linWinPwn linWinPwn is a bash script that wraps many Active Directory tools for enumeration (LDAP, RPC, ADCS, MSSQL, Kerberos), vulnerability checks (noPac, ZeroLogon, MS17-010, MS14-068), object modifications (password change, add user to the group,...
wstunnel Most of the time when you are using a public network, you are behind some kind of firewall or proxy. One of their purposes is to constrain you to only use certain kinds...
sish An open-source serveo/ngrok alternative. How it works SSH can normally forward local and remote ports. This service implements an SSH server that only handles forwarding and nothing else. The service supports multiplexing connections...
NetExec – The Network Execution Tool This project was initially created in 2015 by @byt3bl33d3r, known as CrackMapExec. In 2019 @mpgn_x64 started maintaining the project for the next 4 years, adding a lot of...
BREADS – BREaking Active Directory Security BREADS is a tool focused on enumerating and attacking Active Directory environments through LDAP and SMB protocols. This project is inspired by other existing tools like NetExec (CrackMapExec) and...
SCCMHunter SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. The basic function of the tool is to query LDAP with the find...
legba Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime to achieve better performances and stability while consuming fewer resources than similar tools. Supported...
GraphSpy Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI Internet traffic The client-server architecture results in most traffic to the internet being initiated from the GraphSpy application. This includes:...
CcmPwn ccmpwn.py – lateral movement script that leverages the CcmExec service to remotely hijack user sessions. Explanation System Center Configuration Manager (SCCM) clients make use of the CcmExec service, which initiates the execution of C:\Windows\CCM\SCNotification.exe for every...
wcreddump On one hand, sam dumping tools are widely used, but surprisingly not very automated. On the other hand, WINHELLO pin-dumping tools barely exist. This simple and lightweight Python script is made to automate...
KubeHound KubeHound creates a graph of attack paths in a Kubernetes cluster, allowing you to identify direct and multi-hop routes an attacker can take, visually or through complex graph queries. KubeHound can identify more...
Cookie dumper for Chrome and Edge CookieKatz is a project that allows operators to dump cookies from Chrome, Edge, or Msedgewebview2 directly from the process memory. Chromium-based browsers load all their cookies from the...
SploitScan SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and...
FormThief FormThief is a project designed for spoofing Windows desktop login applications using WinForms and WPF. Windows Forms (WinForms) and Windows Presentation Foundation (WPF) are two powerful UI frameworks provided by Microsoft for building...
Hiado Cross-projects Repository permissions enumeration Tool for Azure DevOps What does Hiado do? Hiado is a Python script that helps you enumerate information about the repositories your organization manages within Azure DevOps. Particular focus...
