firefalc0n's repositories
aclpwn.py
Active Directory ACL exploitation with BloodHound
ADAPE-Script
Active Directory Assessment and Privilege Escalation Script
Apfell
A macOS, post-exploit, red teaming framework
attack-navigator
Web app that provides basic navigation and annotation of ATT&CK matrices
awesome-elasticsearch
A curated list of the most important and useful resources about elasticsearch: articles, videos, blogs, tips and tricks, use cases. All about Elasticsearch!
aws_pwn
A collection of AWS penetration testing junk
badKarma
advanced network reconnaissance toolkit
common-substr
Simple awk script to extract the most common substrings from an input text. Built for password cracking.
DCOMrade
Powershell script for enumerating vulnerable DCOM Applications
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️🔥
evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
FACT_core
Firmware Analysis and Comparison Tool
Get-NetNTLM
Powershell module to get the NetNTLMv2 hash of the current user
kamerka
Build interactive map of cameras from Shodan
LOLBAS
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
MaliciousMacroMSBuild
Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass.
my-arsenal-of-AWSome-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
OffensiveDLR
Toolbox containing research notes & PoC code for weaponizing .NET's DLR
Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
osquery-attck
Mapping the MITRE ATT&CK Matrix with Osquery
pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
passcat
Passwords Recovery Tool
public-pentesting-reports
Curated list of public penetration test reports released by several consulting firms and academic security groups
SharpBox
SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API.
SharpSploit
SharpSploit is a .NET post-exploitation library written in C#
Shr3dKit
Red Team Tool Kit
static-binaries
Various *nix tools built as statically-linked binaries
UhOh365
A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.
VBA-RunPE
A VBA implementation of the RunPE technique or how to bypass application whitelisting.