This is your work, valued
WPForce. Wordpress Attack Suite
976LAPSDumper. Dumping LAPS from Python
287NorkNork. Powershell Empire Persistence finder
119DCSync. DCSync Attack from Outside using Impacket
118Hwacha. Deploy payloads to *Nix systems en masse
109ReadingList. Python
108GetFGPP. Get Fine Grained Password Policy
79pOSt-eX. Post-exploitation scripts for OS X persistence and privesc
73Slackor. A Golang implant that uses Slack as a command and control server
48DockerKnocker. Exploits Unauth Docker API
45CUCMe. Cisco Unfied Call Manager enumeration
24Dissonance. Rogue Synergy server
18BurpIntruderDownloader. https://www.n00py.io/2020/05/extracting-files-from-burp-intruder-output/
14AngryHippo. Exploiting the HippoConnect protocol for HippoRemote
10Coercer. A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
8CactusCon2023.
7RapidIdentity_spray. For Spraying RapidIdentity Portals
4Pandoras-Box. This repo contains my custom scripts for Penetration Testing and Red Team Assessments. I will keep on updating this repo as and when I get time.
3go-secdump. Tool to remotely dump secrets from the Windows registry
3awesome-pentest. A collection of awesome penetration testing resources, tools and other shiny things
3BetterHeaderGetter. Python
3BlackHatPython. Black Hat Python Labs
3CVE-2022-39197. CobaltStrike <= 4.7.1 RCE
2java_deserialization_exploits. A collection of Java Deserialization Exploits
2SprayingToolkit. Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient
2awesome-windows-security. List of Awesome Windows Security Resources
2plznospy. Go
2go-execute-assembly. Allow a Go process to dynamically load .NET assemblies
2nps_payload. This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. Written by Larry Spohn (@Spoonman1091) Payload written by Ben Mauch (@Ben0xA) aka dirty_ben
2PractiScore. Auto-registers for matches in PractiScore
2routersploit. The Router Exploitation Framework
2KeychainCracker. macOS keychain cracking tool
1n00py.
1FuzzStrings. Simple, hand-picked list of fuzz strings
1CrackMapExec. A swiss army knife for pentesting networks
1NetExec. The Network Execution Tool
1respounder. Respounder detects presence of responder in the network.
1SeeYouCM-Thief. HTML
1findmyhash. Hash cracker
1twittor. A fully featured backdoor that uses Twitter as a C&C server
1impacket. Impacket is a collection of Python classes for working with network protocols.
1go-mimikatz. A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.
1OffensiveGoLang. A collection of Offensive Go packages.
1