Category: Network PenTest
ExtractBitlockerKeys A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain. Features Automatically gets the list of all computers from the domain controller’s LDAP....
PipeViewer A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. PipeViewer is a GUI tool that allows users to view details about Windows-named pipes and their...
KnowsMore KnowsMore is a Swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS, and DCSync). Main features Import NTLM Hashes from .ntds output txt file (generated...
MSSqlPwner MSSqlPwner is an advanced and versatile pentesting tool designed to seamlessly interact and pwn MSSQL servers. That tool is based on impacket, which allows attackers to authenticate to databases...
Process Stomping A variation of ProcessOverwriting to execute shellcode on an executable’s section What is it Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing...
PySQLRecon PySQLRecon is a Python port of the awesome SQLRecon project by @sanjivkawa. See the commands section for a list of capabilities. Commands All of the main modules from SQLRecon have equivalent commands. Commands noted...
EDRSandblast-GodFault Integrates GodFault into EDR Sandblast, achieving the same result without the use of any vulnerable drivers. EDRSandBlast is a tool written in C that weaponizes a vulnerable signed driver to bypass EDR detections...
PPLBlade Protected Process Dumper Tool that supports obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities: Bypassing PPL protection Obfuscating memory dump...
nysm: A stealth post-exploitation container With the rise in popularity of offensive tools based on eBPF, going from credential stealers to rootkits hiding their own PID, a question came to...
Introducing the ROP ROCKET This new, advanced ROP framework made its debut at DEF CON 31 with some unprecedented capabilities. ROCKET generates several types of chains, and it provides new...
Mavoc C2 Framework Mavoc is a tool used to pentest Windows and Linux machines. This tool mainly Focuses on Pentesting Windows. Made with using C++, and Powershell, and the server...
airgorah Airgorah is a WiFi auditing software that can discover the clients connected to an access point, perform deauthentication attacks against specific clients or all the clients connected to it, capture...
DllNotificationInjection DllNotificationInection is a POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes. An accompanying blog...
gssapi-abuse gssapi-abuse was released as part of my DEF CON 31 talk. A full write-up on the abuse vector can be found here: A Broken Marriage: Abusing Mixed Vendor Kerberos...
ADCSync ADCSync uses the ESC1 exploit to dump NTLM hashes from user accounts in an Active Directory environment. The tool will first grab every user and domain in the Bloodhound...