Clik here to view.
Tater is a PowerShell implementation of the Hot Potato Windows Privilege...
Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. Tater is mainly pieced together from existing Inveigh code. Notes Use caution, this is still very much in a...
View ArticleClik here to view.
BypassUAC is a Defeating Windows User Account Control by abusing built-in...
BypassUAC is a Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. System Requirements 1.x86-32/x64 Windows 7/8/8.1/10 (client, some methods however works on server...
View ArticleClik here to view.
venom.sh v1.0.10 – Codename: Final Polymorphic Stub.
CHANGELOG VERSION 1.0.10 (26/1/2016) Codename: Final Polymorphic Stub; FUNCTION | DESCRIPTION ——- ——- ————————————————————————— bug fix -> ‘getsystem’ bug fixed in all...
View ArticleClik here to view.
ysoserial v-0.0.3 – A proof-of-concept tool for generating payloads that...
Changelog v0.0.3: + Refactors and included new JRE <= 1.7u21 gadget chain ysoserial is a collection of utilities and property-oriented programming “gadget chains” discovered in common java libraries...
View ArticleClik here to view.
shellsploit-framework v1-beta : New Generation Exploit Development Kit.
Shellsploit let’s you generate customized shellcodes, backdoors, injectors for various operating system. And let’s you obfuscation every byte via encoders. Requirement: + capstone + readline...
View ArticleClik here to view.
Metasploit modules to perform SharePoint misconfiguration exploitation.
Metasploit modules to perform SharePoint misconfiguration exploitation. Modules: + sharepoint_brute_browse.rb: This SharePwn module searches for common SharePoint services, directories, and files via...
View ArticleClik here to view.
Climber – Check UNIX/Linux systems for privilege escalation.
Automated auditing tool to check UNIX/Linux systems misconfigurations which may allow local privilege escalation. Latest Change 28/1/2016: Updated Exscript https://github.com/knipknap/exscript (Now...
View ArticleClik here to view.
Nishang v-0.6.3 – PowerShell for penetration testing and offensive security.
Changelog v0.6.3: + Added Invoke-Interceptor to the MITM directory. Parameter Invoke-Interceptor DESCRIPTION This script uses MJPEG to stream a target’s desktop in real time. It is able to connect to a...
View ArticleClik here to view.
Commix v0.4b – Automatic All-in-One OS Command Injection and Exploitation Tool.
Roadmap & Changelog Version 0.3b [2015]: + Added: Time-relative false-positive identification, which identifies unexpected time delays due to unstable requests. + Added: New option “-l”, that...
View ArticleClik here to view.
rkduck is a Linux kernel v4.x.x Rootkit.
NOTICE : This post for research purpose only, Should not be used on your production machine!! rkduck is a Linux kernel v4.x.x Rootkit. This is Example for dumping rkduck.ko (Module) Operating System...
View ArticleClik here to view.
Msfvenom Payload Creator (MPC) v-1.4.2.
Changelog v1.4.2 : Now works with Kali-Linux rolling (Note from US: this script work fine at Ubuntu 12-15 & Metaspoit). mpc v1-4-2 Msfvenom Payload Creator (MPC) is a wrapper to generate multiple...
View ArticleClik here to view.
PowerSCCM – PowerShell module to interact with SCCM databases for both...
PowerSCCM is a Functions to facilitate connections to and queries from SCCM databases for both offensive and defensive applications. The code is kept PowerShell Version 2.0 compliant with no external...
View ArticleClik here to view.
Chuckle – An automated SMB Relay Script.
Chuckle – An automated SMB Relay Script. Latest Change 2/3/2016 : chuckle.sh; Modified to use unixwiz nbtscan for reliability. chuckle.sh Chuckle requires a few tools to work: + Nmap + Responder +...
View ArticleClik here to view.
Brosec v0.2 – An interactive reference tool to help security professionals...
Changelog v0.2 (Feb 15, 2016): ++ Features – bros ftp – New feature added to allow for a simple (insecure) ftp server which allows download/upload of the current directory via anonymous ++ connections....
View ArticleClik here to view.
Libsafe Multi-threaded Process Race Condition Security Bypass Weakness.
Libsafe Multi-threaded Process Race Condition Security Bypass Weakness implementations. Latest change 6/2/2016: add legend to figure. Libsafe will normally kill an application when certain types of...
View ArticleClik here to view.
Al-Khaser v0.3 – a PoC malware with good intentions that aimes to stress your...
Changelog v0.3: + All structure file has been change + feature : Anti-virtualization. al-khaser is a PoC malware with good intentions that aimes to stress your anti-malware system. al-khaser is a PoC...
View ArticleClik here to view.
randkit – Random number rootkit for the Linux kernel.
NOTICE: THIS POST FOR RESEARCH PURPOSE ONLY! randkit is an Random number rootkit for the Linux kernel with zero and xor128 rootkits. bufferoverflow test: – fdrandom – getrandom – writefdrandom – xor128...
View ArticleClik here to view.
exploit pack – list your new exploit on Exploit Pack you will need.
Exploit Pack has been designed by an experienced team of software developers and exploit writers to automate processes so that penetration testers can focus on what’s really important. The threat. This...
View ArticleClik here to view.
Windows-Exploit-Suggester v3.1.
changelog v31 2016-02-10: + changed bulletin url, microsoft 404’d it This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches...
View ArticleClik here to view.
Yosuo v2.1- is A ruby script that scans for vulnerable & exploitable...
Changelog v2.1: + Added functionality to save good urls in a file that could be used to re-run Yasuo. More explained in readme file + just one more cosmetic change yasuo 2.1 Yasuo is a ruby script...
View Article