PortBender – TCP Port Redirection Utility

PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one TCP port (e.g., 445/TCP) to another TCP port (e.g., 8445/TCP). PortBender includes an aggressor script that operators can leverage to integrate the tool with Cobalt Strike. However, because the tool is implemented as a reflectiveRead More

DivideAndScan – Divide Full Port Scan Results And Use It For Targeted Nmap Runs

Divide Et Impera And Scan (and also merge the scan results) DivideAndScan is used to efficiently automate port scanning routine by splitting it into 3 phases: Discover open ports for a bunch of targets. Run Nmap individually for each target with version grabbing and NSE actions. Merge the results into a single Nmap report (differentRead More

CIMplant – C# Port Of WMImplant Which Uses Either CIM Or WMI To Query Remote Systems

C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user’s session. Note: Some commands will use PowerShell in combination with WMI, denoted with ** in the –show-commands command. Introduction CIMplant is a C# rewrite and expansion on @christruncer‘s WMImplant. It allows youRead More

PentestBro – Combines Subdomain Scans, Whois, Port Scanning, Banner Grabbing And Web Enumeration Into One Tool

Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes for banner grabbing. Uses list of paths for web enumeration. Example scan of “www.ccc.de“: Scanned subdomain, IPs and ports Grabbed banner for each IP and port whoisRead More

SharpDPAPI – A C# Port Of Some Mimikatz DPAPI Functionality

[*] SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi‘s Mimikatz project. I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process and operationalize it to fit our workflow. The SharpChrome subproject is an adaptation of work from @gentilkiwi and @djhohnstein,Read More

Go-RouterSocks – Router Sock. One Port Socks For All The Others.

[*] The next step after compromising a machine is to enumerate the network behind. Many tools exist to expose a socks port on the attacker’s machine and send all the traffic through a tunnel to the compromised machine. When several socks ports are available, we have to manage different proxychains configuration to choose the targetedRead More

PSC – E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward

DNS lookup and SSH session forwarded across an UART connection to a Pi PSC allows to e2e encrypt shell sessions, single- or multip-hop, being agnostic of the underlying transport, as long as it is reliable and can send/receive Base64 encoded data without modding/filtering. Along with the e2e pty that you receive (for example inside aRead More

SharpSecDump – .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket’S Secretsdump.Py

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket’s secretsdump.py. By default runs in the context of the current user. Please only use in environments you own or have permission to test against 🙂 Usage SharpSecDump.exe -target= -u=admin -p=Password123 -d=test.local Required Flags -target – Comma seperated list of IP’s / hostnamesRead More