#windows

hoaxshell on offsec.tools
Sponsor
hoaxshell

Windows reverse shell payload generator and handler that abuses the http(s) protocol.

#payloads   #shell   #windows  

spraykatz on offsec.tools
spraykatz

Credentials gathering tool automating remote procdump and parse of lsass process.

#activedirectory   #lsass   #passwords   #windows  

WINspect on offsec.tools
WINspect

Powershell-based Windows security auditing toolbox.

#enumeration   #scanner   #windows  

BloodHound on offsec.tools
BloodHound

Six Degrees of Domain Admin.

#activedirectory   #azure   #exploits   #windows  

MobSF on offsec.tools
MobSF

All-in-one mobile application pentesting, malware analysis and security assessment framework.

#allinone   #android   #ios   #malware   #mobile   #windows  

ctftool on offsec.tools
ctftool

Interactive CTF exploration tool.

#privesc   #windows  

Prenum on offsec.tools
Prenum

The perils of the pre-Windows 2000 compatible access group in a Windows domain.

#activedirectory   #windows  

LOLBAS on offsec.tools
LOLBAS

Living Off The Land Binaries, Scripts and Libraries.

#binaries   #privesc   #resources   #windows  

RegStrike on offsec.tools
RegStrike

RegStrike is a .reg payload generator.

#obfuscation   #payloads   #windows  

HTTP-revshell on offsec.tools
HTTP-revshell

Powershell reverse shell using HTTP/S protocol with AMSI bypass and Proxy Aware.

#powershell   #shell   #windows  

enum4linux-ng on offsec.tools
enum4linux-ng

A Windows/Samba enumeration tool with additional features like JSON/YAML export.

#network   #samba   #windows  

DripLoader on offsec.tools
DripLoader

Evasive shellcode loader for bypassing injection detection.

#bypass   #exploits   #shell   #windows  

Hash Muncher on offsec.tools
Hash Muncher

Grab NetNTLMv2 hashes using ETW with administrative rights on Windows.

#ntlm   #windows  

Invoke-ADEnum on offsec.tools
Invoke-ADEnum

Automate Active Directory Enumeration using PowerView.

#activedirectory   #windows  

NanoDump on offsec.tools
NanoDump

A flexible tool that creates a minidump of the LSASS process.

#credentials   #lsass   #windows  

GodPotato on offsec.tools
GodPotato

Privilege escalation tool for Windows.

#privesc   #windows  

LDAP Password Hunter on offsec.tools
LDAP Password Hunter

Password Hunter in active directory.

#activedirectory   #ldap   #passwords   #windows  

mimikittenz on offsec.tools
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

#exploits   #memory   #secrets   #windows  

FindUncommonShares on offsec.tools
FindUncommonShares

Quickly find uncommon shares in vast Windows domains.

#activedirectory   #ldap   #samba   #shares   #windows  

Invoke-TmpDavFS on offsec.tools
Invoke-TmpDavFS

Memory Backed Powershell WebDav Server.

#webdav   #windows  

PowerShdll on offsec.tools
PowerShdll

Run PowerShell with rundll32 in order to bypass software restrictions.

#exploits   #payloads   #powershell   #windows  

PSByPassCLM on offsec.tools
PSByPassCLM

Bypass for PowerShell Constrained Language Mode.

#exploits   #payloads   #powershell   #windows  

Invoke-BSOD on offsec.tools
Invoke-BSOD

For when you want a computer to be done - without admin!.

#bsod   #exploits   #windows  

Invoke-WCMDump on offsec.tools
Invoke-WCMDump

PowerShell script to dump Windows credentials from the Credential Manager.

#passwords   #windows  

windows-privesc-check on offsec.tools
windows-privesc-check

Standalone executable to check for simple privilege escalation vectors.

#exploits   #privesc   #windows  

PowerSploit on offsec.tools
PowerSploit

A PowerShell Post-Exploitation Framework.

#exploits   #privesc   #rce   #shell   #windows  

WMEye on offsec.tools
WMEye

Post exploitation tool that uses WMI event filter and MSBuild execution for lateral movement.

#pivot   #privesc   #windows   #wmi  

NTLMRecon on offsec.tools
NTLMRecon

Enumerate information from NTLM authentication enabled web endpoints.

#domains   #ntlm   #windows  

WinPwnage on offsec.tools
WinPwnage

UAC bypass, Elevate, Persistence methods.

#privesc   #uac   #windows  

PipeViewer on offsec.tools
PipeViewer

A tool that shows detailed information about named pipes in Windows.

#pipes   #utils   #windows  

ADRecon on offsec.tools
ADRecon

Gather information about the Active Directory and generates a report.

#activedirectory   #domains   #reports   #windows  

UserEnum on offsec.tools
UserEnum

Domain user enumeration tool.

#domains   #ldap   #usernames   #windows  

pypykatz on offsec.tools
pypykatz

Mimikatz implementation in pure Python.

#bruteforce   #cracker   #ntlm   #passwords   #windows  

Responder on offsec.tools
Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner.

#dns   #exploits   #ftp   #hash   #ldap   #mssql   #passwords   #samba   #windows  

Snaffler on offsec.tools
Snaffler

A tool to help at finding delicious candy needles in a bunch of horrible boring haystacks.

