Skip to content
View n3rada's full-sized avatar
68 followers · 49 following

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: YOLOAchievement: Starstruck

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: YOLOAchievement: Starstruck

Block or report n3rada

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
n3rada/README.md

👀

📫 Reach Me At: /dev/null - or find your way to.

📦 Toolbox

Your RCE Companion

Try toboggan once and you will never want anything else for RCE during security assessments! It automatically adapts to diverse Linux environments (including AS/400) through intelligent binary detection (BusyBox, custom paths) and provides built-in actions for file transfers and post-exploitation tasks.

M365

  • msauth-browser: A Python 3 tool that uses the Playwright browser automation library to extract Microsoft OAuth tokens. Ideal when you need to authenticate as a user and retrieve their login tokens in order to send emails, for example.
  • msgraphx: Abusing the Microsoft Graph SDK to search and harvest SharePoint files, Outlook mail, Teams messages and lot of M365 things.

Microsoft SQL Server (MS SQL / MSSQL)

These two tools are designed to simplify complex T-SQL interactions for Microsoft SQL Server environments. You can impersonate any user along the way to the last linked server in your chain. Both tools prioritize modularity, extensibility, and operator experience, following robust OOP practices and addressing real-world red team requirements. Each tool serves a distinct purpose.

  • MSSQLand: A lightweight C# executable, designed for beacon assembly execution and restricted environments.
  • mssqlclient-ng: The Python3 twin built upon impacket’s mssqlclient.py, ideal for external access.

SAP

If you have ever worked with SAP during a penetration test, you know how cumbersome using SXPG_CALL_SYSTEM on a SAP server can be, sapsxpg is for you.

🃏 GitHub Badges

One of my commit sha starts with "a". I used only emojis in my commit message. My favorite word is "update". I am a polite coder. I collected 100 stars. I commit in the morning. I commit in the evening. I am a sleepy coder. Happy February 29th! I committed on a Leap Day! One of my commit sha starts with "ab". I pushed a commit with "cafe" once. I committed on Friday the 13th, One… By One… I've starred 4 my own repositories. I did 2 sequential fixes. Happy Programmers Day! I committed on a 256 Day of Year! I joined GitHub 5 years ago. When I delete code, I delete a lot. I made an epic commit with a message over 500 chars. I did 4 sequential fixes. I did 9 sequential fixes. I did 3 sequential fixes. I did 5 sequential fixes. I did 6 sequential fixes. I committed on the Halloween! Boo! I committed on the day Doctor Emmett Brown invented the flux capacitor! I did a little housekeeping! 🧹 I commit in the Winter solstice. May the 4th be with you! Happy March 14th! I committed on a Pi Day! I have participated in pull requests with 5 or more people I committed on St. Patrick's Day! I committed on the day when the crew of the USCSS Nostromo made their fateful landing and discovered the Xenomorph on LV-426! I commit at midnight. I pushed a commit with "dead" once. I made cosmetic commit. I have four public keys

Pinned Loading

  1. toboggan toboggan Public

    🛝 Transforms any RCE into a functional dumb shell. Designed for constrained environments (e.g., firewalls) where traditional reverse shells are impractical.

    Python 14 2

  2. MSSQLand MSSQLand Public

    Interract with Microsoft SQL Server (MS SQL | MSSQL) servers and their linked instances in restricted environments, without the need for complex T-SQL queries.

    C# 65 9

  3. ropcatalog ropcatalog Public

    Finding and classifying ROP gadgets from rp++ output file with some regex and a CLI.

    Python 29 3

  4. sapsxpg sapsxpg Public

    Simplify the SXPG_CALL_SYSTEM function module (FM) usage for enumeration on a targeted SAP system. Create a SAP RCE PoC.

    Python 3

  5. msauth-browser msauth-browser Public

    🎭 Extract Microsoft OAuth tokens using Playwright browser automation.

    Python 1 1

  6. SharpNotesReader SharpNotesReader Public

    A C# light executable that read Windows 11 Notes from TabState directory.

    C# 5