VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit (Vortex)

A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...).

Features:
— User Search and Collection
— Password Leaks
— Main Domain Identification
— Subdomain Search
— VPN Endpoint Detection
— Password Spraying/Guessing attacks
— Search profiles on Social Networks

https://github.com/klezVirus/vortex

#osint #vpn #enumeration #spraying #tools

PowerRemoteDesktop

Have you ever dreamed about having a Remote Desktop Application entirely coded in PowerShell (Even the GUI) ? Well it is now possible with this very first beta release

https://github.com/DarkCoderSc/PowerRemoteDesktop

#rdp #powershell #tools

WMEye

A small project I wrote that uses WMI foo to remotely upload shellcode into a WMI Class and execute it by invoking MSBuild.
It uses LogFileEventConsumer Class to write the MSBuild Payload.

https://github.com/pwn1sher/WMEye

#wmi #redteam #tools

LDAP Relay Scan

A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.

https://github.com/zyn3rgy/LdapRelayScan

#ad #ldap #scan #tools

aesKrbKeyGen

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password. Either of the resulting keys can be utilized with Impacket's getTGT.py to obtain a TGT for the account, provided it is configured to support AES encryption.

https://github.com/Tw1sm/AesKrbKeyGen

#ad #kerbeos #tgt #tools

SMBeagle

This is fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written.

https://github.com/punk-security/SMBeagle

#ad #share #enum #tools

LFIDump

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

https://github.com/p0dalirius/LFIDump

#lfi #dump #tools #bugbounty

EDRChecker

Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.

C#
https://github.com/PwnDexter/SharpEDRChecker

PowerShell
https://github.com/PwnDexter/Invoke-EDRChecker

#edr #checker #csharp #powershell #tools

o365recon

Script to retrieve information via O365 and AzureAD with a valid cred.

https://github.com/nyxgeek/o365recon

#azure #recon #tools

Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!

Blog:
https://research.ifcr.dk/certipy-2-0-bloodhound-new-escalations-shadow-credentials-golden-certificates-and-more-34d1c26f0dc6

Tool:
https://github.com/ly4k/Certipy

#ad #adcs #abuse #tools

Spring4Shell Scan

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities

Features:
— Support for lists of URLs.
— Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).
— Fuzzing for HTTP GET and POST methods.
— Automatic validation of the vulnerability upon discovery.
— Randomized and non-intrusive payloads.
— WAF Bypass payloads.

https://github.com/fullhunt/spring4shell-scan

#spring4shell #spring #scan #tools

Invoke-SocksProxy

The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot into the local host's network.

https://github.com/p3nt4/Invoke-SocksProxy

#powershell #socks #proxy #tools

🔍 Find Uncommon Shares

This Python tool equivalent of PowerView Invoke-ShareFinder.ps1 allows to quickly find uncommon shares in vast Windows Active Directory Domains.

https://github.com/p0dalirius/FindUncommonShares

#ad #enum #shares #tools