Lists (1)
Stars
A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily
PoC Exploit for the NTLM reflection SMB flaw.
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
A command-line tool to query the DeHashed API. Easily search for various parameters like usernames, emails, hashed passwords, IP addresses, and more.
Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?
E-mails, subdomains and names Harvester - OSINT
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca…
A tool for checking if MFA is enabled on multiple Microsoft Services
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
Fast and powerful SSL/TLS scanning library.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science
A tool for parsing breached passwords
Python script that converts Grafana hash digests to PBKDF2_HMAC_SHA256 format in order to facilitate password cracking using Hashcat.
Automating situational awareness for cloud penetration tests.
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs
Rapidly Search and Hunt through Windows Forensic Artefacts
This is the updated script from https://teamrocketist.github.io/2017/08/29/Forensics-Hackit-2017-USB-ducker/
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
🔍 gowitness - a golang, web screenshot utility using Chrome Headless
An extremely effective subdomain enumeration wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.
Script to generate a .pth file which will execute arbitrary commands