leomatias's repositories
AD_Miner
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
Adalanche
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
AutoRecon-XSS
AutoRecon-XSS is a script designed for automated reconnaissance of XSS vulnerabilities. It crawls the target URL or alive domains, extracts potential vulnerable URLs, and checks them for XSS vulnerabilities.
Azure-MG-Sub-Governance-Reporting
Azure Governance Visualizer aka AzGovViz is a PowerShell script that captures Azure Governance related information such as Azure Policy, RBAC (a lot more) by polling Azure ARM, Storage and Microsoft Graph APIs.
bbot
OSINT automation for hackers.
bug-bounty
bounty collection
cisco-ios-xe-implant-scanner
Scans for Implanted IOS XE Systems
clairvoyance
Obtain GraphQL API schema even if the introspection is disabled
cloudsploit
Cloud Security Posture Management (CSPM)
CredMaster
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
domscan
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
emploleaks
An OSINT tool that helps detect members of a company with leaked credentials
Havoc
The Havoc Framework.
HEKATOMB
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.
HiddenDesktop
HVNC for Cobalt Strike
IIS-ShortName-Scanner
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application.
LFI-FINDER
LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities
linux-exploit-suggester
Linux privilege escalation auditing tool
RedCloud-OS
RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
SharpTokenFinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
ShellGhost
A memory-based evasion technique which makes shellcode invisible from process start to end.
SimpleCSPM
GCP CSPM using Google Sheets
steampipe
Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
threat-intel
Signatures and IoCs from public Volexity blog posts.
vulscan
Advanced vulnerability scanning with Nmap NSE