Hi, I'm t3l3machus, Penetration Tester & Cybersec Researcher from Athens, Greece 🇬🇷, currently living in Poland 🇵🇱.
Check out my channel on YouTube! -> HaxorTechTones
💥 Offensive Security Tools
| Project | Short Description | Stars | Forks |
| Villain | A C2 backdoor generator and multi-session handler. |  |
 |
| toxssin | An XSS exploitation command-line interface. |  |
 |
| hoaxshell | A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell. |
 |
 |
| psudohash | A password list generator based on keywords mutated by commonly used patterns and more. |  |
 |
| PowerShell-Obfuscation-Bible | A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts. |  |
 |
| ACEshark | ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminating the need for tools like accesschk.exe or other non-native binaries. |  |
 |
| kcbrute | Basic brute-force script targeting the standard Keycloak Admin/User Console browser login flow. |  |
 |
| eviltree | A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches. |  |
 |
| wwwtree | A utility for quickly and easily locating, web hosting and transferring resources during PrivEsc. |  |
 |
| CVE-2023-22960 | PoC for CVE-2023-22960 (Brute-force prevention mechanism bypass for Lexmark devices' web interface). |  |
 |
| Synergy Httpx | A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads). |  |
 |
| Undust.py | undust is a URL pattern generator that helps uncover archived, backup, and temporary files left behind on web servers. Given a URL, it generates the most common archive, temp and backup file name variants. |  |
 |
| BabelStrike | Performs Romanization and name-to-usernames convertion of full name lists. |  |
 |
| pentest-pivoting | A network pivoting guide for pentests / CTFs. |  |
 |
Contributions
| Project | Short Description | Contribution |
| nuclei-templates | Templates are the core of the nuclei scanner which powers the actual scanning engine. | Templates contributed: CVE-2024-2340, sap-public-admin, chirpstack-default-login |
| reverse-shell-generator (revshells.com) | Hosted Reverse Shell generator with a ton of functionality. | Added HoaxShell and front-end style improvements. |
| Cadiclus | Privilege Escalation Tool for Linux Systems that use PowerShell. | Added the Invoke-CredentialHunting module. |
🌀 CVEs
| CVE | Short Description | References |
| CVE-2023-22960 | Lexmark devices have a feature that protects against local account credential brute-force guessing attacks by temporarily locking out an account for an amount of time after a number of unsuccessful login attempts. This vulnerability bypasses the brute-force protection, allowing unrestricted attempts to guess a local account's credentials. Works for PIN-based authentication as well. | CVE-2023-22960 Publication |
âš¡ Other Tools, Guides, etc
| Project | Short Description | Stars | Forks |
| ssh-log-alert | Receive email alerts on successful ssh logins (mailgun). |  |
 |
| gmail-ssh-log-alert | Receive email alerts on successful ssh logins (gmail). |  |
 |
| cybersec-service-metrics | A spreadsheet designed to automatically generate Key Performance Indicators for Cyber Security Services based on documented data. Ideal for Team leaders / Managers of small-medium sized organizations. |
 |
 |
| Awesome-AI | A list of awesome AI resources around the internet. |  |
 |
| OWASP-Testing-Guide-Checklist | OWASP based Web Application Security Testing Checklist. |  |
 |