VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit (Vortex)

A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...).

Features:
— User Search and Collection
— Password Leaks
— Main Domain Identification
— Subdomain Search
— VPN Endpoint Detection
— Password Spraying/Guessing attacks
— Search profiles on Social Networks

https://github.com/klezVirus/vortex

#osint #vpn #enumeration #spraying #tools

PowerRemoteDesktop

Have you ever dreamed about having a Remote Desktop Application entirely coded in PowerShell (Even the GUI) ? Well it is now possible with this very first beta release

https://github.com/DarkCoderSc/PowerRemoteDesktop

#rdp #powershell #tools

WMEye

A small project I wrote that uses WMI foo to remotely upload shellcode into a WMI Class and execute it by invoking MSBuild.
It uses LogFileEventConsumer Class to write the MSBuild Payload.

https://github.com/pwn1sher/WMEye

#wmi #redteam #tools

LDAP Relay Scan

A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.

https://github.com/zyn3rgy/LdapRelayScan

#ad #ldap #scan #tools

aesKrbKeyGen

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password. Either of the resulting keys can be utilized with Impacket's getTGT.py to obtain a TGT for the account, provided it is configured to support AES encryption.

https://github.com/Tw1sm/AesKrbKeyGen

#ad #kerbeos #tgt #tools

SMBeagle

This is fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written.

https://github.com/punk-security/SMBeagle

#ad #share #enum #tools

LFIDump

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

https://github.com/p0dalirius/LFIDump

#lfi #dump #tools #bugbounty

EDRChecker

Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.

C#
https://github.com/PwnDexter/SharpEDRChecker

PowerShell
https://github.com/PwnDexter/Invoke-EDRChecker

#edr #checker #csharp #powershell #tools

o365recon

Script to retrieve information via O365 and AzureAD with a valid cred.

https://github.com/nyxgeek/o365recon

#azure #recon #tools

Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!

Blog:
https://research.ifcr.dk/certipy-2-0-bloodhound-new-escalations-shadow-credentials-golden-certificates-and-more-34d1c26f0dc6

Tool:
https://github.com/ly4k/Certipy

#ad #adcs #abuse #tools

Spring4Shell Scan

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities

Features:
— Support for lists of URLs.
— Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).
— Fuzzing for HTTP GET and POST methods.
— Automatic validation of the vulnerability upon discovery.
— Randomized and non-intrusive payloads.
— WAF Bypass payloads.

https://github.com/fullhunt/spring4shell-scan

#spring4shell #spring #scan #tools

Invoke-SocksProxy

The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot into the local host's network.

https://github.com/p3nt4/Invoke-SocksProxy

#powershell #socks #proxy #tools

🔍 Find Uncommon Shares

This Python tool equivalent of PowerView Invoke-ShareFinder.ps1 allows to quickly find uncommon shares in vast Windows Active Directory Domains.

https://github.com/p0dalirius/FindUncommonShares

#ad #enum #shares #tools

⚙️ Active Directory Delegation Management Tool

Is an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest, along with their potential issues:

— Objects owned by users
— Objects with ACEs for users
— Non canonical ACL
— Disabled ACL inheritance
— Default ACL modified in schema
— Deleted delegation trustees

It also allows you to document your delegation model in JSON files, to obtain a more readable view:

https://github.com/mtth-bfft/adeleg

#ad #delegations #ace #acl #tools

🔒 TLSX

Collection of additional assets of a target CIDR/IP/HOST from TLS certificates.

Features:
— Fast And fully configurable TLS Connection
— Multiple Modes for TLS Connection
— Multiple TLS probes
— Auto TLS Fallback for older TLS version
— Pre Handshake TLS connection (early termination)
— Customizable Cipher / SNI / TLS selection
— TLS Misconfigurations
— HOST, IP, URL and CIDR input
— STD IN/OUT and TXT/JSON output

Example:

tlsx -u 209.133.79.0/24 -san -cn -silent -resp-only | dnsx -silent | httpx | nuclei

https://github.com/projectdiscovery/tlsx

#recon #tls #grabber #tools

👀 PowerView.py

This is an alternative for the awesome original PowerView script. Most of the modules used in PowerView are available in this project.

https://github.com/aniqfakhrul/powerview.py

#ad #powerview #python #tools

🔍 OSINT Tools

Today I'm going to talk about two excellent resources for photo editing during OSINT/IMINT.

Remini:
The image unblurring/sharpening tool could help yield better reverse image search and facial recognition result.
https://app.remini.ai/

Cleanup.Pictures:
One of the best online photo object removal tools I've ever seen.
https://cleanup.pictures/


#OSINT #IMINT #ImageAnalysis #tools

🔐 PPLDump

RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows.

https://github.com/last-byte/RIPPL

#ad #ppl #lsass #tools