-
Notifications
You must be signed in to change notification settings - Fork 29
/
gunsafe.txt
265 lines (241 loc) · 21.1 KB
/
gunsafe.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
General:
Cheatsheets - Penetration Testing/Security Cheatsheets - https://github.com/liorvh/Cheatsheets-1
awesome-pentest - penetration testing resources - https://github.com/Hack-with-Github/Awesome-Hacking
Red-Team-Infrastructure-Wiki - Red Team infrastructure hardening resources - https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
Infosec_Reference - Information Security Reference - https://github.com/rmusser01/Infosec_Reference
Awesome-Red-Teaming - List of Awesome Red Teaming Resources - https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
awesome-windows-security - List of Awesome Windows Security Resources - https://github.com/chryzsh/awesome-windows-security
Web Services:
JettyBleed - Jetty HttpParser Error Remote Memory Disclosure - https://github.com/AppSecConsulting/Pentest-Tools
clusterd - Jboss/Coldfusion/WebLogic/Railo/Tomcat/Axis2/Glassfish - https://github.com/hatRiot/clusterd
xsser - From XSS to RCE wordpress/joomla - https://github.com/Varbaek/xsser
Java-Deserialization-Exploit - weaponizes ysoserial code to gain a remote shell - https://github.com/njfox/Java-Deserialization-Exploit
CMSmap - CMS scanner - https://github.com/Dionach/CMSmap
wordpress-exploit-framework - penetration testing of WordPress - https://github.com/rastating/wordpress-exploit-framework
joomlol - Joomla User-Agent/X-Forwarded-For RCE - https://github.com/compoterhacker/joomlol
joomlavs - Joomla vulnerability scanner - https://github.com/rastating/joomlavs
mongoaudit - MongoDB auditing and pentesting tool - https://github.com/stampery/mongoaudit
davscan - Fingerprints servers, finds exploits, scans WebDAV - https://github.com/Graph-X/davscan
Web Applications:
HandyHeaderHacker - Examine HTTP response headers for common security issues - https://github.com/vpnguy/HandyHeaderHacker
OpenDoor - OWASP Directory Access scanner - https://github.com/stanislav-web/OpenDoor
ASH-Keylogger - simple keylogger application for XSS attack - https://github.com/AnonymousSecurityHackers/ASH-Keylogger
tbhm - The Bug Hunters Methodology - https://github.com/jhaddix/tbhm
commix - command injection - https://github.com/commixproject/commix
NoSQLMap - Mongo database and NoSQL - https://github.com/tcstool/NoSQLMap
xsshunter - Second order XSS - https://github.com/mandatoryprogrammer/xsshunter
LinkFinder - python script that finds endpoints in JavaScript files - https://github.com/GerbenJavado/LinkFinder
Local privilege escalation:
yodo - become root via limited sudo permissions - https://github.com/b3rito/yodo
Pa-th-zuzu - Checks for PATH substitution vulnerabilities - https://github.com/ShotokanZH/Pa-th-zuzu
sudo-snooper - acts like the original sudo binary to fool users - https://github.com/xorond/sudo-snooper
RottenPotato - local privilege escalation from service account - https://github.com/foxglovesec/RottenPotato
UACMe - Windows AutoElevate backdoor - https://github.com/hfiref0x/UACME
Invoke-LoginPrompt - Invokes a Windows Security Login Prompt - https://github.com/enigma0x3/Invoke-LoginPrompt
Exploits-Pack - Exploits for getting local root on Linux - https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack
windows-privesc-check - Standalone Executable - https://github.com/pentestmonkey/windows-privesc-check
unix-privesc-check - simple privilege escalation vectors - https://github.com/pentestmonkey/unix-privesc-check
LinEnum - local Linux Enumeration & Privilege Escalation Checks - https://github.com/rebootuser/LinEnum
cowcron - Cronbased Dirty Cow Exploit - https://github.com/securifera/cowcron
WindowsExploits - Precompiled Windows exploits - https://github.com/abatchy17/WindowsExploits
Privilege-Escalation - common local exploits and enumeration scripts - https://github.com/AusJock/Privilege-Escalation
Unix-Privilege-Escalation-Exploits-Pack - https://github.com/LukaSikic/Unix-Privilege-Escalation-Exploits-Pack
Sherlock - PowerShell script to quickly find missing software patches - https://github.com/rasta-mouse/Sherlock
GTFOBins - list of Unix binaries that can be exploited to bypass system security restrictions - https://github.com/GTFOBins/GTFOBins.github.io
