ADCSync - Use ESC1 To Perform A Makeshift DCSync And Dump Hashes

This is a tool I whipped up together quickly to DCSync utilizing ESC1. It is quite slow but otherwise an effective means of performing a makeshift DCSync attack without utilizing DRSUAPI or Volume Shadow Copy. This is the first version of the tool and essentially...

Read More

pyGPOAbuse - Partial Python Implementation Of SharpGPOAbuse

Python partial implementation of SharpGPOAbuse by@pkb1s This tool can be used when a controlled account can modify an existing GPO that applies to one or more users & computers. It will create an immediate scheduled task as SYSTEM on the remote computer...

Read More

Grok-backdoor - Backdoor With Ngrok Tunnel Support

Grok-backdoor is a simple python based backdoor, it uses Ngrok tunnel for the communication. Ngrok-backdoor can generate windows, linux and mac binaries using Pyinstaller. Disclaimer: All the code provided on this repository is for educational/research...

Read More

Goddi (Go Dump Domain Info) - Dumps Active Directory Domain Information

Based on work from Scott Sutherland (@_nullbind), Antti Rantasaari, Eric Gruber (@egru), Will Schroeder (@harmj0y), and the PowerView authors. Install Use the executables in the releases section. If you want to build it yourself, make sure that your go...

Read More

XBruteForcer - CMS Brute Force Tool (WP, Joomla, DruPal, OpenCart, Magento)

Brute Force Tool: WP , Joomla , DruPal , OpenCart , Magento Simple brute force script [1] WordPress (Auto Detect Username) [2] Joomla [3] DruPal [4] OpenCart [5] Magento [6] All (Auto Detect CMS) Usage Short Form Long Form Description ...

Read More

Know The Dangers Of Credential Reuse Attacks - Cr3dOv3r v0.3

Your best friend in credential reuse attacks. Cr3dOv3r simply you give it an email then it does two simple jobs (but useful) : Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails...

Read More

Website Vulnerability Scanner & Auto Exploiter - XAttacker

XAttacker is a Website Vulnerability Scanner & Auto Exploiter developed by Mohamed Riahi Installation git clone https://github.com/Moham3dRiahi/XAttacker.git Auto Cms Detect [1] WordPress : [+] Adblock Blocker [+] WP All Import [+] Blaze [+]...

Read More

Windows Event Log Killer - Invoke-Phant0m

This script walks thread stacks of Event Log Service process (spesific svchost.exe) and identify Event Log Threads to kill Event Log Service Threads. So the system will not be able to collect logs and at the same time the Event Log Service will appear...

Penetration Testing Tool for Testing Web Applications - OWASP ZAP 2.7.0

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you...

Read More

A Linux version of the ProcDump Sysinternals tool - ProcDump for Linux

ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. Installation...

Read More

Remote Administration Tool for Windows - QuasarRAT

Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you. Features TCP network stream (IPv4 & IPv6 support) Fast...

Read More

Tool to simulate fake processes of analysis sandbox/VM software - Fake Sandbox Processes (FSP)

This small script will simulate fake processes of analysis, sandbox and/or VM software that some malware will try to avoid. You can download the original script (made by @x0rz ) in the orig directory. You can also download my slightly optimized script in...