GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → byt3bl33d3r → Sprayingtoolkit

byt3bl33d3r / Sprayingtoolkit

Licence: gpl-3.0
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Programming Languages

python
139335 projects - #7 most used programming language
python3
1442 projects

Labels

securitysecurity-toolspentesting

Projects that are alternatives of or similar to Sprayingtoolkit

Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (-3.37%)
Mutual labels:  security-tools, pentesting
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (-4.74%)
Mutual labels:  security-tools, pentesting
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+510.6%)
Mutual labels:  pentesting, security-tools
Otseca
Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
Stars: ✭ 416 (-48.13%)
Mutual labels:  security-tools, pentesting
Habu
Hacking Toolkit
Stars: ✭ 635 (-20.82%)
Mutual labels:  security-tools, pentesting
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-46.76%)
Mutual labels:  security-tools, pentesting
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (-37.66%)
Mutual labels:  security-tools, pentesting
Rustscan
🤖 The Modern Port Scanner 🤖
Stars: ✭ 5,218 (+550.62%)
Mutual labels:  security-tools, pentesting
Hashview
A web front-end for password cracking and analytics
Stars: ✭ 601 (-25.06%)
Mutual labels:  security-tools, pentesting
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-35.54%)
Mutual labels:  security-tools, pentesting
Packetwhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-49.5%)
Mutual labels:  security-tools, pentesting
Exploitpack
Exploit Pack -The next generation exploit framework
Stars: ✭ 728 (-9.23%)
Mutual labels:  security-tools, pentesting
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-52.37%)
Mutual labels:  security-tools, pentesting
Fireelf
fireELF - Fileless Linux Malware Framework
Stars: ✭ 435 (-45.76%)
Mutual labels:  security-tools, pentesting
Gadgetprobe
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Stars: ✭ 381 (-52.49%)
Mutual labels:  security-tools, pentesting
Mxtract
mXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (-37.78%)
Mutual labels:  security-tools, pentesting
Impost3r
👻Impost3r -- A linux password thief
Stars: ✭ 355 (-55.74%)
Mutual labels:  security-tools, pentesting
Aiodnsbrute
Python 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (-53.87%)
Mutual labels:  security-tools, pentesting
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-36.53%)
Mutual labels:  security-tools, pentesting
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+758.1%)
Mutual labels:  pentesting, security-tools
View All Similar Projects ➔

SprayingToolkit

SprayingToolkit

Description

A set of Python scripts/utilities that tries to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient.

Sponsors

Official Discord Channel

Come hang out on Discord!

Porchetta Industries

Installation

Install the pre-requisites with pip3 as follows:

sudo -H pip3 install -r requirements.txt

Or use a Python virtual environment if you don't want to install the packages globally.

Tool Overview

Atomizer

A blazing fast password sprayer for Lync/Skype For Business and OWA, built on Asyncio and Python 3.7

Usage

Usage:
    atomizer (lync|owa|imap) <target> <password> <userfile> [--targetPort PORT] [--threads THREADS] [--debug]
    atomizer (lync|owa|imap) <target> <passwordfile> <userfile> --interval <TIME> [--gchat <URL>] [--slack <URL>] [--targetPort PORT][--threads THREADS] [--debug]
    atomizer (lync|owa|imap) <target> --csvfile CSVFILE [--user-row-name NAME] [--pass-row-name NAME] [--targetPort PORT] [--threads THREADS] [--debug]
    atomizer (lync|owa|imap) <target> --user-as-pass USERFILE [--targetPort PORT] [--threads THREADS] [--debug]
    atomizer (lync|owa|imap) <target> --recon [--debug]
    atomizer -h | --help
    atomizer -v | --version

Arguments:
    target         target domain or url
    password       password to spray
    userfile       file containing usernames (one per line)
    passwordfile   file containing passwords (one per line)

Options:
    -h, --help               show this screen
    -v, --version            show version
    -c, --csvfile CSVFILE    csv file containing usernames and passwords
    -i, --interval TIME      spray at the specified interval [format: "H:M:S"]
    -t, --threads THREADS    number of concurrent threads to use [default: 3]
    -d, --debug              enable debug output
    -p, --targetPort PORT    target port of the IMAP server (IMAP only) [default: 993]
    --recon                  only collect info, don't password spray
    --gchat URL              gchat webhook url for notification
    --slack URL              slack webhook url for notification
    --user-row-name NAME     username row title in CSV file [default: Email Address]
    --pass-row-name NAME     password row title in CSV file [default: Password]
    --user-as-pass USERFILE  use the usernames in the specified file as the password (one per line)

Examples

./atomizer.py owa contoso.com 'Fall2018' emails.txt

./atomizer.py lync contoso.com 'Fall2018' emails.txt

./atomizer lync contoso.com --csvfile accounts.csv

./atomizer lync contoso.com --user-as-pass usernames.txt

./atomizer owa 'https://owa.contoso.com/autodiscover/autodiscover.xml' --recon

./atomizer.py owa contoso.com passwords.txt emails.txt -i 0:45:00 --gchat <GCHAT_WEBHOOK_URL>

Vaporizer

A port of @OrOneEqualsOne's GatherContacts Burp extension to mitmproxy with some improvements.

Scrapes Google and Bing for LinkedIn profiles, automatically generates emails from the profile names using the specified pattern and performes password sprays in real-time.

(Built on top of Atomizer)

Examples

mitmdump -s vaporizer.py --set sprayer=(lync|owa) --set domain=domain.com --set target=<domain or url to spray> --set password=password --set email_format='{f}.{last}'

By default email_format is set to {first}.{last} pattern and is not a required argument.

The domain parameter is the domain to use for generating emails from names, the target parameter is the domain or url to password spray

Install the mitmproxy cert, set the proxy in your browser, go to google and/or bing and search (make sure to include the /in):

site:linkedin.com/in "Target Company Name"

Emails will be dumped to emails.txt in the specified format, and passed to Atomizer for spraying.

Aerosol

Scrapes all text from the target website and sends it to AWS Comprehend for analysis to generate custom wordlists for password spraying.

Still a work in progress

Usage

mitmdump -s aerosol.py --set domain=domain.com

Spindrift

Converts names to active directory usernames (e.g Alice Eve => CONTOSO\aeve)

Usage

Usage:
    spindrift [<file>] [--target TARGET | --domain DOMAIN] [--format FORMAT]

Arguments:
    file    file containing names, can also read from stdin

Options:
    --target TARGET   optional domain or url to retrieve the internal domain name from OWA
    --domain DOMAIN   manually specify the domain to append to each username
    --format FORMAT   username format [default: {f}{last}]

Examples

Reads names from STDIN, --domain is used to specify the domain manually:

cat names.txt | ./spindrift.py --domain CONTOSO

Reads names from names.txt, --target dynamically grabs the internal domain name from OWA (you can give it a domain or url)

./spindrift.py names.txt --target contoso.com
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].