Evilgophish : Evilginx2 + Gophish
Combination of evilginx2 and GoPhish. Prerequisites You should have a fundamental understanding of how to use GoPhish, evilginx2, and Apache2. Disclaimer I shall not be responsible or liable for any misuse or illegitimate use of this software. This software is only to be used in authorized penetration testing or red team engagements where the operator(s) has(ve) been given explicit written permission to carry...
Collect-MemoryDump : Automated Creation Of Windows Memory Snapshots For DFIR
Collect-MemoryDump is automated Creation of Windows Memory Snapshots for DFIR. Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically sound manner). Features Checks for Hostname and Physical Memory Size before starting memory acquisition Checks if you have enough free disk space to save memory dump file Collects a Raw Physical Memory Dump w/ DumpIt,...
RDPHijack-BOF : Perform Local/Remote RDP Session Hijacking
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket (e.g., golden ticket) of the session owner, you will be able to hijack the session remotely without dropping any beacon/tool on the target server. To enumerate sessions locally/remotely, you could use Quser-BOF. Screenshot Usage Usage: bof-rdphijack ...
TeamFiltration : Cross-Platform Framework For Enumerating, Spraying, Exfiltrating, And Backdooring O365 AAD Accounts
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the TeamFiltration wiki page for an introduction into how TeamFiltration works and the Quick Start Guide for how to get up and running! This tool has been used internally since January 2021 and was publicly released in my talk "Taking a Dumb In The Cloud"...
Prefetch-Hash-Cracker : A Small Util To Brute-Force Prefetch Hashes
During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch(Prefetch-Hash-Cracker) file. While its content may not be recoverable, the filename itself is often enough to find the full path of the executable for which the prefetch file was created. Using the tool The following fields must be provided: Executable nameIncluding the extension. It will be...
Appshark : Static Taint Analysis Platform To Scan Vulnerabilities In An Android App
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version of JDK -- JDK 11. After testing, it does not work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue. Building/Compiling AppShark We assume that you are working in the root directory of the project repo. You...
VuCSA : Vulnerable Client-Server Application – Made For Learning/Presenting
Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface). Currently the vulnerable application contains the following challenges: Buffer Over-read (simulated) Command Execution SQL Injection Enumeration XML Horizontal Access Control Vertical Access Control If you want to know how to solve these challenges, take a look at the PETEP website, which...
Jscythe : Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code
Jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any Node.js application and more! How? Locate the target process. Send SIGUSR1 signal to the process, this will enable the debugger on a port (depending on the software, sometimes...
Cicd-Goat : A Deliberately Vulnerable CI/CD Environment
The CI/CD-Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 10 challenges, enacted against a real, full blown CI/CD environment. The scenarios are of varying difficulty levels, with each scenario focusing on one primary attack vector. The challenges cover the Top 10 CI/CD Security Risks, including Insufficient Flow Control Mechanisms, PPE (Poisoned...
Reverse_SSH : SSH Based Reverse Shell
Want to use SSH for reverse shells? Now you can using reverse_SSH. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trust control channelsAnd more! Setup Docker: docker run -p3232:2222 -e EXTERNAL_ADDRESS=<your_external_address>:3232 -e SEED_AUTHORIZED_KEYS="$(cat ~/.ssh/id_ed25519.pub)" -v data:/data reversessh/reverse_ssh Manual: git clone...
