Pentesting SSH

What is SSH Secure Shell or SSH is used to remotely access the server or any computer with SSH enabled. Perfect replacement for telnet protocol. Telnet is not secure like SSH, SSH provides encryption for secure communication. SSH by default uses TCP port 22 to connect with the SSH service. SSH will allow the client to connect the remote system […]

Magic Unicorn – Attack and inject shellcode straight into memory

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. Usage is simple, just run Magic Unicorn (ensure Metasploit is installed if using Metasploit methods and in the right path) […]

Shr3dkit – Redteam Toolkit

This tool kit is very much influenced by infosecn1nja’s kit. Use this script to grab majority of the repos. NOTE: hard coded in /opt and made for Kali Linux Total Size (so far): 2.5+Gb Install Guide: Change Log Phantom Evasion Forewarning Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfiltration Misc References Reconnaissance Active […]

OSCP Walkthrough

Introduction – Fundamentals and basics of different topics like networking, databases, web applications, commands, etc. Windows Linux Networking Web Application Basics Services and Ports File Transfers Python Fundamentals C# Fundamentals TCPdump Powershell Wireshark Packet Crafting Tools FTP SQL YouTube Playlist Databases SQL IIS IIS Web Server MySQL Kali Tools IP Tables Tools Bettercap Masscan SQL Injection Tools Mimikatz Wordlists SecLists […]

CarbonCopy

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux Prerequisites In order to use it on Linux, please execute commands below: apt-get install osslsigncode pip3 install pyopenssl Download Tool

Collection: Burp Extentions

Content: The best way to search this list is by: Simply pressing command + F to search for a keyword Go through our Content Menu. Scanners Passive and Active scan plugins. Active Scan++ – ActiveScan++ extends Burp Suite’s active and passive scanning capabilities. Burp Vulners Scanner – Vulnerability scanner based on vulners.com search API. Additional Scanner checks – Collection of […]

Top 10 Vulnerabilities 2019-2020: Internal Network Pentest

The following information was compiled from more than 60 penetration test reports that have been produced during the year of 2020 and 2019 for various mid-sized organizations and businesses from around the world. Top 10 vulnerabilities The list is organized from the bottom (top 10) to the top 1. 10. Weak and default passwords Hunting for weak and default credentials […]

Pentesting with Powershell (Cheetsheet)

This article contains a list of PowerShell commands collected from various corners of the Internet which could be helpful during penetration tests or red team exercises. The list includes various post-exploitation one-liners in pure PowerShell without requiring any offensive (= potentially flagged as malicious) 3rd party modules, but also a bunch of handy administrative commands. Locating files with sensitive information […]

Trident project – an automated password spraying tool.

The Trident project is an automated password spraying tool developed to meet the following requirements: the ability to be deployed on several cloud platforms/execution providers the ability to schedule spraying campaigns in accordance with a target’s account lockout policy the ability to increase the IP pool that authentication attempts originate from for operational security purposes the ability to quickly extend […]

Hetty – An HTTP Proxy Tool For Security Research

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle (MITM) HTTP/1.1 proxy with logs Project based database storage (SQLite) Scope support Headless management API using GraphQL Embedded web interface (Next.js) […]

Isip – Interactive Sip Toolkit For Packet Manipulations, Sniffing, Man In The Middle Attacks, Fuzzing, Simulating Of Dos Attacks

isip Interactive sip toolkit for packet manipulations, sniffing, man in the middle attacks, fuzzing, simulating of dos attacks. Video Setup git clone https://github.com/halitalptekin/isip.git cd isip pip install -r requirements.txt Usage Packet manipulation tools are in packet cmd loop. First start, you are in the main cmd loop. isip:main> packet isip:packet> Create a new sip packet with new command. If you […]

ratched – Transparent Man-in-the-Middle TLS Proxy

ratched is a Man-in-the-Middle (MitM) proxy that specifically intercepts TLS connections. It is intended to be used in conjunction with the Linux iptabes REDIRECT target; all connections that should be intercepted can be redirected to the local ratched port. Through the SO_ORIGINAL_DST sockopt, ratched can determine the intended destination (before iptables packet mangling) and tries to establish a connection to […]

Powerglot – Encodes Offensive Powershell Scripts Using Polyglots

Powerglot Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections, being one of the most common payloads scripts developed in powershell. Recent malware and APTs […]

How to Crack Zip File Password Using Fcrackzip Tool

Installation There are two methods for installing and configuring this tool on kali linux or any other operating system. The first way is to download this tool using the “wget” command and configure it using the “dpkg” command. wget http://ftp.br.debian.org/debian/pool/main/f/fcrackzip/fcrackzip_1.0-10_amd64.deb dpkg -i fcrackzip_1.0-10_amd64.deb 1 wget http://ftp.br.debian.org/debian/pool/main/f/fcrackzip/fcrackzip_1.0-10_amd64.debdpkg -i fcrackzip_1.0-10_amd64.deb The other way is to install this tool directly using the following […]

Red Teaming/Adversary Simulation Toolkit

A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request. Reconnaissance Active Intelligence Gathering EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness AWSBucketDump is a […]

ARP SPOOFING

What Is ARP Spoofing? ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an […]