LAPSToolkit Functions are written in PowerShell that leverage PowerView to audit and attack Active Directory environments that have deployed Microsoft’s Local Administrator Password Solution (LAPS). It includes finding groups specifically delegated by sysadmins, finding...
SSH Auditor The best way to scan for weak ssh passwords on your network Features ssh-auditor will automatically: Re-check all known hosts as new credentials are added. It will only check the new credentials....
ADRecon: Active Directory Recon ADRecon is a tool which extracts and combines various artifacts (as highlighted below) out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report...
SSLsplit – transparent SSL/TLS interception Overview SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis, and penetration testing. SSLsplit...
DOGE Darknet Osint Graph Explorer Still in dev, works right. You should use this in addition to Darknet OSINT Transform Download git clone https://github.com/pielco11/DOGE.git Pay attention here Query prototype: SELECT DISTINCT custom_column_name AS input, another_custom_name AS...
scrounger – a person who borrows from or lives of others. There is no better description for this tool for two main reasons, the first is because this tool takes inspiration from many other tools...
SubFinder SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed at a successor to the sublist3r project. SubFinder uses Passive Sources,...
CrabStick Crabstick is an HTTP/HTTPS security vulnerability scanner that finds LFI/RFI (local and remote file inclusion) and tries to escalate this to gain a remote reverse shell. Crabstick’s is designed to handle, look and feel like...
vuLnDAP vuLnDAP is a deliberately vulnerable web application to demonstrate exploiting business logic flaws in a site based on LDAP. For more information see the project homepage. If you get stuck and need help, I’ve...
WMImplant A PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. It will likely require local administrator permissions on...
repo-security-scanner CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys Run it against your entire repo’s history by piping the output from git log -p Installation Download the latest stable...
pspy – unprivileged Linux process snooping pspy is a command-line tool designed to snoop on processes without the need for root permissions. It allows you to see commands run by other users, cron jobs,...
BtleJack: a new Bluetooth Low Energy swiss-army knife Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. devices running a dedicated firmware....
admin_panel_sniffer A powerful admin login page finder in python. Should work with both python 2 and 3. Features: Huge dictionary file, which of course can be changed to anything you want. Progress tracking, if...
Tachyon is a Fast Multi-Threaded Web Discovery Tool. The main goal of it is to help webadmins find leftover files in their site installation, permission problems and web server configuration errors. It is not...