RogueWinRM - Windows Local Privilege Escalation From Service Account To System

RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account with SeImpersonatePrivilege to Local System account if WinRM service is not running default on Win10 but NOT on Windows Server 2019. Briefly, it will listen for incoming connection on port 5985 fakin...

BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects

BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding...

Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM - a fully customizable, Windows-based security distribution for penetration testing and red teaming. For detailed install instructions or more information please see our blog Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 G...

SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules Misconfigurations And Vulnerabilities Within Sudo

If you like the project and for my personal motivation so as to develop other tools please a +1 star SUDOKILLER SUDOKILLER is a tool which help to abuse SUDO in different ways and with the main objective of performing a privilege escalation on linux environment. The tool helps to identify...

Just-Metadata - Tool That Gathers And Analyzes Metadata About IP Addresses

Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the...

CMSeeK v1.1.1 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 150 Other CMSs)

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.1.1 01-02-2019 - Version 1.1.0...

OSINT-SPY - Search using OSINT (Open Source Intelligence)

Performs OSINT scan on email/domain/ipaddress/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target. OSINT-SPY Documentation beta File Name : README Author : @sksecuri...

Fwknop - Single Packet Authorization & Port Knocking

fwknop implements an authorization scheme known as Single Packet Authorization SPA for strong service concealment. SPA requires only a single packet which is encrypted, non-replayable, and authenticated via an HMAC in order to communicate desired access to a service that is hidden behind a firewa...

Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support

Easily turn single threaded command line applications into fast, multi threaded application with CIDR and glob support. Setup Install using: $ python3 setup.py install Dependencies will then be installed and Interlace will be added to your path as interlace. Usage Argument | Description ---|--- -...

JSShell - An Interactive Multi-User Web JS Shell

An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS Cross Site Scripting payload to achieve browser remote code execution similar to the BeeF framework...

StandIn - A Small .NET35/45 AD Post-Exploitation Toolkit

StandIn is a small AD post-compromise toolkit. StandIn came about because recently at xforcered we needed a .NET native solution to perform resource based constrained delegation. However, StandIn quickly ballooned to include a number of comfort features. I want to continue developing StandIn to...

Cotopaxi - Set Of Tools For Security Testing Of Internet Of Things Devices Using Specific Network IoT Protocols

Set of tools for security testing of Internet of Things devices using protocols like: CoAP, DTLS, HTCPCP, mDNS, MQTT, SSDP. Installation: Simply clone code from git: https://github.com/Samsung/cotopaxi Requirements: Currently Cotopaxi works only with Python 2.7.x, but future versions will work al...

Detect It Easy - Program For Determining Types Of Files For Windows, Linux And MacOS

Detect It Easy, or abbreviated "DIE" is a program for determining types of files. "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS. Many programs of the kind PEID, PE tools allow to use third-party signatures. Unfortunately,...

Kubolt - Utility For Scanning Public Kubernetes Clusters

Kubolt is a simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers. Why? Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands inside the containers using getrun function from kubelet: // getRun...

WireBug - A Toolset For Voice-over-IP Penetration Testing

WireBug is a tool set for Voice-over-IP penetration testing. It is designed as a wizard which makes it easy to use. The tools are build for single using too, so every tool is its own python or bash program. Installation Install the dependencies in requirements.txt and the python dependencies in...

Pytmipe - Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows

PYTMIPE PYthon library for Token Manipulation and Impersonation for Privilege Escalation is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python...

SharpSecDump - .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket'S Secretsdump.Py

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py. By default runs in the context of the current user. Please only use in environments you own or have permission to test against : Usage SharpSecDump.exe -target=192.168.1.15 -u=admin -p=Password123...

Avcleaner - C/C++ Source Obfuscator For Antivirus Bypass

C/C++ source obfuscator for antivirus bypass. Build docker build . -t avcleaner docker run -v /dev/scrt/avcleaner:/home/toto -it avcleaner bash adapt /dev/scrt/avcleaner to the path where you cloned avcleaner sudo pacman -Syu mkdir CMakeBuild && cd CMakeBuild cmake .. make -j 2 ./avcleaner.bin...

