Network reconnaisance tool that sniffs for active hosts IntroductionNetenum passively monitors the ARP traffic on the network. It extracts basic data about each active host, such as IP address, MAC address and manufacturer. The main objective of this tool is to find active machines without generating too much noise.Features Provides basic information about the network,Read More
ADCollector is a lightweight tool that enumerates the Active Directory environment to identify possible attack vectors. It will give you a basic understanding of the configuration/deployment of the environment as a starting point. Notes:ADCollector is not an alternative to the powerful PowerView, it just automates enumeration to quickly identify juicy information without thinking too muchRead More
A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf) Getting StartedThese instructions will show you the requirements for and how to use Spray. PrerequisitesAll requirements come preinstalled on Kali Linux, to run on other flavors or Mac just make sure curl(owa & lync) and rpcclient(smb) are installed using apt-get or brew. rpcclientcurl UsingRead More
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various forms of WAF bypass techniques through the implementation of SQLmap tamper functions. Additional tamper functions can be incorporated by the user depending on the situation and environment.Comes in two flavors: straight-up Python script for terminalRead More
Pickl3 is Windows active user credential phishing tool. You can execute the Pickl3 and phish the target user credential.Operational Usage – 1Nowadays, since the operating system of many end users is Windows 10, we cannot easily steal account information with Mimikatz-like projects like the old days. Using Pickl3, you can try to steal the accountRead More
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securingRead More
