Cyber Security Tools
- Cyber Security
- CTF, cyber security, cyber security tools, hacker, hacking, OSINT, pentester
- September 29, 2024
⋆.🌼 Cyber Security Tools❣ 🌼.⋆
- Open Data Playground
- Shodan Images
- Link Expander – Grabify IP Logger & URL Shortener
- cyberguideme/Tools: Cyber Security Tools
- payloadbox/sql-injection-payload-list: 🎯 SQL Injection Payload List
- Z4KKD/CIS261ProjectPhase3
- CTFd/CTFd: CTFs as you need them
- ctf-writeups/banana-boy.md at master · VulnHub/ctf-writeups
- sbilly/awesome-security: A collection of awesome security resources
- hmaverickadams/TCM-Security-Sample-Pentest-Report: Sample pentest report provided by TCM Security
- DvorakDwarf/Infinite-Storage-Glitch: ISG lets you use YouTube as cloud storage for ANY files
- mohinparamasivam/Email-Bomber: Spam emails
- Tib3rius/AutoRecon: Automated network reconnaissance tool
- jivoi/awesome-osint: A curated list of OSINT resources
- cispa/persistent-clientside-xss: Exploit generator and Taint Engine
- 3ct0s/disctopia-c2: Windows Remote Administration Tool
- Special Symbols – Geopoeia
- RSA Cipher Calculator – Online Decoder, Encoder, Translator
- ANY.RUN – Interactive Online Malware Sandbox
- Automated Malware Analysis Executive Report – Joe Sandbox
- Aperi’Solve
- XSS Filter Evasion – OWASP Cheat Sheet Series
- Memory forensics with Volatility on Linux and Windows
- How to Use Volatility for Memory Forensics and Analysis – Varonis
- Pwndbg + GEF + Peda — One for all, and all for one – InfoSec Write-ups
- GCC Cheat Sheet
- SQL Injection – HackTricks
- Login Bypass – HackTricks
- PwnTools – HackTricks
- Cracking RNGs: Linear Congruential Generators
- Emojifying your Linux terminal 🚀 – David Q
- Python If-Else – HackerRank
- Getting Started – Docs
- Nmap Cheat Sheet 2023
- cptc-report-2019.pdf
- cptc-report-2020.pdf
- grep.geek: heroctf.pirate
- Attacking JSON Web Tokens (JWTs) – InfoSec Write-ups
- Hacker Tools: JWT_Tool – The JSON Web Token Toolkit – Intigriti
- BYUCTF-2023/HUUP at main · BYU-CSA/BYUCTF-2023
- Deseret Alphabet Translator
- kkar/VBS-Obfuscator-in-Python: VBScript obfuscation tool
- MS Word macros with Powercat reverse shell – Nol White Hat
- Return to libc attack in 2022 and beyond – bannedit19 – Medium
- ihebski/DefaultCreds-cheat-sheet: One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password
- Tools – Dradis Framework
- frizb/Hydra-Cheatsheet: Hydra cheatsheet with practical examples
- Tailor Your CV to the Job You Want – deepspace5
- deadbits/Eternalblue: Exploit and auxiliary modules for EternalBlue (MS17-010)
- jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls
- RoseSecurity/GoFetch: A tool to automatically download your favorite tools from GitHub
- sonofagl1tch/Warez: Various Exploits and PoCs for personal use
- frizb/PurplePanda: The Purple Panda is a collection of offensive PowerShell and C# scripts for use during red team engagements.
- Exploiting Windows with Pywhisker –
- asciinema: Record and share your terminal sessions
- mongodb_nosql_injection.md
- joeammond/jwtcat: A small, standalone, fast, portable command-line tool for decoding JSON Web Tokens (JWTs)
- Cybersecurity Articles Archives – Hakin9
- Hakin9 December 2022 Edition – Hakin9
- Windows Privilege Escalation Cheatsheet
Pentesting
- 4 ways to SMTP Enumeration – Hacking Articles
- SMTP enumeration with Kali Linux – Hackercool Magazine
- IMAP Protocol Crib Sheet
- SQL*Plus Commands
- 623/UDP/TCP – IPMI – HackTricks
- IMAP 101: Manual IMAP Sessions – IMAP commands – Atmail email
- 873 – Pentesting Rsync – HackTricks
- Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentesting
- oncybersec/oscp-enumeration-cheat-sheet: A collection of commands and tools used for conducting enumeration during my OSCP journey
- impacket/samrdump.py at master · fortra/impacket · GitHub
- ShawnDEvans/smbmap: SMBMap is a handy SMB enumeration tool
- Porchetta-Industries/CrackMapExec: A swiss army knife for pentesting networks
- cddmp/enum4linux-ng: A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
- SMTP errors and reply codes
Information Gathering
- ISO/IEC 27001 Standard – Information Security Management Systems
- https://www.isecom.org/OSSTMM.3.pdf
- Cybersecurity Framework
- OWASP Foundation, the Open Source Foundation for Application Security
- OWASP Web Security Testing Guide
- OWASP Mobile Application Security
- scriptingxss/owasp-fstm: The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, consultants, and Information Security professionals with conducting firmware security assessments.
