🔍 Find Uncommon Shares

This Python tool equivalent of PowerView Invoke-ShareFinder.ps1 allows to quickly find uncommon shares in vast Windows Active Directory Domains.

https://github.com/p0dalirius/FindUncommonShares

#ad #enum #shares #tools

⚙️ Active Directory Delegation Management Tool

Is an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest, along with their potential issues:

— Objects owned by users
— Objects with ACEs for users
— Non canonical ACL
— Disabled ACL inheritance
— Default ACL modified in schema
— Deleted delegation trustees

It also allows you to document your delegation model in JSON files, to obtain a more readable view:

https://github.com/mtth-bfft/adeleg

#ad #delegations #ace #acl #tools

🔒 TLSX

Collection of additional assets of a target CIDR/IP/HOST from TLS certificates.

Features:
— Fast And fully configurable TLS Connection
— Multiple Modes for TLS Connection
— Multiple TLS probes
— Auto TLS Fallback for older TLS version
— Pre Handshake TLS connection (early termination)
— Customizable Cipher / SNI / TLS selection
— TLS Misconfigurations
— HOST, IP, URL and CIDR input
— STD IN/OUT and TXT/JSON output

Example:

tlsx -u 209.133.79.0/24 -san -cn -silent -resp-only | dnsx -silent | httpx | nuclei

https://github.com/projectdiscovery/tlsx

#recon #tls #grabber #tools

👀 PowerView.py

This is an alternative for the awesome original PowerView script. Most of the modules used in PowerView are available in this project.

https://github.com/aniqfakhrul/powerview.py

#ad #powerview #python #tools

🔍 OSINT Tools

Today I'm going to talk about two excellent resources for photo editing during OSINT/IMINT.

Remini:
The image unblurring/sharpening tool could help yield better reverse image search and facial recognition result.
https://app.remini.ai/

Cleanup.Pictures:
One of the best online photo object removal tools I've ever seen.
https://cleanup.pictures/


#OSINT #IMINT #ImageAnalysis #tools

🔐 PPLDump

RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows.

https://github.com/last-byte/RIPPL

#ad #ppl #lsass #tools

🦊 CloudFox

Security firm BishopFox has open-sourced on Tuesday a new security tool named CloudFox that can find exploitable attack paths in cloud infrastructure.

Blog:
https://bishopfox.com/blog/introducing-cloudfox

Tool:
https://github.com/BishopFox/cloudfox

#cloud #aws #pentest #tools

🤤 LDAP Nom Nom

Stuck on a network with no credentials?
No worry, you can anonymously bruteforce Active Directory controllers for usernames over LDAP Pings (cLDAP) using new tool - with parallelization you'll get 10K usernames/sec. No Windows audit logs generated.

Features:
— Tries to autodetect DC from environment variables on domain joined machines or falls back to machine hostname FDQN DNS suffix
— Reads usernames to test from stdin (default) or file
— Outputs to stdout (default) or file
— Parallelized (defaults to 8 connections)
— Shows progressbar if you're using both input and output files

https://github.com/lkarlslund/ldapnomnom

#ad #ldap #userenum #tools

🌀 Unique Subdomain Enumeration

Great research regarding subdomain enumeration through permutations, unique approach that can provide good results with a smaller initial bruteforce data set in comparison to altdns

Research:
https://cramppet.github.io/regulator/index.html

Tools:
https://github.com/cramppet/regulator

#subdomain #enumeration #permutation #tools

⚔️ Katana — Web Crawler

A next-generation crawling and spidering framework.

Features:
— Standard/Headless
— Customizable Config
— JavaScript parsing
— Scope control

https://github.com/projectdiscovery/katana

#web #crawler #tools #bugbounty