From 411e8798c666b54e88d76abbcda959133365ee6e Mon Sep 17 00:00:00 2001 From: fabacab Date: Sun, 6 Dec 2020 15:26:35 -0500 Subject: [PATCH] Add new privesc subsection, "Password Spraying" with two new tools. --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 33ae81c..cd2a6bf 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Periodicals](#periodicals) * [Physical Access Tools](#physical-access-tools) * [Privilege Escalation Tools](#privilege-escalation-tools) + * [Password Spraying Tools](#password-spraying-tools) * [Reverse Engineering](#reverse-engineering) * [Reverse Engineering Books](#reverse-engineering-books) * [Reverse Engineering Tools](#reverse-engineering-tools) @@ -628,6 +629,11 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint). * [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system. * [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems. +### Password Spraying Tools + +* [DomainPasswordSpray](https://github.com/dafthack/DomainPasswordSpray) - Tool written in PowerShell to perform a password spray attack against users of a domain. +* [SprayingToolkit](https://github.com/byt3bl33d3r/SprayingToolkit) - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient. + ## Reverse Engineering See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*Exploit Development Tools*](#exploit-development-tools). @@ -801,7 +807,6 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e * [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html) * [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html) - ## Windows Utilities * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.