Kerbrute : An Script To Perform Kerberos Bruteforcing By Using Impacket
Kerbrute is a script to perform kerberos bruteforcing by using the Impacket library. When is executed, as input it receives a user or list of users and a password or list of password. Then is performs a brute-force attack to enumerate: Valid username/passwords pairsValid usernamesUsernames without pre-authentication required As a result, the script generates a list of valid credentials discovered, and the...
CRT : CrowdStrike Reporting Tool for Azure
CRT is a tool to queries the following configurations in the Azure AD/O365 tenant which can shed light on hard-to-find permissions and configuration settings in order to assist organizations in securing these environments. Exchange Online (O365): Federation ConfigurationFederation TrustClient Access Settings Configured on MailboxesMail Forwarding Rules for Remote DomainsMailbox SMTP Forwarding RulesMail Transport RulesDelegates with 'Full Access' Permission GrantedDelegates with Any...
Mininode : A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis
Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis of source code. It supports two modes of reduction (1) coarse, (2) fine. Mininode constructs the dependency graph (modules and functions used) of the application starting from main file, i.e. entry point of the application. Mininode initializes entry point to package.json file's main field if it exists. Otherwise...
Gh-Dork : Github Dorking Tool
Gh-Dork is a Github Dorking Tool. Supply a list of dorks and, optionally, one of the following: a user (-u)a file with a list of users (-uf)an organization (-org)a file with a list of organizations (-of)a repo (-r) You can also pass: an output directory to store results (-o)a filename to store valid items, if your users or org file may contain...
BloodyAD : An Active Directory Privilege Escalation Framework
BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combining pathgen.py and autobloody.py. This framework supports NTLM (with password or NTLM hashes) and Kerberos authentication and binds to LDAP/LDAPS/SAMR services of a domain controller to obtain AD privesc. It is designed to be used transparently with a SOCKS proxy. bloodyAD Description This tool can perform specific LDAP/SAMR calls to a...
Ninjas workout : Vulnerable NodeJS Web Application
Ninjas workout is a Vulnerable NodeJS Web Application. Quick Start Download the Repo =>run npm i After Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex Implementation Race Condition CSRF -Cross Site Request Forgery Weak Bruteforce Protection User Enumeration Reset Password token leaking in Referrer Reset Password bugs Sensitive Data Exposure Unicode Case Mapping Collision File Upload SSRF XXEOpen Redirection Directory Traversal Insecure...
FACT : A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines
FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start the stack using: docker-compose up -d Installation To install FACT for deployment Docker Compose Single-node DeploymentKubernetes Multi-node Deployment For a development environment, see the developer documentation Docker Compose Single-node Deployment You...
Xolo : Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph
Xolo is a tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest hacking team exercises. Requirements Requests==2.18.4Flask==0.12.2JsonPypyodbcbeautifulsoup4==4.6.0lxml==4.1.0Example:pip install pypyodbcpython -m pip install pypyodbc Install/Run DownloadDecompressPut it in directoryRun itc:xolo>python main.py…* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)Open your browser http://127.0.0.1:5000/ Download
Dontgo403 : Tool To Bypass 40X Response Codes
Dontgo403 is a tool to bypass 40X error. Installation git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go build Customization If you want to edit or add new bypasses, you can add it directly to the specific file in payloads folder and the tool will use it. Options ./dontgo403 -hCommand line application that automates different ways to bypass 40X codes.Usage:dontgo403 Flags:-b, --bypassIp string Try bypass tests with a...
VulnLab : A Web Vulnerability Lab Project
VulnLab is a web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL InjectionCross Site Scripting (XSS)Command InjectionInsecure Direct Object References (IDOR)Cross Site Request Forgery (CSRF)XML External Entity (XXE)Insecure DeserializationFile UploadFile InclusionBroken Authentication Installation Install with DockerHub If you want to install on DockerHub, just type this command docker run --name vulnlab -d -p 1337:80 yavuzlar/vulnlab:latest Go to http://localhost:1337 Manuel Installation Clone the repo git clone https://github.com/Yavuzlar/VulnLab Build docker image docker build -t...
