All Projects → 0xdea → Tactical Exploitation

0xdea / Tactical Exploitation

Licence: mit
Modern tactical exploitation toolkit.

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Tactical Exploitation

Minimalistic Offensive Security Tools
A repository of tools for pentesting of restricted and isolated environments.
Stars: ✭ 135 (-76.92%)
Mutual labels:  penetration-testing, brute-force, active-directory
Sitebroker
A cross-platform python based utility for information gathering and penetration testing automation!
Stars: ✭ 281 (-51.97%)
Mutual labels:  penetration-testing, information-gathering
ShonyDanza
A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
Stars: ✭ 86 (-85.3%)
Mutual labels:  penetration-testing, information-gathering
Osintgram
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
Stars: ✭ 312 (-46.67%)
Mutual labels:  penetration-testing, information-gathering
Thc Hydra
hydra
Stars: ✭ 5,645 (+864.96%)
Mutual labels:  penetration-testing, brute-force
ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-92.82%)
Mutual labels:  active-directory, information-gathering
Webkiller
Tool Information Gathering Write By Python.
Stars: ✭ 300 (-48.72%)
Mutual labels:  penetration-testing, information-gathering
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-75.73%)
Mutual labels:  penetration-testing, information-gathering
Hunter
(l)user hunter using WinAPI calls only
Stars: ✭ 359 (-38.63%)
Mutual labels:  penetration-testing, active-directory
Vulnerable Ad
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
Stars: ✭ 360 (-38.46%)
Mutual labels:  penetration-testing, active-directory
Kithack
Hacking tools pack & backdoors generator.
Stars: ✭ 377 (-35.56%)
Mutual labels:  information-gathering, metasploit-framework
WPCracker
WordPress pentest tool
Stars: ✭ 34 (-94.19%)
Mutual labels:  penetration-testing, brute-force
graphw00f
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Stars: ✭ 260 (-55.56%)
Mutual labels:  penetration-testing, information-gathering
sshame
brute force SSH public-key authentication
Stars: ✭ 43 (-92.65%)
Mutual labels:  penetration-testing, brute-force
DevBrute-A Password Brute Forcer
DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.
Stars: ✭ 91 (-84.44%)
Mutual labels:  penetration-testing, brute-force
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+479.66%)
Mutual labels:  penetration-testing, information-gathering
Stegcracker
Steganography brute-force utility to uncover hidden data inside files
Stars: ✭ 396 (-32.31%)
Mutual labels:  penetration-testing, brute-force
SSH-PuTTY-login-bruteforcer
Turn PuTTY into an SSH login bruteforcing tool.
Stars: ✭ 222 (-62.05%)
Mutual labels:  penetration-testing, brute-force
brutekrag
Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.
Stars: ✭ 30 (-94.87%)
Mutual labels:  penetration-testing, brute-force
Badkarma
network reconnaissance toolkit
Stars: ✭ 353 (-39.66%)
Mutual labels:  penetration-testing, information-gathering

tactical-exploitation

"The Other Way to Pen-Test"

-- HD Moore & Valsmith

I've always been a big proponent of a tactical approach to penetration testing that does not focus on exploiting known software vulnerabilities, but relies on old school techniques such as information gathering and brute force. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.

This repository aims to provide a tactical exploitation toolkit to assist penetration testers during their assignments. The tools currently released are described below. See also http://www.0xdeadbeef.info/ for some older tools and techniques.

Related blog posts:
https://web.archive.org/web/20200509050017/https://techblog.mediaservice.net/2017/10/in-praise-of-tactical-exploitation/
https://web.archive.org/web/20200702153318/https://techblog.mediaservice.net/2017/11/how-a-unix-hacker-discovered-the-windows-powershell/

These tools are proofs of concept. They are functional but may be buggy or incomplete. Use at your own risk.

easywin.py

Easywin is a Python script that provides a toolkit for exploit-less attacks aimed at Windows and Active Directory environments, by leveraging information gathering and brute force capabilities against the SMB protocol.

letmein.ps1

Letmein is a pure PowerShell implementation of the staging protocols used by the Metasploit Framework. Start an exploit/multi/handler (Generic Payload Handler) instance on your attack box configured to handle one of the supported Meterpreter payloads, run letmein.ps1 (ideally as Administrator) on a compromised Windows box, and wait for your session. This technique is quite effective in order to bypass the antivirus and obtain a Meterpreter shell on Windows. An alternative Python implementation is also provided for educational purposes, however its use is not recommended in the field.

poriluk.py

Poriluk is a helper script that provides a comfortable interface to exploit common information leakage vulnerabilities. At the moment, the following attacks are supported: dictionary-based user enumeration via SMTP VRFY/EXPN/RCPT and HTTP Apache mod_userdir.

botshot.py

Botshot is a Python script that captures screenshots of websites from the command line. It is useful to automate mapping of the web attack surface of large networks.

verbal.py

Verbal is a HTTP request method security scanner. It tries a series of interesting HTTP methods against a list of website paths, in order to determine which methods are available and accessible. The following HTTP methods are currently supported: GET, OPTIONS, TRACE, DEBUG, PUT.

netdork.py

Netdork is a Python script that uses the Google Custom Search Engine API to collect interesting information on public networks and stealthily map the available attack surface. The following attacks are supported: network search sweep based on target CIDRs and subdomain discovery via search engine.

seitan.py

Seitan is a Python script that uses the Shodan.io API search to collect open source intelligence on targets. The following attacks are currently supported: ipaddr (view all available information for an IP address) and domain (search services related to a domain or host name).

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].