Skip to content

@synacktiv Synacktiv

Change the repository type filter

All

    Repositories list

    80 repositories

    • octoscan

      Public
      Octoscan is a static vulnerability scanner for GitHub action workflows.
      githubexploitvulnerabilitycicdgithub-actions
      Go
      GNU General Public License v3.0
      916221Updated Oct 31, 2024Oct 31, 2024

    • bbs

      Public
      bbs is a router for SOCKS and HTTP proxies. It exposes a SOCKS5 (or HTTP CONNECT) service and forwards incoming requests to proxies or chains of proxies based on the request's target. Routing can be configured with a PAC script (if built with PAC support), or through a JSON file.
      Go
      48000Updated Oct 30, 2024Oct 30, 2024

    • SCCMSecrets

      Public
      SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.
      Python
      1615300Updated Oct 28, 2024Oct 28, 2024

    • action-octoscan

      Public
      📦 :octocat: A GitHub Action that performs a security scan of your GitHub Actions.
      githubsecurityscancicdgithub-actions
      Shell
      GNU General Public License v3.0
      0400Updated Oct 28, 2024Oct 28, 2024

    • shh

      Public
      Systemd Hardening Helper
      Rust
      GNU General Public License v3.0
      19710Updated Oct 23, 2024Oct 23, 2024

    • nord-stream

      Public
      Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
      githubgitlabgitlab-cici-cdcicdazuredevops
      Python
      GNU General Public License v3.0
      1325110Updated Oct 20, 2024Oct 20, 2024

    • eos

      Public
      Enemies Of Symfony - Debug mode Symfony looter
      Python
      Other
      4431001Updated Oct 18, 2024Oct 18, 2024

    • gh-hijack-runner

      Public
      A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
      githubrunnercicdexploitationgithubactions
      Python
      41800Updated Oct 13, 2024Oct 13, 2024

    • adb_client

      Public
      Rust ADB client
      Rust
      1810Updated Oct 10, 2024Oct 10, 2024

    • DepFuzzer

      Public
      Python
      MIT License
      43921Updated Oct 8, 2024Oct 8, 2024

    • CVE-2024-45409

      Public
      Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409) exploit
      Python
      116700Updated Oct 7, 2024Oct 7, 2024

    • krbrelayx

      Public
      Kerberos unconstrained delegation abuse toolkit
      Python
      MIT License
      168000Updated Oct 3, 2024Oct 3, 2024

    • garble

      Public
      Obfuscate Go builds
      Go
      BSD 3-Clause "New" or "Revised" License
      254000Updated Sep 25, 2024Sep 25, 2024

    • AADOutsider-py

      Public
      Python3 rewrite of AsOutsider features of AADInternals
      Python
      MIT License
      23600Updated Sep 11, 2024Sep 11, 2024

    • kcmdump

      Public
      Dump Kerberos tickets from the KCM database of SSSD
      Python
      54800Updated Sep 8, 2024Sep 8, 2024

    • veeam-velociraptor

      Public
      Proof-of-concept Velociraptor artifacts pack to showcase a remote Veeam forensics pipeline.
      GNU Affero General Public License v3.0
      0000Updated Aug 27, 2024Aug 27, 2024

    • hexalocker-analysis

      Public
      HexaLocker ransomware analysis
      YARA
      GNU Affero General Public License v3.0
      0100Updated Aug 23, 2024Aug 23, 2024

    • ntdissector

      Public
      Python
      Other
      1512633Updated Aug 16, 2024Aug 16, 2024

    • frinet

      Public
      Frida-based tracer for easier reverse-engineering on Android, iOS, Linux, Windows and most related architectures.
      C
      MIT License
      4345750Updated Aug 7, 2024Aug 7, 2024

    • QLinspector

      Public
      Finding Java gadget chains with CodeQL
      CodeQL
      GNU General Public License v3.0
      1716000Updated Jul 26, 2024Jul 26, 2024

    • CacheData_decrypt

      Public
      A simple Toolkit to BF and decrypt Windows EntraId CacheData
      Python
      01300Updated Jun 20, 2024Jun 20, 2024

    • DLHell

      Public
      Local & remote Windows DLL Proxying
      Python
      2216100Updated Jun 17, 2024Jun 17, 2024

    • mobileiron-exploit

      Public
      Python
      0600Updated Jun 4, 2024Jun 4, 2024

    • php_filter_chains_oracle_exploit

      Public
      A CLI to exploit parameters vulnerable to PHP filter chain error based oracle.
      Python
      Other
      1421900Updated Jun 2, 2024Jun 2, 2024

    • Invoke-RunAsWithCert

      Public
      A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.
      PowerShell
      1311010Updated May 13, 2024May 13, 2024

    • OUned

      Public
      The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning
      Python
      117510Updated Apr 17, 2024Apr 17, 2024

    • EIPP

      Public
      Entra ID Password Protection Banned Password Lists
      C#
      11300Updated Apr 16, 2024Apr 16, 2024

    • ysoserial

      Public
      A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
      Java
      MIT License
      1.8k200Updated Mar 20, 2024Mar 20, 2024

    • Arlo

      Public
      Arlo file format helper
      Python
      11200Updated Mar 7, 2024Mar 7, 2024

    • krustyloader-analysis

      Public
      KrustyLoader Analysis
      YARA
      Apache License 2.0
      2301Updated Feb 24, 2024Feb 24, 2024