Beast code in Giters

spyr0's starred repositories

Find-SensitiveAzStorageAccounts

A PowerShell script designed to detect misconfigured Azure Storage Accounts that could potentially be exploited for privilege escalation and lateral movement

Language:PowerShell1100

okta-terrify

Okta Verify and Okta FastPass Abuse Tool

Language:C#24900

ADEssentials

PowerShell Active Directory helper functions to manage healthy Active Directory

Language:PowerShellMIT40800

AutoFunkt

Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles

Language:PythonGPL-3.018300

PowerShell-Red-Team

Collection of PowerShell functions a Red Teamer may use in an engagement

Language:PowerShellNOASSERTION47100

Moriarty

Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments.

Language:C#GPL-3.045800

OUned

The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning

Language:Python6200

monkey365

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.

Language:PowerShellApache-2.074800

fuegoshell

Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445

Language:PowerShellGPL-3.02600

pywsus

Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.

Language:PythonMIT28400

MsRdpEx

Microsoft RDP Client Extensions

Language:C++MIT13000

CMLoot

Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares

Language:PowerShellBSD-3-Clause14300

Active_Directory_Advanced_Threat_Hunting

This repo is about Active Directory Advanced Threat Hunting

Language:PowerShell47200

PXEThief

PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager

Language:PythonGPL-3.027400

Misconfiguration-Manager

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Language:PowerShellGPL-3.059200

BadShares

A tool to create randomly insecure file shares that also contain unsecured credential files

Language:PowerShell2900

TeamFiltration

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

Language:C#GPL-3.0101300

GraphSpy

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Language:HTMLBSD-3-Clause45600

EventViewer-UACBypass

🍊 Orange Tsai EventViewer RCE

Language:PowerShell16500

Windows-Penetration-Testing

Technical notes, AD pentest methodology, list of tools, scripts and Windows commands that I find useful during internal penetration tests and assumed breach exercises (red teaming)

Language:PowerShell23200

Nemesis

An offensive data enrichment pipeline

Language:PythonNOASSERTION57200

attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Language:JinjaApache-2.0203000

Damn-Vulnerable-RESTaurant-API-Game

Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.

Language:PythonGPL-3.040000

Repository with the scripts that I have used in my blogs on https://powershellisfun.com. If you like these, please sponsor this project using the Sponsor button below or buy me a coffee :) https://www.buymeacoffee.com/powershellisfun

Language:PowerShell43100

spyr0-sec