Pinned Repositories
ESC
Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.
goddi
goddi (go dump domain info) dumps Active Directory domain information
MicroBurst
A collection of scripts for assessing Microsoft Azure security
NetblockTool
Find netblocks owned by a company
PESecurity
PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.
PowerHuntShares
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
PowerShell
NetSPI PowerShell Scripts
PowerUpSQL
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
SQLInjectionWiki
A wiki focusing on aggregating and documenting various SQL injection methods
xssValidator
This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
NetSPI's Repositories
NetSPI/PowerUpSQL
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
NetSPI/MicroBurst
A collection of scripts for assessing Microsoft Azure security
NetSPI/SQLInjectionWiki
A wiki focusing on aggregating and documenting various SQL injection methods
NetSPI/PowerHuntShares
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
NetSPI/PESecurity
PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.
NetSPI/PowerShell
NetSPI PowerShell Scripts
NetSPI/gcpwn
Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @WebbinRoot
NetSPI/JavaSerialKiller
Burp extension to perform Java Deserialization Attacks
NetSPI/BetaFast
Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series
NetSPI/AWSSigner
Burp Extension for AWS Signing
NetSPI/AutoDirbuster
Automatically run and save ffuf scans for multiple IPs
NetSPI/FuncoPop
Tools for attacking Azure Function Apps
NetSPI/PowerHunt
PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.
NetSPI/MonkeyWorks
NetSPI/silkwasm
HTML Smuggling with Web Assembly
NetSPI/ruler
A tool to abuse Exchange services
NetSPI/DetectionRules
This is a single location to store detection rules of various types.
NetSPI/Open-LLM-Security-Benchmark
NetSPI/Scheduled-Task
Native Binary for Creating a Scheduled Task
NetSPI/XPath-Injection-Lab
NetSPI/vbamc
Visual Basic for Applications macro project compiler.
NetSPI/WikiJekyllTheme
Wiki theme for various NetSPI wikis
NetSPI/bambdas
Bambdas collection for Burp Suite Professional and Community.
NetSPI/browser-extension
NetSPI/BypassFuzzer
Fuzz 401/403/404 pages for bypasses
NetSPI/community-scripts
A collection of ZAP scripts and tips provided by the community - pull requests very welcome!
NetSPI/GOAD
game of active directory
NetSPI/zap-api-python
ZAP Python API
NetSPI/zap-extensions
ZAP Add-ons
NetSPI/zaproxy
The ZAP by Checkmarx Core project