Invoke-EDRChecker : Checks Running Processes, Process Metadata, Dlls Loaded Into Your Current Process
Invoke-EDRChecker is the script will check running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services, the registry and running drivers for the presence of known defensive products such as AV's, EDR's and logging tools. This script can be loaded into your C2 server as well for example in PoshC2,...
IDACode : An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug
IDACode makes it easy to execute and debug Python scripts in your IDA environment without leaving Visual Studio Code. The VS Code extension can be found on the marketplace.IDACode is still in a very early state and bugs are to be expected. Please open a new issue if you encounter any issues. Features Speed: Quickly create and execute scripts.Debugging: Attach a Python...
SMBSR : Lookup For Interesting Stuff In SMB Shares
SMBSR is a python script which given a CIDR/IP/IP_file/HOSTNAME(s) enumerates all the SMB services listening (445) among the targets and tries to authenticate against them; if the authentication succeed then all the folders and subfolders are visited recursively in order to find secrets in files and ... secret files. In order to scan the targets for SMB ports open...
SQLRecon : A C# MS SQL Toolkit Designed For Offensive Reconnaissance And Post-Exploitation
SQLRecon is a C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. For detailed usage information on each technique, refer to the wiki. Usage You can grab a copy of SQLRecon from the releases page. Alternatively, feel free to compile the solution yourself This should be as straight forward as cloning the repo, double clicking the solution file and building. Mandatory Arguments The mandatory arguments consist...
Combobulator : Framework To Detect And Prevent Dependency Confusion Leakage And Potential Attacks
Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., ndm, maven). Intended Audiences The framework can be used by security auditors, pentesters and even...
Elfloader : An Architecture-Agnostic ELF File Flattener For Shellcode
Elfloader is a super simple loader for ELF files that generates a flat in-memory representation of the ELF. Pair this with Rust and now you can write your shellcode in a proper, safe, high-level language. Any target that LLVM can target can be used, including custom target specifications for really exotic platforms and ABIs. Enjoy using things like u64s on 32-bit systems,...
wmiexec-RegOut : Modify Version Of Impacket Wmiexec.Py, Get Output(Data,Response) From Registry
wmiexec-RegOut is the modify version of impacket wmiexec.py, wmipersist.py. Got output(data, response) from registry, don't need SMB connection, but I'm in the bad code. Overview In original wmiexec.py, it get response from smb connection (port 445,139). Unfortunately, some antivirus software are monitoring these ports as high risk.In this case, I drop smb connection function and use others method to execute command. wmiexec-reg-sch-UnderNT6-wip.py:...
Heaptrace : Helps Visualize Heap Operations For Pwn And Debugging
Heaptrace is a heap debugger for tracking glibc heap operations in ELF64 (x86_64) binaries. Its purpose is to help visualize heap operations when debugging binaries or doing heap pwn. replaces addresses with easy-to-understand symbolsdetects heap corruption and memory leakage issuescan debug in gdb at any point (--break)supports all ELF64 (x86_64) binaries regardless of ASLR or compiler settings (including stripped binaries) Installation Ubuntu...
Phant0m : Windows Event Log Killer
Phant0m is a Windows Event Log Killer. Svchost is essential in the implementation of so-called shared service processes, where a number of services can share a process in order to reduce resource consumption. Grouping multiple services into a single process conserves computing resources, and this consideration was of particular concern to NT designers because creating Windows processes takes more...
Ipsourcebypass : This Python Script Can Be Used To Bypass IP Source Restrictions Using HTTP Headers
Ipsourcebypass is a Python script that can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON export with --json outputfile.json. Auto-detecting most successful bypasses. Usage $ ./ipsourcebypass.py -h IP source bypass using HTTP headers, v1.2usage: ipsourcebypass.py -i IP urlThis Python script can be used to test for IP source bypass...
