HackTools
@HackGitToolkit
This channel is dedicated to sharing cybersecurity tools. 👉Open Source Software 👉Penetration Testing 👉Red/BlueTeam 👉Online Labs 👉etc
🚨 NextSploit — scanner/exploiter for CVE-2025-29927 (Next.js middleware auth bypass). It detects Next.js apps, checks vulnerable versions & can attempt middleware bypass for testing. If you run Next.js middleware: patch to latest release & add upstream auth layers. 👉…
AdaptixC2 v0.8 is out! github.com/Adaptix-Framew… * AxScript: new events and functions * Added Targets Manager * Updated tunnels Full update details: adaptix-framework.gitbook.io/adaptix-framew…
🚀 dockur/windows — Run full Windows inside a Docker container! ⌛ Auto-downloads & boots Windows (7,10,11, Server…) via KVM+QEMU. 🌐 Access via web UI or RDP instantly. Supports Docker Compose & Kubernetes. Perfect for sandbox testing or isolated envs. 👉…
🛡 OpenCVE — Open-source Vulnerability Intelligence Platform • Aggregates CVEs from MITRE, NVD, RedHat & more • Filter by vendor, product, CVSS, EPSS, CWE; save views & dashboards • Subscribe to alerts via email or webhook • Available as SaaS or self-hosted deployment 🔗…
🚨 CVE-2025-49667 — Win32K ICOMP double-free LPE PoC released! Exploitable on Windows 10 (1909–22H2); Windows 11 already patched Double-free → kernel pointer overwrite → SYSTEM 🔗 github.com/Yuri08loveElai… #CVE202549667 #LPE #Windows10 #Infosec
🚀 HexStrike-AI v6.0 — Autonomous AI C2 for pentesting • 150+ security tools powered by AI agents (Claude, GPT, Copilot) • Smart orchestration: tool selection, CVE analysis, exploit generation • Real-time visual dashboards & workflow automation 🔗 github.com/0x4m4/hexstrik……
🛠 hoontr — A DLL hunting Swiss Army knife for red teamers! • stomphoont: find PE files with large .text sections • exporthoont: locate modules by export name substring • bytehoont: scan .text for specific byte sequences Rust, multi-threaded, stealthy DLL research tool 🔗…
🔥 Remote DLL Injection via Timer-based Shellcode Execution Use Windows thread pool timers to run shellcode stealthily in the target process—no remote threads, just hidden timer callbacks. A novel injection tactic that’s stealthier and EDR-resistant. 🔗 github.com/andreisss/Remo……
🔍 ReconFTW — Automate recon like a pro! • Subdomain enumeration, OSINT & vuln scanning (XSS, SSRF, SQLi, LFI…) • Port scanning, screenshots & directory fuzzing • Supports distributed Ax Framework, Docker, ARM, AI report generation 🔗 github.com/six2dez/reconf… #Recon #BugBounty…
🎯 BeaconatorC2 — Modular C2 framework for red teaming & adversarial emulation! • Schema-driven GUI dynamically adapts to each beacon’s capabilities • Supports HTTP/TCP/UDP/SMB & Meterpreter, with built-in base64/XOR/ROT handling 🔗 github.com/CroodSolutions… #RedTeam #C2
🚀 ChromeAlone — Turn Chrome into a C2 implant! Leverages legacy & modern Chrome features for: • raw TCP proxying • YubiKey phishing • cookie & credential dumping • keystroke logging • shell execution via WebAssembly Bypassed AVs 🔗 github.com/praetorian-inc… #RedTeam…
🚀 TheFatRat — An easy-to-use exploit tool integrating MSFvenom & Metasploit to generate cross-platform backdoors (Windows, Linux, macOS, Android). 📦 Supports .exe, .apk, .docm formats, AutoRun USB/CD, payload pumping, and auto-listener setup—many payloads evade AV. 🔗…
🛡️ EnumEDR‑s — Lightweight C tool to enumerate active EDRs on Windows 🔍 Scans processes & drivers to detect Microsoft Defender (AV/EPP), Elastic EDR, Sysmon, and more ⚙️ Easily extendable via EDRs.c Perfect for red team reconnaissance or blue team detection validation 🔗…
🚀 CobaltStrikeBeaconCppSource is an open-source C++ reimplementation of Cobalt Strike’s Beacon—built from scratch (not decompiled). Perfect for red teamers to study Beacon behavior, build custom loaders, or explore protocol logic. 🔗 github.com/kyxiaxiang/Cob… #CobaltStrike…
github.com
GitHub - kyxiaxiang/CobaltStrikeBeaconCppSource: Out-of-the-box CobaltStrike Beacon source code use...
Out-of-the-box CobaltStrike Beacon source code use C++ - kyxiaxiang/CobaltStrikeBeaconCppSource
🚨 CVE‑2025‑47227 — Critical unauthenticated admin password reset bypass in Netmake ScriptCase (≤ v9.12.006) 🔐 RESET admin creds via crafted GET+POST to login.php 🎯 Chainable with CVE‑2025‑47228 for full RCE 🔧 PoC repo: github.com/B1ack4sh/Black… #CVE202547227 #ScriptCase #RCE…
🚀 Meet TorGuard tgv2ray — a Sing‑Box-powered LuCI app for OpenWRT 🧩 Supports VLESS / VMess / Trojan / Shadowsocks via TorGuard subscription or custom config 🌐 Dual proxy (SOCKS5/HTTP) + VPN mode with TUN interface 📱 Full Web UI + UCI integration 🔗 github.com/torguardvpn/tg……
🚨 CVE‑2025‑30406 — Critical deserialization flaw in Gladinet CentreStack & Triofox 🔐 Hardcoded machineKey allows attackers to forge ViewState and trigger RCE 🌍 Actively exploited in the wild since Mar 2025; CVSS: ~9.8 ⚠️ Patch to CentreStack v16.4.10315.56368 or rotate…
This is why you don't share just everything on the web. The vid you see here must be one of the most effective AI awareness videos.
🚨 CVE‑2025‑8220 — SQL Injection in Engeman Web password recovery page (LanguageCombobox)! 🔐 Unauthenticated attacker can inject SQL remotely 📂 Affects Engeman Web ≤ 12.0.0.1; vendor non-responsive 🧪 PoC repo: github.com/m3m0o/engeman-… #SQLi #CVE20258220 #WebSecurity #PoC
☁️🔥 New from @carlospolop — cloudPeaSS is a powerful post-exploitation tool for cloud red teams. 🚀 Supports: •Azure & AWS privilege escalation enumeration •Role misconfig checks •Detection of over-permissive policies •Identity abuse scenarios 🔗 github.com/carlospolop/cl……
United States Tendances
- 1. $ZOOZ N/A
- 2. #IDontWantToOverreactBUT 1,304 posts
- 3. #MondayMotivation 34.2K posts
- 4. Jamaica 77.6K posts
- 5. SNAP 609K posts
- 6. Victory Monday 2,712 posts
- 7. $QCOM 11.9K posts
- 8. Good Monday 49.4K posts
- 9. jungkook 319K posts
- 10. #ElCaribeBajoAmenaza 2,307 posts
- 11. MRIs 1,325 posts
- 12. #MondayVibes 3,288 posts
- 13. #MondayMood 1,842 posts
- 14. Milei 671K posts
- 15. Walter Reed 4,317 posts
- 16. Melissa 112K posts
- 17. Brock 9,290 posts
- 18. Jack DeJohnette 1,452 posts
- 19. Happy Sports Equinox N/A
- 20. Mike Braun 1,752 posts
Something went wrong.
Something went wrong.