Search Results for "payload"
Sort By:
Showing 26 open source projects for "payload"
View related business solutions-
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
Build Agents and Models on One PlatformGemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
-
1
Flipper Zero BadUSB
Repository for my flipper zero badUSB payloads
The repository is a public GitHub collection of BadUSB payloads prepared to run from a Flipper Zero device; it’s presented as a plug-and-play library that bundles payload scripts, a README, and supporting files so users can pick and use payloads without heavy setup. The project is heavily PowerShell-oriented and organized into a payloads folder with documentation (README, FAQs) and helper scripts, and the author says they formatted the collection to be easy for others to use. The maintainer also set up short-URL infrastructure to simplify embedding webhooks or tokens into compact one-liners for payload configuration, and the repo includes social/contact links and acknowledgments to related projects. ... -
2
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc. -
3
ezXSS
ezXSS is an easy way for penetration testers and bug bounty hunters
ezXSS is an open-source XSS (Cross-Site Scripting) testing platform designed to help security researchers identify and collect XSS vulnerabilities. It acts as a payload receiver and logger, storing details about triggered XSS attacks such as the user agent, cookies, DOM, and referrer. This tool is highly useful in bug bounty hunting and penetration testing for monitoring and documenting XSS vectors in real-time. -
4
BadUSB
Flipper Zero badusb payload library
This project explores USB device emulation attacks—commonly called BadUSB—by demonstrating how commodity USB hardware can impersonate keyboards, network adapters, or storage devices to perform scripted actions on a host. It typically contains firmware examples, payloads, and explanations showing how a device presenting as a Human Interface Device (HID) can inject keystrokes, open shells, or orchestrate data exfiltration when plugged into a machine. The codebase is frequently intended for... -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
Guardian
Elixir Authentication
...The core currency of authentication in Guardian is the token. By default JSON Web Tokens are supported out of the box but you can use any token that Has the concept of a key-value payload, is tamper-proof, can serialize to a String, or that has a supporting module that implements the Guardian.Token behavior. You can use Guardian tokens to authenticate web endpoints (Plug/Phoenix/X), channels/Sockets (Phoenix - optional), and any other system you can imagine. If you can attach an authentication token you can authenticate it. -
6
AmazonMSK AWS Identity Access Management
Use AWS Identity and (IAM) to connect to Amazon Managed Streaming
The Amazon MSK Library for AWS Identity and Access Management enables developers to use AWS Identity and Access Management (IAM) to connect to their Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters. It allows JVM-based Apache Kafka clients to use AWS IAM for authentication and authorization against Amazon MSK clusters that have AWS IAM enabled as an authentication mechanism. This library provides a new Simple Authentication and Security Layer (SASL) mechanism called... -
7
Apiato
PHP Framework for building scalable API's on top of Laravel
The open-source flawless framework for building scalable and testable API-Centric Apps with PHP and Laravel. Authentication with OAuth2.0 for first/third-party clients (using Laravel Passport). Role-Based Access Control (RBAC), seeded with a Super Admin, Roles, and Permissions. Query Parameters support (orderBy, sorted, and filter) with full-text search. Useful Endpoints for managing users, roles/permissions, tokens, and more. API Documentations generator, to generate API docs from PHP... -
8
mendelson AS4
AS4 Solution for ENTSOG, e-SENS, ebMS, PEPPOL, ICS2, BDEW
...Contains a monitoring- and configuration GUI (SWING), supports PUSH and PULL messages, ENTSOG AS4, e-SENS AS4, ebMS AS4, BDEW AS4, PEPPOL AS4, ICS2 AS4, signatures (SOAP, payload), selectable profile per trading partner, encryption (SOAP, payload), UserNameToken, TLS, pluggable into any servlet container, trading partner management, compression, certificate management -
9
Stegcore
A cross-platform crypto-steganography toolkit
Stegcore combines cryptography and steganography to hide encrypted data inside ordinary files. It encrypts your payload before embedding it, so the hidden content is unreadable even if someone extracts it, and invisible to anyone who doesn't know it's there. Unlike basic steganography tools that hide data without encrypting it, Stegcore ensures the payload is cryptographically protected at rest. Unlike pure encryption tools, the payload isn't even visible. ... -
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
10
PQS
Petoron Quantum Standard (PQS)
...BLAKE2s-MAC authentication - 16-byte tag, any modification = instant rejection. Streaming keystream generator - secure, large-scale XOR without key reuse. Fake padding (HEAD/TAIL) - obfuscates binary boundaries and payload structure. Precise size encoding - restores original payload exactly. Supports files up to 128 MB per encrypted block. No dependencies, fully offline, cross-platform Python implementation. PQS is designed for high-assurance security, full auditability, and deterministic offline use - without unnecessary complexity. https://github.com/01alekseev/PQS -
11
PoshC2
C2 framework used to aid red teamers with post-exploitation
...Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python2/Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX. Shellcode containing in-build AMSI bypass and ETW patching for a high success rate and stealth. Auto-generated Apache Rewrite rules for use in a C2 proxy, protecting your C2 infrastructure and maintaining good operational security. ... -
12
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
13
Naeon
The safest way to store private data in untrusted (cloud) environments
