FindGPPPasswords A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts. Features Only requires a low privileges domain user account. Automatically gets the list of all...
PowerHuntShares PowerHuntShares is designed to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers. It is intended to help IAM and other blue teams gain a...
MSFTRecon is a reconnaissance tool designed for red teamers and security professionals to map Microsoft 365 and Azure tenant infrastructure. It performs comprehensive enumeration without requiring authentication, helping identify potential security misconfigurations and attack...
YATAS Yet Another Testing & Auditing Solution Features YATAS is a simple and easy-to-use tool to audit your infrastructure for misconfiguration or potential security issues. AWS – 43 Checks APIGateway AWS_APG_001 Apigateway Cloudwatch Logs...
mitmproxy2swagger A tool for automatically converting mitmproxy captures to OpenAPI 3.0 specifications. This means that you can automatically reverse-engineer REST APIs by just running the apps and capturing the traffic. Install First, you will need python3 and pip3....
Porch Pirate Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconnaissance / OSINT framework for Postman. While existing tools are great proof...
REcollapse REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications. It can also be helpful to bypass WAFs and weak vulnerability mitigations. For more information,...
Linkook is an OSINT tool for discovering linked/connected social accounts and associated emails across multiple platforms using a single username. It also supports exporting the gathered relationships in a Neo4j-friendly format for visual analysis. Main Features Search...
COM Type Coercion Execution in PowerShell This technique leverages PowerShell’s .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit type coercion. A custom .NET object is defined in PowerShell with an...
MailFail identifies and provides commands to exploit a large number of email-related misconfigurations for the current domain and subdomain within a web browser. The extension’s UI popup highlights any misconfigurations in red and links...
SCRIPTKIDDI3 Introducing SCRIPTKIDDI3, a powerful recon and initial vulnerability detection tool for Bug Bounty Hunters. Built using a variety of open-source tools and a shell script, SCRIPTKIDDI3 allows you to quickly and efficiently run...
chgpass.exe is a Windows standalone executable tool that allows you to change the password of user/computer accounts in Active Directory (AD) via MS-SAMR protocol. This tool can be used when you have the necessary permissions...
Katana A next-generation crawling and spidering framework Feature Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control – Preconfigured field / Regex Customizable output – Preconfigured fields INPUT – STDIN, URL and LIST...
FlowMate Have you ever wondered how to consider all input-to-output correlations of a web application during a pentest? With FlowMate, you no longer have to. FlowMate is our BurpSuite extension designed to introduce taint analysis to web...
CaptainCredz is a modular and discreet password-spraying tool, with advanced features such as a cache mechanism and a fine-grained timing control. To start using captaincredz, the following lines may be useful: Extending CaptainCredz Writing...
Tarian Protect your applications running on Kubernetes from malicious attacks by pre-registering your trusted processes and trusted file signatures. Tarian will detect unknown processes and changes to the registered files, then it will send...