Security Training Share
Spray A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf) Download git clone https://github.com/SpiderLabs/Spray.git Use This script will password spray a target over a period of time It requires password policy as input...
What is a CMS? A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Functions...
PassphraseGen PassphraseGen is a script for generating custom passphrase lists to be used for password cracking with hashcat rules like the ones found here: https://github.com/initstring/passphrase-wordlist. Included in this repo are a few wordlists located in...
BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. It can even find non-standard ports by using the -sV inside Nmap. Supported Services ssh ftp telnet vnc mssql mysql...
badtouch badtouch is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, you may still end up writing your own python scripts when testing credentials for web applications. The...
THC-Hydra is a very fast (multi-threaded) network logon cracker which supports many different services: AFP, Cisco, cisco-enable, CVS, Firebird, ftp, http-get, http-head, http-proxy, https-get, https-head, https-form-get, https-form-post, ICQ, IMAP, IMAP-NTLM, ldap2, ldap3, MySQL, mysql,...
EWS Cracker EWS stands for Exchange Web Services. This is a SOAP-based protocol used for free/busy scheduling and leveraged by third-party clients. It allows a user to read email, send email, test credentials. Unfortunately,...
passphrase-wordlist Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords People think they are getting smarter by using passphrases. Let’s prove them wrong! This project includes a massive wordlist of phrases...
brut3k1t is a security-oriented research framework for conducting brute force attacks against a multitude of protocols and services. The current protocols that are complete and in support are: The idea behind how brut3k1t works...
dedsploit Framework for attacking network protocols and network exploitation. This framework aims to exploit and attack some common every-day vulnerabilities, whether it is a misconfiguration of an SSH server, or even the utilization of apache2 as...
pythem – Penetration Testing Framework pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. Usage Examples ARP spoofing – Man-in-the-middle. ARP+DNS...
passphrase-wordlist People think they are getting smarter by using passphrases. Let’s prove them wrong! This project includes a massive wordlist of phrases (17,737,982) and two hashcat rule files for GPU-based cracking. The ‘passphrases.txt’ file...
Fuxi-Scanner Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions. Vulnerability detection & management Authentication Tester IT asset discovery & management Port scanner Subdomain scanner Acunetix Scanner (Integrate...
Dagon – Advanced Hash Manipulation Dagon (day-gone) is an advanced hash cracking and manipulation system, capable of brute-forcing multiple hash types, creating brute-force dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and...
