FindUncommonShares – A Python Equivalent Of PowerView’s Invoke-ShareFinder.ps1 Allowing To Quickly Find Uncommon Shares In Vast Windows Domains

  The script is a Python equivalent of PowerView‘s Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Active Directory Domains. Features Only requires a low privileges domain user account. Automatically gets the list of all computers from the domain controller’s LDAP. Ignore the hidden shares (ending with $) with –ignore-hidden-shares. Multithreaded connectionsRead More

Email-Vulnerablity-Checker – Find Email Spoofing Vulnerablity Of Domains

Verify whether the domain is vulnerable to spoofing by Email-vulnerablity-checker Features This tool will automatically tells you if the domain is email spoofable or not you can do single and multiple domain input as well (for multiple domain checker you need to have text file with domains in it) Usage: Clone the package by running:Read More

DC-Sonar – Analyzing AD Domains For Security Risks Related To User Accounts

DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It’s only for education purposes. Avoid using it on the production Active Directory (AD) domain. Neither contributor incur any responsibility for any using it. Social media Check out our Red Team community Telegram channel Description Architecture For the visual descriptions, openRead More

PowerHuntShares – Audit Script Designed In Inventory, Analyze, And Report Excessive Privileges Configured On Active Directory Domains

[*] PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers. It is intented to help IAM and other blue teams gain a better understand of their SMB Share attack surface and provides data insights to help naturally group related share to help streamRead More

DomainDouche – OSINT Tool to Abuse SecurityTrails Domain Suggestion API To Find Potentially Related Domains By Keyword And Brute Force

Abusing SecurityTrails domain suggestion API to find potentially related domains by keyword and brute force. Use it while it still works (Also, hmu on Mastodon: @[email protected]) Usage: usage: [-h] [-n N] -c COOKIE -a USER_AGENT [-w NUM] [-o OUTFILE] keywordAbuses SecurityTrails API to find related domains by keyword.Go to, solve any CAPTCHA youRead More

openSquat – Detection Of Phishing Domains And Domain Squatting. Supports Permutations Such As Homograph Attack, Typosquatting And Bitsquatting

What is openSquat openSquat is an opensource Intelligence (OSINT) security tool to identify cyber squatting threats to specific companies or domains, such as: Phishing campaigns Domain squatting Typo squatting Bitsquatting IDN homograph attacks Doppenganger domains Other brand/domain related scams It does support some key features such as: Automatic newly registered domain updating (once a day)Read More

On-The-Fly – Tool Which Gives Capabilities To Perform Pentesting Tests In Several Domains (IoT, ICS & IT)

▒█████ ███▄ █ ▄▄▄█████▓ ██░ ██ ▓█████ █████ ██▓ ▓██ ██▓▒██▒ ██▒ ██ ▀█ █ ▓ ██▒ ▓▒▒▓██░ ██ ▓█ ▀ ▓██ ▓██▒ ▒██ ██▒▒██░ ██▒▓██ ▀█ ██▒ ▒ ▓██░ ▒░░▒██▀▀██ ▒███ ▒████ ▒██░ ▒██ ██░▒██ ██░▓██▒ ▐▌██▒ ░ ▓██▓ ░ ░▓█ ░██ ▒▓█ ▄ ░▓█▒ ▒██░ ░ ▐██▓░░ ████▓▒░▒██░ ▓██░ ▒██▒ ░ ░▓█▒░██▓▒░▒████ ▒░▒█░Read More

Typodetect – Detect The Active Mutations Of Domains

This tool gives blue teams, SOC’s, researchers and companies the ability to detect the active mutations of their domains, thus preventing the use of these domains in fraudulent activities, such as phishing and smishing. For this, Typodetect allows the use of the latest available version of the TLDs (Top Level Domains) published on the IANARead More

AnalyticsRelationships – Get Related Domains / Subdomains By Looking At Google Analytics IDs

subdomains by looking at Google Analytics IDs > Python/GO versions > By @JosueEncinar “> > Get related domains / subdomains by looking at Google Analytics IDs> Python/GO versions> By @JosueEncinar This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First search for ID of Google AnalyticsRead More