Pinned

1. tsukumogami tsukumogami Public

   Suite of web browser fuzzing tools aimed at optimising code coverage. Test case generation from a built-in Context-Free Grammar, mutation fuzzing from a corpus of scraped web pages, DOM fuzzing and…

   Python 8

2. Coyote Coyote Public

   Coyote is a standalone C# post-exploitation implant for maintaining access to compromised Windows infrastructure during red team engagements using DNS tunneling.

   C# 20 1

3. fontharness fontharness Public

   Cross-platform test harness that assists the user in searching for vulnerabilities in web browsers, specifically by fuzzing their font parsing functionality.

   Python 3

4. Expeditus Expeditus Public

   Expeditus is a loader that executes shellcode on a target Windows system. It combines several offensive techniques in order to attempt to do this with some level of stealth.

   C# 11 2

5. Living off the Land method for loggi... Living off the Land method for logging keystrokes and taking screenshots using Problem Steps Recorder built-in Windows utility psr.exe

   1

   2

   Windows workstations have a built-in utility called Problem Steps Recorder that can be used covertly by penetration testers to record keystrokes and screenshots of user activity. There is no risk of AV flagging this since it is a signed Microsoft binary.

   3

   4

   To start logging the user's activity:

   5

   psr.exe /start /gui 0 /output C:\Users\user\AppData\Local\log.zip

6. phpscan phpscan Public

   Quick script to scan through a PHP project and flag up functions that are of interest when looking for security vulnerabilities. Aids manual code review.

   Python 3