.png)
ExchangeFinder is a simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange. ExchangeFinder can identify the exact version of Microsoft Exchange starting from Microsoft Exchange 4.0 to Microsoft Exchange Server 2019. How does it work? ExchangeFinder will first try …
Tag Archives: Domain
Masky : Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS
Masky is a python library providing an alternative way to remotely dump domain users’ credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and does …
SpoofThatMail : Bash Script To Check If A Domain Or List Of Domains Can Be Spoofed Based In DMARC Records
SpoofThatMail is a Bash script to check if a domain or list of domains can be spoofed based in DMARC records File with domains: sh SpoofThatMail.sh -f domains.txt One single domain: sh SpoofThatMail.sh -d domain The script may not work if sp param is before p param (currently working on this) Test manually using nslookup …
RemotePotato0 : Just Another “Won’t Fix” Windows Privilege Escalation From User To Domain Admin
RemotePotato0 is an exploit that allows you to escalate your privileges from a generic User to Domain Admin. Briefly: It abuses the DCOM activation service and trigger an NTLM authentication of the user currently logged on in the target machine. It is required you have a shell in session 0 (e.g. WinRm shell or SSH …
Domained : Multi Tool Subdomain Enumeration
Domained is a domain name enumeration tool. The tools contained in it requires Kali Linux (preferred) or Debian 7+ and Recon-ng. It uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots, server response headers and signature based default credential checking. …
Continue reading “Domained : Multi Tool Subdomain Enumeration”
Richkit : Domain Enrichment Toolkit
Richkit is a python3 package that provides tools taking a domain name as input, and returns additional information on that domain. It can be an analysis of the domain itself, looked up from data-bases, retrieved from other services, or some combination thereof. The purpose of richkit is to provide a reusable library of domain name-related …
BadBlood : Microsoft Active Directory Domain With A Structure
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing …
Continue reading “BadBlood : Microsoft Active Directory Domain With A Structure”
Turbolist3r : Subdomain Enumeration Tool With Analysis Features For Discovered Domains
Turbolist3r is a fork of the sublist3r subdomain discovery tool. In addition to the original OSINT capabilties of sublist3r, turbolist3r automates some analysis of the results, with a focus on subdomain takeover. Turbolist3r queries public DNS servers for each discovered subdomain. If the subdomain exists (i.e. the resolver replied with an address), the answer is …
ADAudit : Powershell Script To Do Domain Auditing Automation
ADAudit is a PowerShell Script to perform a quick AD audit. If you have any decent powershell one liners that could be used in the script please let me know. I’m trying to keep this script as a single file with no requirements on external tools (other than ntdsutil and cmd.exe) Run directly on a …
Continue reading “ADAudit : Powershell Script To Do Domain Auditing Automation”
Rock-ON : All In One Recon Tool That Will Just Get A Single Entry Of The Domain Name & Do All Of The Work Alone
Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainly aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable …