Pentesting Tools
This repository contains an advanced Bash script designed for conducting digital forensics on Linux systems. The script automates the collection of a wide range of system and user data, making it a valuable tool for IT professionals, system administrators, and digital forensic investigators. https://github.com/vm32/Digital-Forensics-Script-for-Linux Features Usage Requirements Security and Privacy Linux Distribution Compatibility The advanced
https://github.com/MegaManSec/SSH-Snake SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, with the objective of creating a comprehensive map of a network and its dependencies to identify the extent that a network can be compromised using SSH and SSH private keys starting from a particular system. SSH-Snake
https://github.com/BeichenDream/GodPotato Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 – Windows 2022, now as long as you have “ImpersonatePrivilege” permission. Then you are “NT AUTHORITY\SYSTEM”, usually WEB
https://github.com/emrekybs/AD-AssessmentKit Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP querying, Kerberos ticket analysis, SMB enumeration, and exploitation of known vulnerabilities like Zerologon and PetitPotam. AD-SecurityAudit.sh Focuses on initial reconnaissance and vulnerability identification in AD domains, requiring only
https://github.com/Aditya-dom/moonwalk-back Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. moonwalk-back is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a ghost in
https://github.com/Quitten/Autorize Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert. Autorize was designed to help security testers by performing automatic authorization tests. With the last release now Autorize also perform automatic authentication tests. Installation User Guide – How to use? Authorization
https://github.com/doyensec/inql InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. 🌟 Features The InQL user interface is equipped with two primary components: the Scanner and the Attacker. 🔎 Scanner The Scanner is the core of InQL v5.0, where you can analyze a GraphQL endpoint or a local
Hey Hunters and Penetration tester I’m again bringing back my new too with its new version Probuster. Now probuster has been improber for its concurrency to fuzz the directory and file then get accurate results, Probuster now works efficiently in you low end to high end system with concurrency because Python’s coroutine and now update
https://github.com/d0ge/sessionless Sessionless is a Burp Suite extension for editing, signing, verifying, attacking signed tokens: Django TimestampSigner, ItsDangerous Signer, Express cookie-session middleware, OAuth2 Proxy and Tornado’s signed cookies. It provides automatic detection and in-line editing of token within HTTP requests/responses and WebSocket messages, signing of tokens and automation of brute force attacks against signed tokens implementations. It was inspired by Fraser Winterborn
https://github.com/gchq/CyberChef https://gchq.github.io/CyberChef The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and
https://github.com/akamai/ddspoof DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments. For additional information, please refer to our blog posts: For information on how to mitigate DDSpoofing attacks in your networks, please refer to Invoke-DHCPCheckup.ps1 Setup Usage Commandline arguments: At startup, DDSpoof will perform the following: After the
https://github.com/Hackmanit/TInjA Features Supported Template Engines .NET Elixir Go Java JavaScript PHP Python Ruby Installation Option 1: Prebuilt Binary Prebuilt binaries of TInjA are provided on the releases page. Option 2: Install Using Go Requirements: go1.21 or higher go install -v github.com/Hackmanit/TInjA@latest
https://github.com/Unit-259/DataBouncing Data Bouncing is a technique for transmitting data between two endpoints using DNS lookups and HTTP header manipulation. This PowerShell version encapsulates core functionalities of data bouncing, including reconnaissance, data exfiltration, and file reassembly, based on a proof of concept (PoC) by John and Dave. More details can be found at The Contractor. This
Welcome to our blog, “Top 05 Footprinting and Reconnaissance Online Tools That You Should Know in 2023”! In this comprehensive guide, we will explore the cutting-edge tools and techniques used for footprinting and reconnaissance in the rapidly evolving cybersecurity landscape. Stay ahead of the game as we delve into the must-know tools that empower security
Introduction HTTP flooding, also known as HTTP DoS (Denial of Service), is a type of cyber attack where an attacker overwhelms a target website or server by flooding it with a massive number of HTTP requests. The goal of this attack is to exhaust the server’s resources, such as bandwidth, processing power, or memory, causing
In the ever-evolving landscape of cybersecurity, organizations face increasing challenges in securing their cloud-based systems. Cloud-based penetration testing automation offers a powerful solution to assess the security posture of these systems efficiently and effectively. By leveraging cloud-hosted tools, organizations can automate various stages of the penetration testing process, enabling comprehensive security assessments, faster remediation, and
