SysReptor – Pentest Reporting Easy As Pie SysReptor is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. You can create designs...
Maintaining Access / Post Exploitation
by do son · Published May 11, 2023 · Last modified April 20, 2024
SCCMHunter SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. The basic function of the tool is to query...
Platbox UEFI and SMM Assessment Tool Features Platbox is a tool that helps assessing the security of the platform: Dumps the platform registers that are interesting security-wise Flash Locks MMIO...
jsFinder jsFinder is a command-line tool written in Go that scans web pages to find JavaScript files linked in the HTML source code. It searches for any attribute that can...
Acheron Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft,...
Hades Hades is a proof-of-concept loader that combines several evasion techniques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs. Install The easiest way is probably...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published May 7, 2023 · Last modified December 4, 2023
cloudtoolkit Cloud Penetration Testing Toolkit Capability overview Providers Payload Supported Alibaba Cloud backdoor-user: Backdoored user can be used to obtain persistence in the Cloud environment. bucket-dump: Quickly enumerate buckets to...
bootlicker bootlicker is a legacy, extensible UEFI firmware rootkit targeting vmware hypervisor virtual machines. It is designed to achieve initial code execution within the context of the windows kernel, regardless...
Burp DOM Scanner It’s a Burp Suite extension to allow for recursive crawling and scanning of Single Page Applications. It runs a Chromium browser to scan the webpage for DOM-based...
Azure-AccessPermissions Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment. Background details can be found in the accompanied blog posts: Untangling Azure Active Directory...
Nidhogg Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that...
graphcat A simple script to generate graphs and charts on hashcat (and john) potfile and ntds. Install git clone https://github.com/Orange-Cyberdefense/graphcat cd graphcat pip install . Use Graphcat just needs a...
GodPotato Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM,...
PentestGPT PentestGPT is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode...
XSS Exploitation Tool It is a penetration testing tool that focuses on the exploitation of Cross-Site Scripting vulnerabilities. This tool is only for educational purpose, do not use it against...
Support Securityonline.info site. Thanks!