GDBFrontend - An Easy, Flexible And Extensionable GUI Debugger

GDBFrontend is an easy, flexible and extensionable gui debugger. Installing Deb Package Debian / Ubuntu / KDE Neon You can install GDBFrontend via deb package for Debian-based distributions. You can install it from following commands: echo "deb trusted=yes https://oguzhaneroglu.com/deb/ ./" | sud...

Socialscan - Check Email Address And Username Availability On Online Platforms With 100% Accuracy

socialscan offers accurate and fast checks for email address and username usage on online platforms. Given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Features that differentiate socialscan from similar tools e.g. knowem.com,...

HashCobra - Hash Cracking Tool

hashcobra Hash Cracking tool. Usage $ ./hashcobra -H --== hashcobra by sepehrdad ==-- usage: hashcobra -o options | misc options: -a - hashing algorithm default: md5 - ? to list available algorithms -c - compression algorithm default: zstd - ? to list available algorithms -h - hash to crack -r -...

Cutter - Free And Open-Source GUI For Radare2 Reverse Engineering Framework

Cutter is a free and open-source GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. Downloading a release Cutter ...

Flightsim - A Utility To Generate Malicious Network Traffic And Evaluate Controls

flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic...

Sn0Int - Semi-automatic OSINT Framework And Package Manager

sn0int is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surface by semi-automatically processing public information and mapping the result...

CertCrunchy - Just A Silly Recon Tool That Uses Data From SSL Certificates To Find Potential Host Names

It just a silly python script that either retrieves SSL Certificate based data from online sources, currently https://crt.sh/, https://certdb.com/, https://sslmate.com/certspotter/ and https://censys.io or given a IP range it will attempt to extract host information from SSL Certificates. If you...

SimpleEmailSpoofer - A simple Python CLI to Spoof Emails (SPF/DMARC checking)

A few Python programs designed to help penetration testers with email spoofing. SimpleEmailSpoofer.py A program that spoofs emails. Currently in development spoofcheck.py A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that...

Nim-Shell - Reverse Shell That Can Bypass Windows Defender Detection

Reverse shell that can bypass windows defender detection $ apt install nim Compilation nim c -d:mingw --app:gui nimshell.nim Change the IP address and port number you want to listen to in the nimshell.nim file according to your device. and listen $ nc -nvlp 4444 Download Nim-Shell...

Cve-Collector - Simple Latest CVE Collector

Simple Latest CVE Collector Written in Python There are various methods for collecting the latest CVE Common Vulnerabilities and Exposures information. This code was created to provide guidance on how to collect, what information to include, and how to code when creating a CVE collector. The code...

WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts

About WindowsFirewallRuleset Windows firewall rulles organized into individual powershell scripts according to: 1. Rule group 2. Traffic direction 3. IP version IPv4 / IPv6 4. Further sorted according to programs and services such as for example: 2. ICMP traffic 3. Browser rules 4. rules for...

ArmourBird CSF - Container Security Framework

ArmourBird CSF - Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two...

Quarantyne - Modern Web Firewall: Stop Account Takeovers, Weak Passwords, Cloud IPs, DoS Attacks, Disposable Emails

Automated web security made simple Quarantyne is a reverse-proxy that protects web applications and APIs from fraudulent behavior, misuse, bots and cyber-attacks in real-time. Requirements Java 8 Presentation Quarantyne is a reverse-proxy written in java. It fronts a web application or API and...

DOGE - Darknet Osint Graph Explorer

DOGE Darknet Osint Graph Explorer Still in dev, works right. You should use this in addtion to Darknet OSINT Transform Pay attention here Query prototype: SELECT DISTINCT customcolumnname AS input, anothercustomname AS output FROM sometable, obviously you can add other options as WHERE, ORDER BY,...

identYwaf - Blind WAF Identification Tool

identYwaf is an identification tool that can recognize web protection type i.e. WAF based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive non-destructive payloads, where those are used only to trigger the web protection system in...

