Stars
A script that helps you understand why your E-Mail ended up in Spam
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving to…
Search for potential frontable domains
Convert Cobalt Strike profiles to modrewrite scripts
PoC Exploit for the NTLM reflection SMB flaw.
Search Google and download specific file types
Check for LDAP protections regarding the relay of NTLM authentication
LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113
LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation
Extract and execute a PE embedded within a PNG file using an LNK file.
Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
Check subdomains for subdomain takeovers and other DNS tomfoolery
Generates malicious LNK file payloads for data exfiltration
One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory
Password spraying and bruteforcing tool for Active Directory Domain Services
EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual.
A tool to query for the existence of pre-windows 2000 computer objects.
Lists who can read any gMSA password blobs and parses them if the current user has access.
The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data