DivideAndScan – Divide Full Port Scan Results And Use It For Targeted Nmap Runs

Divide Et Impera And Scan (and also merge the scan results) DivideAndScan is used to efficiently automate port scanning routine by splitting it into 3 phases: Discover open ports for a bunch of targets. Run Nmap individually for each target with version grabbing and NSE actions. Merge the results into a single Nmap report (differentRead More

CIMplant – C# Port Of WMImplant Which Uses Either CIM Or WMI To Query Remote Systems

C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user’s session. Note: Some commands will use PowerShell in combination with WMI, denoted with ** in the –show-commands command. Introduction CIMplant is a C# rewrite and expansion on @christruncer‘s WMImplant. It allows youRead More

PentestBro – Combines Subdomain Scans, Whois, Port Scanning, Banner Grabbing And Web Enumeration Into One Tool

Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes for banner grabbing. Uses list of paths for web enumeration. Example scan of “www.ccc.de“: Scanned subdomain, IPs and ports Grabbed banner for each IP and port whoisRead More

SharpDPAPI – A C# Port Of Some Mimikatz DPAPI Functionality

[*] SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi‘s Mimikatz project. I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process and operationalize it to fit our workflow. The SharpChrome subproject is an adaptation of work from @gentilkiwi and @djhohnstein,Read More

Go-RouterSocks – Router Sock. One Port Socks For All The Others.

[*] The next step after compromising a machine is to enumerate the network behind. Many tools exist to expose a socks port on the attacker’s machine and send all the traffic through a tunnel to the compromised machine. When several socks ports are available, we have to manage different proxychains configuration to choose the targetedRead More

PSC – E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward

DNS lookup and SSH session forwarded across an UART connection to a Pi PSC allows to e2e encrypt shell sessions, single- or multip-hop, being agnostic of the underlying transport, as long as it is reliable and can send/receive Base64 encoded data without modding/filtering. Along with the e2e pty that you receive (for example inside aRead More

SharpSecDump – .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket’S Secretsdump.Py

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket’s secretsdump.py. By default runs in the context of the current user. Please only use in environments you own or have permission to test against 🙂 Usage SharpSecDump.exe -target= -u=admin -p=Password123 -d=test.local Required Flags -target – Comma seperated list of IP’s / hostnamesRead More

Nray – Distributed Port Scanner

  Nray is a free, platform and architecture independent port and application layer scanner. Apart from regular targets (list of hosts/networks), it supports dynamic target selection, based on source like transparency logscertificate transparency logs or LDAP. Furthermore, nray allow to run in a distributed manner to speed up scans and to perform scans from differentRead More