LDAP Relay Scan
A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.
https://github.com/zyn3rgy/LdapRelayScan
#ad #ldap #scan #tools
A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.
https://github.com/zyn3rgy/LdapRelayScan
#ad #ldap #scan #tools
GitHub
GitHub - zyn3rgy/LdapRelayScan: Check for LDAP protections regarding the relay of NTLM authentication
Check for LDAP protections regarding the relay of NTLM authentication - zyn3rgy/LdapRelayScan
aesKrbKeyGen
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password. Either of the resulting keys can be utilized with Impacket's
https://github.com/Tw1sm/AesKrbKeyGen
#ad #kerbeos #tgt #tools
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password. Either of the resulting keys can be utilized with Impacket's
getTGT.py to obtain a TGT for the account, provided it is configured to support AES encryption.https://github.com/Tw1sm/AesKrbKeyGen
#ad #kerbeos #tgt #tools
GitHub
GitHub - Tw1sm/aesKrbKeyGen: Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3
Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3 - Tw1sm/aesKrbKeyGen
This media is not supported in your browser
VIEW IN TELEGRAM
LFIDump
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
https://github.com/p0dalirius/LFIDump
#lfi #dump #tools #bugbounty
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
https://github.com/p0dalirius/LFIDump
#lfi #dump #tools #bugbounty
❤1
EDRChecker
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
C#
https://github.com/PwnDexter/SharpEDRChecker
PowerShell
https://github.com/PwnDexter/Invoke-EDRChecker
#edr #checker #csharp #powershell #tools
Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.
C#
https://github.com/PwnDexter/SharpEDRChecker
PowerShell
https://github.com/PwnDexter/Invoke-EDRChecker
#edr #checker #csharp #powershell #tools
o365recon
Script to retrieve information via O365 and AzureAD with a valid cred.
https://github.com/nyxgeek/o365recon
#azure #recon #tools
Script to retrieve information via O365 and AzureAD with a valid cred.
https://github.com/nyxgeek/o365recon
#azure #recon #tools
Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!
Blog:
https://research.ifcr.dk/certipy-2-0-bloodhound-new-escalations-shadow-credentials-golden-certificates-and-more-34d1c26f0dc6
Tool:
https://github.com/ly4k/Certipy
#ad #adcs #abuse #tools
Blog:
https://research.ifcr.dk/certipy-2-0-bloodhound-new-escalations-shadow-credentials-golden-certificates-and-more-34d1c26f0dc6
Tool:
https://github.com/ly4k/Certipy
#ad #adcs #abuse #tools
Medium
Certipy 2.0: BloodHound, New Escalations, Shadow Credentials, Golden Certificates, and more!
As the title states, the latest release of Certipy contains many new features, techniques and improvements. This blog post dives into the…
APT
SpringShell: Spring Core RCE (CVE-2022-22963) PoC Payload: spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("xcalc") Research: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html Exploit: https:/…
Spring4Shell Scan
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
Features:
— Support for lists of URLs.
— Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).
— Fuzzing for HTTP GET and POST methods.
— Automatic validation of the vulnerability upon discovery.
— Randomized and non-intrusive payloads.
— WAF Bypass payloads.
https://github.com/fullhunt/spring4shell-scan
#spring4shell #spring #scan #tools
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
Features:
— Support for lists of URLs.
— Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).
— Fuzzing for HTTP GET and POST methods.
— Automatic validation of the vulnerability upon discovery.
— Randomized and non-intrusive payloads.
— WAF Bypass payloads.
https://github.com/fullhunt/spring4shell-scan
#spring4shell #spring #scan #tools
GitHub
GitHub - fullhunt/spring4shell-scan: A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud…
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities - fullhunt/spring4shell-scan
Invoke-SocksProxy
The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot into the local host's network.
https://github.com/p3nt4/Invoke-SocksProxy
#powershell #socks #proxy #tools
The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot into the local host's network.
https://github.com/p3nt4/Invoke-SocksProxy
#powershell #socks #proxy #tools
GitHub
GitHub - p3nt4/Invoke-SocksProxy: Socks proxy, and reverse socks server using powershell.
