SharpNamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation

This project is a C tool to use Pass-the-Hash for authentication on a local Named Pipe for user Impersonation. You need a local administrator or SEImpersonate rights to use this. There is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code...

Pax - CLI Tool For PKCS7 Padding Oracle Attacks

Exploit padding oracles for fun and profit! Pax PAdding oracle eXploiter is a tool for exploiting padding oracles in order to: 1. Obtain plaintext for a given piece of CBC encrypted data. 2. Obtain encrypted bytes for a given piece of plaintext, using the unknown encryption algorithm used by the...

DeathSleep - A PoC Implementation For An Evasion Technique To Terminate The Current Thread And Restore It Before Resuming Execution, While Implementing Page Protection Changes During No Execution

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. Intro Sleep and obfuscation methods are well known in the maldev community, with different implementations, they...

Pulsar - Data Exfiltration And Covert Communication Tool

Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a bizarre chat or a network tunnel through different protocols, for example you can receive data from tcp connection and resend it to real destination through DNS packets. Setting up...

C2concealer - Command Line Tool That Generates Randomized C2 Malleable Profiles For Use In Cobalt Strike

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike. Installation chmod u+x install.sh ./install.sh Building Docker image docker build -t C2concealer . Running with Docker docker container run -it -v :/usr/share/cobaltstrike/ C2concealer...

DuplicateDump - Dumping LSASS With A Duplicated Handle From Custom LSA Plugin

DuplicateDump is a fork of MirrorDump with following modifications: DInovke implementation LSA plugin DLL written in C++ which could be clean up after dumping LSASS. MirrorDump compile LSA plugin as .NET assembly which would not be unloaded by LSASS process. That's why MirrorDump failed to delete...

BackupOperatorToDA - From An Account Member Of The Group Backup Operators To Domain Admin Without RDP Or WinRM On The Domain Controller

If you compromise an account member of the group Backup Operators you can become the Domain Admin without RDP or WinRM on the Domain Controller. All credit from filipdragovic with his inital POC ! I build this project because I wanted to have a more generic binary with parameters and also being...

Shhhloader - SysWhispers Shellcode Loader

Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub that has been integrated with SysWhispers in order to bypass AV/EDR. The included python builder will work on any Linux system that has Mingw-w64 installed. T...

Hcltm - Documenting Your Threat Models With HCL

Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able ...

ADExplorerSnapshot.py - An AD Explorer Snapshot Parser. It Is Made As An Ingestor For BloodHound, And Also Supports Full-Object Dumping To NDJSON

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON. AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool...

Lnkbomb - Malicious Shortcut Generator For Collecting NTLM Hashes From Insecure File Shares

Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester's machine running Responder or smbserver to gather NTLMv1 or...

Dome - Fast And Reliable Python Script That Makes Active And/Or Passive Scan To Obtain Subdomains And Search For Open Ports

Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase. the more surface area exposed the faster a rock wi...

Autotimeliner - Automagically Extract Forensic Timeline From Volatile Memory Dump

Automagically extract forensic timeline from volatile memory dumps. Requirements Python 3 Volatility mactime from SleuthKit Developed and tested on Debian 9.6 with Volatility 2.6-1 and sleuthkit 4.4.0-5 How it works AutoTimeline automates this workflow: Identify correct volatility profile for the...

Php-Malware-Finder - Detect Potentially Malicious PHP Files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools...

AWS-Loot - Pull Secrets From An AWS Environment

Searches an AWS environment looking for secrets, by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services. Install pip install -r requirements.txt An AWS credential file .aws/credentials is required for authentication t...

Combobulator - Framework To Detect And Prevent Dependency Confusion Leakage And Potential Attacks

Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources e.g., GitHub Packages...

Second-Order - Subdomain Takeover Scanner

Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs and other data that match certain rules, or respond in a certain way. Installation From binary Download a prebuilt binary from the releases page and unzip it. From source Go version 1.17 is...

SQLbit - Just Another Script For Automatize Boolean-Based Blind SQL Injections

A script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwise comparisons with multithreading to find cell values instead of binary search, which is more efficient. It's able to: Search cell values by columns in a table Search...

Web Cache Vulnerability Scanner - A Go-based CLI Tool For Testing For Web Cache Poisoning

Web Cache Vulnerability Scanner WCVS is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficien...

Mesh-Kridik - An Open-Source Security Checker That Performs Various Security Checks On A Kubernetes Cluster With Istio Service Mesh And Is Leveraged By OPA (Open Policy Agent) To Enforce Security Rules

Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security checker that performs various security checks on a Kubernetes cluster with istio service mesh and outputs a security report. The security checks tests are the full implementation of istio security best practic...

CaptfEncoder - An Extensible Cross Platform Network Security Tool Suite

Captfencoder is an extensible cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, special coding, miscellaneous tools, and aggregating all kinds of online tools. CaptfEncoder all functions...

STEWS - A Security Tool For Enumerating WebSockets

STEWS is a tool suite for security testing of WebSockets This research was first presented at OWASP Global AppSec US 2021 Features STEWS provides the ability to: Discover : find WebSockets endpoints on the web by testing a list of domains Fingerprint : determine what WebSockets server is running ...

Crawpy - Yet Another Content Discovery Tool

Yet another content discovery tool written in python. What makes this tool different than others: It is written to work asynchronously which allows reaching to maximum limits. So it is very fast. Calibration mode, applies filters on its own Has bunch of flags that helps you fuzz in detail Recursi...

ADLab - Custom PowerShell Module To Setup An Active Directory Lab Environment To Practice Penetration Testing

The purpose of this module is to automate the deployment of an Active Directory lab for practicing internal penetration testing. Credits to Joe Helle and his PowerShell for Pentesters course regarding the generation of the attack vectors. Instructions Preparation Optional but recommended: Move...

