CredMaster Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays. Benefits...
ShadowSpray A tool to spray Shadow Credentials across an entire domain in hopes of abusing long-forgotten GenericWrite/GenericAll DACLs over other objects in the domain. Why this tool In a lot of engagements, I see (in...
LDAP Nom Nom Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) Looks for enabled normal user accounts. No Windows audit logs were generated. High-speed ~ up to 10K/sec...
Talon Talon is a tool designed to perform automated password guessing attacks while remaining undetected. It can enumerate a list of users to identify which users are valid, using Kerberos. Talon can also perform...
bkcrack Crack legacy zip encryption with Biham and Kocher’s known-plaintext attack. Overview A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a...
BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. It can even find non-standard ports by using the -sV inside Nmap. Supported Services ssh ftp telnet vnc mssql mysql...
What’s PAKURI Sometimes, penetration testers love to perform a complicated job. However, I always prefer the easy way. PAKURI is a semi-automated user-friendly penetration testing tool framework. You can run the popular pentest tools...
What is a CMS? A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Functions...
COOK A customizable wordlist and password generator. USAGE cook -start admin,root -sep _,- -end secret,critical start:sep:end cook admin,root:_,-:secret,critical Predefined Extentions Sets Use archive for .rar, .7z, .zip, .tar, .tgz, … Use web for .html, .php, .aspx, .js,...
Windows Oracle Database Attack Tool (wodat) Simple port of the popular Oracle Database Attack Tool (ODAT) to C# .Net Framework. Perform password-based attacks e.g. username as password, username list against given password, password list against...
