Security Training Share
BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4jdatabase fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended relationships within...
ATSCAN SCANNER Advanced Search / Dork / Mass Exploitation Scanner Description Search engine Google / Bing / Ask / Yandex / Sogou ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ●...
The Rogue Toolkit is an extensible toolkit aimed at providing penetration testers with an easy-to-use platform to deploy software-defined Access Points (AP) for the purpose of conducting penetration testing and red team engagements. By...
PhoneInfoga Information gathering & OSINT reconnaissance tool for phone numbers. One of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather basic information such as...
AutoSploit As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their...
Lucky CAT – Crash All the Things! What is Lucky CAT? Lucky CAT (Crash All the Things!) is a distributed fuzzing testing suite with an easy to use web interface. It allows managing several fuzzing jobs...
Invoke-Apex Invoke-Apex is a PowerShell-based toolkit consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks. It can also be useful in identifying lapses...
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s PowerShell attacks and the PowerShell bypass technique presented by David Kennedy (TrustedSec) and...
ThunderShell ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target...
PyExfil Abstract This started as a PoC project but has later turned into something a bit more. Currently, it’s an Alpha-Alpha stage package, not yet tested (and will appreciate any feedbacks and commits) designed...
snyk Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system. Features Find known vulnerabilities...
WinPwn Automation for internal Windows Penetration Testing. 1) Automatic Proxy Detection 2) Elevated or unelevated Detection 3) Forensic Mode oder Pentest Mode a. Forensik -> Loki + PSRECON + Todo: Threathunting functions b. Pentest...
LDAPDomainDump Active Directory information dumper via LDAP In an Active Directory domain, a lot of interesting information can be retrieved via LDAP by any authenticated user (or machine). This makes LDAP an interesting protocol...
BloodHound.py BloodHound.py is a Python-based ingestor for BloodHound, based on Impacket. This version of BloodHound is only compatible with BloodHound 2.0 or newer. Limitations BloodHound.py currently has the following limitations: Does not yet support all BloodHound (SharpHound)...
