Pinned Repositories
ACLight
A script for advanced discovery of Privileged Accounts - includes Shadow Admins
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
activedirectory
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
AD-Pentesting
bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
Burpsuite
Cheat-sheets
Tried and tested
Cloud-pentesting
subdomainenum
balaasif6789's Repositories
balaasif6789/ACLight
A script for advanced discovery of Privileged Accounts - includes Shadow Admins
balaasif6789/bugbounty-cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
balaasif6789/ADRecon
ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
balaasif6789/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
balaasif6789/awesome-hacking
Awesome hacking is an awesome collection of hacking tools.
balaasif6789/awesome-infosec
A curated list of awesome infosec courses and training resources.
balaasif6789/awesome-pentest-cheat-sheets
Collection of the cheat sheets useful for pentesting
balaasif6789/awesome-security
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
balaasif6789/BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
balaasif6789/CloudScraper
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
balaasif6789/domain
Setup script for Regon-ng
balaasif6789/ExchangeRelayX
An NTLM relay tool to the EWS endpoint for on-premise exchange servers. Provides an OWA for hackers.
balaasif6789/goddi
goddi (go dump domain info) dumps Active Directory domain information
balaasif6789/icebreaker
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
balaasif6789/impacket
Impacket is a collection of Python classes for working with network protocols.
balaasif6789/Internal-Monologue
Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
balaasif6789/isf
ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python
balaasif6789/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
balaasif6789/MobileApp-Pentest-Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
balaasif6789/PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
balaasif6789/pythonfilecopypaste
A Python file to copy paste files. I used it to automate sorting of reports based on the groups which they belonged to.
balaasif6789/rapidscan
:diamonds: The Multi-Tool Web Vulnerability Scanner.
balaasif6789/Red-Teaming-Toolkit
A collection of open source and commercial tools that aid in red team operations.
balaasif6789/S3Scanner
Scan for open AWS S3 buckets and dump the contents
balaasif6789/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
balaasif6789/security-cheatsheets
A collection of cheatsheets for various infosec tools and topics.
balaasif6789/SharpView
C# implementation of harmj0y's PowerView
balaasif6789/SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
balaasif6789/system_audit
A rough checklist for system audit
balaasif6789/takeover
Sub-Domain TakeOver Vulnerability Scanner