SharpChromium SharpChromium is a .NET 4.0+ CLR project to retrieve data from Google Chrome, Microsoft Edge, and Microsoft Edge Beta. Currently, it can extract: Cookies (in JSON format) History (with associated cookies for each...
DeimosC2 DeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents work on and have been tested...
dazzleUP A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems. dazzleUP detects the following vulnerabilities. Exploit Checks The first feature of dazzleUP is that...
rootend rootend is a python 3.x *nix Enumerator & Auto Privilege Escalation Tool. Written by: nickvourd (twitter) maldevel (twitter) servo Modes Manual Auto Exploitation Categories Suid Binaries: General Suids Suids for reading files Suids for creating...
Pickl3 Pickl3 is Windows active user credential phishing tool. You can execute the Pickl3 and phish the target user credential. Operational Usage – 1 Nowadays, since the operating system of many end-users is Windows...
TrustJack bypassing UAC with DLL Hijacking technique DLL Hijacking is a popular technique for executing malicious payloads. Attackers have been seen to use DLL hijacking in different ways and for different reasons. Motives include execution (executing...
browsertunnel Browsertunnel is a tool for exfiltrating data from the browser using the DNS protocol. It achieves this by abusing dns-prefetch, a feature intended to reduce the perceived latency of websites by doing DNS...
Koppeling This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the “Adaptive DLL Hijacking” blog post. I recommend you start there to contextualize this code. This project...
SharpHound – C# Rewrite of the BloodHound Ingestor Usage Enumeration Options CollectionMethod – The collection method to use. This parameter accepts a comma-separated list of values. Has the following potential values (Default: Default): Default –...
kerberoast Kerberos attack toolkit -pure python- Install pip3 install kerberoast Use For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following <ldap_connection_url> : <protocol>+<auth-type>://<domain>\<user>:<password>@<ip_or_hostname>/?<param1>=<value1> <kerberos_connection_url>: <protocol>+<auth-type>://<domain>\<user>:<password>@<ip_or_hostname>/?<param1>=<value1> Steps -with SSPI-: kerberoast auto...
MacShell MacShell is a macOS post-exploitation tool written in python using encrypted sockets. I wrote this tool as a way for defenders and offensive security researchers to more easily understand the inner workings of...
MacShellSwift MacShellSwift is a proof of concept MacOS post-exploitation tool written in Swift using encrypted sockets. This tool has been tested both pre and post-Catalina. I rewrote a prior tool of mine MacShell (one...
KerberosRun KerberosRun is a little tool I use to study Kerberos internals together with my ADCollector. I’ll try to learn and implement stuff from Rubeus, also something not in Rubeus. KerberosRun uses the Kerberos.NET library built by Steve Syfuhs....
RedGhost Linux post-exploitation framework designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl SudoInject...
Get-RBCD-Threaded A tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments. How it works Get-RBCD-Thread will query all Active Directory users, groups (minus privileged groups like “Domain Admins” and “BUILTIN\Administrators”), and...
