Reverseip_Py – Domain Parser For Reverse IP Lookup

Domain parser for Reverse IP Lookup. Writen in Python 3. What is Reverse IP? Reverse IP refers to the process of looking up all the domain names that are hosted on a particular IP address. This can be useful for a variety of reasons, such as identifying all the websites that are hosted onRead More

ExchangeFinder – Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version

ExchangeFinder is a simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange. ExchangeFinder can identify the exact version of Microsoft Exchange starting from Microsoft Exchange 4.0 to Microsoft Exchange Server 2019. How does it work? ExchangeFinder will first tryRead More

FarsightAD – PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise

FarsightAD is a PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise. The script produces CSV / JSON file exports of various objects and their attributes, enriched with timestamps from replication metadata. Additionally, if executed with replication privileges, the Directory Replication Service (DRS)Read More

DomainDouche – OSINT Tool to Abuse SecurityTrails Domain Suggestion API To Find Potentially Related Domains By Keyword And Brute Force

Abusing SecurityTrails domain suggestion API to find potentially related domains by keyword and brute force. Use it while it still works (Also, hmu on Mastodon: @[email protected]) Usage: usage: [-h] [-n N] -c COOKIE -a USER_AGENT [-w NUM] [-o OUTFILE] keywordAbuses SecurityTrails API to find related domains by keyword.Go to, solve any CAPTCHA youRead More

noPac – Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-2021-42278 + CVE-2021-42287 chainpositional arguments: [domain/]username[:password] Account used to authenticate to DC.optional arguments: -h, –help show this help message and exit –impersonate IMPERSONATE target username that will be impersonated (thru S4U2Self) for quering the ST. Keep inRead More

Masky – Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory

Masky is a python library providing an alternative way to remotely dump domain users’ credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and doesRead More

SilentHound – Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. Installation Using pipenv (recommended method) sudo python3 -m pip install –user pipenvgit clone silenthoundpipenv install This will create an isolated virtual environment with dependencies needed for the project. To use the project youRead More

DarthSidious – Building An Active Directory Domain And Hacking It

The goal is simple To share my modest knowledge about hacking Windows systems. This is commonly refered to as red team exercises. This book however, is also very concerned with the blue team; the defenders. That is, helping those who are working as defenders, analysts and security experts to build secure Active Directory environments andRead More

Subdomains.Sh – A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain. This Script Is Written With The Aim To Automate The Workflow wrapper around tools I use for subdomain enumeration, to automate the workflow, on a given domain. Usage To display this script’s help message, use the -h flag: -h subdomains for * –use-passive-source comma(,) separated tools to use –exclude-passive-source comma(,) separated tools to exclude –skip-semi-active skip semi active techniques -r, –resolvers list of DNSRead More