- Common Vulnerability Scoring System SIG
- Zone Transfer Test Online
- https://academy.hackthebox.com/module/144/section/1256
- https://rawwater-ahl1phuiph.shellweplayaga.me/assets/app-5498e87f83224632595252ccafab9e36.js
- https://0xdf.gitlab.io/2022/06/25/htb-phoenix.html
- OWASP ZAP – Getting Started
- crt.sh
- DREAD (risk assessment model) – Wikipedia
- NVD – CVSS v3 Calculator
- CVE-2021-34527 – Security Update Guide – Microsoft – Windows Print Spooler Remote Code Execution Vulnerability
- OVAL – Open Vulnerability and Assessment Language
- CVE – Researcher Reservation Guidelines
- CVE – Common Vulnerabilities and Exposures (CVE)
- OpenVAS – Open Vulnerability Assessment Scanner
- Nessus Attack Scripting Language – Wikipedia
- Plugins – Tenable®
- FortyNorthSecurity/EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- PTES Technical Guidelines – The Penetration Testing Execution Standard
- HIPAA- Health Insurance Portability and Accountability Act
- Federal Information Security Modernization Act
- SeImpersonatePrivilege and SeCreateGlobalPrivilege – Windows Server
- PowerSploit/PowerUp.ps1 at master · PowerShellMafia/PowerSploit · GitHub
- impacket/smbserver.py at master · fortra/impacket · GitHub
- BITSAdmin tool – Win32 apps
- regsvr32
- WebClient Class (System.Net)
- Download Cradles
- Running Remote Commands – PowerShell
- PowerShell Gallery
- How to Use SCP Command to Securely Transfer Files – Linuxize
- CiscoCXSecurity/linikatz: linikatz is a tool to attack AD on UNIX
- RFC 3912 – WHOIS Protocol Specification
- Site report for https://1337raptors.tech
- WhatWeb – MorningStar Security
- Find out what websites are built with – Wappalyzer
- michenriksen/aquatone: A Tool for Domain Flyovers
VULNERABILITY ASSESSMENT
- CVE-2021-34527 – Security Update Guide – Microsoft – Windows Print Spooler Remote Code Execution Vulnerability
- OVAL – Open Vulnerability and Assessment Language
- CVE – Researcher Reservation Guidelines
- CVE – Common Vulnerabilities and Exposures (CVE)
- OpenVAS – Open Vulnerability Assessment Scanner
- Nessus Attack Scripting Language – Wikipedia
- Plugins – Tenable®
- FortyNorthSecurity/EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- OWASP Foundation, the Open Source Foundation for Application Security
- OWASP Web Security Testing Guide
- OWASP Mobile Application Security
- scriptingxss/owasp-fstm: The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers, consultants, and Information Security professionals with conducting firmware security assessments.
- Common Vulnerability Scoring System SIG
- DREAD (risk assessment model) – Wikipedia
- NVD – CVSS v3 Calculator
- PTES Technical Guidelines – The Penetration Testing Execution Standard
- HIPAA- Health Insurance Portability and Accountability Act
- Federal Information Security Modernization Act
- ISO/IEC 27001 Standard – Information Security Management Systems
- https://www.isecom.org/OSSTMM.3.pdf
- Cybersecurity Framework
File Uploads
ShellsNPayloads
- its-a-feature/Mythic: A collaborative, multi-platform, red teaming framework
- samratashok/nishang: Nishang – Offensive PowerShell for red team, penetration testing and offensive security.
- bats3c/darkarmour: Windows AV Evasion
- New malware uses Windows Subsystem for Linux for stealthy attacks
- Web-Shells/laudanum at master · jbarcia/Web-Shells · GitHub
- WhiteWinterWolf/wwwolf-php-webshell: WhiteWinterWolf’s PHP web shell
Metasploit
PasswordAttacks
- Introduction to Active Directory
- GhostPack/Rubeus: Trying to tame the three-headed dog.
- A Detailed Guide on Evil-Winrm – Hacking Articles
- example_hashes [hashcat wiki]
- Compressed File Formats
- OpenCL BitLocker [Openwall Community Wiki]
- How to Crack Passwords using John The Ripper – Pentesting Tutorial
- GitHub – jmk-foofus/medusa: Medusa is a speedy, parallel, and modular, login brute-forcer.