Sh00T - A Testing Environment for Manual Security Testers

A Testing Environment for Manual Security Testers. Sh00t is a task manager to let you focus on performing security testing provides To Do checklists of test cases helps to create bug reports with customizable bug templates Features: Dynamic Task Manager to replace simple editors or task managemen...

RetDec - A Retargetable Machine-Code Decompiler

RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code. Supported architectures 32b...

Ppmap - A Scanner/Exploitation Tool Written In GO, Which Leverages Prototype Pollution To XSS By Exploiting Known Gadgets

A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets checks for specific variables in the global context to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced...

Shellex - C-shellcode To Hex Converter, Handy Tool For Paste And Execute Shellcodes In Gdb, Windbg, Radare2, Ollydbg, X64Dbg, Immunity Debugger And 010 Editor

C-shellcode to hex converter. Handy tool for paste & execute shellcodes in gdb, windbg, radare2, ollydbg, x64dbg, immunity debugger & 010 editor. Are you having problems converting C-shellcodes to HEX maybe c-comments+ASCII mixed? Here is shellex. If the shellcode can be compiled in a C compiler...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

BurpSuite Random User-Agents - Burp Suite Extension For Generate A Random User-Agents

A Burp Suite extension to help pentesters to generate a random user-agent. This extension has been developed by M'hamed @m4ll0k Outaadi. Installation Download a jar file in release or compile the java code: $ git clone https://github.com/m4ll0k/BurpSuite-RandomUserAgent.git random-useragents $ cd...

Rebel-Framework - Advanced And Easy To Use Penetration Testing Framework

Automate the automation START git clone https://github.com/rebellionil/rebel-framework.git cd rebel-framework bash setup.sh bash rebel.sh MODULES SCREENSHOTS DEMOS !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsE...

TROMMEL - Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators

TROMMEL sifts through embedded device files to identify potential vulnerable indicators. TROMMEL identifies the following indicators related to: Secure Shell SSH key files Secure Socket Layer SSL key files Internet Protocol IP addresses Uniform Resource Locator URL email addresses shell scripts w...

Datasploit - An OSINT Framework To Perform Various Recon Techniques On Companies, People, Phone Number, Bitcoin Addresses, Etc., Aggregate All The Raw Data, And Give Data In Multiple Formats

Overview of the tool: Performs OSINT on a domain/email/username/phone and find out information from different sources. Correlate and collaborate the results, show them in a consolidated manner. Tries to find out credentials, api-keys, tokens, subdomains, domain history, legacy portals, etc. relat...

WSSAT v2.0 - Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

Nim-Loader - WIP Shellcode Loader In Nim With EDR Evasion Techniques

a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is forresearch purposes only! Please don't expect it to compile and run without your own modifications...

ARTIF - An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting,...

PowerSploit - A PowerShell Post-Exploitation Framework

PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts: CodeExecution Execute code on a target machine. Invoke-DllInjection Injects a Dll into the...

Dolos Cloak - Automated 802.1X Bypass

Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack. The tool is able to piggyback on the wired connection of a victim device that is already allowed on the target network without kicking...

Fsociety Hacking Tools Pack - A Penetration Testing Framework

A Penetration Testing Framework , you will have evry script that a hacker needs Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE InformationGathering : Nmap Setoolkit Port Scannin...

Exploit Linux 3.4+ Local Root (CONFIG_X86_X32=y)

OSVDB-ID: 2014-0038 Author: rebel Published: 2014-02-02 / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13 minutes to run because timeout-tvsec...

Stowaway - Multi-hop Proxy Tool For Pentesters

Stowaway is Multi-hop proxy tool for security researchers and pentesters Users can easily proxy their network traffic to intranet nodes multi-layer PS: The files under demo folder are Stowaway's beta version,it's still functional, you can check the detail by README.md file under the demo folder...