My own tools
Template-ish tools probably going to be developed over time or merged together into one.
Enumeration
- discover_hosts.py - Brute-forces hosts on the target webserver with a given wordlist.
- discover_params.py - Brute-forces parameters on the target url with a given wordlist.
- ldap3client.py - Interactive client for ldap (modify/add functions are not implemented correctly yet). Currently only supports NTLM authentication.
- methodtesting.py - Tests well-known methods of HTTP against target urls.
- nmap.sh - First enumerates all ports and then runs os/version detection, script scanning and traceroute against the open ports.
Exploitation
- ldapdumppwd.py - Dump msDS-Password or LAPS password.
- smbpwn.py - Tool to pentest SMB. Brute-force functionality for given user(list) and pass(wordlist), as well as well-known default credentials. Also has the functionality to check for null sessions on given share(list) or well-known default shares.
- sqli_template.py - Template for error based as well as time based blind sql injection. Current configuration is for reading char-wise from a database, validated by time-based responses from the application. Examples for queries can be found in the examples folder.
- xp_cmdshell.py - Interactive mssql xp_cmdshell with auto reconnect after connection is reset by server. Contains the ability to upload files/binaries in a staged manner via base64 convertion and add-content function of powershell. Also supports powershell instead of default cmd commands when activated.
Utilities
- file2hex.sh - Converts file to copy-pastable hexdump.
- getyaml.py - Prints yaml serialized output of given class.
- matchregex.py - Prints lines that matches the given regex.
- namedpipe_listen.py - Creates a named pipe and listens for a connection. After connection the recieved message will be dumped.
- namedpipe_write.py - Connects to a given named pipe and sends a message.
- stringtohex.py - Converts a string to hexadecimal representation in the following format: \x41\x41\x41.
Public tools
Collection of public tools.
Linux
bundler-audit\
C-Reverse-Shell\
evil-winrm\
FallofSudo\
fimap\
krbrelayx\
lazys3\
linux-exploit-suggester\
logrotten\
marshalsec\
MITMf\
MS17-010\
NetNTLMtoSilverTicket\
phpggc\
PRET\
privilege-escalation-awesome-scripts-suite\
Responder\
Rogue-MySql-Server\
SMBrute\
Sublist3r\
su-bruteforce\
WAFNinja\
Windows-Exploit-Suggester
Non-GitHub resources
Namemash\
ghidra
Windows
CeWL\
ExploitRemotingService\
IOXIDResolver\
MailSniper\
powercat\
PowerShell-Suite\
privilege-escalation-awesome-scripts-suite\
PSByPassCLM\
Rubeus\
username-anarchy\
Windows-Exploit-Suggester
Non-GitHub resources
Apimonitor\
Sysinternals\
x64dbg\
kekeo\
mimikatz\
mingw-w64\
wget\
ncat\
nmap\
nc.exe\
curl\
putty\
hydra\
metasploit\
msbuild\
ghidra\
hashcat\
john\
ida-free\
ysoserial.net\
CANAPE.Core\
Bloodhound\
Process Hacker
More information
Disclaimer
All scripts should be used for authorized penetration testing purposes only. Any misuse will not be the responsibility of the author.