We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
GTFOBLookup - Offline command line lookup utility for GTFOBins (https://github
- 45
Offline command line lookup utility for GTFOBins and LOLBAS. Whilst GTFOBLookup will run in Python2.7, some features require Python3.
https://github.com/nccgroup/GTFOBLookup| Tags | pentesting redteam privesc pentesting-tools gtfobins lolbas |
| Implementation | Python |
| License | GPL |
| Platform | Windows Linux |
Related Projects
traitor - Automatic Linux privesc via exploitation of low-hanging fruit e
Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. It'll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock, or the recent polkit CVE-2021-3560. More routes to root will be added over time too.
exploit infosec privilege-escalation security-tools privesc hackthebox gtfobins redteam-tools cve-2021-3560PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. For pre-compiled local linux exploits, check out https://www.kernel-exploits.com.
exploits privesc sql mysql hacking pentesting bugbountyGTFOBins
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Browse the project here.
post-exploitation unix bypass gtfobins binaries reverse-shell bind-shell exfiltration redteam blueteamCloudPentestCheatsheets - This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers. I leveraged a number of different books and blogs to put together these lists. While this is not a comprehensive list I wanted to recognize and thank the sources listed in the References & Resources page linked below.
pspy - Monitor linux processes without root permissions
pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea. The tool gathers it's info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes.
ctf pentesting privesc enumerationvulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer's time. The platform is built to support automation at every stage of the process and allow customization for whatever other systems you use as part of your pentesting process. Vulnreport was built by the Salesforce Product Security team as a way to get rid of the time we spent writing, formatting, and proofing reports for penetration tests. Our goal was and continues to be to build great security tools that let pentesters and security engineers focus on finding and fixing vulns.
habu - Python Network Hacking Toolkit
I'm developing Habu to teach (and learn) some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing.
network-analysis networking scapy python3 security-tools hacking penetration-testing pentesting pentest pentest-tool pentesting-networks security-audit security-testingLOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
There are currently three different lists. The goal of these lists are to document every binary, script and library that can be used for Living Off The Land techniques.
lolbins lolscripts redteam blueteam purpleteam dfir living-off-the-landCloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination. For a quick start on CloakifyFactory, see the cleverly titled file "README_GETTING_STARTED.txt" in the project for a walkthrough.
cipher data-exfiltration hacking pentesting exfiltration steganography cryptography dlp av-evasion privacy security security-tools infosec red-team pentest pentest-tool hacking-tool hacking-tools pentest-tools stegoRaspberry-Pwn - A Raspberry Pi pentesting suite by Pwnie Express
A Raspberry Pi pentesting suite by Pwnie Express
pentest - :no_entry: offsec batteries included
:no_entry: offsec batteries included
pentesting kali-linux pentesting-windows pentest-environment offensive-securityredsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments
RedSnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. Retrieve Local Hashes from a single machine using local administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d .
pentesting pentesting-windows active-directorySniffAir - A framework for wireless pentesting.
SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules. Tested and supported on Kali Linux, Debian and Ubuntu.
testing testing-tool pentesting penetration-testingbluebox-ng - Pentesting framework using Node.js powers, focused in VoIP.
Pentesting framework using Node.js powers. Focused in VoIP. DISCLAIMER: Pointing this tool at other people's servers is NOT legal in most countries.
voip shodan security tool pentest pentestint exploit exploiting sip amiidb - idb is a tool to simplify some common tasks for iOS pentesting and research
idb is a tool to simplify some common tasks for iOS pentesting and research. Originally there was a command line version of the tool, but it is no longer under development so you should get the GUI version. idb has a new homepage at http://www.idbtool.com All documentation and news are posted over there.
PSAttack - A portable console aimed at making pentesting with PowerShell a little easier.
A portable console aimed at making pentesting with PowerShell a little easier. PS>Attack combines some of the best projects in the infosec powershell community into a self contained custom PowerShell console. It's designed to make it easy to use PowerShell offensively and to evade antivirus and Incident Response teams. It does this with in a couple of ways.
powershell powershell-console penetration-testingCrackMapExec - A swiss army knife for pentesting networks
Please see the installation wiki page here.
active-directory pentesting powershell networksHomePWN - HomePwn - Swiss Army Knife for Pentesting of IoT Devices
HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library of modules you can use this tool to load new features and use them in a vast variety of devices. Discovery modules. These modules provide functionalities related to the discovery stage, regardless of the technology to be used. For example, it can be used to conduct WiFi scans via an adapter in monitor mode, perform discovery of BLE devices, Bluetooth Low-Energy, which other devices are nearby and view their connectivity status, etc. Also, It can be used to discover a home or office IoT services using protocols such as SSDP or Simple Service Discovery Protocol and MDNS or Multicast DNS.
iot hack nfc blep0wny-shell - Single-file PHP shell
p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.
pentesting php-shell
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
