Vailyn – A Phased, Evasive Path Traversal + LFI Scanning & Exploitation Tool In Python

Vailyn Phased Path Traversal & LFI Attacks Vailyn 3.0 Since v3.0, Vailyn supports LFI PHP wrappers in Phase 1. Use –lfi to include them in the scan. About Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal and file inclusion vulnerabilities. It is built to make it as performant as possible, andRead More

SharpStrike – A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems

SharpStrike is a post-exploitation tool written in C# that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user’s session. Note: Some commands will use PowerShell in combination with WMI, denoted with ** in the –show-commands command. Introduction SharpStrike is a C# rewrite and expansion on @Matt_Grandy_‘sRead More

Brutus – An Educational Exploitation Framework Shipped On A Modular And Highly Extensible Multi-Tasking And Multi-Processing Architecture

An educational exploitation framework shipped on a modular and highly extensible multi-tasking and multi-processing architecture. Brutus: an Introduction Looking for version 1? See the branches in this repository. Brutus is an educational exploitation framework written in Python. It automates pre and post-connection network-based exploits, as well as web-based reconnaissance. As a light-weight framework, Brutus aimsRead More

Scour – AWS Exploitation Framework

Scour is a modern module based AWS exploitation framework written in golang, designed for red team testing and blue team analysis. Scour contains modern techniques that can be used to attack environments or build detections for defense. Features Command Completion Dynamic resource listing Command history Blue team mode (tags attacks with unique User Agent) InstallationRead More

RomBuster – A Router Exploitation Tool That Allows To Disclosure Network Router Admin Password

RomBuster is a router exploitation tool that allows to disclosure network router admin password. Features Exploits vulnerabilities in most popular routers such as D-Link, Zyxel, TP-Link and Huawei. Optimized to exploit multiple routers at one time from list with threading enabled. Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/RomBuster Basic usage To use RomBusterRead More

CamOver – A Camera Exploitation Tool That Allows To Disclosure Network Camera Admin Password

CamOver is a camera exploitation tool that allows to disclosure network camera admin password. Features Exploits vulnerabilities in most popular camera models such as CCTV, GoAhead and Netwave. Optimized to exploit multiple cameras at one time from list with threading enabled. Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/CamOver Basic usage To use CamOverRead More

Swift-Attack – Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods

Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods. I have included some post exploitation examples using both command line history and on disk binaries (which should be easier for detection) as well as post exploitation examples using API calls only (which will be more difficult forRead More

Evasor – A Tool To Be Used In Post Exploitation Phase For Blue And Red Teams To Bypass APPLICATIONCONTROL Policies

The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be used to bypass any Application Control rules. It is very easy to use, quick, saves time and fully automated which generates for you a report including description, screenshots and mitigations suggestions, suites for both blueRead More

OverRide – Binary Exploitation And Reverse-Engineering (From Assembly Into C)

Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag – password for next level README.md – how to find password source.c – the reverse engineered binary dissasembly_notes.md – notes on asm See the subject for more details. For more gdb & exploitation fun checkRead More

Traitor – Automatic Linux Privesc Via Exploitation Of Low-Hanging Fruit E.G. GTFOBin

Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. It’ll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploitingRead More

X