CrackQL – GraphQL Password Brute-Force And Fuzzing Utility

CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL query or mutation into several alias operations. It determines the number of aliasesRead More

Msprobe – Finding All Things On-Prem Microsoft For Password Spraying And Enumeration

Finding all things on-prem Microsoft for password spraying and enumeration. The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below: Installing Install the project using pipx pipx install git+ Usage The toolRead More

SSOh-No – User Enumeration And Password Spraying Tool For Testing Azure AD

This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute force/spraying attacks, while also failing to log any failed authentication attempts. ThisRead More

Kraken – A Multi-Platform Distributed Brute-Force Password Cracking System

Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator based cracking across multiple machines both as a web app in a web browser and as a standalone electron based client. Kraken aims to be easy to use, fault tolerant and scalable. I wrote KrakenRead More

LDAP-Password-Hunter – Password Hunter In The LDAP Infamous Database

It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter is a tool which wraps features of (Impacket) and ldapsearch in order to look up for password stored in LDAP database. Impacket getTGT.pyRead More

Spray365 – Makes Spraying Microsoft Accounts (Office 365 / Azure AD) Easy Through Its Customizable Two-Step Password Spraying Approach

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an “execution plan”. While having a pre-generated execution plan that describe the spraying operation wellRead More

O365Spray – Username Enumeration And Password Spraying Tool Aimed At Microsoft O365

For educational, authorized and/or research purposes only. o365spray a username enumeration and password spraying tool aimed at Microsoft Office 365 (O365). This tool reimplements a collection of enumeration and spray techniques researched and identified by those mentioned in Acknowledgments. WARNING: The oAuth2 module for user enumeration is performed by submitting a single authentication attempt perRead More

ZipExec – A Unique Technique To Execute Binaries From A Password Protected Zip

ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. ThisRead More

Cracken – A Fast Password Wordlist Generator, Smartlist Creation And Password Hybrid-Mask Analysis Tool

Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust (more on talk/). Inspired by great tools like maskprocessor, hashcat, Crunch and 珞 HuggingFace’s tokenizers. What? Why? Woot?? At DeepSec2021 we presented a new method for analysing passwords as Hybrid-Masks exploiting common substrings in passwords byRead More