[ Code & Tools ]
[ Apps & Game Mods |
Offensive & Recon |
Exploits |
x86 Shellcode |
Privacy & Anti-Forensics |
Forensics & Logs |
Defensive Tools ]
[ Apps & Game Mods ]
Four small SourceMod plugins that turn a default Left 4 Dead 2 dedicated server into a 24/7 community server. Drop in one or all four; all share the same MIT license and none require a config file. l4d2-welcome-message staggered chat greetings on player join l4d2-common-kill-counter per-player kill leaderboard + MVP callout l4d2-campaign-shortcuts admin chat shortcuts to jump to any campaign l4d2-finale-next-campaign auto-rotate to next campaign after every finale Each section of the pack page covers behavior, commands, install, and the few config knobs worth knowing for your own deploy. Originally written for the Tropical Roots Maui L4D2 server — that server has since been retired, but the plugins remain portable to any L4D2 SourceMod deployment. Read the pack →
Tropical Roots Maui — Plant Manager — 12.2025
Self-hosted grow-tracker web app for cannabis & plant cultivation. Tracks plants from seed through harvest with environmental logging, feeding schedules, breeding projects, and pest/deficiency diagnostics. Features: - Grow cycle management with photo documentation & journal entries - VPD & KNF calculators for nutrient/environmental tuning - Pest and deficiency identification with AI support - Harvest forecasting, breeding tracking, task scheduling - Detailed reporting + database-backed history Open source under GPL-3.0. Live instance hosted at the link above.
Drive a Storz & Bickel Volcano Hybrid from the browser over Web Bluetooth — no app, no backend, nothing leaves your machine. Temperature, heat, fan, bag fill, editable presets, the Vapesuvius temperature ladder, build-and-run heat / fan / wait workflows, and a terminal console with its own little scripting language. Installable PWA, works offline; Chromium desktop / Android Chrome. Static HTML / CSS / vanilla-JS, open source (GPL-3.0) at magikh0e/volcano-hybrid-control; the BLE protocol was reverse-engineered from the vendor app — see the BLE reversing guide. Open the controller →
[ Offensive & Recon ]
APT — Arduino Pwn Tool — 07.2015
Arduino Pwn Tool is a tool similar to a Teensy Kit, for the purpose of emulating a HID device / Keyboard, with features useful to an offensive penetration tester. Using a 5 pin DIP switch, APT has the ability to launch attacks against different platforms, Selecting and launching attacks on the fly... ReverseShell(); - Linux This function uses netcat or standard utilities for creating a reverse shell connection from a Linux target. addUser(); - Windows This function will add a new user to the local windows administrator group. DownloadExec(); - OSX This function will download shellcode from a defined url and then execute it on the target OSX system. BruteForcePIN(); - Android This function will allow you to connect APT to an Android Phone/Tablet via OTG cable and brute force 4 digit PINs & Passwords.
BruteForceAndroidPIN — (Android target) — 07.2015
Bruteforce 4 digit Android PINs using a Teensy Kit Video: Teeny Kit 2.0 Cracking Galaxy S3 Brute Force Tool
WiFiLocator — 03.2015
The WiFiLocator infusion package adds GPS support to the already existing kismet package. As well as the ability to use an Android device as the GPS. Giving the ability to use the WiFiPineapple and a gps device to track wire- less SSIDS and map them out with Google Earth
MiTMDroid — (Android target) — 11.2014
Simple tool turning a pre-rooted android device with dnsmasq and iptables into a rdnis device, ie badUSB to create a MiTM Proxy. Phone Requirements: USB Debugging enabled, Pre-Rooted, Busybox Installed: armeabi/busybox NOTE: USB debugging must be enabled on Android. Once installed on a phone or other android device, simply plug the phone into the USB port on the target machine. Works against Windows /Linux/Mac. Source archive lost — project listed for historical reference only.
wh0re.txt — ?.2003
wh0re is a tool to create a reverse shell.
h0eCrack 1.0.1 — ?.2003
A simple linux password cracker for testing your own passwords against dictionary attacks. This tool will hash a dictionary file then compare the results to the actual password file. Thus speeding up the process of cracking with a memory vs time trade off... Source archive lost — project listed for historical reference only.
Simple and fast forking port scanner written in perl. Can only scan one host at a time, the forking is done on the specified port range. Default range of 1-65535.
[ Exploits ]
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, .5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.
ssl-injector.c — 2008
ssl-injector.c - Ettercap anyone??
locale.c — 2000-2001
old GLIBC exploit - worked against su to get r00t. Multiple Vendor Locale Subsystem Format String Vulnerability.
A security vulnerability in McAfee VirusScan Enterprise allows local attac- kers to escalate their privileges.
[ x86 Shellcode ]
multi-os-reboot.s.txt — (Linux / BSD) — 2004
The shellcode executes syscall 39 without any args and verifies if an error is returned. NOTE: On Linux this syscall is mkdir so it will expect an argument and returns with an error. On FreeBSD this syscall is getppid which doesn't require an argument and will return with the process ID.
ipchains-flush.c — 2004
Shell code executing for ipchains -F
iptables-flush.c — 2004
Shell code executing for iptables -F
[ Privacy & Anti-Forensics ]
nocontrast.ct — 2005
ctheme config that drops contrast to defeat shoulder-surfing — just because you're paranoid doesn't mean they aren't watching.
Timewarp — ?.2003
Timewarp is a utility that will allow you to edit a file using any editor without changing the access & modified times. Perl & C Version.
[ Forensics, Auditing & Log Analysis ]
This is a utility to parse a BitDefender, ClamAV or F-Prot Anti Virus log file, sorting the results into an archive by detections
mwInventory.pl — 02.2011
Tool for processing log files produced by clamscanLogParse.pl, fprotLog-Parse.pl and bdLogParser.pl storing the results into a SQL database.
hAudit 1.2 — README — 01.23.2007
hAudit is a forensic utility to aid in the time consuming process of collecting information to be analyzed from a compromised, or suspected to-be compromised system for further forensic auditing.
Audit-Solaris.sh — 2006
ksh utility to gather the information & data needed to perform a forensic audit on a Solaris host.
SysChk 3.1 — 01.16.2006
SysChk will monitor a list of files for changes to ensure the integrity of files and directories on the system running SysChk. SysChk watches for changes of the following: - User Ownership - Group Ownership - File Permissions - Modified Time - Md5 Hash Source archive lost — project listed for historical reference only.
[ Defensive Tools ]
GauntletFW 2.1.0 — README — 02.08.2008
Gauntlet Firewall is a tool to implement a secure & statefull firewall using IPTables. Gauntlet is meant to run on the host serving to be the gateway machine for the rest of the network. IPTables Firewall Functionality & Protection Features: * Dynamic or Static addressing * Full NAT Support * Fixups for MTU/MSS Issues * DoS/DDoS protection * SYN Flood Protection * Packet Spoofing Protection * Invalid packet blocking * Fragmented packet blocking * Hide from traceroutes * Portscan Blocking
Alexa 0x1 — 09.10.2006
Alexa will monitor your log files for a user defined amount of failed SSH login attempts, then take action. Features: - User definable login threshold limits - Ability to ignore specific hosts - Plus more... Source archive lost — project listed for historical reference only.