juicy-potato - local privilege escalation from service account - https://github.com/ohpe/juicy-potato
Phishing:
eyephish - find similar looking domain names - https://github.com/phar/eyephish
phishery - Basic Auth Credential Harvester with a Word Document Template URL Injector - https://github.com/ryhanson/phishery
WordSteal - steal NTLM hashes - https://github.com/0x090x0/WordSteal
ReelPhish - Real-Time Two-Factor Phishing Tool - https://github.com/fireeye/ReelPhish
CredSniper - phishing framework (2FA) - https://github.com/ustayready/CredSniper
evilginx2 - for phishing login credentials along with session cookies - https://github.com/kgretzky/evilginx2
Open Source Intelligence:
truffleHog - Searches through git repositories for high entropy strings - https://github.com/dxa4481/truffleHog
Altdns - Subdomain discovery - https://github.com/infosec-au/altdns
github-dorks - reveal sensitive personal and/or organizational information - https://github.com/techgaun/github-dorks
gitrob - find sensitive information - https://github.com/michenriksen/gitrob
Bluto - DNS Recon , Email Enumeration - https://github.com/darryllane/Bluto
SimplyEmail - Email recon - https://github.com/killswitch-GUI/SimplyEmail
Sublist3r - Fast subdomains enumeration tool for penetration testers - https://github.com/aboul3la/Sublist3r
snitch - information gathering via dorks - https://github.com/Smaash/snitch
RTA - scan all company's online facing assets - https://github.com/flipkart-incubator/RTA
InSpy - LinkedIn enumeration tool - https://github.com/gojhonny/InSpy
LinkedInt - LinkedIn scraper for reconnaissance - https://github.com/mdsecactivebreach/LinkedInt
amass - In-Depth DNS Enumeration and Network Mapping - https://github.com/caffix/amass
DVCS-Pillage - Pillage web accessible GIT, HG and BZR repositories - https://github.com/evilpacket/DVCS-Pillage
UhOh365 - Script that can see if an email address is valid in Office365 - https://github.com/Raikia/UhOh365
o365spray - Username enumeration and password spraying tool - https://github.com/0xZDH/o365spray
raven - Linkedin information gathering tool - https://github.com/0x09AL/raven
patator - multi-purpose brute-forcer - https://github.com/lanjelot/patator
Post-exploitation:
Windows-Exploit-Suggester - patch levels against vulnerability database - https://github.com/GDSSecurity/Windows-Exploit-Suggester
lazykatz - xtract credentials from remote targets protected with AV - https://github.com/bhdresh/lazykatz
Invoke-Vnc - Powershell VNC injector - https://github.com/artkond/Invoke-Vnc
spraywmi - mass spraying Unicorn PowerShell injection - https://github.com/trustedsec/spraywmi
redsnarf - for retrieving hashes and credentials from Windows workstations - https://github.com/nccgroup/redsnarf
HostRecon - situational awareness - https://github.com/dafthack/HostRecon
mimipenguin - login password from the current linux user - https://github.com/huntergregal/mimipenguin
rpivot - socks4 reverse proxy for penetration testing - https://github.com/artkond/rpivot
metasploit-execute-assembly - Metasploit post module to executing a .NET Assembly - https://github.com/b4rtik/metasploit-execute-assembly
NetRipper - Smart traffic sniffing - https://github.com/NytroRST/NetRipper
memscan - Searches for strings, regex, credit card numbers - https://github.com/nccgroup/memscan
pypykatz - Mimikatz implementation in pure Python - https://github.com/skelsec/pypykatz
Invoke-TheHash - PowerShell Pass The Hash Utils - https://github.com/Kevin-Robertson/Invoke-TheHash
Looting:
cookie_stealer - steal cookies from firefox cookies database -https://github.com/rash2kool/cookie_stealer
Wifi-Dumper - dump the wifi profiles and cleartext passwords of the connected access points - https://github.com/Viralmaniar/Wifi-Dumper
WebLogicPasswordDecryptor - decrypt WebLogic passwords - https://github.com/NetSPI/WebLogicPasswordDecryptor
jenkins-decrypt - Credentials dumper for Jenkins - https://github.com/tweksteen/jenkins-decrypt
mimikittenz - ReadProcessMemory() in order to extract plain-text passwords - https://github.com/putterpanda/mimikittenz
LaZagne - Credentials recovery project - https://github.com/AlessandroZ/LaZagne
SessionGopher - extract WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop - https://github.com/fireeye/SessionGopher
BrowserGather - Fileless web browser information extraction - https://github.com/sekirkity/BrowserGather
windows_sshagent_extract - extract private keys from Windows 10 ssh-agent service - https://github.com/ropnop/windows_sshagent_extract
MailSniper - searching through email in a Microsoft Exchange - https://github.com/dafthack/MailSniper
Invoke-CredentialPhisher - powershell script to send toast notifications - https://github.com/fox-it/Invoke-CredentialPhisher
Multipass - Password manager credential recovery tool - https://github.com/abednarek/Multipass
KeyTabExtract - Extracts Key Values from .keytab files - https://github.com/sosdave/KeyTabExtract
sus_ssh - Phishing SSH Key Passphrases - https://github.com/patins/sus_ssh
Network Hunting:
Sticky-Keys-Slayer - Scans for accessibility tools backdoors via RDP - https://github.com/linuz/Sticky-Keys-Slayer
DomainPasswordSpray - password spray attack against users of a domain - https://github.com/dafthack/DomainPasswordSpray
BloodHound - reveal relationships within an Active Directory - https://github.com/adaptivethreat/BloodHound
CredNinja - identify if credentials are valid - https://github.com/Raikia/CredNinja
EyeWitness - take screenshots of websites - https://github.com/ChrisTruncer/EyeWitness
gowitness - a golang, web screenshot utility - https://github.com/sensepost/gowitness
PowerUpSQL - PowerShell Toolkit for Attacking SQL Server - https://github.com/NetSPI/PowerUpSQL
sparta - scanning and enumeration - https://github.com/SECFORCE/sparta
Sn1per - Automated Pentest Recon Scanner - https://github.com/1N3/Sn1per
PCredz - This tool extracts creds from a pcap file or from a live interface - https://github.com/lgandx/PCredz
ridrelay - Enumerate usernames on a domain where you have no creds - https://github.com/skorov/ridrelay
goddi - dumps Active Directory domain information - https://github.com/NetSPI/goddi
SprayingToolkit - Scripts to make password spraying attacks - https://github.com/byt3bl33d3r/SprayingToolkit
exchange_hunter2 - Hunting for Microsoft Exchange the LDAP Way - https://github.com/aslarchergore/exchange_hunter2
adidnsdump - Active Directory Integrated DNS dumping - https://github.com/dirkjanm/adidnsdump
PrivExchange - Exchange your privileges for Domain Admin - https://github.com/dirkjanm/PrivExchange
ldapdomaindump - Active Directory information dumper via LDAP - https://github.com/dirkjanm/ldapdomaindump
impacket_static_binaries - Standalone binaries - https://github.com/ropnop/impacket_static_binaries
Exchange2domain - All in One tools of privexchange - https://github.com/Ridter/Exchange2domain
Wireless:
air-hammer - WPA Enterprise horizontal brute-force - https://github.com/Wh1t3Rh1n0/air-hammer
mana - toolkit for wifi rogue AP attacks - https://github.com/sensepost/mana
crEAP - Harvesting Users on Enterprise Wireless Networks - https://github.com/Shellntel/scripts
wifiphisher - phishing attacks against Wi-Fi clients - https://github.com/sophron/wifiphisher
WiFiSuite - consolidating the most common tools - https://github.com/NickSanzotta/WiFiSuite
Man in the Middle:
mitmproxy - An interactive TLS-capable intercepting HTTP proxy - https://github.com/mitmproxy/mitmproxy
bettercap - bettercap - https://github.com/evilsocket/bettercap
MITMf - Framework for Man-In-The-Middle attacks - https://github.com/byt3bl33d3r/MITMf
Gifts/Responder - Responder for old python - https://github.com/Gifts/Responder
mitm6 - pwning IPv4 via IPv6 - https://github.com/fox-it/mitm6
shelljack - man-in-the-middle pseudoterminal injection - https://github.com/emptymonkey/shelljack
SMBetray - SMB MiTM tool - https://github.com/quickbreach/SMBetray
Physical:
Brutal - Payload for teensy - https://github.com/Screetsec/Brutal
poisontap - Exploits locked/password protected computers over USB - https://github.com/samyk/poisontap
OverThruster - HID attack payload generator for Arduinos - https://github.com/RedLectroid/OverThruster
Paensy - An attacker-oriented library for the Teensy 3.1 microcontroller - https://github.com/Ozuru/Paensy
Kautilya - Payloads for a Human Interface Device - https://github.com/samratashok/Kautilya
Payloads:
JavaReverseTCPShell - Spawns a reverse TCP shell in Java - https://github.com/quantumvm/JavaReverseTCPShell
splunk_shells - Splunk with reverse and bind shells - https://github.com/TBGSecurity/splunk_shells
pyshell - shellify Your HTTP Command Injection - https://github.com/praetorian-inc/pyshell
RobotsDisallowed - harvest of the Disallowed directories - https://github.com/danielmiessler/RobotsDisallowed
SecLists - collection of multiple types of lists - https://github.com/danielmiessler/SecLists
Probable-Wordlists - Wordlists sorted by probability - https://github.com/berzerk0/Probable-Wordlists
ARCANUS - payload generator/handler. - https://github.com/EgeBalci/ARCANUS
weevely3 - Weaponized web shell - https://github.com/epinna/weevely3
fuzzdb - Dictionary of attack patterns - https://github.com/fuzzdb-project/fuzzdb
payloads - web attack payloads - https://github.com/foospidy/payloads
Brosec - An interactive reference tool for payloads - https://github.com/gabemarshall/Brosec
Demiguise - HTA encryption tool - https://github.com/nccgroup/demiguise
PayloadsAllTheThings - A list of useful payloads - https://github.com/swisskyrepo/PayloadsAllTheThings
statistically-likely-usernames - statistically likely username lists - https://github.com/insidetrust/statistically-likely-usernames
ysoserial.net - Deserialization payload generator for .NET - https://github.com/pwntester/ysoserial.net
Droppers:
HERCULES - payload generator that can bypass antivirus - https://github.com/EgeBalci/HERCULES
MacroShop - delivering payloads via Office Macros - https://github.com/khr0x40sh/MacroShop
ClickOnceGenerator - Quick Malicious ClickOnceGenerator - https://github.com/Mr-Un1k0d3r/ClickOnceGenerator
luckystrike - A PowerShell based utility for the creation of malicious Office macro documents - https://github.com/Shellntel/luckystrike
Insanity-Framework - Generate Payloads - https://github.com/4w4k3/Insanity-Framework
Winpayloads - Undetectable Windows Payload Generation - https://github.com/nccgroup/Winpayloads
Enigma - Multiplatform payload dropper - https://github.com/UndeadSec/Enigma
Gscript - framework to rapidly implement custom droppers - https://github.com/gen0cide/gscript
mcreator - Encoded Reverse Shell Generator - https://github.com/blacknbunny/mcreator
Phantom-Evasion - Python AV evasion tool - https://github.com/oddcod3/Phantom-Evasion
mcreator - Encoded Reverse Shell Generator - https://github.com/blacknbunny/mcreator
hershell - Multiplatform reverse shell generator - https://github.com/lesnuages/hershell
wep - Weaponize Macro payloads - https://github.com/ghost123gg/wep
EvilClippy - creating malicious MS Office documents - https://github.com/outflanknl/EvilClippy
macro_pack - MS Office documents or VBS - https://github.com/sevagas/macro_pack
AVIator - backdoor generator utility - https://github.com/Ch0pin/AVIator
MaliciousMacroGenerator - Malicious Macro Generator - https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator
donut - hellcode that loads .NET Assemblies, PE files - https://github.com/TheWover/donut
Apple:
MMeTokenDecrypt - Decrypts and extracts iCloud and MMe authorization tokens - https://github.com/manwhoami/MMeTokenDecrypt
OSXChromeDecrypt - Decrypt Google Chrome and Chromium Passwords on Mac OS X - https://github.com/manwhoami/OSXChromeDecrypt
EggShell - iOS and OS X Surveillance Tool - https://github.com/neoneggplant/EggShell
bonjour-browser - command line tool to browse for Bonjour - https://github.com/watson/bonjour-browser
logKext - open source keylogger for Mac OS X - https://github.com/SlEePlEs5/logKext
OSXAuditor - OS X computer forensics tool - https://github.com/jipegit/OSXAuditor
davegrohl - Password Cracker for OS X - https://github.com/octomagon/davegrohl
chainbreaker - Mac OS X Keychain Forensic Tool - https://github.com/n0fate/chainbreaker
FiveOnceInYourLife - Local osx dialog box phishing - https://github.com/fuzzynop/FiveOnceInYourLife
ARD-Inspector - ecrypt the Apple Remote Desktop database - https://github.com/ygini/ARD-Inspector
keychaindump - reading OS X keychain passwords - https://github.com/juuso/keychaindump
Bella - python, post-exploitation, data mining tool - https://github.com/manwhoami/Bella
EvilOSX - pure python, post-exploitation, RAT - https://github.com/Marten4n6/EvilOSX
Apfell - A macOS, post-exploit, red teaming framework - https://github.com/its-a-feature/Apfell
Captive Portals:
cpscam - Bypass captive portals by impersonating inactive users - https://github.com/codewatchorg/cpscam
Passwords:
pipal - password analyser - https://github.com/digininja/pipal
