The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike as execute assembly command. Credit the name to the amazing PayloadAllTheThings github repo (https://github.com/swisskyrepo/PayloadsAllTheThings)
- SharpWMI - implementation of various WMI functionality. This includes local/remote WMI queries, remote WMI process creation through win32_process, and remote execution of arbitrary VBS through WMI event subscriptions. Alternate credentials are also supported for remote methods.
- Credit - https://twitter.com/harmj0y
- Link - https://github.com/GhostPack/SharpWMI
- SharpGPOAbuse - take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.
- SharpPersist - Windows persistence toolkit written in C#.
- Credit - https://twitter.com/h4wkst3r
- Link - https://github.com/fireeye/SharPersist
- SharpStay - .NET project for installing Persistence
- SharpUp - port of various PowerUp functionality
- Credit - https://twitter.com/harmj0y
- Link - https://github.com/GhostPack/SharpUp
- SharpCradle - download and execute .NET binaries into memory.
- SharpLocker - helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike.
- SharpDPAPI - port of some DPAPI functionality from @gentilkiwi's Mimikatz project.
- SharpDump - port of PowerSploit's Out-Minidump.ps1 functionality.
- Credit - https://twitter.com/harmj0y
- Link - https://github.com/GhostPack/SharpDump
- SharpWeb - Retrieve saved browser credentials from Google Chrome, Mozilla Firefox and Microsoft Internet Explorer/Edge.
- SharpCookieMonster - Extracts cookies from Chrome.
- Credit - https://twitter.com/m0rv4i , original work by @defaultnamehere
- Link - https://github.com/m0rv4i/SharpCookieMonster
- SharpHound - Uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment, executes collection options necessary to populate the backend BloodHound database.
- Credit - The amazing crew of Bloodhound (https://www.twitter.com/\_wald0, https://twitter.com/CptJesus, and https://twitter.com/CptJesus)
- Link - https://github.com/BloodHoundAD/BloodHound/tree/master/Ingestors
- SharpWitness - C# version of EyeWitness by Christopher Truncer. Take screenshots of websites, provide some server header info, and identify default credentials if possible.
- SharpDomainSpray - very simple password spraying tool written in .NET. It takes a password then finds users in the domain and attempts to authenticate to the domain with that given password.
- SharpSniper - Find specific users in active directory via their username and logon IP address
- SharpFruit - Port of Find-Fruit.ps1, aid Penetration Testers in finding juicy targets on internal networks without nmap scanning.
- Credit - https://twitter.com/424f424f
- Link - https://github.com/rvrsh3ll/SharpFruit
- SharpPrinter- tool to enumerate all visible network printers in local network
- Credit - https://twitter.com/424f424f
- Link - https://github.com/rvrsh3ll/SharpPrinter
- SharpView - C# implementation of harmj0y's PowerView
- Credit - https://twitter.com/tevora
- Link - https://github.com/tevora-threat/SharpView
- SharpSearch - Search files for extensions as well as text within.
- SharpClipHistory - Read the contents of a user's clipboard history in Windows 10 starting from the 1809 Build.
- SharpClipboard - Monitor of the clipboard for any passwords
- SharpCom - port of Invoke-DCOM, Execute's commands via various DCOM methods as demonstrated by (@enigma0x3)
- Credit - https://twitter.com/424f424f
- Link - https://github.com/rvrsh3ll/SharpCOM
- Sharpexcel4_dcom - Port of Invoke-Excel4DCOM, Lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
- SharpExec - C# tool designed to aid with lateral movement
- SharpRDP - Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
- Credit - https://twitter.com/0xthirteen
- Link - https://github.com/0xthirteen/SharpRDP
- SharpMove - .NET Project for performing Authenticated Remote Execution
- SharpBox - Tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.
- Credit - https://twitter.com/_P1CKLES_
- Link - https://github.com/P1CKLES/SharpBox
- Rubeus - toolset for raw Kerberos interaction and abuses.
- Credit - https://twitter.com/harmj0y
- Link - https://github.com/GhostPack/Rubeus
- SafetyKatz - combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader.
- Credit - https://twitter.com/harmj0y
- Link - https://github.com/GhostPack/SafetyKatz
- Seatbelt - project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
- Credit -https://twitter.com/harmj0y
- Link - https://github.com/GhostPack/Seatbelt
- Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities
- ADFSDump - dump all sorts of goodies from AD FS.
- Credit - https://twitter.com/doughsec
- Link - https://github.com/fireeye/ADFSDump
- OffensiveCSharp - Collection of Offensive C# Tooling
- CredSniper - Prompts the current user for their credentials using the CredUIPromptForWindowsCredentials WinAPI function. Supports an argument to provide the message text that will be shown to the user.
- EncryptedZIP -Compresses a directory or file and then encrypts the ZIP file with a supplied key using AES256 CFB. This assembly also clears the key out of memory using RtlZeroMemory. Use the included Decrypter progam to decrypt the archive.
- SessionSearcher - Searches all connected drives for PuTTY private keys and RDP connection files and parses them for relevant details. Based on SessionGopher by @arvanaghi.
- UnquotedPath - Outputs a list of unquoted service paths that aren't in System32/SysWow64 to plant a PE into.
- Internal Monologue - Retrieving NTLM Hashes without Touching LSASS
- InveighZero - Windows C# LLMNR/mDNS/NBNS/DNS spoofer/man-in-the-middle tool
- SCShell - fileless lateral movement tool that relies on ChangeServiceConfigA to run commands.
- Credit - https://twitter.com/MrUn1k0d3r
- Link - https://github.com/Mr-Un1k0d3r/SCShell
- ATPMiniDump - Dumping LSASS memory with MiniDumpWriteDump on PssCaptureSnapShot to evade WinDefender ATP credential-theft.
- Credit - https://twitter.com/b4rtik
- Link - https://github.com/b4rtik/ATPMiniDump
- RdpTheif - Extracting Clear Text Passwords from mstsc.exe using API Hooking.
- Credit - https://twitter.com/0x09AL
- Link - https://github.com/0x09AL/RdpThief
- Spray-AD - audit Active Directory user accounts for weak, well known or easy guessable passwords.
- Credit - https://twitter.com/Cneelis
- Link - https://github.com/outflanknl/Spray-AD
- Recon-AD - an AD recon tool based on ADSI and reflective DLL’s
- Credit - https://twitter.com/Cneelis
- Link - https://github.com/outflanknl/Recon-AD
- Zipper - a CobaltStrike file and folder compression utility.
- Credit - Cornelis de Plaa (@Cneelis) / Outflank
- Link - https://github.com/outflanknl/Zipper
- Grouper2 - A tool for pentesters to help find security-related misconfigurations in Active Directory Group Policy.
- Credit - l0ss (@mikeloss) https://twitter.com/mikeloss
- Link - https://github.com/l0ss/Grouper2/blob/master/README.md