PingCastle
It does quickly collect the most important information of the Active Directory to establish an overview on it. Based on a model and rules, it evalutes the score of the sub-processes of the Active Directory. Then based on this evaluation, it report the risk evaluation of it.
https://www.pingcastle.com/download/
#activedirectory #pingcastle #risk #windows

Splunk Security Content
This project gives you access to our repository of Analytic Stories that are security guides the provide background on TTPs, mapped to the MITRE framework, the Lockheed Martin Kill Chain, and CIS controls. They include Splunk searches, machine-learning algorithms, and Splunk Phantom playbooks (where available)—all designed to work together to detect, investigate, and respond to threats.
https://github.com/splunk/security_content/releases/tag/v3.25.1
#splunk #blueteam

Windows Privilege Escalation from User to Domain Admin.
https://github.com/antonioCoco/RemotePotato0/releases/tag/0.1
#Windows #PE #RPC

This is a collection of C# tooling and POCs I've created for use on operations. Each project is designed to use no external libraries. Open each project's .SLN in Visual Studio and compile as "Release".
از این ابزارها می تونید برای post exploit استفاده کنید خوبیش اینکه کد به صورتی زده که dll اضافی نیاز نداره
https://github.com/matterpreter/OffensiveCSharp
#offensivecsharp #readteaming #hackingtools

Online & Hosted Reverse Shell Generator
===========================
https://www.revshells.com/
https://github.com/0dayCTF/reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
Features:
- Generate common listeners and reverse shells
- Raw mode to cURL shells to your machine.
- Button to increment the listening port number by 1
- URI and Base64 encoding
- LocalStorage to persist your configuration
#reverseshell #CTF

h4ck
1)fortune: random IPs scanner/generator
2)netbat : hosts + ports scanner, supports host list (+CIDR)
3)rtsp_brute: fuzz&brute rtsp cameras
4)vpn: connect to VPN server using openvpn
5)webmap: Scan web application for CMS, used techs, vulns (file, dir fuzz)
https://github.com/fagcinsk/h4ck
#scanner #fuzzer #redteam

OWASP Risk Assessment Calculator
source :
https://github.com/JavierOlmedo/OWASP-Calculator
online :
https://javierolmedo.github.io/OWASP-Calculator/
https://security-net.biz/files/owaspriskcalc.html
#owasp #Assessment #risk

C2 Powershell Command & Control Framework with BuiltIn Commands
کلیه ابزارهای تست نفوذ در قالب اسکریپت ها و ماژول های پاورشل برای بایپس آنتی ویروس
https://github.com/r00t-3xp10it/meterpeter
https://github.com/r00t-3xp10it/meterpeter/releases/tag/v2.10.8
#AMSI #powershell #FUD

kraker
is a distributed password brute-force system that focused on easy use.
https://github.com/zzzteph/kraker
#bruteforce #kraker #docker

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.
https://github.com/mvt-project/mvt
#android #ios #forensic

Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state
https://github.com/boku7/bof-spawnSuspendedProcess
#cobaltstrike

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.
https://github.com/topotam/PetitPotam
#EFS #Windows

Meet Mushikago
=============
https://github.com/PowderKegTech/mushikago
Mushikago uses game AI technology to select and execute the most appropriate test content based on the environment in spot. The application of game AI technology to security products is new, and our work has shown that game AI is most suitable for penetration testing, where the content needs to change depending on the environment. In addition, Mushikago can automatically perform penetration testing in mixed environments of IT and OT(ICS), and can visualize and report the acquired device, account, and network information. The test contents are also displayed in a format consistent with MITRE ATT&CK. This allows the user to perform penetration testing at a certain level without manual intervention.
Features:
- Full Automatic penetration testing tool
- Device detection
- IT penetration testing
- ICS penetration testing
#penetrationtesting #pentesting #automation #ai #ics

A collection of Hacker API tools utilizing the HackerOne API. To build your own Hacker API integration have a look at our getting started docs.
https://github.com/Hacker0x01/awesome-hacker-api-tools
#hackerone #apitools

Beaconator
A beacon generator using Cobalt Strike and PEzor.
https://github.com/capt-meelo/Beaconator

Request smuggler
Http request smuggling vulnerability scanner
https://github.com/sh1yo/request_smuggler
HTTP Desync Attacks: Request Smuggling Reborn
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
#request_smuggler

Medusa is a cross-platform C2 agent compatible with Python 2.7 and 3.8, compatible with Mythic
https://github.com/MythicAgents/Medusa
#c2 #python #medusa

ShellShockHunter
Scan via Shodan search engine then try figure out Vulnerable or not
https://github.com/MrCl0wnLab/ShellShockHunter
#ShellShockHunter

Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye can work with any Linux distros if they support Python 3. Author: Jolanda de Koff
https://github.com/BullsEye0/ghost_eye
#Ghost_eye #informationGathering

#Exegol is a fully featured and community-driven hacking environment
It can be used in pentest engagements, #bugbounty, #CTF, #HackTheBox, #OSCP lab & exam and so on. Exegol's original fate was to be a ready-to-hack docker in case of emergencies during engagements.
https://github.com/ShutdownRepo/Exegol