This is your work, valued

Dan McInerney

Elite
@DanMcInerney

Agent builder and security engineer

wifijammer. Continuously jam all wifi clients/routers

4.3k

LANs.py. Inject code and spy on wifi users

2.6k

net-creds. Sniffs sensitive data from interface or pcap

1.9k

xsscrapy. XSS spider - 66/66 wavsep XSS detected

1.7k

icebreaker. Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment

1.2k

pymetasploit3. Automation library for Metasploit

409

pentest-machine. Automates some pentest jobs via nmap xml file

325

dnsspoof. DNS spoofer. Drops DNS responses from the router and replaces it with the spoofed DNS response

293

fakeAP. Create fake AP in Kali with 1 command

271

elite-proxy-finder. Finds public elite anonymity proxies and concurrently tests them

250

msf-autoshell. Feed the tool a .nessus file and it will automatically get you MSF shell

239

creds.py. Harvest FTP/POP/IMAP/HTTP/IRC creds

168

fast-recon. Does some google dorks against a domain

166

wifi-monitor. Prints the IPs on your local network that're sending the most packets

155

device-pharmer. Opens 1K+ IPs or Shodan search results and attempts to login

148

msf-autopwn. Autoexploitation of some of the most common vulnerabilities in wild

125

search-google. Scrape google search results

94

autorelay. Automatically performs the SMB relay attack

73

msfbot. WORK IN PROGRESS. Waits for MSF session then automatically gets domain admin

64

get_proxy. Py class that returns fastest http proxy

55

best-channel. Find wifi channel with least interference

54

Invoke-Cats. Obfuscated Invoke-Mimikatz

52

SMB-reverse-brute. Async'ly gather unique usernames thru null SMB sessions and bruteforce them with 2 passwords

51

smb-autopwn. Discovers and exploits hosts vulnerable to MS08-067/MS17-010

43

Autobloodhound. Automatically parses and attacks BloodHound-generated graphs

43

shellshock-hunter. Concurrently test bing results for shellshock vulnerability

42

autoresp. Runs Responder, uploads hashes for cracking, alerts when cracked

37

FuzzStrings. Simple, hand-picked list of fuzz strings

34

crawler.py. async web crawler

31

cookiejack. ARP spoof then session jack within your browser

29

shellshock-hunter-google. Search google for shellshock vulnerable sites

27

nmap-parser. Parses Nmap XML files

25

net-sniffer. Sniffs an interface/pcap file and concatenates fragmented packet loads

22

MsfWrapper. Asynchronous MSF RPC API wrapper

21

shodan-search. Python

19

WPSmash. Python

17

Probable-Wordlists. Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!

16

mailspy. Catch IMAP/POP passwords and see incoming and outgoing messages

16

arp-ping-detector. ARP ping detector on local network

15

SecLists. SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

15

flashforge-finder-api. FlashForge Finder 3D Printer API with temperature control

14

CrackMapExec. A swiss army knife for pentesting Windows/Active Directory environments

14

async-meterpreter-controller. Template for asynchronously controlling meterpreter sessions

13

Obf-Cats. Obfuscated Invoke-Mimikatz script

13

theHarvester. E-mails, subdomains and names Harvester - OSINT

13

search-bing. Search bing with python

12

MS17-010. MS17-010

12

injecthtml. injecthtml

12

postanalyzer. Analyze and log POSTs your machine makes

11

metasploit-framework. Metasploit Framework

11

joomla-addon-hunter. Find potential SQLi in Joomla URLs

8

UfcstatsScraper. Scrapes ufcstats.com for data

8

vimrc. My .vimrc

8

pystemon. Monitoring tool for PasteBin-alike sites written in Python. Inspired by pastemon http://github.com/xme/pastemon

8

BestfightoddsScraper. Asynchronously scrape bestfightodds.com for odds data

7

Invoke-Pwds. Obfuscated Invoke-PowerDump for SAM hash retrieval

7

MMA-parser-for-Sherdog-and-UFC-data. Python web scraper for Sherdog & UFC data. Creates output of your choice in csv or json format.

7

arpdet. Detects and deauths arp spoofers automatically. Broken.

5

patator. Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

3