easywin.py

Easywin is a Python script that provides a toolkit for exploit-less attacks aimed at Windows and Active Directory environments, by leveraging information gathering and brute force capabilities against the SMB protocol.

poriluk.py

Poriluk is a helper script that provides a comfortable interface to exploit common information leakage vulnerabilities. At the moment, the following attacks are supported: dictionary-based user enumeration via SMPT VRFY/EXPN/RCPT and HTTP Apache mod_userdir.

botshot.py

Botshot is a Python script that captures screenshots of websites from the command line. It is useful to automate mapping of the web attack surface of large networks.

verbal.py

Verbal is an HTTP request method security scanner. It tries a series of interesting HTTP methods against a list of website paths, in order to determine which methods are available and accessible. The following HTTP methods are currently supported: GET, OPTIONS, TRACE, DEBUG, PUT.

netdork.py

Netdork is a Python script that uses the Google Custom Search Engine API to collect interesting information on public networks and stealthily map the available attack surface. The following attacks are supported: network search sweep based on target CIDRs and subdomain discovery via the search engine.

letmein.py

Letmein is a pure Python 3 implementation of the staging protocol used by the Metasploit Framework. Just start an exploit/multi/handler (Generic Payload Handler) instance on your attack box with either a reverse_tcp or bind_tcp Meterpreter payload, then run letmein (ideally converted to EXE format) on a compromised Windows box and wait for your session. This technique is quite effective in order to bypass the antivirus and obtain a Meterpreter shell on Windows.

Download

git clone https://github.com/0xdea/tactical-exploitation.git

Tutorial

Copyright (c) 2017 Marco Ivaldi <raptor@0xdeadbeef.info>

Source: https://github.com/0xdea/