ADRecon: Active Directory Recon ADRecon is a tool that extracts and combines various artifacts out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report that includes summary...
RedELK Red Team’s SIEM – tool for Red Teams for tracking and alarming about Blue Team activities as well as enhanced usability in long-term operations. Enhanced usability and overview for the red team operators by...
Villain Villain is a high level C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers...
TheAllCommander Framework for modeling and researching C2 communications for developing efficient filtering and detection logic. TheAllCommander 2.1 (April 2024) includes support for logging telemetry data gathered from test daemons, as well as alpha support...
Fragtunnel Fragtunnel is a PoC TCP tunneling tool that exploits the design flaw that IDS/IPS engines and Next Generation Firewalls have; therefore, it can tunnel your application’s traffic to the target server and back...
smbclient-ng A fast and user-friendly way to interact with SMB shares. Feature bat: Pretty prints the contents of a file. Syntax: bat <file> cat: Get the contents of a file. Syntax: cat <file> cd: Change the...
File Tunnel Tunnel TCP connections through a file. Compatibility SMB NFS AFP windows-x64 Y Y Unknown – please let me know linux-x64 Y Y Unknown – please let me know linux-arm64 Unknown – please...
airgeddon This is a multi-use bash script for Linux systems to audit wireless networks. This is the list of features so far: Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing DoS...
linWinPwn linWinPwn is a bash script that wraps many Active Directory tools for enumeration (LDAP, RPC, ADCS, MSSQL, Kerberos), vulnerability checks (noPac, ZeroLogon, MS17-010, MS14-068), object modifications (password change, add user to the group,...
wstunnel Most of the time when you are using a public network, you are behind some kind of firewall or proxy. One of their purposes is to constrain you to only use certain kinds...
sish An open-source serveo/ngrok alternative. How it works SSH can normally forward local and remote ports. This service implements an SSH server that only handles forwarding and nothing else. The service supports multiplexing connections...
NetExec – The Network Execution Tool This project was initially created in 2015 by @byt3bl33d3r, known as CrackMapExec. In 2019 @mpgn_x64 started maintaining the project for the next 4 years, adding a lot of...
BREADS – BREaking Active Directory Security BREADS is a tool focused on enumerating and attacking Active Directory environments through LDAP and SMB protocols. This project is inspired by other existing tools like NetExec (CrackMapExec) and...
SCCMHunter SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. The basic function of the tool is to query LDAP with the find...
legba Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime to achieve better performances and stability while consuming fewer resources than similar tools. Supported...
GraphSpy Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI Internet traffic The client-server architecture results in most traffic to the internet being initiated from the GraphSpy application. This includes:...
