DonPAPI DonPAPI automates secrets dump remotely on multiple Windows computers, with defense evasion in mind. Collected credentials: Chromium browser Credentials, Cookies, and Chrome Refresh Token Windows Certificates Credential Manager Firefox browser Credentials and Cookies...
BlueSpy – PoC to record audio from a Bluetooth device This repository contains the implementation of a proof of concept to record and replay audio from a Bluetooth device without the legitimate user’s awareness....
File Tunnel Tunnel TCP connections through a file. Compatibility SMB NFS AFP windows-x64 Y Y Unknown – please let me know linux-x64 Y Y Unknown – please let me know linux-arm64 Unknown – please...
DojoLoader DojoLoader is a generic PE loader initially created to prototype sleep obfuscation techniques with Cobalt Strike UDRL-less raw Beacon payload, in an attempt to reduce debugging time with UDRLs. DojoLoader borrows the MemoryModule...
Evil-WinRM This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of the WS-Management Protocol. A standard SOAP-based protocol that allows hardware and operating systems from different...
SQLiDetector Simple Python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. The...
ROP ROCKET This new, advanced ROP framework made it debut at DEF CON 31 with some unprecedented capabilities. ROCKET generates several types of chains, and it provides new patterns or techniques. Powerful ROP Capabilities...
BadZure BadZure is a PowerShell script that leverages the Microsoft Graph SDK to orchestrate the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create...
IPPrint C2 A Proof-of-Concept for using Microsoft Windows printers for persistence/command and control via Internet Printing. Printing systems are an often overlooked target for attackers looking to establish command and control (C2) channels on...
RWX MEMEORY HUNT AND INJECTION DV Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. This technique is finding RWX region in already running processes...
IconJector This is a Windows Explorer DLL injection technique that uses the change icon dialog on Windows. How does it work? Firstly, a folder is created in the temp directory, and the properties of...
SharpGraphView Sharp post-exploitation toolkit providing modular access to the Microsoft Graph API (graph.microsoft.com) for cloud and red team operations. Methods Auth Methods: Command Description Get-GraphTokens Get graph token via device code phish (saved to graph_tokens.txt)...
Amnesiac Amnesiac is a post-exploitation framework designed to assist with lateral movement within active directory environments. Amnesiac is being developed to bridge a gap on Windows OS, where post-exploitation frameworks are not readily available unless...
okta-terrify Okta Terrify is a tool to demonstrate how passwordless solutions such as Okta Verify’s FastPass or other FIDO2/WebAuthn type solutions can be abused once an authenticator endpoint has been compromised. Whilst Okta Terrify...
Invoke-ADEnum Invoke-ADEnum is an enumeration tool designed to automate the process of gathering information from an Active Directory environment. With Invoke-ADEnum, you can enumerate various aspects of Active Directory, including forests, domains, trusts, domain...
PrivescCheck This script aims to identify Local Privilege Escalation (LPE) vulnerabilities that are usually due to Windows configuration issues, or bad practices. It can also gather useful information for some exploitation and post-exploitation tasks. Check types...
