BruteShark
Network Analysis Tool
We need extract credential from PCAP after Sniffing !
Extracting and encoding usernames and passwords (HTTP, FTP, Telnet, IMAP, SMTP...)
Extract authentication hashes and crack them using Hashcat (Kerberos, NTLM, CRAM-MD5, HTTP-Digest...)
Build visual network diagram (Network nodes & users)
Extract DNS queries
Reconstruct all TCP & UDP Sessions
File Carving
Extract Voip calls (SIP, RTP)
https://github.com/odedshimon/BruteShark/releases/tag/v1.2.2
Similar Tools :
1) Xplico (free)
2) Netwitness (Commercial maybe crack !)
https://github.com/xplico/xplico/releases/tag/v.1.2.2
https://www.netwitness.com/
#scrabbling #postExploit

SpoolSploit
A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.
https://github.com/BeetleChunks/SpoolSploit
#printnightmare #printspooler #scanner #autoexploit #python

PingCastle
It does quickly collect the most important information of the Active Directory to establish an overview on it. Based on a model and rules, it evalutes the score of the sub-processes of the Active Directory. Then based on this evaluation, it report the risk evaluation of it.
https://www.pingcastle.com/download/
#activedirectory #pingcastle #risk #windows

Splunk Security Content
This project gives you access to our repository of Analytic Stories that are security guides the provide background on TTPs, mapped to the MITRE framework, the Lockheed Martin Kill Chain, and CIS controls. They include Splunk searches, machine-learning algorithms, and Splunk Phantom playbooks (where available)—all designed to work together to detect, investigate, and respond to threats.
https://github.com/splunk/security_content/releases/tag/v3.25.1
#splunk #blueteam

Windows Privilege Escalation from User to Domain Admin.
https://github.com/antonioCoco/RemotePotato0/releases/tag/0.1
#Windows #PE #RPC

This is a collection of C# tooling and POCs I've created for use on operations. Each project is designed to use no external libraries. Open each project's .SLN in Visual Studio and compile as "Release".
از این ابزارها می تونید برای post exploit استفاده کنید خوبیش اینکه کد به صورتی زده که dll اضافی نیاز نداره
https://github.com/matterpreter/OffensiveCSharp
#offensivecsharp #readteaming #hackingtools

Online & Hosted Reverse Shell Generator
===========================
https://www.revshells.com/
https://github.com/0dayCTF/reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
Features:
- Generate common listeners and reverse shells
- Raw mode to cURL shells to your machine.
- Button to increment the listening port number by 1
- URI and Base64 encoding
- LocalStorage to persist your configuration
#reverseshell #CTF

h4ck
1)fortune: random IPs scanner/generator
2)netbat : hosts + ports scanner, supports host list (+CIDR)
3)rtsp_brute: fuzz&brute rtsp cameras
4)vpn: connect to VPN server using openvpn
5)webmap: Scan web application for CMS, used techs, vulns (file, dir fuzz)
https://github.com/fagcinsk/h4ck
#scanner #fuzzer #redteam

OWASP Risk Assessment Calculator
source :
https://github.com/JavierOlmedo/OWASP-Calculator
online :
https://javierolmedo.github.io/OWASP-Calculator/
https://security-net.biz/files/owaspriskcalc.html
#owasp #Assessment #risk

C2 Powershell Command & Control Framework with BuiltIn Commands
کلیه ابزارهای تست نفوذ در قالب اسکریپت ها و ماژول های پاورشل برای بایپس آنتی ویروس
https://github.com/r00t-3xp10it/meterpeter
https://github.com/r00t-3xp10it/meterpeter/releases/tag/v2.10.8
#AMSI #powershell #FUD

kraker
is a distributed password brute-force system that focused on easy use.
https://github.com/zzzteph/kraker
#bruteforce #kraker #docker

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.
https://github.com/mvt-project/mvt
#android #ios #forensic

Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state
https://github.com/boku7/bof-spawnSuspendedProcess
#cobaltstrike

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.
https://github.com/topotam/PetitPotam
#EFS #Windows

Meet Mushikago
=============
https://github.com/PowderKegTech/mushikago
Mushikago uses game AI technology to select and execute the most appropriate test content based on the environment in spot. The application of game AI technology to security products is new, and our work has shown that game AI is most suitable for penetration testing, where the content needs to change depending on the environment. In addition, Mushikago can automatically perform penetration testing in mixed environments of IT and OT(ICS), and can visualize and report the acquired device, account, and network information. The test contents are also displayed in a format consistent with MITRE ATT&CK. This allows the user to perform penetration testing at a certain level without manual intervention.
Features:
- Full Automatic penetration testing tool
- Device detection
- IT penetration testing
- ICS penetration testing
#penetrationtesting #pentesting #automation #ai #ics

A collection of Hacker API tools utilizing the HackerOne API. To build your own Hacker API integration have a look at our getting started docs.
https://github.com/Hacker0x01/awesome-hacker-api-tools
#hackerone #apitools

Beaconator
A beacon generator using Cobalt Strike and PEzor.
https://github.com/capt-meelo/Beaconator

Request smuggler
Http request smuggling vulnerability scanner
https://github.com/sh1yo/request_smuggler
HTTP Desync Attacks: Request Smuggling Reborn
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
#request_smuggler

Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic
https://github.com/MythicAgents/Medusa
#c2 #python #medusa

ShellShockHunter
Scan via Shodan search engine then try figure out Vulnerable or not
https://github.com/MrCl0wnLab/ShellShockHunter
#ShellShockHunter