The pentester's Swiss knife
SCCMHunter SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. The basic function of the tool is to query LDAP with the find...
legba Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime to achieve better performances and stability while consuming fewer resources than similar tools. Supported...
The Auditor Automated Audit Simulation (AAS) is an innovative computer-assisted audit tool meticulously crafted for cybersecurity professionals, auditors, advisors, and consultants engaged in conducting comprehensive audits for diverse organizations. This cutting-edge tool operates seamlessly...
EFIDrill – IDA plugin for UEFI firmware vulnerability hunting based on data flow analysis The Unified Extensible Firmware Interface (UEFI) is a critical component in the boot process, but it’s vulnerable to attacks....
MagicDot A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue. MagicDot Python Package Implements MagicDot’s rootkit-like techniques: Files/Directories named with dots only Bonus – Such...
Mantis Mantis is a command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning. It takes the top-level domains as input, and then seamlessly progresses to discovering corresponding assets, including subdomains...
Misconfig Mapper Misconfig Mapper is a project by Intigriti for the community to help you find, detect, and resolve common security misconfigurations in various popular services, technologies, and SaaS-based solutions that your targets use!...
NativeDump NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList, and Memory64List Streams)....
The Browser-Bruter The Browser-Bruter is the first ever browser-based automated web pentesting tool for fuzzing web forms by controlling the browser it self. It automates the process of sending payloads to input fields of the browser...
modpot modpot is a modular web application honeypot framework written in Golang and making use of the gin framework. It is the antithesis to honeydet in many ways and allows the user to deploy...
GraphSpy Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI Internet traffic The client-server architecture results in most traffic to the internet being initiated from the GraphSpy application. This includes:...
SCLauncher – Basic Shellcode Tester, Debugger and PE-File Wrapper This program is designed to load 32-bit or 64-bit shellcode and allow for execution or debugging. In addition, it can produce executable PE files based...
CcmPwn ccmpwn.py – lateral movement script that leverages the CcmExec service to remotely hijack user sessions. Explanation System Center Configuration Manager (SCCM) clients make use of the CcmExec service, which initiates the execution of C:\Windows\CCM\SCNotification.exe for every...
ZANSIN ZANSIN is envisioned as a GROUNDBREAKING cybersecurity training tool designed to equip users against the ever-escalating complexity of cyber threats. It achieves this by providing learners with a platform to engage in simulated...
Gungnir Gungnir is a command-line tool written in Go that continuously monitors certificate transparency (CT) logs for newly issued SSL/TLS certificates. Its primary purpose is to aid security researchers and penetration testers in discovering...
wcreddump On one hand, sam dumping tools are widely used, but surprisingly not very automated. On the other hand, WINHELLO pin-dumping tools barely exist. This simple and lightweight Python script is made to automate...