Clash - A Rule-Based Tunnel In Go

Clash A rule-based tunnel in Go. Features Local HTTP/HTTPS/SOCKS server with authentication support VMess, Shadowsocks, Trojan, Snell protocol support for remote connections Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP. Rules based o...

Allstar - GitHub App To Set And Enforce Security Policies

Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuously monitor and detect any GitHub setting or repository file contents that may be risky or do not follow security best practices. If Allstar finds a reposito...

Netenum - A Tool To Passively Discover Active Hosts On A Network

Network reconnaisance tool that sniffs for active hosts Introduction Netenum passively monitors the ARP traffic on the network. It extracts basic data about each active host, such as IP address, MAC address and manufacturer. The main objective of this tool is to find active machines without...

reNgine - An Automated Reconnaissance Framework Meant For Gathering Information During Penetration Testing Of Web Applications

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. The beauty of reNgine is that it gathers everything in...

UsoDllLoader - Windows - Weaponizing Privileged File Writes With The Update Session Orchestrator Service

2020-06-06 Update: this trick no longer works on the latest builds of Windows 10 Insider Preview. This means that, although it still works on the mainstream version ofWindows 10, you should expect it to be patched in the coming months. Description This PoC shows a technique that can be used to...

Httpgrep - Scans HTTP Servers To Find Given Strings In URIs

A python tool which scans for HTTP servers and finds given strings in URIs. Usage $ httpgrep -H --== httpgrep by nullsecurity.net ==-- usage httpgrep -h -s opts | opts -h - single host or host-range/cidr-range or file containing hosts, e.g.: foobar.net, 192.168.0.1-192.168.0.254, 192.168.0.0/24,...

Remote Desktop Caching - Tool To Recover Old RDP (mstsc) Session Information In The Form Of Broken PNG Files

This tool allows one to recover old RDP mstsc session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an...

Scout2 - Security Auditing Tool For AWS Environments

Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a...

Memoro - A Detailed Heap Profiler

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

ProbeManager - Centralize Management Of Intrusion Detection System Like Suricata, Bro, Ossec...

It is common to see that many IDS intrusion and detection system, including the software and its rules are not updated regularly. This can be explained by the fact the software and rule management is often complicated, which can be a particular problem for small and medium sized enterprises that...

BlackArch Linux v2018.06.01 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1981 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added more than 60 new tools added confi...

BurpBounty - A Extension Of Burp Suite That Improve An Active And Passive Scanner

This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue...

Netpwn - Tool Made To Automate Tasks Of Pentesting

A framework made to automate tasks of pentesting. Written in python 2.7 Screenshots Install git clone https://github.com/3XPL017/netpwn.git cd netpwn chmod +x install ./install Twitter https://twitter.com/3XPL017GH057 Download Netpwn...

SpookFlare v2.0 - Loader, Dropper Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has...

Nemesis - A Command-Line Network Packet Crafting And Injection Utility

The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts. Key Features ARP/RARP, DNS, ETHERNET, ICMP, IGMP, IP,...

Sandcat Browser 6.0 - Pentest And Developer-Oriented Web Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...

icebreaker - Gets Plaintext Active Directory Credentials If You'Re On The Internal Network

Break the ice with that cute Active Directory environment over there. Automates network attacks against Active Directory to deliver you piping hot plaintext credentials when you're inside the network but outside of the Active Directory environment. Performs 5 different network attacks for plainte...

Findsploit - Find Exploits In Local And Online Databases Instantly

Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes "copysploit" to copy any exploit-db exploit to the current directory and "compilesploit" to automatically compile and run any C exploit ie. ./copysploit 1337.c &&...

iOSRestrictionBruteForce - Crack iOS Restriction Passcodes with Python

This version of the application is written with Python programming language,which is used to crack the Restriction PassCode of iphone/ipad. Brute Force 1. Get the Base64 key and salt from the backup file in Computer. 2. Decode the Base64 key and salt. 3. Try from 1 to 9999 to with the...

wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)

WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition Java EE specification. It runs on multiple platforms. WildFly is free and open-source...

Bucket Stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs

Find interestingAmazon S3 Buckets by watching certificate transparency logs. This tool simply listens to various certificate transparency logs via certstream and attempts to find public S3 buckets from permutations of the certificates domain name. Some quick tips if you use S3 buckets: 1. Randomi...

XCat - Automate XPath Injection Attacks to Retrieve Documents

XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities. It can be used to retrieve the whole XML document being processed by a vulnerable XPath query, read arbitrary files on the hosts filesystem and utilize out of bound HTTP requests to make the...

theZoo - A repository of LIVE malwares for your own joy and pleasure

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and saf...

PiSavar - Detects PineAP Module and Starts Deauthentication Attack (for fake access points)

The goal of this project is to find out the fake access points opened by the WiFi pineapple device using the PineAP module and to prevent clients from being affected by initiating a deauthentication attack to the attacking device. How PineAP Module Works Collects SSID information Creates SSID poo...

Samplicator - Send copies of (UDP) datagrams to multiple receivers, with optional sampling and spoofing

This small program receives UDP datagrams on a given port, and resends those datagrams to a specified set of receivers. In addition, a sampling divisor N may be specified individually for each receiver, which will then only receive one in N of the received packets. INSTALLATION This distribution...

nRF24 Playset - Software tools for Nordic Semiconductor nRF24-based Devices like Wireless Keyboards, Mice, and Presenters

The nRF24 Playset is a collection of software tools for wireless input devices like keyboards, mice, and presenters based on Nordic Semiconductor nRF24 transceivers, e.g. nRF24LE1 and nRF24LU1+. All software tools support USB dongles with the nrf-research-firmware by the Bastille Threat...