Go365 Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools...
SharpSpray SharpSpray is a Windows domain password spraying tool written in .NET C#. SharpSpray is a C# port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active...
Kraker Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design...
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux,...
Whispers Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it...
Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an attacker to conduct a phishing attack against Microsoft 365 OAuth Authorization Flow. Using this, one...
assless-chaps Crack MSCHAPv2/NTLMv1 challenge/responses quickly using a database of NT hashes Introduction Assless CHAPs is an efficient way to recover the NT hash used in an MSCHAPv2/NTLMv1 exchange if you have the challenge and...
pwnedOrNot pwnedOrNot is a python script which checks if the email account has been compromised in a data breach if the email account is compromised it proceeds to find passwords for the compromised account. It uses haveibeenpwned v2...
smartbrute The smart password spraying and bruteforcing tool for Active Directory Domain Services. Core features This tool can be used to bruteforce/spray Active Directory accounts credentials. The following attacks are supported, each attack has...
COOK A customizable wordlist and password generator. USAGE cook -start admin,root -sep _,- -end secret,critical start:sep:end cook admin,root:_,-:secret,critical Predefined Extentions Sets Use archive for .rar, .7z, .zip, .tar, .tgz, … Use web for .html, .php, .aspx, .js,...
Suggested Reading