#activedirectory   #exploits   #privesc   #windows  

RidRelay on offsec.tools
RidRelay

Enumerate usernames on a domain where you have no creds by using SMB relay.

#activedirectory   #domains   #ntlm   #samba   #usernames   #windows  

jackdaw on offsec.tools
jackdaw

Gather gather gather.

#activedirectory   #domains   #hash   #passwords   #usernames   #windows  

enum4Linux on offsec.tools
enum4Linux

Enumerate data from Windows and Samba hosts.

#network   #samba   #windows  

ShadowSpray on offsec.tools
ShadowSpray

Spray shadow credentials across an entire domain.

#domains   #passwords   #windows  

RDP Scraper on offsec.tools
RDP Scraper

Enumerates users based off RDP Screenshots.

#rdp   #usernames   #windows  

l0phtcrack on offsec.tools
l0phtcrack

Crack Windows passwords from hashes.

#cracker   #hash   #ntlm   #passwords   #windows  

mimikatz on offsec.tools
mimikatz

A little tool to play with Windows security.

#cracker   #hash   #ntlm   #passwords   #windows  

Ophcrack on offsec.tools
Ophcrack

Windows password cracker based on rainbow tables.

#bruteforce   #cracker   #ntlm   #passwords   #windows  

Cain and Abel on offsec.tools
Cain and Abel

Password recovery tool for Microsoft Operating Systems.

#bruteforce   #network   #passwords   #voip   #windows   #wireless  

mssqlproxy on offsec.tools
mssqlproxy

Perform lateral movement in restricted environments through a compromised MSSQL Server.

#mssql   #privesc   #sqli   #windows  

windows-kernel-exploits on offsec.tools
windows-kernel-exploits

A list of Windows kernel exploits.

#cves   #exploits   #kernel   #resources   #windows  

WES-NG on offsec.tools
WES-NG

Windows Exploit Suggester - Next Generation.

#cves   #exploits   #metasploit   #windows  

Windows Exploit Suggester on offsec.tools
Windows Exploit Suggester

Compares target patch levels against the Microsoft vulnerability DB to detect missing patches.

#cves   #exploits   #metasploit   #windows  

WinPwn on offsec.tools
WinPwn

Automation for internal Windows pentest / AD-Security.

#activedirectory   #cves   #exploits   #windows  

SharpImpersonation on offsec.tools
SharpImpersonation

A User Impersonation tool - via Token or Shellcode injection.

#exploits   #windows  

ADRT on offsec.tools
ADRT

Active Directory Report Tool.

#activedirectory   #domains   #enumeration   #passwords   #users   #windows  

SweetPotato on offsec.tools
SweetPotato

A collection of various Windows privilege escalation techniques from service accounts to SYSTEM.

#privesc   #windows  

SharpHose on offsec.tools
SharpHose

Asynchronous password spraying tool for Windows environments.

#activedirectory   #passwords   #spraying   #windows  

windapsearch on offsec.tools
windapsearch

Enumerate users, groups and computers from a Windows domain through LDAP queries.

#activedirectory   #domains   #ldap   #windows  

Rubeus on offsec.tools
Rubeus

Rubeus is a toolkit for Kerberos interaction and abuses.

#activedirectory   #authentication   #exploits   #windows  

linWinPwn on offsec.tools
linWinPwn

Automates a number of Active Directory enumeration and vulnerability.

#activedirectory   #enumeration   #linux   #windows  

Coercer on offsec.tools
Coercer

Automatically coerce a Windows server to authenticate on an arbitrary machine.

#fuzzing   #network   #reports   #samba   #scanner   #windows  

SQLRecon on offsec.tools
SQLRecon

A C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation.

#azure   #mssql   #sqli   #vulnerabilities   #windows  

PEASS-ng on offsec.tools
PEASS-ng

Privilege Escalation Awesome Scripts SUITE.

#linux   #macos   #privesc   #windows  

Burp NTLM Challenge Decoder on offsec.tools
Burp NTLM Challenge Decoder

Burp extension to decode NTLM SSP headers and extract domain/host information.

#burpsuite   #ntlm   #windows  

msldap on offsec.tools
msldap

LDAP library for auditing Microsoft Active Directory.

#activedirectory   #ldap   #windows  

ADAPE Script on offsec.tools
ADAPE Script

Active Directory assessment and privilege escalation script.

#activedirectory   #windows  

SSH PuTTY login bruteforcer on offsec.tools
SSH PuTTY login bruteforcer

A wrapper script which uses PuTTY to perform SSH login bruteforce attacks.

#bruteforce   #passwords   #ssh   #windows  

SMBploit on offsec.tools
SMBploit

Offensive tool to scan & exploit vulnerabilities in Windows over SMB using Metasploit.

#metasploit   #samba   #windows  

ADReaper on offsec.tools
ADReaper

Enumerate an Active Directory environment with LDAP queries.

#activedirectory   #ldap   #windows  

ADenum on offsec.tools
ADenum

Find misconfiguration through LDAP to exploit weaknesses with Kerberos.

#activedirectory   #kerberos   #ldap   #windows