Information Security
What is a CMS? A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Functions...
LeakDB LeakDB is a toolset designed to allow organizations to build and deploy their own internal plaintext “Have I Been Pwned”-like service. The LeakDB toolset can normalize, deduplicate, index, sort, and search leaked data...
StegCracker Steganography brute-force utility to uncover hidden data inside files. Changelog v2.0.9 Made default wordlist handling more user-friendly, sould address issue #14 – If no wordlist is specified Kali Linuxes rockyou.txt will be used...
OWASP Nettacker project is created to automate information gathering, vulnerability scanning, and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP...
kerberoast Kerberos attack toolkit -pure python- Install pip3 install kerberoast Use For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following <ldap_connection_url> : <protocol>+<auth-type>://<domain>\<user>:<password>@<ip_or_hostname>/?<param1>=<value1> <kerberos_connection_url>: <protocol>+<auth-type>://<domain>\<user>:<password>@<ip_or_hostname>/?<param1>=<value1> Steps -with SSPI-: kerberoast auto...
kerbrute A script to perform Kerberos bruteforcing by using the Impacket library. When is executed, as input it receives a user or list of users and a password or list of passwords. Then is...
Enumdb is a brute force and post-exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each targeted host looking for valid credentials. By default,...
BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. It can even find non-standard ports by using the -sV inside Nmap. Supported Services ssh ftp telnet vnc mssql mysql...
OWASP D4N155 OWASP Tool Project D4N155The project uses OSINT for a dynamic and smart attack of brute force, using a complex operation and get the word list using expressions find. KEY FEATURES Make smart...
MSOLSpray A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid if MFA is enabled on the account if a tenant doesn’t exist if a user...
Suggested Reading