Socks proxy, and reverse socks server using powershell. - GitHub - p3nt4/Invoke-SocksProxy: Socks proxy, and reverse socks server using powershell.
🔍 Find Uncommon Shares
This Python tool equivalent of PowerView Invoke-ShareFinder.ps1 allows to quickly find uncommon shares in vast Windows Active Directory Domains.
https://github.com/p0dalirius/FindUncommonShares
#ad #enum #shares #tools
This Python tool equivalent of PowerView Invoke-ShareFinder.ps1 allows to quickly find uncommon shares in vast Windows Active Directory Domains.
https://github.com/p0dalirius/FindUncommonShares
#ad #enum #shares #tools
👍7
⚙️ Active Directory Delegation Management Tool
Is an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest, along with their potential issues:
— Objects owned by users
— Objects with ACEs for users
— Non canonical ACL
— Disabled ACL inheritance
— Default ACL modified in schema
— Deleted delegation trustees
It also allows you to document your delegation model in JSON files, to obtain a more readable view:
https://github.com/mtth-bfft/adeleg
#ad #delegations #ace #acl #tools
Is an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest, along with their potential issues:
— Objects owned by users
— Objects with ACEs for users
— Non canonical ACL
— Disabled ACL inheritance
— Default ACL modified in schema
— Deleted delegation trustees
It also allows you to document your delegation model in JSON files, to obtain a more readable view:
https://github.com/mtth-bfft/adeleg
#ad #delegations #ace #acl #tools
🔥3👍1
🔒 TLSX
Collection of additional assets of a target CIDR/IP/HOST from TLS certificates.
Features:
— Fast And fully configurable TLS Connection
— Multiple Modes for TLS Connection
— Multiple TLS probes
— Auto TLS Fallback for older TLS version
— Pre Handshake TLS connection (early termination)
— Customizable Cipher / SNI / TLS selection
— TLS Misconfigurations
— HOST, IP, URL and CIDR input
— STD IN/OUT and TXT/JSON output
Example:
#recon #tls #grabber #tools
Collection of additional assets of a target CIDR/IP/HOST from TLS certificates.
Features:
— Fast And fully configurable TLS Connection
— Multiple Modes for TLS Connection
— Multiple TLS probes
— Auto TLS Fallback for older TLS version
— Pre Handshake TLS connection (early termination)
— Customizable Cipher / SNI / TLS selection
— TLS Misconfigurations
— HOST, IP, URL and CIDR input
— STD IN/OUT and TXT/JSON output
Example:
tlsx -u 209.133.79.0/24 -san -cn -silent -resp-only | dnsx -silent | httpx | nucleihttps://github.com/projectdiscovery/tlsx
#recon #tls #grabber #tools
👍5👎1
👀 PowerView.py
This is an alternative for the awesome original PowerView script. Most of the modules used in PowerView are available in this project.
https://github.com/aniqfakhrul/powerview.py
#ad #powerview #python #tools
This is an alternative for the awesome original PowerView script. Most of the modules used in PowerView are available in this project.
https://github.com/aniqfakhrul/powerview.py
#ad #powerview #python #tools
🔥11❤2
🔍 OSINT Tools
Today I'm going to talk about two excellent resources for photo editing during OSINT/IMINT.
Remini:
The image unblurring/sharpening tool could help yield better reverse image search and facial recognition result.
https://app.remini.ai/
Cleanup.Pictures:
One of the best online photo object removal tools I've ever seen.
https://cleanup.pictures/
#OSINT #IMINT #ImageAnalysis #tools
Today I'm going to talk about two excellent resources for photo editing during OSINT/IMINT.
