okaayfine's Projects
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator
Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!
Small utility program to perform multiple operations for a given subnet/CIDR ranges.
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Fetch many paths for many hosts - without killing the hosts
A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
A framework for continuous OSINT based threat hunting
Mind-Maps of Several Things
A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
Nuclei Templates - Here you will find the templates I use while hunting
nodejsscan is a static security code scanner for Node.js applications.
This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly.
An extensible, heuristic-based vulnerability scanning tool for installed npm packages
Beta release
Config files for my GitHub profile.
Modified patch of https://github.com/Naituw/HackingFacebook/ and https://github.com/Naituw/IPAPatch/
oneliner commands for bug bounties
Rockyou for web fuzzing
Open Redirection Analyzer
A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
Useful tips and resources for preparing for the AWAE exam.
Lots of POC Codes & Preparation materials, scripts, discovery processes in there.
Mining parameters from dark corners of Web Archives
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
Android security pentesting cheatsheet
Custom pentesting tools
Advisories, proof of concept files and exploits that have been made public by @pedrib.
PoC List