Red Team Tools.

Abusing IPv6 to do MITM on ipv4 only networks. https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ via mitm6

Spookflare redteam/pentest obfuscation/EPP bypasses

MS SQL attack tool

CSS keylogger

Linux ASLR bypass (untested)

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

SG1 - data exfil swiss army knife Random WinPwnages

Automate getting AD creds if you're on an internal network but outside the AD "environment". Icebreaker.

List of found/open S3 buckets

Blind XSS testing framework

Powershell Empire

Powershell runspace post exploit tookkit

DCOM lateral movement

Execute stuff from ADS streams

Bloodhound Exploring windows AD networks re cred abuse

Phishing with TOTP - evilginx

Run binaries as SYSTEM with signed nvidia binary

Evil via all the things

Phish devs that use git

Burp

Find vulnerable javascript libraries plugin

Guppy Proxy free alternative to Burp.

C&C

AD as C&C

Proxy stuff over HTTPS websockets

Passwords

CASM Character aware split method.

SQLI injection cheat sheet

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Red Team Tools.

Burp

C&C

Passwords

Clone this wiki locally