Pinned Repositories
aclpwn.py
Active Directory ACL exploitation with BloodHound
ADAPE-Script
Active Directory Assessment and Privilege Escalation Script
Aggressor-VYSEC
amass
In-depth subdomain enumeration written in Go
Apfell
A macOS, post-exploit, red teaming framework
apt2
automated penetration toolkit
APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
aquatone
A Tool for Domain Flyovers
artillery
The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.
firefalc0n's Repositories
firefalc0n/aclpwn.py
Active Directory ACL exploitation with BloodHound
firefalc0n/ADAPE-Script
Active Directory Assessment and Privilege Escalation Script
firefalc0n/Apfell
A macOS, post-exploit, red teaming framework
firefalc0n/attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
firefalc0n/awesome-elasticsearch
A curated list of the most important and useful resources about elasticsearch: articles, videos, blogs, tips and tricks, use cases. All about Elasticsearch!
firefalc0n/aws_pwn
A collection of AWS penetration testing junk
firefalc0n/badKarma
advanced network reconnaissance toolkit
firefalc0n/common-substr
Simple awk script to extract the most common substrings from an input text. Built for password cracking.
firefalc0n/DCOMrade
Powershell script for enumerating vulnerable DCOM Applications
firefalc0n/DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️🔥
firefalc0n/evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
firefalc0n/FACT_core
Firmware Analysis and Comparison Tool
firefalc0n/Get-NetNTLM
Powershell module to get the NetNTLMv2 hash of the current user
firefalc0n/kamerka
Build interactive map of cameras from Shodan
firefalc0n/LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
firefalc0n/MaliciousMacroMSBuild
Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.
firefalc0n/my-arsenal-of-AWSome-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
firefalc0n/OffensiveDLR
Toolbox containing research notes & PoC code for weaponizing .NET's DLR
firefalc0n/Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
firefalc0n/osquery-attck
Mapping the MITRE ATT&CK Matrix with Osquery
firefalc0n/pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
firefalc0n/passcat
Passwords Recovery Tool
firefalc0n/public-pentesting-reports
Curated list of public penetration test reports released by several consulting firms and academic security groups
firefalc0n/SharpBox
SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.
firefalc0n/SharpSploit
SharpSploit is a .NET post-exploitation library written in C#
firefalc0n/Shr3dKit
Red Team Tool Kit
firefalc0n/sploits
firefalc0n/static-binaries
Various *nix tools built as statically-linked binaries
firefalc0n/UhOh365
A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.
firefalc0n/VBA-RunPE
A VBA implementation of the RunPE technique or how to bypass application whitelisting.