ScreenshotBOF An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. The screenshot was downloaded in memory. Why did I make this?...
ADReaper ADReaper is a tool written in Golang which enumerates an Active Directory environment with LDAP queries within a few seconds. Use To query the properties of the Domain Controller of...
ADFSRelay This repository includes two utilities NTLMParse and ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message....
Octosuite Octosuite is an open-source lightweight yet advanced osint framework that targets GitHub users and organizations. With over 20+ features, Octosuite only runs on 2 external dependencies. And returns the...
What is it Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive...
Codecepticon Codecepticon is a .NET application that allows you to obfuscate C#, VBA/VB6 (macros), and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams. What...
laZzzy laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native (Nt*) functions...
autobloody autobloody is a tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound combining pathgen.py and autobloody.py. This tool automates the AD privesc between two AD objects, the source (the...
Villain Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy...
ExchangeFinder ExchangeFinder is a simple and open-source tool that tries to find Microsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange. ExchangeFinder...
S3cret Scanner: Hunting For Secrets Uploaded To Public S3 Buckets S3cret Scanner tool is designed to provide a complementary layer for the Amazon S3 Security Best Practices by proactively hunting secrets...
MATE MATE is a suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code. MATE unifies application-specific and low-level vulnerability analysis...
Extensible Azure Security Tool Extensible Azure Security Tool (Later referred as E.A.S.T) is a tool for assessing Azure and to some extent Azure AD security controls. The primary use case...
HTTPLoot An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages, and “loot” secrets out of the client-facing code of sites. Usage You will need two json files...
PXEThief PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager against the Operating System Deployment functionality in...
Support Securityonline.info site. Thanks!
