Machine Learning / Network PenTest / WebApp PenTest
by do son · Published March 13, 2019 · Last modified October 10, 2021
GyoiThon GyoiThon is a growing penetration test tool using Machine Learning. It identifies the software installed on the web server (OS, Middleware, Framework, CMS, etc…) based on the learning data. After that, it executes valid exploits for the identified...
poshkatz poshkatz is a PowerShell module for Mimikatz that has a number of cool features! Features Mimiktaz tab expansion “autocomplete” Autocompletes mimikatz commands, parameters and paramter values. Cmdlet wrappers for Mimikatz features Export-MKKerberosTicket Get-MKCredentialVault...
ThunderShell ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target...
htun htun is a transparent tunnel for transporting IP traffic over HTTP or TCP. It was developed with situations in mind where traffic to the internet is restricted. For instance, some networks don’t allow...
sheepl Sheepl: Creating realistic user behaviour for supporting tradecraft development within lab environments Introduction There are lots of resources available online relating to how you can build AD network environments for the development of...
SharpCradle is a tool designed to help penetration testers or red teams download and execute .NET binaries into memory. SharpCradle loads a remote C# PE binary from either a remote file or web server...
revsh revsh is a tool for establishing reverse shells with terminal support, reverse VPNs for advanced pivoting, as well as arbitrary data tunneling. What is a “reverse shell”? A reverse shell is a network connection that grants shell access to a remote host. As...
Network PenTest / Post Exploitation
by do son · Published March 3, 2019 · Last modified October 10, 2021
portia Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised Privilege escalation Lateral movement Convenience modules Portia is a genus...
Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example...
Network Stress Test and Penetration Testing Toolkit Attack Vectors: DNS Spoof Module: DNS Spoof Attack Vector that allow you to force redirect network traffic. The Harvester: The Harvester is a tool for gathering e-mail...
Rubeus Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy‘s Kekeo project (CC BY-NC-SA 4.0 license) and Vincent LE TOUX‘s MakeMeEnterpriseAdmin project (GPL v3.0 license). Full credit goes to Benjamin and Vincent for...
SharpCompile SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in real-time. This is a more slick approach than manually compiling an .NET assembly and loading it...
WaTF-Bank What-a-Terrible-Failure Mobile Banking Application (WaTF-Bank), written in Java, Swift 4, Objective-C, and Python (Flask framework) as a backend server, is designed to simulate a “real-world” web services-enabled mobile banking application that contains over...
Network PenTest / WebApp PenTest
by do son · Published February 28, 2019 · Last modified February 27, 2019
The need for anonymous surfing today is imminent. The privacy is being stolen from us and most of all Internet users are far from cybercriminals. Today we ‘ll show you how to maximum anonymity...
Information Gathering / Web Information Gathering
by do son · Published February 28, 2019 · Last modified October 25, 2022
IPOsint Discovery IP Address space of the target IPOsint allows you to discover the IP Address of the target from a great resource without register or any API key The awesome resource has been...
Secure Your Connection
