Some scripts and PoCs I'm using in pentesting.

Password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and …

Ghidra is a software reverse engineering (SRE) framework

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Official radare2 GUI

Gdbinit for OS X, iOS and others - x86, x86_64 and ARM

PEDA - Python Exploit Development Assistance for GDB

Exploit Development and Reverse Engineering with GDB Made Easy

Tamper Dev is an extension that allows you to intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy. Works across all operating systems (including Chrome OS).

📝 A text file containing 479k English words for all your dictionary/word-based projects e.g: auto-completion / autosuggestion

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

A Pin Tool for tracing API calls etc

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.

A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

Various wordlists FR & EN - Cracking French passwords

📜 A collection of wordlists for many different usages

Storage Explorer - Publicly open storage viewer (Amazon S3 Bucket, Azure Blob, FTP server, HTTP Index Of/)

Lists a public S3 bucket

Analyze and modify hashcat .restore files

My writeups of various CTFs & security challenges

Among Us stuff

CeWL is a Custom Word List Generator

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat…

Common User Passwords Profiler (CUPP)

tổng hợp tool ctf

Steganalysis web platform

This details how I create and use my password cracking setup