acltoolkit ACL Toolkit is an ACL abuse swiss-knife. Install git clone https://github.com/zblurx/acltoolkit.git cd acltoolkit pip install . Use Commands get-objectacl The get-objectacl will take a sAMAccountName, a name, a DN,...
Crassus Windows privilege escalation discovery tool Why “Crassus”? Accenture made a tool called Spartacus, which finds DLL hijacking opportunities on Windows. Using Spartacus as a starting point, we created Crassus to...
APKHunt | OWASP MASVS Static Analyzer APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily...
ScrapPY: PDF Scraping Made Easy ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools...
Maintaining Access / Web Maintaining Access
by do son · Published March 13, 2023 · Last modified June 30, 2023
Kraken – a modular multi-language webshell coded by @secu_x11 Support On the one hand, Kraken is supported by different technologies and versions. The following is a list of where Kraken...
APCLdr: Payload Loader With Evasion Features Features: no crt functions imported indirect syscalls using HellHall api hashing using the CRC32 hashing algorithm payload encryption using rc4 – payload is saved in .rsrc...
Invoke-PSObfuscation Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they...
FindUncommonShares The script FindUncommonShares.py is a Python equivalent of PowerView‘s Invoke-ShareFinder.ps1 allowing you to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileged domain user account. Automatically gets...
NimPlant – A light first-stage C2 implant written in Nim and Python Feature Overview Lightweight and configurable implant wrote in the Nim programming language Pretty web GUI that will make...
Information Gathering / Web Information Gathering
by do son · Published February 28, 2023 · Last modified October 12, 2023
fingerprintx fingerprintx is a utility similar to httpx that also supports fingerprinting services like as RDP, SSH, MySQL, PostgreSQL, Kafka, etc. fingerprintx can be used alongside port scanners like Naabu to fingerprint a...
Shoggoth Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores...
Power Pwn Power Pwn is an offensive and defensive security toolset for Microsoft Power Platform. Disclaimer: These materials are presented from an attacker’s perspective to raise awareness of the risks...
HWSyscalls HWSyscalls is a new method to execute indirect syscalls using 3 main components: Hardware breakpoints and Vectored Exception Handler to control the flow of execution. HalosGate is used to...
RedditC2 Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, might be a great way to make the traffic look legit. Workflow Teamserver...
Outflank – C2 Tool Collection This repository contains a collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques. These...
Support Securityonline.info site. Thanks!
