Lists (15)
Stars
Hunt down social media accounts by username across social networks
zimedev / certipy-merged
Forked from ly4k/CertipyTool for Active Directory Certificate Services enumeration and abuse
Samba Active Directory Domain Controller for Docker
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…
Assess the security of your Active Directory with few or all privileges.
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom Java…
JavaScript functions intended to be used as an XSS payload against a WordPress admin account.
Tools for interacting with authentication packages using their individual message protocols
SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
sploutchy / Certipy
Forked from ly4k/CertipyTool for Active Directory Certificate Services enumeration and abuse
Find, verify, and analyze leaked credentials
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
Machine Learning Network Share Password Hunting Toolkit
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
Enumerate domain machine accounts and perform pre2k password spraying.
A tool to query for the existence of pre-windows 2000 computer objects.