dafthack

dafthack's Stars

• danielmiessler/SecLists

  SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

  Language:PHP58.8k1.9k26923.9k

• PowerShellMafia/PowerSploit

  PowerSploit - A PowerShell Post-Exploitation Framework

  Language:PowerShell11.9k7811884.6k

• BloodHoundAD/BloodHound

  Six Degrees of Domain Admin

  Language:PowerShell9.9k3785121.7k

• EmpireProject/Empire

  Empire is a PowerShell and Python post-exploitation agent.

  Language:PowerShell7.5k4897812.8k

• mandiant/commando-vm

  Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

  Language:PowerShell7k2832321.3k

• RedSiege/EyeWitness

  EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

  Language:Python5k144451848

• bluscreenofjeff/Red-Team-Infrastructure-Wiki

  Wiki to collect Red Team infrastructure hardening resources

  4.2k2117902

• toolswatch/blackhat-arsenal-tools

  Official Black Hat Arsenal Security Tools Repository

  3.9k340111.1k

• epinna/tplmap

  Server-Side Template Injection and Code Injection Detection and Exploitation Tool

  Language:Python3.8k8379672

• trustedsec/unicorn

  Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

  Language:Python3.7k231143816

• dafthack/MailSniper

  MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

  Language:PowerShell2.9k9853572

• dafthack/DomainPasswordSpray

  DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!

  Language:PowerShell1.8k4914377

• sense-of-security/ADRecon

  ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

  Language:HTML1.7k8226284

• ustayready/CredSniper

  CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.

  Language:HTML1.3k7724297

• EmpireProject/EmPyre

  A post-exploitation OS X/Linux agent written in Python 2.7

  Language:Python867830204

• mdsecactivebreach/Chameleon

  Chameleon: A tool for evading Proxy categorisation

  Language:Python46017771

• CredDefense/CredDefense

  Credential and Red Teaming Defense for Windows Environments

  Language:C++323252159

• dafthack/PassphraseGen

  A script for generating custom passphrase lists to be used for password cracking with hashcat rules

  Language:PowerShell795022