Naeon secures data in untrusted off-site storage through a layered approach: files are compressed, then AES-256 encrypted with a randomly generated 128-character passphrase yielding approximately 762 bits of entropy — far beyond the reach of both classical and quantum brute-force attacks. The ciphertext is obfuscated by prepending and appending random byte blocks, making the result unidentifiable as an encrypted file. The payload is then sharded into one private chunk — holding the encryption key and part of the data — and multiple equal-sized public chunks, each renamed to its SHA-512 hash and given a uniform timestamp to prevent metadata inference. A private filename conversion table preserves the concatenation order needed for restoration. Together these measures guarantee confidentiality, integrity, and availability regardless of storage provider trustworthiness. ... -
14
PhoenixC2
Command & Control-Framework created for collaboration in python3
PhoenixC2 is a command & control framework. The purpose of this software is, to aid red teamers and penetration testers in their operations, by providing a way to manage hacked devices. -
15
Slipstream
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP
...It works by abusing the NAT’s Application Level Gateway (ALG) logic and connection tracking, combined with browser capabilities like WebRTC, precise packet fragmentation or boundary control, and packet injection techniques. The attack is able to bypass browser port restrictions by fragmenting or massaging packets so that the “exploit payload” lands in a packet boundary that gets parsed by the NAT/ALG as a legitimate protocol packet (e.g. SIP or H.323). Once successful, the NAT/firewall is deceived into opening a “hole” (port forwarding) back to the internal host, enabling the attacker to connect directly to internal services. -
16
Pixload
Image Payload Creating/Injecting tools
Pixload is a collection of tools for creating and injecting payloads into image files using steganographic techniques to embed hidden content in common image formats. It supports BMP, GIF, JPG, PNG, and WebP formats and offers command-line utility for generating or modifying images with embedded payloads. If the target image exists, it can inject into it; otherwise, it generates a new one. Offers separate utilities per format (e.g., bmp.pl, gif.pl, jpg.pl, png.pl) for injection or creation.... -
17
PyExfil
A Python Package for Data Exfiltration
PyExfil was born as a PoC and kind of a playground and grew to be something a bit more. In my eyes it’s still a messy PoC that needs a lot more work and testing to become stable. The purpose of PyExfil is to set as many exfiltrations, and now also communication, techniques that CAN be used by various threat actors/malware around to bypass various detection and mitigation tools and techniques. You can track changes at the official GitHub page. Putting it simply, it’s meant to be used as a... -
18
VENOM C2 shellcode
C2 shellcode generator/compiler/handler
...It also starts a handler to receive the remote connection (shell or meterpreter) venom 1.0.11 (malicious_server) was build to take advantage of apache2 webserver to deliver payloads (LAN) using a fake webpage writen in html to be hable to trigger payload downloads, the user just needs to send the link provided to target host. -
19
SHAD0W
A post exploitation framework designed to operate covertly
It uses a range of methods to evade EDR and AV while allowing the operator to continue using tooling and tradecraft they are familiar with. Its powered by Python 3.8 and C, and uses Donut for payload generation. By using Donut along with the process injection capabilities of SHAD0W, it provides the operator the ability to execute .NET assemblies, DLLs, EXEs, JS, VBS or XSLs fully inside the memory. Dynamically resolved syscalls are heavily used to avoid userland API hooking, anti-DLL injection to make it harder for EDR to load code into the beacons, and official Microsoft mitigation methods to protect spawn processes. ... -
20
Hackingtool
ALL IN ONE Hacking Tool For Hackers
HackingTool by Z4nzu is a large collection (“all-in-one”) of tools and scripts for penetration testing / hacking / OSINT etc. It bundles many utilities (port scanners, payload injectors, web attack tools, phishing tools, wireless attack tools, reverse engineering, etc.) into a menu interface. Includes many individual tools, often wrappers or aggregations of existing well-known tools (e.g. port scanners, web attack tools, steganography, hash cracking etc.). A menu interface offering categories: reconnaissance, payload creation, wireless attacks, reverse engineering, exploit frameworks, etc. ... -
21
WebSploit Framework
WebSploit is a high level MITM Framework
WebSploit Advanced MITM Framework [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin [+]format infector - inject reverse & bind payload into file format [+]phpmyadmin Scanner [+]CloudFlare resolver [+]LFI Bypasser [+]Apache Users Scanner [+]Dir Bruter [+]admin finder [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java Applet Attack [+]MFOD Attack Vector [+]ARP Dos Attack [+]Web Killer Attack [+]Fake Update Attack [+]Fake Access point Attack [+]Wifi Honeypot [+]Wifi Jammer [+]Wifi Dos [+]Wifi Mass De-Authentication Attack [+]Bluetooth POD Attack Project In Github : https://github.com/websploit -
22
Penetration-Testing-Toolkit v1.0
A web interface for various penetration testing tools
Penetration-Testing-Toolkit is a web based project to automate Scanning a network,Exploring CMS, Generating Undectable metasploit payload, DNS-Queries, IP related informations, Information Gathering, Domain related info etc -
23
smbexec
A rapid psexec style attack with samba tools
...Special thanks to Carnal0wnage who's blog inspired us to go this route http://carnal0wnage.attackresearch.com/2012/01/psexec-fail-upload-and-exec-instead.html -Includes payload & metasploit rc creator based on vanish.sh -hash-passing patched smbclient to upload payload -hash-passing patched winexe to run payload Video of the original POC can be found at http://www.youtube.com/watch?v=o3d0wfGUCWM&feature=plcp Tested on: - BackTrack 5R2 - 32 & 64 Bit - Ubuntu 10.04.4 LTS - 32 & 64 Bit - Ubuntu 12.04 LTS - 32 & 64 Bit - Debian 6 - 32 & 64 Bit - Fedora 16 - 32 & 64 Bit - Fedora 17 - 32 & 64 Bit Coming Soon: Pentoo Pwnie Express - Pwn Plug 1.1 Happy hunting! -
24
...It lets users view the images and play the sounds that Steghide allows as cover files, and command the program all with one tool. It also embeds a simple text editor to manage text payload files.
-
25
winKnocks is an encrypted(DES) port knocking tool. Knock sequences are defined through XML files; users specify: number of packets of each knock sequence, payload and header of each packet. Logging capability. Generation of smoke packets.No replay-attack
