SSOh-No – User Enumeration And Password Spraying Tool For Testing Azure AD

This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute force/spraying attacks, while also failing to log any failed authentication attempts. ThisRead More

Cliam – Multi Cloud IAM Permissions Enumeration Tool

Multi cloud iam permissions enumeration tool. Currently covers: AWS GCP [TODO] Azure [TODO] Oracle Description Cliam is a simple cloud permissions identifier. There are two main components to the CLI. Most of the enumerated permissions are list, describe or get permissions. Only permissions that does not require a specific resource are tested. enumerate which canRead More

Osinteye – Username Enumeration And Reconnaisance Suite

Username Enumeration And Reconnaisance Suite     Supported sites PyPI Github TestPypi Instagram DockerHub Installation Clone project: $ git clone $ cd osinteye $ pip install -r requirements.txt Usage $ python osinteye [–SITENAME] [USERNAME] Or give osintEye execution permission: $ chmod +x osinteye $ ./osinteye [–SITENAME] [USERNAME] Example 1.1; $ python osinteye –instagramRead More

ADReaper – A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go

ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with GO $ git clone$ cd ADReaper/$ go build UsageRead More

linWinPwn – A Bash Script That Automates A Number Of Active Directory Enumeration And Vulnerability Checks

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the repository and make the script executable git clone linWinPwn; chmod +x Install LinuxRead More

modifyCertTemplate – ADCS Cert Template Modification And ACL Enumeration

This tool is designed to aid an operator in modifying ADCS certificate templates so that a created vulnerable state can be leveraged for privilege escalation (and then reset the template to its previous state afterwards). This is specifically designed for a scenario where WriteProperty rights over a template have been compromised, but the operator isRead More

Subdomains.Sh – A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain. This Script Is Written With The Aim To Automate The Workflow wrapper around tools I use for subdomain enumeration, to automate the workflow, on a given domain. Usage To display this script’s help message, use the -h flag: -h subdomains for * –use-passive-source comma(,) separated tools to use –exclude-passive-source comma(,) separated tools to exclude –skip-semi-active skip semi active techniques -r, –resolvers list of DNSRead More

Vortex – VPN Overall Reconnaissance, Testing, Enumeration And eXploitation Toolkit

[*] VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc…). Why I developed it Make the VPN spraying phase much quicker andRead More

Oh365UserFinder – Python3 O365 User Enumeration Tool

Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the “IfExistsResult” flag is null or not, and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response, and either automatically create a waiting periodRead More

LACheck – Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration

[*] Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration Arguments domain controller to query (if not ran on a domain-joined host) /domain – specify domain name (if not ran on a domain-joined host) /edr – check host for EDR (requires smb, rpc, or winrm) /logons – return logged on users on a host (requires smb,Read More