dafthack

Pinned Repositories

Check-LocalAdminHash
Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrator. It's useful if you obtain a password hash for a user and want to see where they are local admin on a network. It is essentially a Frankenstein of two of my favorite tools along with some of my own code. It utilizes Kevin Robertson's (@kevin_robertson) Invoke-TheHash project for the credential checking portion. Additionally, the script utilizes modules from PowerView by Will Schroeder (@harmj0y) and Matt Graeber (@mattifestation) to enumerate domain computers to find targets for testing admin access against.
Language:PowerShell174 9 135
CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
2.6k 103 1513
DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
Language:PowerShell1.8k 49 14375
GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
Language:PowerShell947 18 11105
HostRecon
This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.
Language:PowerShell434 32 3119
MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
Language:PowerShell2.9k 98 53572
MFASweep
A tool for checking if MFA is enabled on multiple Microsoft Services
Language:PowerShell1.4k 25 9188
MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
Language:PowerShell912 23 3170
PowerMeta
PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
Language:PowerShell544 33 9115
PowerWebShot
A PowerShell tool for taking screenshots of multiple web servers quickly.
Language:PowerShell91 8 535

dafthack's Repositories

dafthack/MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
Language:PowerShell2.9k 98 53572
dafthack/CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
2.6k 103 1513
dafthack/DomainPasswordSpray
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
Language:PowerShell1.8k 49 14375
dafthack/MFASweep
A tool for checking if MFA is enabled on multiple Microsoft Services
Language:PowerShell1.4k 25 9188
dafthack/GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
Language:PowerShell947 18 11105
dafthack/MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
Language:PowerShell912 23 3170
dafthack/PowerMeta
PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
Language:PowerShell544 33 9115
dafthack/Check-LocalAdminHash
Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrator. It's useful if you obtain a password hash for a user and want to see where they are local admin on a network. It is essentially a Frankenstein of two of my favorite tools along with some of my own code. It utilizes Kevin Robertson's (@kevin_robertson) Invoke-TheHash project for the credential checking portion. Additionally, the script utilizes modules from PowerView by Will Schroeder (@harmj0y) and Matt Graeber (@mattifestation) to enumerate domain computers to find targets for testing admin access against.
Language:PowerShell174 9 135
dafthack/lab_scripts
Repo for hosting various scripts for creating users for password spraying and other password attacks.
11 3 03
dafthack/BasicPHPRedirector
A basic PHP redirection site that captures request headers
Language:PHP9 4 03
dafthack/Ethereham
A script for tracking and decoding input data messages sent to and from a particular Ethereum address or from every transaction in a block.
Language:Python9 3 04
dafthack/gitleaks
Scan git repos for secrets using regex and entropy 🔑
Language:Go8 2 02
dafthack/m365_groups_enum
Enumerate Microsoft 365 Groups in a tenant with their metadata
Language:Python8 2 01
dafthack/blocksec-incidents
A curated list of blockchain security incidents including exchange hacks, DeFi compromises, blockchain attacks, and others.
7 3 02
dafthack/Bloodhound-Custom-Queries
Custom Query list for the Bloodhound GUI based off my cheatsheet
5 1 02
dafthack/TeamFiltration
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
Language:C#5 1 0
dafthack/aws-api-models
A collection of documented and undocumented AWS API models
Language:Python4 1 01
dafthack/ip2provider
Resolves an IP address to the cloud provider it is hosted on
Language:Python4 1 0
dafthack/dropengine
Language:Python3 2 01
dafthack/gcploit
Language:Python3 3 02
dafthack/msportals.io
Microsoft Administrator Sites
Language:HTML3 1 0
dafthack/Noctilucent
Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise
Language:Go3 2 02
dafthack/PrtToCert
Language:Python3 2 0
dafthack/solidity-cheatsheet
Cheat sheet and best practices for solidity. Write smart contracts for Ethereum.
3 2 04
dafthack/antitrackingtags
Language:Swift2 1 01
dafthack/AzureADJoinedMachinePTC
Language:Python2 2 0
dafthack/openhaystack
Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.
Language:Swift2 1 01
dafthack/PurpleCloud
A little tool to play with Azure Identity - Azure Active Directory lab creation tool
Language:Python2 1 0
dafthack/azure-ad-first-party-apps-permissions
1
dafthack/dafthack
About Me
1 3 0