leomatias's repositories
AD_Miner
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
Adalanche
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
Awesome-WAF
🔥 Web-application firewalls (WAFs) from security standpoint.
Azure-MG-Sub-Governance-Reporting
Azure Governance Visualizer aka AzGovViz is a PowerShell script that captures Azure Governance related information such as Azure Policy, RBAC (a lot more) by polling Azure ARM, Storage and Microsoft Graph APIs.
bbot
OSINT automation for hackers.
BChecks
BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
bug-bounty
bounty collection
cisco-ios-xe-implant-scanner
Scans for Implanted IOS XE Systems
clairvoyance
Obtain GraphQL API schema even if the introspection is disabled
cloudsploit
Cloud Security Posture Management (CSPM)
CredMaster
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
domscan
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
emploleaks
An OSINT tool that helps detect members of a company with leaked credentials
Havoc
The Havoc Framework.
HEKATOMB
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.
IIS-ShortName-Scanner
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application.
LFI-FINDER
LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
ntlmv1-multi
NTLMv1 Multitool
RedCloud-OS
RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
SharpTokenFinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
ShellGhost
A memory-based evasion technique which makes shellcode invisible from process start to end.
steampipe
Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
threat-intel
Signatures and IoCs from public Volexity blog posts.
vulscan
Advanced vulnerability scanning with Nmap NSE
xssorRecon
Automate Recon XSS Bug Bounty