Stars
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
A script for generating custom passphrase lists to be used for password cracking with hashcat rules
CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
Credential and Red Teaming Defense for Windows Environments
Chameleon: A tool for evading Proxy categorisation
Official Black Hat Arsenal Security Tools Repository
Wiki to collect Red Team infrastructure hardening resources
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…
PowerSploit - A PowerShell Post-Exploitation Framework
Six Degrees of Domain Admin
A post-exploitation OS X/Linux agent written in Python 2.7
Empire is a PowerShell and Python post-exploitation agent.
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR…
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca…