The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
Snoopy v2.0 - modular digital terrestrial tracking framework
Wadi Fuzzing Harness
SensePost's patches to hostapd for rogue access points. First presented at Defcon 22
Our mana toolkit for wifi rogue AP attacks and MitM - see hostapd-mana too
Windows 8.1 x64 Exploit for MS16-098 RNGOBJ_Integer_Overflow
A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions
Python script to inject existing Android applications with a Meterpreter payload.
Automated DLL Enumerator
A tool to abuse Exchange services
Checks X11 and outputs a screenshot to of the display if allowed and the display is active
Our fork of the esp-link firmware with a built in VNC server for passing input events to an AVR. Part of our Universal Serial aBUSe project.
Universal Serial aBUSe is a project to demonstrate the risks of hardware bypasses of software security by Rogan Dawes at SensePost.
Miscellaneous projects related to attacking Windows.
A websocket proxy
Big Iron Recon & Pwnage
DNS-Shell is an interactive Shell over DNS channel
Drag and Drop ClickJacking PoC development assistance tool.
(extensible) Data Exfiltration Toolkit (DET)
Proxy Server network scanner and tunnelling tool.
Memcache hacking tool.
Auto Domain Admin and Network Exploitation.
Local Transform Wrapper for Maltego
Frontpage and Sharepoint fingerprinting and attack tool.
Quick python script to automatically load NTLM hashes from Responder logs and fires up Hashcat to crack them
A set of local skype transforms for Maltego to utilise Skype and search the directory
Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi.
Hippy tool for interaction with "modern" databases.
HTTP Brute Forcer (Java replacement for SP's CrowBar).