This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute force/spraying attacks, while also failing to log any failed authentication attempts. ThisRead More
Multi cloud iam permissions enumeration tool. Currently covers: AWS GCP [TODO] Azure [TODO] Oracle Description Cliam is a simple cloud permissions identifier. There are two main components to the CLI. Most of the enumerated permissions are list, describe or get permissions. Only permissions that does not require a specific resource are tested. enumerate which canRead More
Username Enumeration And Reconnaisance Suite Supported sites PyPI Github TestPypi About.me Instagram DockerHub Installation Clone project: $ git clone https://github.com/rly0nheart/osinteye.git $ cd osinteye $ pip install -r requirements.txt Usage $ python osinteye [–SITENAME] [USERNAME] Or give osintEye execution permission: $ chmod +x osinteye $ ./osinteye [–SITENAME] [USERNAME] Example 1.1; $ python osinteye –instagramRead More
ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with GO $ git clone https://github.com/AidenPearce369/ADReaper$ cd ADReaper/$ go build UsageRead More
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the repository and make the script executable git clone https://github.com/lefayjey/linWinPwncd linWinPwn; chmod +x linWinPwn.sh Install LinuxRead More
This tool is designed to aid an operator in modifying ADCS certificate templates so that a created vulnerable state can be leveraged for privilege escalation (and then reset the template to its previous state afterwards). This is specifically designed for a scenario where WriteProperty rights over a template have been compromised, but the operator isRead More
subdomains.sh wrapper around tools I use for subdomain enumeration, to automate the workflow, on a given domain. Usage To display this script’s help message, use the -h flag: subdomains.sh -h subdomains for * –use-passive-source comma(,) separated tools to use –exclude-passive-source comma(,) separated tools to exclude –skip-semi-active skip semi active techniques -r, –resolvers list of DNSRead More
[*] VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc…). Why I developed it Make the VPN spraying phase much quicker andRead More
Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the “IfExistsResult” flag is null or not, and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response, and either automatically create a waiting periodRead More
[*] Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration Arguments domain controller to query (if not ran on a domain-joined host) /domain – specify domain name (if not ran on a domain-joined host) /edr – check host for EDR (requires smb, rpc, or winrm) /logons – return logged on users on a host (requires smb,Read More
