Category: Ethical Hacking
Ldapper A GoLang tool to enumerate and abuse LDAP. Made simple. Ldapper was created with for use in offensive security engagements for user enumeration, group enumeration, and more. Ldapper uses familiar “net” commands such as...
NimPlant – A light first-stage C2 implant written in Nim and Python Feature Overview Lightweight and configurable implant wrote in the Nim programming language Pretty web GUI that will make you look cool...
Nuke It From Orbit With the precision of a brain surgeon wielding a chainsaw, nifo can obliterate most AV/EDR products from endpoints or servers running the world’s most popular operating system, even if they’re...
chisel Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). It is mainly useful for passing through firewalls, though it...
ShadowDumper Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service) memory, often needed in penetration testing and red teaming activities. It offers flexible options to users and uses...
convoC2 Command and Control infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams. It infiltrates data into hidden span tags in Microsoft Teams messages and exfiltrates command outputs...
Kernel Callback Tables for Process Injection The Kernel Callback Table in the Process Environment Block (PEB) can be hijacked by attackers to redirect a process’s execution flow, enabling them to execute malicious payloads. This...
Inveigh Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. This repo contains the primary C# version as well as the legacy PowerShell version. Overview Inveigh conducts spoofing attacks and hash/credential captures...
Cable Cable is a simple post-exploitation tool used for enumeration and further exploitation of Active Directory environments. This tool was primarily created to learn more about .NET offensive development in an Active Directory context,...
Cloud Offensive Breach and Risk Assessment (COBRA) Tool Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of...
hate_crack A tool for automating cracking methodologies through Hashcat from the TrustedSec team. Installation Get the latest hashcat binaries OSX Install mkdir -p hashcat/deps git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL cd hashcat/ make make install Download...
Halberd: Multi-Cloud Security Testing Tool Halberd is a powerful, multi-cloud security testing tool. Born out of the need for a unified, easy-to-use tool, Halberd enables you to proactively assess your cloud defenses by executing...
What is Impacket? Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC)...
Silver SAML Forger Silver SAML Forger is C# tool that helps you create custom SAML responses. It can be used to implement the Silver SAML attack. Defend against Silver SAML To safeguard effectively against...
S3Scanner A tool to find open S3 buckets in AWS or other cloud providers: AWS DigitalOcean DreamHost GCP Linode Custom The tool takes in a list of bucket names to check. Found S3 buckets...
pwnobd Offensive cybersecurity toolkit for vulnerability analysis and penetration testing of OBD-II devices. Adding new functionality Most functionality is dynamically registered onto pwnobd through the use of decorators. Attacks Located in src/pwnobd/modules/attacks/. See...