Kali
SSOh-No is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute force/spraying attacks, while also failing to log any failed authentication attempts. This tool …
Continue reading “SSOh-No : User Enumeration And Password Spraying Tool For Testing Azure AD”
TeamsUserEnum, sometimes user enumeration could be sometimes useful during the reconnaissance of an assessment. This tool will determine if an email is registered on teams or not. More details on the immunIT’s blog. Microsoft Teams User Enumeration The pandemic has increased the use of collaborative tools. Microsoft Teams is no exception: the number of daily active …
Continue reading “TeamsUserEnum : User Enumeration With Microsoft Teams API”
Lucifer is a Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and Moreā¦ Use Or Build Automation Modules To Speed Up Your Cyber Security Life git clone https://github.com/Skiller9090/Lucifer.gitcd Luciferpip install -r requirements.txtpython main.py –help If you want the cutting edge changes add -b dev to the end of git clone https://github.com/Skiller9090/Lucifer.git Commands …
Continue reading “Lucifer : A Powerful Penetration Tool For Automating Penetration Tasks”
Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments (i.e. HTB, VulnHub, OSCP) and draws a bit from a number of existing tools including AutoRecon (https://github.com/Tib3rius/AutoRecon), Auto-Recon (https://github.com/Knowledge-Wisdom-Understanding/Auto-Recon), and nmapautomator (https://github.com/21y4d/nmapAutomator). Could also be used in a real-life pentesting …
Continue reading “Autoenum : Automatic Service Enumeration Script”
HTBenum is a Linux enumeration script for Hack The Box. This script is designed for use in situations where you do not have internet access on a Linux host and would like to run enumeration and exploit suggestion scripts, such as Hack The Box. I find myself running a similar set of scripts when I …
Continue reading “HTBenum : A Linux Enumeration Script For Hack The Box”
RFCpwn is an SAP enumeration and exploitation toolkit using SAP RFC calls. This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support. It relies on the pyrfc and the libraries provided by SAP in: https://github.com/SAP/PyRFC#installation Also Read – …
Continue reading “RFCpwn : An Enumeration & Exploitation Toolkit Using RFC Calls To SAP”
FDSploit is a file Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool. It can be used to discover and exploit Local/Remote File Inclusion and directory traversal vulnerabilities automatically. In case an LFI vulnerability is found, –lfishell option can be used to exploit it. For now, 3 different types of LFI shells are supported: Simple: …
SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTP(S) requests and DNS “A” record lookups during the enumeration process to validate discovered subdomains. This provides further information to help prioritize targets and aid in potential next steps. Post-Enumeration, “CNAME” lookups …
Continue reading “Subscraper – Tool That Performs Subdomain Enumeration Through Various Techniques”
