Abartan Dhakal's repositories
pbis-open
BeyondTrust AD Bridge Open is an open-source community project sponsored by BeyondTrust Corporation. It is currently archived and will no longer receive updates. If you are interested in an Enterprise version of this project, please see our AD Bridge product.
PadBuster
Automated script for performing Padding Oracle attacks
Stormspotter
Azure Red Team tool for graphing Azure and Azure Active Directory objects
Snaffler
a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
tprox
TProx is a fast reverse proxy path traversal detector and directory bruteforcer.
wifi-penetration-testing-cheat-sheet
Work in progress...
RedTeam-OffensiveSecurity
Tools & Interesting Things for RedTeam Ops
awesome-osint
:scream: A curated list of amazingly awesome OSINT
RedTeam-Tactics-and-Techniques
Red Teaming Tactics and Techniques
bounty-targets
This project crawls bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) hourly and dumps them into the bounty-targets-data repo
Monitorizer
Multithreaded monitoring framework to detect and report newly found subdomains on a specific target using various scanning tools with support for Acunetix & Nuclei
portmaster
🏔 Love Freedom - ❌ Block Mass Surveillance
CVE-2021-27850_POC
A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated remote code execution.
Elgg
A social networking engine in PHP/MySQL
bypass-firewalls-by-DNS-history
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
writehat
A pentest reporting tool written in Python. Free yourself from Microsoft Word.
fakemeeting
Creates and sends fake meeting invite
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
XSSTRON
Electron JS Browser To Find XSS Vulnerabilities Automatically
Pyrate
Practice Web App written in python with some vulnerabilities.
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
CVE-2021-3129
Laravel <= v8.4.2 debug mode: Remote code execution (CVE-2021-3129)
BadBlood
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.