Watson – Enumerate Missing KBs And Suggest Exploits For Useful Privilege Escalation Vulnerabilities

[*] Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities. Supported Versions Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004 Server 2016 & 2019 Usage C:> Watson.exe __ __ _ / / / __ _| |_ ___ ___ _ __ / / /Read More

Gitls – Enumerate Git Repository URL From List Of URL / User / Org

Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url from allRead More

Linux-Chrome-Recon – An Information Gathering Tool Used To Enumerate All Possible Data About An User From Google-Chrome Browser From Any Linux Distribution

“linux-chrome-recon” is a Information gathering tool used to enumerate all possible data about an user from Google-Chrome browser from any Linux distribution Intro 1.Loots possible data from Google-Chrome 2.Launches HTTP Server on /tmp directory (Usefull) 3.Simple script to receive data from Victim(One time run) 4.Clears the /tmp data when server is closed… Files retrieved :Read More

RmiTaste – Allows Security Professionals To Detect, Enumerate, Interact And Exploit RMI Services By Calling Remote Methods With Gadgets From Ysoseria

RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial. It also allows to call remote method with specific parameters. Disclaimer RmiTaste was written to aid security professionals in identifying insecure RMI services on systems which the user has prior permission to attack. Unauthorised accessRead More

ActiveDirectoryEnumeration – Enumerate AD Through LDAP With A Collection Of Helpfull Scripts Being Bundled

ADE – ActiveDirectoryEnum usage: activeDirectoryEnum [-h] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [–all] [–no-creds] dc ___ __ _ ____ _ __ ______ / | _____/ /_(_) _____ / __ (_)_______ _____/ /_____ _______ __/ ____/___ __ ______ ___ / /| |/ ___/ __/ / | / / _ / / / /Read More

O.G. AUTO-RECON – Enumerate A Target Based Off Of Nmap Results

Enumerate a target Based off of Nmap Results Features The purpose of O.G. Auto-Recon is to automate the initial information gathering phase and then enumerate based off those results as much as possible. This tool is intended for CTF’s and can be fairly noisy. (Not the most stealth conscious tool…) All tools in this projectRead More

RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String), can be exploited by replacing the object with a serialized payload. This is a fairly common misconfiguration (e.g., VMWare vSphere Data Protection + vRealize Operations Manager,Read More

shuffleDNS – Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.Based on the work on massdns project by @blechschmidt.Features Simple and modular code base making it easy to contribute. Fast And Simple active subdomain scanning.Read More