- Man page of MEDUSA
- hashcat/rules/d3ad0ne.rule at master · hashcat/hashcat · GitHub
- A Detailed Guide on Hydra – Hacking Articles
- Cewl Tool – Creating Custom Wordlists Tool in Kali Linux – GeeksforGeeks
- Default Router Login Password For Top Router Models (2023 List)
- ssh
- OS Credential Dumping: NTDS, Sub-technique T1003.003 – Enterprise
- urbanadventurer/username-anarchy: Username tools for penetration testing
- Chapter 4 The Directory Information Tree
- Releases · AlessandroZ/LaZagne
- huntergregal/mimipenguin: A tool to dump the login password from the current linux user
- unode/firefox_decrypt: Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
- Blog
- Password Statistics That Will Change Your Online Habits – Panda Security
- OF_Google_HarrisPoll_National_03
- Have I Been Pwned: Check if your email has been compromised in a data breach
- Credentials Processes in Windows Authentication
- Configuring Additional LSA Protection
- Local Security Authority Subsystem Service – Wikipedia
- Security Subsystem Architecture
- DefaultCreds-cheat-sheet/DefaultCreds-Cheat-Sheet.csv at main · ihebski/DefaultCreds-cheat-sheet
- raw.githubusercontent.com/ihebski/DefaultCreds-cheat-sheet/main/DefaultCreds-Cheat-Sheet.csv
AttackingServices
- pentestmonkey/smtp-user-enum: Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO.
- 0xZDH/o365spray: Username enumeration and password spraying tool aimed at Microsoft O365.
- dafthack/MailSniper: MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
- ustayready/CredKing: Password spraying using AWS Lambda for IP rotation
- tscon
- gentilkiwi/mimikatz: A little tool to play with Windows security
- mschwager/fierce: A DNS reconnaissance tool for locating non-contiguous IP space.
- projectdiscovery/subfinder: Fast passive subdomain enumeration tool.
- DNSdumpster.com – dns recon and research, find and lookup dns records
- aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testers
- TheRook/subbrute: A DNS meta-query spider that enumerates DNS records, and subdomains.
- EdOverflow/can-i-take-over-xyz: “Can I take over XYZ?” — a list of services and how to claim (sub)domains with dangling DNS records.
- findstr
- PsExec – Sysinternals
- Microsoft Windows – ‘SMBGhost’ Remote Code Execution – Windows remote Exploit
- Quickstart: Run Python scripts – SQL machine learning
- galkan/crowbar: Crowbar is a brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
Active Directory
- Dsquery
- Dsquery *
- Search Filter Syntax – Win32 apps
- t120 Attacking Microsoft Kerberos Kicking the Guard Dog of Hades Tim Medin – YouTube
- Setspn
- raw.githubusercontent.com/nidem/kerberoast/907bf234745fe907cf85f3fd916d1c14ab9d65c0/kirbi2john.py
- Decrypting the Selection of Supported Kerberos Encryption Types – Microsoft Community Hub
- Managed Service Accounts: Understanding, Implementing, Best Practices, and Troubleshooting – Microsoft Community Hub
- Group Managed Service Accounts Overview
- Audit Kerberos Service Ticket Operations – Windows Security
- [MS-DTYP]: ACCESS_MASK
- Edges — BloodHound 4.3.1 documentation
- rvazarkar/GMSAPasswordReader
- Unexpire-Password extended right – Win32 apps
- Reanimate-Tombstones extended right – Win32 apps
- Extended Rights – Win32 apps
- Edges — BloodHound 4.3.1 documentation
- User-Force-Change-Password extended right – Win32 apps
- risksense/zerologon: Exploit for zerologon cve-2020-1472
- SnaffCon/Snaffler: a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
- PowerShellMafia/PowerSploit: PowerSploit – A PowerShell Post-Exploitation Framework
- MS08-067: Vulnerability in Server service could allow remote code execution – Microsoft Support
- systeminfo
- about Logging Windows – PowerShell
- About WMI – Win32 apps
- Useful Wmic queries for host and domain enumeration
- Using WMI – Win32 apps
- Net.exe – Win32 apps
- Parameters · Kevin-Robertson/Inveigh Wiki
- A simple and effective way to detect Broadcast Name Resolution Poisoning (BNRP)
- Another Word on Delegation by Will Schroeder
- Shadow Credentials: Workstation Takeover Edition
- rpcclient
- LDAP to Active Directory is disabled – Windows Server
- ldapsearch(1): LDAP search tool – Linux man page
- statistically-likely-usernames/jsmith.txt at master · insidetrust/statistically-likely-usernames · GitHub
- insidetrust/statistically-likely-usernames: Wordlists for creating statistically likely username lists for use in password attacks and security testing
