Hi, I'm t3l3machus, Penetration Tester & Cybersec Researcher from Athens, Greece 🇬🇷, currently living in Poland 🇵🇱.
If you like the tools I make please show some love by following me, buymeacoffee, throwing a star here and there or just give respect on HackTheBox.
💥 Offensive Security Tools
Project | Short Description | Stars | Forks |
Villain | A C2 backdoor generator and multi-session handler. | ||
toxssin | An XSS exploitation command-line interface. | ||
hoaxshell | A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell. |
||
psudohash | A password list generator based on keywords mutated by commonly used patterns and more. | ||
PowerShell-Obfuscation-Bible | A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts. | ||
eviltree | A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches. | ||
wwwtree | A utility for quickly and easily locating, web hosting and transferring resources during PrivEsc. | ||
CVE-2023-22960 | PoC for CVE-2023-22960 (Brute-force Lexmark printers). | ||
Synergy Httpx | A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads). | ||
BabelStrike | Performs Romanization and name-to-usernames convertion of full name lists. | ||
pentest-pivoting | A network pivoting guide for pentests / CTFs. |
Contributions
Project | Short Description | Contribution |
nuclei-templates | Templates are the core of the nuclei scanner which powers the actual scanning engine. | Templates contributed: CVE-2024-2340, sap-public-admin |
reverse-shell-generator (revshells.com) | Hosted Reverse Shell generator with a ton of functionality. | Added HoaxShell and front-end style improvements. |
🌀 CVEs
CVE | Short Description | References |
CVE-2023-22960 | Lexmark devices have a feature that protects against local account credential brute-force guessing attacks by temporarily locking out an account for an amount of time after a number of unsuccessful login attempts. This vulnerability bypasses the brute-force protection, allowing unrestricted attempts to guess a local account's credentials. Works for PIN-based authentication as well. | CVE-2023-22960 Publication |
⚡ Other Tools, Guides, etc
Project | Short Description | Stars | Forks |
ssh-log-alert | Receive email alerts on successful ssh logins (mailgun). | ||
gmail-ssh-log-alert | Receive email alerts on successful ssh logins (gmail). | ||
cybersec-service-metrics | A spreadsheet designed to automatically generate Key Performance Indicators for Cyber Security Services based on documented data. Ideal for Team leaders / Managers of small-medium sized organizations. |
||
Awesome-AI | A list of awesome AI resources around the internet. | ||
OWASP-Testing-Guide-Checklist | OWASP based Web Application Security Testing Checklist. |