pentestmano Goto Github PK

impacket

Impacket is a collection of Python classes for working with network protocols.

ioxidresolver

IOXIDResolver.py from AirBus Security

krbrelayup

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

ldap_disjection

Discover and BruteForce LDAP Fields From Web App

log4j-shell-poc

A Proof-Of-Concept for the CVE-2021-44228 vulnerability.

metabase-pre-auth-rce-poc

This is a script written in Python that allows the exploitation of the Metabase's software security flaw in the described in CVE 2023-38646.

mimikatz

A little tool to play with Windows security

oscp-exam-report-template-markdown

:orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

oscp-prep

OSCP Preparation

p0wny-shell

Single-file PHP shell

payloadsallthethings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

pentest_teamcity

Pentest TeamCity using Metasploit

poc

Proof of Concepts

powersploit

PowerSploit - A PowerShell Post-Exploitation Framework

psgetsystem

getsystem via parent process using ps1 & embeded c#

pyescrypt

Python bindings for yescrypt: memory-hard, NIST-compliant password hashing

python3-nmap

A python 3 library which helps in using nmap port scanner. This is done by converting each nmap command into a callable python3 method or function. System administrators can now automatic nmap scans using python

redteaming-tactics-and-techniques

Red Teaming Tactics and Techniques

redteaming_cheatsheet

Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.

regexp-security-cheatsheet

rogue-jndi

A malicious LDAP server for JNDI injection attacks

seclists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

sharpcollection

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

sharpgpo

A Red Team tool for remotely manipulating Group Policy Object(GPO), Organizational Unit(OU), GPLink and Security Filtering

sharpgpoabuse

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

sudo_inject

[Linux] Two Privilege Escalation techniques abusing sudo token

template-injection-table

The Template Injection Table is intended to help during the testing of an application for template injection vulnerabilities.

tinja

TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines for eight different programming languages.

turtlepower

Turtlepower is a collection of scripts I use to make boring repetive tasks I do in pentesting such as file transfers and setting up shells happen quick and easy so I can focus my energy on pwning.

typo3scan

Enumerate Typo3 version and extensions