keimpx: Check for valid credentials across a network over SMB
keimpx keimpx is an open-source tool, released under the Apache License 2.0. It can be used to quickly check for valid credentials across a network over SMB. Credentials can be:...
Category: Post Exploitation
GRAT2: Command and Control (C2) tool written in python3 and .NET 4.0
GRAT2 GRAT2 is a Command and Control (C2) tool written in python3 and the client in .NET 4.0. The main idea came from Georgios Koumettou who initiated the project. Current Features: Evasion...
Reg1c1de: finding potential privesc avenues within the registry
Reg1c1de: Windows Registry Privesc Scanner Reg1c1de is a tool that scans specified registry hives and reports on any keys where the user has to write permissions. In addition, if any...
sitrep: Extensible, configurable host triage
SitRep Extensible, configurable host triage. Purpose SitRep is intended to provide a lightweight, extensible host triage alternative. Checks are loaded dynamically at runtime from stand-alone files. This allows operators to...
SharpSecDump: the remote SAM + LSA Secrets dumping
SharpSecDump .Net port of the remote SAM + LSA Secrets dumping functionality of impacket’s secretsdump.py. By default runs in the context of the current user. Please only use in environments...
rbcd-attack: Kerberos Resource-Based Constrained Delegation Attack
Abusing Kerberos Resource-Based Constrained Delegation This repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active Directory Domain. The difference from other common implementations is...
SharpHose: Asynchronous Password Spraying Tool in C#
SharpHose is a C# password spraying tool designed to be fast, safe, and usable over Cobalt Strike’s execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined...
DVS: DCOM Vulnerability scanner
D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife – Lateral movement using DCOM Objects Did you ever wonder how you can move laterally through internal networks? Interact with remote machines...
SNIcat: performs data exfiltration
SNIcat SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication, a TLS Client Hello Extension. The tool consists of an agent which resides...
BrowseSpy: steal certain browser config files
BrowseSpy Be sure to change the ftp variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files. This code...
C_Shot: offensive security tool written in C
C_Shot C_Shot is an offensive security tool written in C which is designed to download, inject, and execute shellcode in memory. Depending on the arguments used, this can be accomplished...
Mistica: embed data into application layer protocol fields
Mistica Mística is a tool that allows us to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into...
SUID3NUM: find out all SUID binaries in machines/CTFs
SUID3NUM A standalone script supporting both python2 & python3 to find out all SUID binaries in machines/CTFs and do the following List all Default SUID Binaries (which ship with Linux/aren’t...
SharpChromium: retrieve Chromium data, such as cookies, history and saved logins
SharpChromium SharpChromium is a .NET 4.0+ CLR project to retrieve data from Google Chrome, Microsoft Edge, and Microsoft Edge Beta. Currently, it can extract: Cookies (in JSON format) History (with...
DeimosC2: Golang command and control framework for post-exploitation
DeimosC2 DeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents work on...
