Tooling Repository
- Phonebook.cz - Lookup emails related to the organization
- YAWAST - Amazing for performing initial reconnaissance on a website. Also has a PoC for Sweet32 built into it
- AutoDirBuster - Parse Nmap scans and run DirBuster against targets. Useful when covering a large scope$
- Amass - In-depth attack surface mapping. Great for asset discovery and performing external reconnaissance
- Nmap-Elasticsearch-NSE - NSE script for scanning Elasticsearch. Useful when identified in a penetration test.
- Enum4Linux - Useful for gathering information from a host with anoymous access or authenticating to a DC to obtain a list of usernames
- EyeWitness - Visually inspect websites. My preferred tool of choice. Has the ability to parse Nessus scans
- LeakedInt - LinkedIn reconnaissance tool that provides output with picture, name, email, title, and location
- LinkedIn2Username - My favorite LinkedIn reconnaissance tool. It should be noted that this tool will not reliably identify all of the emails for a company.
- SpoolSploit - Collection of Windows print spooler exploits. Great for obtaining a foothold or escalating privileges!
- DomainPasswordSpray - Spraying attacks against a domain. Gathers account lockout windows which is nifty
- BruteSpray - Brute-Forcing from an Nmap output. One of my favorites for automating the assessment of a network
- PACK - Password Analysis and Cracking Toolkit. There's a lot of password goodies and resources here
- SSH-Audit - Comprehensive audit of SSH. Provides comprehensive information about the SSH server in use
- Nisahng - Collection of offensive PowerShell scripts for use in penetration testing and red teaming
- LdapDomainDump - Dump information about the domain. Incredibly useful for escalating privileges or gathering additional information for spraying attacks
- Invoke-DNSDiscovery - Searches through DNS after compromising a machine to identify interesting assets
- Slingshot - Slingshot is an Ubuntu-based Linux distribution with the MATE Desktop Environment built for use in the SANS penetration testing curriculum and beyond.
Last modified 5mo ago