SilentHound – Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. Installation Using pipenv (recommended method) sudo python3 -m pip install –user pipenvgit clone https://github.com/layer8secure/SilentHound.gitcd silenthoundpipenv install This will create an isolated virtual environment with dependencies needed for the project. To use the project youRead More

SharpSniper – Find Specific Users In Active Directory Via Their Username And Logon IP Address

Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific users in the domain can be compromised, for example the CEO. SharpSniper is a simple tool to find the IP address of these users so that you can target their box. It requires that youRead More

Snap-Scraper – Snap Scraper Enables Users To Download Media Uploaded To Snapchat’s Snap Map Using A Set Of Latitude And Longitude Coordinates

Snap Scraper is an open source intelligence tool which enables users to download media uploaded to Snapchat’s Snap Map using a set of latitude and longitiude co-ordinates. This project is in no way affiliated with, authorized, maintained, sponsored or endorsed by Snap inc. or any of its affiliates or subsidiaries. This program is for education,Read More

SharpGPOAbuse – Tool To Take Advantage Of A User’S Edit Rights On A Group Policy Object (GPO) In Order To Compromise The Objects That Are Controlled By That GPO

[*] SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user’s edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO. More details can be found at the following blog post: https://labs.mwrinfosecurity.com/tools/sharpgpoabuse Compile Instructions Make sure theRead More

Gitrecon – OSINT Tool To Get Information From A Github Profile And Find GitHub User’S Email Addresses Leaked On Commits

OSINT tool to get information from a github profile and find GitHub user’s email addresses leaked on commits. How does this work? GitHub uses the email address associated with a GitHub account to link commits and other activity to a GitHub profile. When a user makes commits to public repos their email address is usuallyRead More

Patriot-Linux – Host IDS For Desktop Users

Patriot Linux is a HIDS for desktop users who wants real time graphical alerts when something suspicious happens Patriot detect: 1- Suspicious process running 2- New process starting TCP/IP Connection 3- Auditd alerts 4- New keyboards plugged Installation You need to configure Auditd with this suggested rules https://github.com/Neo23x0/auditd (you can use your own rules andRead More

Offering Users More For Their Activity – Similar Items Upon Checkout

The shopping isn’t finished once you’ve purchased your item. If you’ve ever done shopping online, then you know all about being presented with related items to the one you just purchased. This feature is common for online retail websites and quite useful for both the consumer and the producers. If the user sees products similarRead More

Permission Manager – A Project That Brings Sanity To Kubernetes RBAC And Users Management, Web UI FTW

Welcome to the Permission Manager!Permission Manager is an application developed by SIGHUP that enables a super-easy and user-friendly RBAC management for Kubernetes. If you are looking for a simple and intuitive way of managing your users within a Kubernetes cluster, this is the right place.With Permission Manager, you can create users, assign namespaces/permissions, and distributeRead More

Self-XSS – Self-XSS Attack Using Bit.Ly To Grab Cookies Tricking Users Into Running Malicious Code

Self-XSS attack using bit.ly to grab cookies tricking users into running malicious code How it works?Self-XSS is a social engineering attack used to gain control of victims’ web accounts by tricking users into copying and pasting malicious content into their browsers. Since Web browser vendors and web sites have taken steps to mitigate this attackRead More

X