Remini:
The image unblurring/sharpening tool could help yield better reverse image search and facial recognition result.
https://app.remini.ai/
Cleanup.Pictures:
One of the best online photo object removal tools I've ever seen.
https://cleanup.pictures/
#OSINT #IMINT #ImageAnalysis #tools
👍9
🔐 PPLDump
RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows.
https://github.com/last-byte/RIPPL
#ad #ppl #lsass #tools
RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows.
https://github.com/last-byte/RIPPL
#ad #ppl #lsass #tools
GitHub
GitHub - last-byte/RIPPL: RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows
RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows - last-byte/RIPPL
🦊 CloudFox
Security firm BishopFox has open-sourced on Tuesday a new security tool named CloudFox that can find exploitable attack paths in cloud infrastructure.
Blog:
https://bishopfox.com/blog/introducing-cloudfox
Tool:
https://github.com/BishopFox/cloudfox
#cloud #aws #pentest #tools
Security firm BishopFox has open-sourced on Tuesday a new security tool named CloudFox that can find exploitable attack paths in cloud infrastructure.
Blog:
https://bishopfox.com/blog/introducing-cloudfox
Tool:
https://github.com/BishopFox/cloudfox
#cloud #aws #pentest #tools
🔥5
🤤 LDAP Nom Nom
Stuck on a network with no credentials?
No worry, you can anonymously bruteforce Active Directory controllers for usernames over LDAP Pings (cLDAP) using new tool - with parallelization you'll get 10K usernames/sec. No Windows audit logs generated.
Features:
— Tries to autodetect DC from environment variables on domain joined machines or falls back to machine hostname FDQN DNS suffix
— Reads usernames to test from stdin (default) or file
— Outputs to stdout (default) or file
— Parallelized (defaults to 8 connections)
— Shows progressbar if you're using both input and output files
https://github.com/lkarlslund/ldapnomnom
#ad #ldap #userenum #tools
Stuck on a network with no credentials?
No worry, you can anonymously bruteforce Active Directory controllers for usernames over LDAP Pings (cLDAP) using new tool - with parallelization you'll get 10K usernames/sec. No Windows audit logs generated.
Features:
— Tries to autodetect DC from environment variables on domain joined machines or falls back to machine hostname FDQN DNS suffix
— Reads usernames to test from stdin (default) or file
— Outputs to stdout (default) or file
— Parallelized (defaults to 8 connections)
— Shows progressbar if you're using both input and output files
https://github.com/lkarlslund/ldapnomnom
#ad #ldap #userenum #tools
GitHub
GitHub - lkarlslund/ldapnomnom: Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers…
Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP) - lkarlslund/ldapnomnom
❤🔥6👍1
🌀 Unique Subdomain Enumeration
Great research regarding subdomain enumeration through permutations, unique approach that can provide good results with a smaller initial bruteforce data set in comparison to altdns
Research:
https://cramppet.github.io/regulator/index.html
Tools:
https://github.com/cramppet/regulator
#subdomain #enumeration #permutation #tools
Great research regarding subdomain enumeration through permutations, unique approach that can provide good results with a smaller initial bruteforce data set in comparison to altdns
Research:
https://cramppet.github.io/regulator/index.html
Tools:
https://github.com/cramppet/regulator
#subdomain #enumeration #permutation #tools
👍9🔥3
⚔️ Katana — Web Crawler
A next-generation crawling and spidering framework.
Features:
— Standard/Headless
— Customizable Config
— JavaScript parsing
— Scope control
https://github.com/projectdiscovery/katana
#web #crawler #tools #bugbounty
A next-generation crawling and spidering framework.
Features:
— Standard/Headless
— Customizable Config
— JavaScript parsing
— Scope control
https://github.com/projectdiscovery/katana
#web #crawler #tools #bugbounty
❤🔥12
Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.
🔗 Research:
https://habr.com/ru/companies/angarasecurity/articles/697938/
🔗 Source:
https://github.com/DrunkF0x/ADSpider
———
Наконец-то появилась на свет,
#ad #windows #monitoring #tools
Please open Telegram to view this post
VIEW IN TELEGRAM
Хабр
Паук в Active Directory так лапками тыдык тыдык
В чем соль: у нас уже есть достаточно известные утилиты , чтобы «отслеживать» изменения в Active Directory. Почему в кавычках? Потому что все подобные утилиты (ну, практически) используют...
🔥10❤4👍4👎1