 -e [*] Creating tmp.tar containing ../../../../../home/vsphere-ui/.ssh/authoriz
A denial of service (DoS) vulnerability (CVE-2021-36798) was found in Cobalt Strike. The vulnerability was fixed in the scope of the 4.4 release. More
dodgy Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions desig
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanni
Scrambler App This collection of tools that makes it easy to secure and/or obfuscate messages, files, and data. It leverages encryption tools such as
QFTools Python lib to automate basic QFT calculations like Wick-contractions. Features Wick contractions for real scalar fields Wick contractions for
ORector is a Fast Python tool designed to detect open redirects vulnerabilities
Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of neste
musig2-py Experimental musig2 python code, not for production use! This is just for testing things out. All public keys are encoded as 32 bytes, assum
CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv
295 Jan 06, 2023
1 Nov 04, 2021
48 Aug 28, 2022
22.1k Jan 02, 2023
7 Feb 26, 2022
263 Jan 07, 2023
4 Jun 30, 2022
16 Oct 12, 2022
15 Nov 09, 2022
2 Nov 24, 2021
30 Nov 19, 2022
104 Nov 09, 2022
112 Nov 25, 2022
12 Dec 02, 2022
2 Aug 31, 2022
2 Aug 21, 2022
11 Apr 02, 2022
81 Dec 27, 2022
14 Jul 08, 2022
20 Apr 07, 2022