This is your work, valued

Ronnie Flathers

Elite
@ropnop

kerbrute. A tool to perform Kerberos pre-auth bruteforcing

3.4k

windapsearch. Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

972

impacket_static_binaries. Standalone binaries for Linux/Windows of Impacket's examples

751

go-windapsearch. Utility to enumerate users, groups and computers from a Windows domain through LDAP queries

397

serverless_toolkit. A collection of useful Serverless functions I use when pentesting

390

go-clr. A PoC package for hosting the CLR and executing .NET from Go

228

windows_sshagent_extract. PoC code to extract private keys from Windows 10's built in ssh-agent service

177

xxetimes. An interactive OOB XXE data exfiltration tool

92

dockerfiles. A collection of my Dockerfiles

90

kerberos_windows_scripts. Collection of scripts for interacting with AD Kerberos from Linux

72

pentest_charts. Some helpful Helm Charts for pentesters

38

tokenstorage. Example implementations of storing tokens in vanilla JS

33

opennms_hash_cracker. Python script to extract and bruteforce OpenNMS password hashes in users.xml

18

impacket. Impacket is a collection of Python classes for working with network protocols.

9

watchtower_vuln_webapp. Simple Vulnerable WebApp for Training

9

smb. Server Message Block version 2 and 3 protocol library for Go

7

CrackMapExec. A swiss army knife for pentesting networks

6

gokrb5. Pure Go Kerberos library for clients and services

2

Android-InsecureBankv2. Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities

2

blog.ropnop.com. CSS

2

gorestclient. Library for creating generic REST JSON clients

2

minisign. A dead simple tool to sign files and verify digital signatures.

2

dd-trace-java. Datadog APM client for Java

1

go-foo. Test delete me

1

snyk-broker-helm. Smarty

1

hcl. HCL is the HashiCorp configuration language.

1

drone-snyk. Go

1

terraform-provider-tls. Utility provider that works with Transport Layer Security keys and certificates. It provides resources that allow private keys, certificates and certficate requests to be created as part of a Terraform deployment.

1

django-DefectDojo. DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

1

go-smb2. SMB2/3 client library written in Go.

1

gohugo-theme-ananke. Ananke: A theme for Hugo Sites

1

go-ntlmssp. NTLM/Negotiate authentication over HTTP

1

asn1-ber. ASN1 BER Encoding / Decoding Library for the GO programming language.

1

pywerview. A (partial) Python rewriting of PowerSploit's PowerView

1

go-ntlm. Go

1

oxml_xxe. A tool for embedding XXE/XML exploits into different filetypes

1

nginx_tty_docker. A Docker image that runs Nginx in front of GoTTY

1

beautifulhugo. Theme for the Hugo static website generator

1

Detours. Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.

1

bag-of-holding. An application to assist in the organization and prioritization of software security activities.

1

odin. A simple theme for Ghost made for geeks, hackers and developers (forked from Casper).

1

objection. 📱 objection - runtime mobile exploration

1

the-blog. The best blogging platform ever!

1

centos5_python27_docker. Python

1

go-crypto. Fork of go/x/crypto, providing an up-to-date OpenPGP implementation

1

ldap. Basic LDAP v3 functionality for the GO programming language.

1

invoicer. From Securing DevOps

1

smimesign. An S/MIME signing utility for use with Git

1

struc. Better binary packing for Go

1

virtual-environments. GitHub Actions virtual environments

1

goWMIExec. Go

1

ridenum. Rid_enum is a null session RID cycle attack for brute forcing domain controllers.

1