wordsmith - assist with creating tailored wordlists - https://github.com/skahwah/wordsmith
Invoke-PWAudit - discover similarly named accounts with shared passwords in AD - https://github.com/ubeeri/Invoke-PWAudit
Obfuscation:
ObfuscatedEmpire - fork of Empire with Invoke-Obfuscation integrated directly in - https://github.com/cobbr/ObfuscatedEmpire
obfuscate_launcher - Simple script for obfuscating payload launchers - https://github.com/jamcut/obfuscate_launcher
Invoke-CradleCrafter - Download Cradle Generator & Obfuscator - https://github.com/danielbohannon/Invoke-CradleCrafter
Invoke-Obfuscation - PowerShell Obfuscator - https://github.com/danielbohannon/Invoke-Obfuscation
nps_payload - payloads for basic intrusion detection avoidance - https://github.com/trustedsec/nps_payload
C# Tooling:
SharpWeb - .NET 2.0 CLR project to retrieve saved browser credentials - https://github.com/djhohnstein/SharpWeb
reconerator - C# Targeted Attack Reconnissance Tools - https://github.com/stufus/reconerator
SafetyKatz - create a minidump of LSASS - https://github.com/GhostPack/SafetyKatz
SharpShooter - framework for the retrieval and execution of arbitrary CSharp source code - https://github.com/mdsecactivebreach/SharpShooter
SharpCradle - download and execute .NET binaries into memory - https://github.com/anthemtotheego/SharpCradle
Sharp-WMIExec - C# conversion of Invoke-WMIExec - https://github.com/checkymander/Sharp-WMIExec
Sharp-SMBExec - C# conversion of Invoke-SMBExec https://github.com/checkymander/Sharp-SMBExec
SharpCloud - Collecting AWS, Microsoft Azure, and Google Compute creds - https://github.com/chrismaddalena/SharpCloud
SharpView - C# implementation of PowerView - https://github.com/tevora-threat/SharpView
SharpHound - The BloodHound C# Ingestor - https://github.com/BloodHoundAD/SharpHoun
SharpGen - C# compiler to cross-compile .NET console applications or libraries. - https://github.com/cobbr/SharpGen
InveighZero - C# LLMNR/NBNS spoofer - https://github.com/Kevin-Robertson/InveighZero
SharpSploitConsole - Console Application designed to interact with SharpSploit - https://github.com/anthemtotheego/SharpSploitConsole
SharpSniper - Find specific users in active directory via username and IP address - https://github.com/HunnicCyber/SharpSniper
SharPersist - Windows persistence toolkit - https://github.com/fireeye/SharPersist
RedTeamCSharpScripts - C# Script used for Red Team - https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts
SharPyShell - iny and obfuscated ASP.NET webshell for C# - https://github.com/antonioCoco/SharPyShell
Not Powershell:
PowerShdll - Run PowerShell with rundll32 - https://github.com/p3nt4/PowerShdll
PowerLine- Powershell Scripts in a binary - https://github.com/fullmetalcache/PowerLine
PowerOPS - C# that runs PowerShell commands and functions - https://github.com/fdiskyou/PowerOPS
nps - Not PowerShell - https://github.com/Ben0xA/nps
PowerHub - post exploitation tool - https://github.com/AdrianVollmer/PowerHub
RATs:
SILENTTRINITY - post-exploitation agent powered by Python, IronPython, C# and .NET's DLR - https://github.com/byt3bl33d3r/SILENTTRINITY
DoHC2 - command and control (C2) via DNS over HTTPS (DoH) - https://github.com/SpiderLabs/DoHC2
RemoteRecon - Remote Recon and Collection - https://github.com/xorrior/RemoteRecon
Mertin - cross-platform post-exploitation HTTP/2 Command & Control - https://github.com/Ne0nd0g/merlin
dnscat2-powershell - encrypted DNS command and control tool - https://github.com/lukebaggett/dnscat2-powershell
Koadic - JScript RAT - https://github.com/zerosum0x0/koadic
Pupy - cross-platform RAT written in python - https://github.com/n1nj4sec/pupy
sliver - Implant framework - https://github.com/BishopFox/sliver
Covenant - Covenant is a collaborative .NET C2 - https://github.com/cobbr/Covenant
Cloud:
pacu - The AWS exploitation framework - https://github.com/RhinoSecurityLabs/pacu
weirdAAL - AWS Attack Library - https://github.com/carnal0wnage/weirdAAL
ScoutSuite - Multi-Cloud Security Auditing Tool - https://github.com/nccgroup/ScoutSuite
AWS-IAM-Privilege-Escalation - AWS IAM privilege escalation methods - https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
nimbostratus - ingerprinting and exploiting Amazon cloud infrastructures - https://github.com/andresriancho/nimbostratus