leomatias's repositories
HEKATOMB
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.
threat-intel
Signatures and IoCs from public Volexity blog posts.
django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Adalanche
Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
SharpTokenFinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
CredMaster
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application.
clairvoyance
Obtain GraphQL API schema even if the introspection is disabled
bug-bounty
bounty collection
AD_Miner
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
cisco-ios-xe-implant-scanner
Scans for Implanted IOS XE Systems
Havoc
The Havoc Framework.
emploleaks
An OSINT tool that helps detect members of a company with leaked credentials
IIS-ShortName-Scanner
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
bbot
OSINT automation for hackers.
LFI-FINDER
LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities
cloudsploit
Cloud Security Posture Management (CSPM)
steampipe
Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
vulscan
Advanced vulnerability scanning with Nmap NSE
domscan
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
ShellGhost
A memory-based evasion technique which makes shellcode invisible from process start to end.
RedCloud-OS
RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
Azure-MG-Sub-Governance-Reporting
Azure Governance Visualizer aka AzGovViz is a PowerShell script that captures Azure Governance related information such as Azure Policy, RBAC (a lot more) by polling Azure ARM, Storage and Microsoft Graph APIs.
AutoRecon-XSS
AutoRecon-XSS is a script designed for automated reconnaissance of XSS vulnerabilities. It crawls the target URL or alive domains, extracts potential vulnerable URLs, and checks them for XSS vulnerabilities.
linux-exploit-suggester
Linux privilege escalation auditing tool
HiddenDesktop
HVNC for Cobalt Strike
SimpleCSPM
GCP CSPM using Google Sheets