ADenum : A Pentesting Tool That Allows To Find Misconfiguration Through The The Protocol LDAP And Exploit Some Of Those Weaknesses With Kerberos
ADenum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos. Requirement Impacket (https://github.com/SecureAuthCorp/impacket)John (https://github.com/openwall/john)Python 3If you are using debian or ubuntu $ sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev If you are using kali $ sudo apt-get install libsasl2-dev python2-dev libldap2-dev libssl-dev pip3 $ pip3 install -r requirements.txt Features and Functionality LDAP Enum Domain Admin usersEnum Domain ControllersEnum Domain users with Password...
How To Safely Use Public Wi-Fi And How To Secure Your Home Wi-Fi
It’s not important what you do for a living or how old you are, if you have a computer or a smartphone, wi-fi connections are a part of your daily routine. That’s especially true if you love to work from various coffee shops where you have to connect to public wi-fi networks. There is a popular belief that public...
Tarian : Antivirus for Kubernetes
Tarian is a tool to protect your applications running on Kubernetes from malicious attacks by pre-registering your trusted processes and trusted file signatures. Tarian will detect unknown processes and changes to the registered files, then it will send alerts and take an automated action. Save your K8s environment from Ransomware! We want to maintain this as an open-source project to...
DInjector : Collection Of Shellcode Injection Techniques Packed In A D/Invoke Weaponized DLL
DInjector repository is an accumulation of my code snippets for various shellcode injection techniques using fantastic D/Invoke API by @TheWover and @FuzzySecurity. Features: Fully ported to D/Invoke APIEncrypted payloads which can be invoked from a URL or passed in base64 as an argumentBuilt-in AMSI bypassPPID spoofing and block non-Microsoft DLLs (stolen from TikiTorch, write-up is here)Sandbox detection & evasion ℹ️ Based on my testings the DInvoke NuGet package itself is being flagged by many...
AFLTriage : Tool To Triage Crashing Input Files Using A Debugger
AFLTriage is a tool to triage crashing input files using a debugger. It is designed to be portable and not require any run-time dependencies, besides libc and an external debugger. It supports triaging crashes generated by any program, not just AFL, but recognizes AFL directories specially, hence the name. Some notable features include: Multiple report formats: text, JSON, and raw debugger JSONParallel crash triageCrash...
O365Spray : Username Enumeration And Password Spraying Tool Aimed At Microsoft O365
O365Spray a username enumeration and password spraying tool aimed at Microsoft Office 365 (O365). This tool reimplements a collection of enumeration and spray techniques researched and identified by those mentioned in Acknowledgments. WARNING: The oAuth2 module for user enumeration is performed by submitting a single authentication attempt per user. If the module is run in conjunction with password spraying in a...
SMBeagle : Fileshare Auditing Tool That Hunts Out All Files It Can See In The Network And Reports If The File Can Be Read And/Or Written
SMBeagle is an (SMB) file share auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elastic search host, or both!? SMBeagle tries to make use of the win32 APIs for maximum speed, but...
Fileless-Xec : Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk
Fileless-Xec is a Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk Pentest use: fileless-xec is used on target machine to stealthy execute a binary file located on attacker machine Short story fileless-xec enable us to execute a remote binary on a local machine directly from memory without dropping them on disk Install From release Linux: curl -lO -L https://github.com/ariary/fileless-xec/releases/latest/download/fileless-xec Windows: curl -lO -L https://github.com/ariary/fileless-xec/releases/latest/download/fileless-xec_windows.exe From source Clone the...
Infrastructure-as-Code (IaC) Management in the Cloud
One of the most critical and vital components today, in the Cloud era, is the Infrastructure as Code (IaC). In this post, I decided to write my paper to explain how infrastructure management as Code in the Cloud in general. Not long ago, the job of a system administrator was not easy. All the hardware and software had to be maintained and...
Kali Intelligence Suite : Shall Aid In The Fast, Autonomous, Central, And Comprehensive Collection Of Intelligence By Executing Standard Penetration Testing Tools
Kali Intelligence Suite (KIS) is an intelligence gathering and data mining tool for penetration testers. It shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by automatically: executing Kali Linux tools (e.g., dnsrecon, gobuster, hydra, nmap, etc.)querying publicly available APIs (e.g., Censys.io, Haveibeenpwned.com, Hunter.io, Securitytrails.com, DNSdumpster.com, Shodan.io, etc.)storing the collected data in a central PostgreSQL database (see...
