Talon Talon is a tool designed to perform automated password guessing attacks while remaining undetected. It can enumerate a list of users to identify which users are valid, using Kerberos....
TREVORspray A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API Microsoft is getting better and better about blocking password spraying attacks against O365. TREVORspray can solve this by proxying...
SharpHose is a C# password spraying tool designed to be fast, safe, and usable over Cobalt Strike’s execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined...
PwnedPasswordsChecker PwnedPasswordsChecker is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present in the list of I Have Been Pwned leaks and...
Pantagrule gargantuan hashcat rulesets generated from over 840 million passwords Pantagrule is a series of rules for the hashcat password cracker generated from large amounts of real-world password compromise data. While Pantagrule...
LeakDB LeakDB is a toolset designed to allow organizations to build and deploy their own internal plaintext “Have I Been Pwned”-like service. The LeakDB toolset can normalize, deduplicate, index, sort,...
Whispers Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or...
kerberoast Kerberos attack toolkit -pure python- Install pip3 install kerberoast Use For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following <ldap_connection_url> : <protocol>+<auth-type>://<domain>\<user>:<password>@<ip_or_hostname>/?<param1>=<value1> <kerberos_connection_url>: <protocol>+<auth-type>://<domain>\<user>:<password>@<ip_or_hostname>/?<param1>=<value1> Steps...
kerbrute A script to perform Kerberos bruteforcing by using the Impacket library. When is executed, as input it receives a user or list of users and a password or list...
Information Gathering / Password Attacks
by do son · Published March 24, 2020 · Last modified March 5, 2021
jackdaw Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other...
MSOLSpray A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid if MFA is enabled on the account if a tenant doesn’t...
OWASP D4N155 OWASP Tool Project D4N155The project uses OSINT for a dynamic and smart attack of brute force, using a complex operation and get the word list using expressions find....
CredCheck - A credential Pentesting framework A framework to test all kinds of Credentials found during Pen-testing exercise. I had a lot of keys while testing multiple targets, testing them is a...
pcfg_cracker This project uses machine learning to identify password creation habits of users. A PCFG model is generated by training on a list of disclosed plaintext/cracked passwords. In the context...
XposedOrNot XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real-time passwords. The usage of such compromised passwords is detrimental to individual account...
Support Securityonline.info site. Thanks!
