Get-AppLockerEventlog – Script For Fetching Applocker Event Log By Parsing The Win-Event Log

This script will parse all the channels of events from the win-event log to extract all the log relatives to AppLocker. The script will gather all the important pieces of information relative to the events for forensic or threat-hunting purposes, or even in order to troubleshoot. Here are the logs we fetch from win-event: EXERead More

PowerHuntShares – Audit Script Designed In Inventory, Analyze, And Report Excessive Privileges Configured On Active Directory Domains

[*] PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers. It is intented to help IAM and other blue teams gain a better understand of their SMB Share attack surface and provides data insights to help naturally group related share to help streamRead More

FarsightAD – PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise

FarsightAD is a PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise. The script produces CSV / JSON file exports of various objects and their attributes, enriched with timestamps from replication metadata. Additionally, if executed with replication privileges, the Directory Replication Service (DRS)Read More

Klyda – Highly Configurable Script For Dictionary/Spray Attacks Against Online Web Applications

The Klyda project has been created to aid in quick credential based attacks against online web applications. Klyda supports the use from simple password sprays, to large multithreaded dictionary attacks. Klyda is a new project, and I am looking for any contributions. Any help is very appreciated. Klyda offers simple, easy to remember usage; however,Read More

Shells – Little Script For Generating Revshells

A script for generating common revshells fast and easy. Especially nice when in need of PowerShell and Python revshells, which can be a PITA getting correctly formated. PowerShell revshells Shows [email protected], above the prompt and working-directory Has a partial AMSI-bypass, making some stuff a bit easier TCP and UDP Windows Powershell and Core Powershell FunctionsRead More

PersistenceSniper – Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines

PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. The Why Why writing such a tool, you might ask. Well, for starters, I tried looking around and I did not find aRead More

Coercer – A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine. Analyze mode with –analyze, which only lists theRead More

ApacheTomcatScanner – A Python Script To Scan For Apache Tomcat Server Vulnerabilities

A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target source possible: Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets. Reading targets line by line from a file. Reading individual targets (IP/DNS/CIDR)Read More

Puwr – SSH Pivoting Script For Expanding Attack Surfaces On Local Networks

Easily expand your attack surface on a local network by discovering more hosts, via SSH. Using a machine running a SSH service, Puwr uses a given subnet range to scope out IP’s, sending back any successful ping requests it has. This can be used to expand out an attack surface on a local network, byRead More