SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket

tổng hợp tool ctf

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

RDP Wrapper Library

A tool to dump the login password from the current linux user

A small python script to check for Cross-Site Tracing (XST)

HTTPoxy Exploit Scanner by 1N3 @CrowdShield

Automatically Launch Google Hacking Queries Against A Target Domain

Automatically brute force all services running on a target.

Red Teaming Tactics and Techniques

CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.

A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

Some useful scripts I have written or collected

DNSDB API Client, C Version

Windows Credentials Editor v1.3beta

Proof of concept to "bypass" signing enforcement by tainting the Windows CA.

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

A Python Framework For NoSQL Scanning and Exploitation

Python based scanner to find potential SSRF parameters

PoC code for CVE-2019-0841 Privilege Escalation vulnerability

Vulncode-DB project

An Active Directory audit utility

A Nmap XSL implementation with Bootstrap.

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Multi-Cloud Security Auditing Tool

A cobaltstrike script that integrates DDEAuto Attacks

Kerberos accounts enumeration taking advantage of AS-REQ

psychoPATH - an advanced path traversal tool. Features: evasive techniques, dynamic web root list generation, output encoding, site map-searching payload generator, LFI mode, nix & windows support,…

A permutation generation tool written in golang