PowerShx : Run Powershell Without Software Restrictions
PowerShx is a rewrite and expansion on the PowerShdll project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets. Features Run Powershell with DLLs using rundll32.exe, installutil.exe, regsvcs.exe or regasm.exe, regsvr32.exe.Run Powershell without powershell.exe or powershell_ise.exeAMSI Bypass features.Run Powershell scripts directly from the command line or Powershell filesImport Powershell modules and execute Powershell Cmdlets. Usage .dll version rundll32 rundll32 PowerShx.dll,main -erundll32 PowerShx.dll,main -f Run the script...
PortBender : TCP Port Redirection Utility
PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one TCP port (e.g., 445/TCP) to another TCP port (e.g., 8445/TCP). PortBender includes an aggressor script that operators can leverage to integrate the tool with Cobalt Strike. However, because the tool is implemented as a reflective DLL, it can integrate...
PEASS-ng : Privilege Escalation Awesome Scripts SUITE new generation
PEASS-ng is a Privilege Escalation Awesome Scripts SUITE new generation. Here you will find privilege escalation tools for Windows and Linux/Unix* and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyzWinPEAS - Windows local Privilege Escalation Awesome Script (C#.exe and .bat)Check...
Metabadger : Prevent SSRF Attacks On AWS EC2 Via Automated Upgrades To The More Secure Instance Metadata Service V2 (IMDSv2)
Metabadger Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2). Metabadger Purpose and functionality Diagnose and evaluate your current usage of the AWS Instance Metadata Service along with understanding how the service worksPrepare you to upgrade to v2 of the Instance Metadata service to safeguard against v1 attack vectorsGive you the ability to...
How to Detect and Prevent Brute Force Attacks?
Although a brute force attack is among the simplest attack methods, its effects are far-reaching. They achieve it by guessing the password until you get the right combination. The attacker aims to use force to access the user account. They can use automated software or scripts to achieve this and fasten the process. However, brute force attacks take along...
Limelighter : A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones
Limelighter is a tool which creates a spoof code signing certificates and sign binaries and DLL files to help evade EDR products and avoid MSS and sock scruitney. LimeLighter can also use valid code signing certificates to sign files. Limelighter can use a fully qualified domain name such as acme.com. Contributing LimeLighter was developed in golang. Make sure that the following are installed...
LazyCSRF : A More Useful CSRF PoC Generator
LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite. Motivation Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC. However, the function to automatically determine the content of request is broken, and it will...
Karma_V2 : A Passive Open Source Intelligence (OSINT) Automated Reconnaissance (Framework)
Karma_V2 can be used by Infosec Researchers, Penetration Testers, Bug Hunters to find deep information, more assets, WAF/CDN bypassed IPs, Internal/External Infra, Publicly exposed leaks and many more about their target. Shodan Premium API key is required to use this automation. Output from the 𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 is displayed to the screen and saved to files/directories. ℹ Regarding Premium Shodan API, Please...
Inceptor : Template-Driven AV/EDR Evasion Framework
Inceptor is a modern Penetration testing and Red Teaming often requires to bypass common AV/EDR appliances in order to execute code on a target. With time, defenses are becoming more complex and inherently more difficult to bypass consistently. Inceptor is a tool which can help to automate great part of this process, hopefully requiring no further effort. Features Inceptor is a template-based...
DorkScout : Golang Tool To Automate Google Dork Scan Against The Entiere Internet Or Specific Targets
DorkScout is a tool to automate the finding of vulnerable applications or secret files around the internet throught google searches, dorkscout first starts by fetching the dorks lists from https://www.exploit-db.com/google-hacking-database and then it scans a given target or everything it founds Installation dorkscout can be installed in different ways: Go Packages throught Golang Packages (golang package manager) go get github.com/R4yGM/dorkscout this will work for every platform Docker if you don't have...