- 4768(S, F) A Kerberos authentication ticket (TGT) was requested. – Windows Security
- Password Spraying & Other Fun with RPCCLIENT – Black Hills Information Security
- Download Local Administrator Password Solution (LAPS) from Official Microsoft Download Center
- PowerShell Executables File System Locations – Svendsen Tech
- leoloobeek/LAPSToolkit: Tool to audit and attack LAPS environments
- Security identifiers
- ropnop/windapsearch: Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
- fox-it/BloodHound.py: A Python based ingestor for BloodHound
- Intro To Cypher
- WADComs
- ActiveDirectory Module
- PowerSploit/Recon at master · PowerShellMafia/PowerSploit · GitHub
- CiscoCXSecurity/enum4linux: enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts
- ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcing
- initstring/linkedin2username: OSINT Tool: Generate username lists for companies on LinkedIn
- dafthack/DomainPasswordSpray: DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
- Shadow Credentials: Abusing Key Trust Account Mapping for Account Takeover by Elad Shamir
- Remote desktop client with RDP, SSH, SPICE, VNC, and X2Go protocol support. – Remmina
- CommandLineInterface · FreeRDP/FreeRDP Wiki
- ParrotSec/mimikatz
- CVE-2021-1675/CVE-2021-1675.py at main · cube0x0/CVE-2021-1675 · GitHub
- Group3r/Group3r: Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
- adrecon/ADRecon: ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
- Google Hacking Database (GHDB) – Google Dorks, OSINT, Recon
- DeHashed — #FreeThePassword
- Hurricane Electric Internet Services – Internet Backbone and Colocation Provider
- HE 3D Network Map
- Submitting a Cloud Security Testing Notification
- Hurricane Electric BGP Toolkit
- LocalSystem Account – Win32 apps
- ohpe/juicy-potato: A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
SQL Injections
- Server System Variables – MariaDB Knowledge Base
- SELECT INTO OUTFILE – MariaDB Knowledge Base
- SecLists/Discovery/Web-Content/default-web-root-directory-windows.txt at master · danielmiessler/SecLists
- PHP: mysqli::real_escape_string – Manual
- PHP: pg_escape_string – Manual
- pivo
- sqlmap/tamper/ifnull2ifisnull.py at master · sqlmapproject/sqlmap
- PayloadsAllTheThings/SQL Injection at master · swisskyrepo/PayloadsAllTheThings
- MySQL :: MySQL 8.0 Reference Manual :: 26.1 Introduction
- MySQL :: MySQL 8.0 Reference Manual :: 26.3.31 The INFORMATION_SCHEMA SCHEMATA Table
- MySQL :: MySQL 8.0 Reference Manual :: 26.3.38 The INFORMATION_SCHEMA TABLES Table
XSS Injections
Local and Remote File Inclusion Attacks LFI / RFI
- D35m0nd142/LFISuite: Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
- OsandaMalith/LFiFreak: A unique automated LFi Exploiter with Bind/Reverse Shells
- mzfr/liffy: Local file inclusion exploitation tool
- Solving the Skills Assessment: File Inclusion and Log Poisoning – System Weakness
Attacking Common Applications
- Script Console
- DeHashed — #FreeThePassword
- GitLab Community Edition (CE) 13.10.3 – User Enumeration – Ruby webapps Exploit
- GitHub – dpgg101/GitLabUserEnum: GitLab User Enumeration
- Gitlab 13.10.2 – Remote Code Execution (Authenticated) – Ruby webapps Exploit
- raw.githubusercontent.com
- SecurityRiskAdvisors/cmd.jsp: A super small jsp webshell with file upload capabilities.
- YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi: Tomcat-Ajp协议文件读取漏洞
- drego85/JoomlaScan: A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.
- ajnik/joomla-bruteforce: Joomla login bruteforce
- Joomla! Core 1.5.0 – 3.9.4 – Directory Traversal / Authenticated Arbitrary File Deletion – PHP webapps Exploit
- dpgg101/CVE-2019-10945: Joomla! Core 1.5.0 – 3.9.4 – Directory Traversal / Authenticated Arbitrary File Deletion in Python3
- Drupal 7.0 < 7.31 – ‘Drupalgeddon’ SQL Injection (Add Admin User) – PHP webapps Exploit
- b33lz3bub-1/Tomcat-Manager-Bruteforce: This script will bruteforce the credential of tomcat manager or host-manager
- RedSiege/EyeWitness: EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
- Jakarta Server Pages – Wikipedia
- tomnomnom/waybackurls: Fetch all the URLs that the Wayback Machine knows about for a domain
- WordPress Plugin wpDiscuz 7.0.4 – Remote Code Execution (Unauthenticated) – PHP webapps Exploit
- SamJoan/droopescan: A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
Related Posts
Leave Your Comment Here
You must be logged in to post a comment.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
