Merge pull request #400 from fabacab/spraying-toolkit

Add new privesc subsection, "Password Spraying" with two new tools.
This commit is contained in:
Samar Dhwoj Acharya 2020-12-06 15:09:21 -06:00 committed by GitHub
commit b5550eb40b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -66,6 +66,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Periodicals](#periodicals) * [Periodicals](#periodicals)
* [Physical Access Tools](#physical-access-tools) * [Physical Access Tools](#physical-access-tools)
* [Privilege Escalation Tools](#privilege-escalation-tools) * [Privilege Escalation Tools](#privilege-escalation-tools)
* [Password Spraying Tools](#password-spraying-tools)
* [Reverse Engineering](#reverse-engineering) * [Reverse Engineering](#reverse-engineering)
* [Reverse Engineering Books](#reverse-engineering-books) * [Reverse Engineering Books](#reverse-engineering-books)
* [Reverse Engineering Tools](#reverse-engineering-tools) * [Reverse Engineering Tools](#reverse-engineering-tools)
@ -628,6 +629,11 @@ See also [awesome-osint](https://github.com/jivoi/awesome-osint).
* [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system. * [Postenum](https://github.com/mbahadou/postenum) - Shell script used for enumerating possible privilege escalation opportunities on a local GNU/Linux system.
* [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems. * [unix-privesc-check](https://github.com/pentestmonkey/unix-privesc-check) - Shell script to check for simple privilege escalation vectors on UNIX systems.
### Password Spraying Tools
* [DomainPasswordSpray](https://github.com/dafthack/DomainPasswordSpray) - Tool written in PowerShell to perform a password spray attack against users of a domain.
* [SprayingToolkit](https://github.com/byt3bl33d3r/SprayingToolkit) - Scripts to make password spraying attacks against Lync/S4B, Outlook Web Access (OWA) and Office 365 (O365) a lot quicker, less painful and more efficient.
## Reverse Engineering ## Reverse Engineering
See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*Exploit Development Tools*](#exploit-development-tools). See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*Exploit Development Tools*](#exploit-development-tools).
@ -801,7 +807,6 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
* [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html) * [The Browser Hacker's Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
* [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html) * [The Web Application Hacker's Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
## Windows Utilities ## Windows Utilities
* [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer. * [Bloodhound](https://github.com/adaptivethreat/Bloodhound/wiki) - Graphical Active Directory trust relationship explorer.