Awesome-Mirrors/awesome-pentest
1
0
Fork 0
mirror of https://github.com/enaqx/awesome-pentest.git synced 2024-12-23 06:09:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add numerous tools:

Browse Source 
* ScanCannon - `masscan` and `nmap` multiplexer.
* RID_ENUM - null session cycling attack for Windows user enumeration.
* MailSniper - recon toolkit for MS Exchange (OWA/EWS) environments.
* FiercePhish - full-fledged phishing campaign management platform.
* Hunter.io - data broker providing internal company emails.
This commit is contained in:
Meitar M 2018-07-23 15:42:16 -04:00
parent 4149615863
commit 9040ae7742
No known key found for this signature in database
GPG Key ID: 07EFAA28AB94BC85
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -201,6 +201,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [impacket](https://github.com/CoreSecurity/impacket) - Collection of Python classes for working with network protocols. * [impacket](https://github.com/CoreSecurity/impacket) - Collection of Python classes for working with network protocols.
* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage. * [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more. * [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
* [IKEForce](https://github.com/SpiderLabs/ikeforce) - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
#### Exfiltration Tools #### Exfiltration Tools
@ -226,6 +227,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool. * [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool.
* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool. * [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
* [ACLight](https://github.com/cyberark/ACLight) - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins. * [ACLight](https://github.com/cyberark/ACLight) - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
* [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports.
#### Protocol Analyzers and Sniffers #### Protocol Analyzers and Sniffers
@ -344,6 +346,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers. * [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates). * [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
* [DeathStar](https://github.com/byt3bl33d3r/DeathStar) - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments. * [DeathStar](https://github.com/byt3bl33d3r/DeathStar) - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
* [RID_ENUM](https://github.com/trustedsec/ridenum) - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.
* [MailSniper](https://github.com/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
### GNU/Linux Utilities ### GNU/Linux Utilities
@ -371,6 +375,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks. * [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks.
* [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby. * [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby.
* [Beelogger](https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger. * [Beelogger](https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger.
* [FiercePhish](https://github.com/Raikia/FiercePhish) - Full-fledged phishing framework to manage all phishing engagements.
### OSINT Tools ### OSINT Tools
@ -401,6 +406,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components. * [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
* [gOSINT](https://github.com/Nhoya/gOSINT) - OSINT tool with multiple modules and a telegram scraper. * [gOSINT](https://github.com/Nhoya/gOSINT) - OSINT tool with multiple modules and a telegram scraper.
* [Amass](https://github.com/caffix/amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc. * [Amass](https://github.com/caffix/amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
* [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
### Anonymity Tools ### Anonymity Tools