Lockphish – The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it’s the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. LockPhish Tutorial: https://www.kalilinux.in/2020/05/lockphish.htmlAuthor: The Linux Choice (Who deleted his GitHub repository)Twitter: https://twitter.com/linux_choice Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by NgrokRead More

Spray – A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)

A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf) Getting StartedThese instructions will show you the requirements for and how to use Spray. PrerequisitesAll requirements come preinstalled on Kali Linux, to run on other flavors or Mac just make sure curl(owa & lync) and rpcclient(smb) are installed using apt-get or brew. rpcclientcurl UsingRead More

Lockphish – A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it’s the first tool (05/13/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer:Usage of Lockphish for attacking targets without prior mutualRead More

HiveJack – This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host

This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM registry hives and once copied to the attacker machines provides an option to delete these files to clear the trace.Often, this is a repetitive process, once an attacker getsRead More

Evil SSDP – Spoof SSDP Replies And Create Fake UPnP Devices To Phish For Credentials And NetNTLM Challenge/Response

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable phishing page. This page can load a hidden image over SMB, allowing you toRead More

CredNinja – A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter

This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations (including some additions below), it really shines when used at the scale of a large network. At the core of it, you provide it a list of credentials youRead More

X