M365_Groups_Enum : Enumerate Microsoft 365 Groups In A Tenant With Their Metadata
M365_Groups_Enum is the all_groups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata: namevisibility: public or privatedescriptionemail addressownersmembersTeams enabled?SharePoint URL (e.g. for Teams shared files) All of this, even for private Groups! Read more about this on my blog article "Risks of Microsoft Teams and Microsoft 365 Groups" The reporting.py script will take the JSON output from all_groups.py and generates a CSV...
Tscopy : Tool to parse the NTFS $MFT file to locate and copy specific files
Tscopy is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system (OS) because they are in use, which is particularly frustrating with event logs and registry hives. It allows the user, who is running with administrator privileges, to access locked files...
Cook : A Customizable Wordlist And Password Generator
Cook is a customizable wordlist and password generator. Easily create permutations and combinations of words with predefined sets of extensions, words and patterns/function to create complex endpoints, wordlists and passwords. Easy UX, Checkout Usage. InstallationUsageBasic PermutationAdvance PermutationCustomizing toolPredefined SetsExtension SetsWords SetsCharacter sets - Use it like crunchPatterns/FunctionsInt RangesUsing FilesRegex Input from FileFile Not FoundSave your wordlists by unique namesUppercase, Lowercase,...
Invoke-Stealth : Simple And Powerful PowerShell Script Obfuscator
Invoke-Stealth is a Simple & Powerful PowerShell Script Obfuscator. This tool helps you to automate the obfuscation process of any script written in PowerShell with different techniques. You can use any of them separately, together or all of them sequentially with ease, from Windows or Linux. Requirements Powershell 4.0 or higherBash*Python 3* *Required to use all features Download It is recommended to clone the complete repository...
Profil3r : OSINT Tool That Allows You To Find A Person’S Accounts And Emails + Breached Emails
Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails. Prerequisite Python 3 Installation Install PyInquirer and jinja2 : pip3 install PyInquirer jinja2 Install Profil3r : git clone https://github.com/Rog3rSm1th/Profil3r.gitcd Profil3r/sudo python3 setup.py install Features Domain TLD (.com, .org, .net, etc...) Emails Data leaks Emails Social Instagram Facebook Twitter Tiktok Pinterest Linktr.ee MySpace Music Soundcloud Spotify Programming Github Pastebin Repl.it Cracked.to Forum 0x00sec.org Jeuxvideo.com Hackernews Tchat Skype Entertainment Dailymotion Vimeo Porn PornHub RedTube XVideos Money BuyMeACoffee Report JSON A...
Fav-Up : IP Lookup By Favicon Using Shodan
Fav-Up is a tool used for lookups for real IP starting from the favicon icon and using Shodan. Installation pip3 install -r requirements.txt Shodan API key (not the free one) Usage CLI First define how you pass the API key: -k or --key to pass the key to the stdin-kf or --key-file to pass the filename which get the key from-sc or --shodan-cli to get the key from Shodan CLI (if you initialized it) As of now,...
Ldsview : Offline search tool for LDAP directory dumps in LDIF format
Ldsview is a offline search tool for LDAP directory dumps in LDIF format. Features Fast and memory efficient parsing of LDIF filesBuild ldapsearch commands to extract an LDIF from a directoryShow directory structureUAC and directory time format translation Config Config options can be passed as CLI flags, environment variables, or via a config file courtsey of viper. Reference the project's documentation for all of the different...
Posta : Cross-document Messaging Security Research Tool
Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and includes features such as replaying messages sent between windows within any attached browser. Prerequisites Google Chrome / ChromiumNode.js (optional) Installation Development Environment Run Posta in a full development environment with a dedicated browser (Chromium): Install Posta git clone https://github.com/benso-io/postacd postanpm install Launch the dedicated Chromium session using the following command: node posta<URL> Click on the Posta...
OverRide : Binary Exploitation And Reverse-Engineering
OverRide is a explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag - password for next levelREADME.md - how to find passwordsource.c - the reverse engineered binarydissasembly_notes.md - notes on asm See the subject for more details. Getting Started First download from 42 OverRide.iso. Virtual Machine setup On Mac OSX, install VirtualBox. In VirtualBox create a new VM (click new). Name and operating system -...
SlackPirate : Slack Enumeration & Extraction Tool
SlackPirate is a tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack workspace given an access token. As of May 2018, Slack has over 8 million customers and that number is rapidly rising - the integration and 'ChatOps' possibilities are endless and allows teams (not just developers!) to create some really powerful...
