mirror of
https://github.com/enaqx/awesome-pentest.git
synced 2024-12-23 14:19:23 -05:00
Add numerous tools:
* ScanCannon - `masscan` and `nmap` multiplexer. * RID_ENUM - null session cycling attack for Windows user enumeration. * MailSniper - recon toolkit for MS Exchange (OWA/EWS) environments. * FiercePhish - full-fledged phishing campaign management platform. * Hunter.io - data broker providing internal company emails.
This commit is contained in:
parent
4149615863
commit
9040ae7742
@ -201,6 +201,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [impacket](https://github.com/CoreSecurity/impacket) - Collection of Python classes for working with network protocols.
|
* [impacket](https://github.com/CoreSecurity/impacket) - Collection of Python classes for working with network protocols.
|
||||||
* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
|
* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.
|
||||||
* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
|
* [THC Hydra](https://github.com/vanhauser-thc/thc-hydra) - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.
|
||||||
|
* [IKEForce](https://github.com/SpiderLabs/ikeforce) - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.
|
||||||
|
|
||||||
#### Exfiltration Tools
|
#### Exfiltration Tools
|
||||||
|
|
||||||
@ -226,6 +227,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool.
|
* [smbmap](https://github.com/ShawnDEvans/smbmap) - Handy SMB enumeration tool.
|
||||||
* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
|
* [XRay](https://github.com/evilsocket/xray) - Network (sub)domain discovery and reconnaissance automation tool.
|
||||||
* [ACLight](https://github.com/cyberark/ACLight) - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
|
* [ACLight](https://github.com/cyberark/ACLight) - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
|
||||||
|
* [ScanCannon](https://github.com/johnnyxmas/ScanCannon) - Python script to quickly enumerate large networks by calling `masscan` to quickly identify open ports and then `nmap` to gain details on the systems/services on those ports.
|
||||||
|
|
||||||
#### Protocol Analyzers and Sniffers
|
#### Protocol Analyzers and Sniffers
|
||||||
|
|
||||||
@ -344,6 +346,8 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
|
* [redsnarf](https://github.com/nccgroup/redsnarf) - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
|
||||||
* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
|
* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
|
||||||
* [DeathStar](https://github.com/byt3bl33d3r/DeathStar) - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
|
* [DeathStar](https://github.com/byt3bl33d3r/DeathStar) - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
|
||||||
|
* [RID_ENUM](https://github.com/trustedsec/ridenum) - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.
|
||||||
|
* [MailSniper](https://github.com/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
|
||||||
|
|
||||||
### GNU/Linux Utilities
|
### GNU/Linux Utilities
|
||||||
|
|
||||||
@ -371,6 +375,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks.
|
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against WiFi networks.
|
||||||
* [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby.
|
* [Catphish](https://github.com/ring0lab/catphish) - Tool for phishing and corporate espionage written in Ruby.
|
||||||
* [Beelogger](https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger.
|
* [Beelogger](https://github.com/4w4k3/BeeLogger) - Tool for generating keylooger.
|
||||||
|
* [FiercePhish](https://github.com/Raikia/FiercePhish) - Full-fledged phishing framework to manage all phishing engagements.
|
||||||
|
|
||||||
### OSINT Tools
|
### OSINT Tools
|
||||||
|
|
||||||
@ -401,6 +406,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
|
|||||||
* [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
|
* [ZoomEye](https://www.zoomeye.org/) - Search engine for cyberspace that lets the user find specific network components.
|
||||||
* [gOSINT](https://github.com/Nhoya/gOSINT) - OSINT tool with multiple modules and a telegram scraper.
|
* [gOSINT](https://github.com/Nhoya/gOSINT) - OSINT tool with multiple modules and a telegram scraper.
|
||||||
* [Amass](https://github.com/caffix/amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
|
* [Amass](https://github.com/caffix/amass) - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.
|
||||||
|
* [Hunter.io](https://hunter.io/) - Data broker providing a Web search interface for discovering the email addresses and other organizational details of a company.
|
||||||
|
|
||||||
### Anonymity Tools
|
### Anonymity Tools
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user