Session Hijacking Visual Exploitation

Practical labs, notes, and reports for CEH v13 modules — covering web hacking, network pentesting, malware analysis, social engineering, and security tool usage.

A Deliberately Insecure Web Application

PHP Cookie Stealing Scripts for use in XSS

Local PHP/MySQL e-wallet application combined with a hands-on cybersecurity demo lab. Implements user/admin auth, balances, transfers, CSRF protection, session timeouts, login lockout, and hashing. Includes a toggleable Vulnerable/Secure lab to demonstrate XSS and session hijacking with real code and mitigations.

Cybersecurity Threats & Vulnerabilities Guide is a comprehensive educational resource that provides detailed documentation, detection scripts, and prevention strategies for various cybersecurity threats.

CyberX-AI-Digital-Twin is an AI-powered cybersecurity platform that uses digital twin technology to simulate, detect, and analyze cyber threats in a safe, isolated environment. Ideal for researchers, developers, and educators to test and enhance network security.

Python spyware that captures keystrokes, mouse inputs, screenshots & microphone audio — exfiltrates via email every 10 seconds with self-delete on discovery.

A tiny flask app for helping red-teamers, purple teamers, and pentesters in delivery, data exfiltration, and some attacks (SSRF, XXE, XSS, Session Hijacking, Session Riding).

Powershell scripts for scanning ASP.NET apps

Notes & misc taken from Complete Ethical Hacking Bootcamp 2021: ZTM(ARCHIVED) and EC-Council's CodeRed

Intentionally vulnerable captive portal lab for wireless security training. Demonstrates session hijacking, authentication bypass, and network security vulnerabilities. Docker containerized for safe, isolated learning environments. FOR EDUCATIONAL USE ONLY.

Demonstrating exploitation of missing HTTP cookie flags

The Device Fingerprint Generator is a web-based tool that uniquely identifies devices based on various browser and system attributes. By leveraging JavaScript and web APIs, it creates a consistent fingerprint that can be used for analytics, fraud prevention, and security purposes.

MySQLSessionHandler Class (PHP 7.1)

This repository demonstrates a privilege escalation attack targeting Open5GS's WebUI, exploiting unauthenticated database connections and forged session cookies/JWT tokens. The analysis reveals critical vulnerabilities in authentication mechanisms, offering insights for securing 5G network components.

Demo tool for hijacking TCP sessions

ArchPhish is an advanced, Go-based penetration testing framework that bypasses two-factor authentication (2FA) using transparent reverse‑proxy techniques. It enables authorised red teams to assess an organisation's resilience against sophisticated phishing attacks by capturing credentials and session tokens in real time, even from MFA‑protected

Hands-on TCP/IP attack lab covering SYN Flooding, TCP RST Attack, Session Hijacking, and Reverse Shell - performed in an isolated SEED Labs virtual environment. MS Cybersecurity | NUCES Islamabad.

A red and purple team utility for extracting, encrypting, and simulating browser session hijacking scenarios on Windows endpoints. Designed for training, research, and detection development.