MSSQLi-DUET : MSSQL Injection-based Domain User Enumeration Tool
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various forms of WAF bypass techniques through the implementation of SQLmap tamper functions. Additional tamper functions can be incorporated by the user depending on the situation and environment. Comes in two flavors: straight-up Python script for terminal use, or a Burp...
AWSPX : A Graph-Based Tool For Visualizing Effective Access
AWSPX is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine what actions affect which resources, while taking into account how these actions may be combined to produce attack paths. Unlike tools like Bloodhound, awspx requires permissions to function. It is not expected to be useful in cases where these...
Pulsar : Network Footprint Scanner Platform
Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its infrastructure. Along with network data visualization, it attempts to give a basic vulnerability score to find infrastructure weak points and their relation to other resources. It can be also used as...
CVE-2020-0796 : Windows SMBv3 Client/Server Remote Code Execution Vulnerability
CVE-2020-0796 is a remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to...
R00kie-Kr00kie : PoC Exploit For The CVE-2019-15126 Kr00k Vulnerability
R00kie-Kr00kie is a PoC exploit for the CVE-2019-15126 kr00k vulnerability. This project is intended for educational purposes only and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials. Requirements To use these scripts, you will need a WiFi card supporting the active monitor mode with...
One-Lin3r : Gives You One Liners That Aids In Penetration Testing Operations
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners). It consists of various...
SauronEye : Search Tool To Find Specific Files Containing Specific Words
SauronEye is a search tool built to aid red teams in finding files containing specific keywords. Features Search multiple (network) drivesSearch contents of filesSearch contents of Microsoft Office files (.doc, .docx, .xls, .xlsx)Find VBA macros in old 2003 .xls and .doc filesSearch multiple drives multi-threaded for increased performanceSupports regular expressions in search keywordsCompatible with Cobalt Strike's execute-assembly It's also quite fast, can...
InQL – A Burp Extension for GraphQL Security Testing
A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension. Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for: Queries, mutations, subscriptionsIts fields and argumentsObjects and custom objects types InQL can inspect the introspection query...
MSSQLProxy : A Toolkit To Perform Lateral Movement In Restricted Environments
MSSQLProxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. It consists of three parts: CLR assembly: Compile assembly.csCore DLL: Compile reciclador.slnClient: mssqlclient.py (based on Impacket's example) You can compile the libraries or download them from releases...
ProjectOpal : Stealth Post-Exploitation Framework For WordPress
We intentionally made it for our penetration testing jobs however its getting grey hairs now so we thought we would like to pass it on to the public!. ProjectOpal or Opal. Is a stealth post exploit framework for wordpress sites that can hide its trace from logs and obfuscate it's way through the system! :) Fun cool...
