gfoss

PSRecon

:rocket: PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.

attacking-drupal

:fire: Scripts used to augment the penetration testing process of Drupal web applications.

phpmyadmin_honeypot

:honey_pot: A simple and effective phpmyadmin honeypot

PowerShell-DL-Exec

:syringe: Download and Execute PowerShell scripts on remote hosts with ease.

misc

:alien: miscellaneous scripts and things...

PowerShell-Honeyport

A powershell script for creating a Windows honeyport.

keybase-mail

:lock: Keybase-Mail.ps1 is a basic wrapper for the windows command-line version of keybase.io

PIE

:mailbox: The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365

Invoke-Hue

:rotating_light: PowerShell Philips Hue Integration and Automation

Invoke-Wrike

:chart_with_upwards_trend: Wrike PowerShell API Integration and Automation

the-book-of-secret-knowledge

A collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more. Especially for System and Network Administrators, DevOps, Pentesters or Security Researchers.

CVE-2021-43326_Exploit

:boom: Automox Windows Agent Privilege Escalation Exploit

abuse.ch_ransomware_scraper

Scrapes the indicator lists from abuse.ch's Ransomware Tracker.

Empire

Empire is a PowerShell and Python post-exploitation agent.

EvilOSX

A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.

SIEM-Speak

:sound: 'Say' for Windows PowerShell

Atomic-Parser

Python parser for Red Canary's Atomic Red Team Yamls

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

Bella

A pure python, post-exploitation, data mining tool and remote administration tool for macOS.

Pause-Process

PowerShell script which allows pausing\unpausing Win32/64 exes

physical-docs

This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments.

polarbearrepo

research

subTee-gits-backups

subTee gists code backups

tau-tools

A repo containing tools developed by Carbon Black's Threat Research Team: Threat Analysis Unit

unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

Cloud-Hunter

Dynamically generate and hunt with Lacework LQL queries quickly and efficiently

LockBit-Black-Builder

OverlayPwn

Bypass paywalls and related overlays

pyWhat

🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️