48 open source projects by sensepost

Frontpage and Sharepoint fingerprinting and attack tool.

Mallet is an intercepting proxy for arbitrary protocols

Domain user enumeration tool

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Drag and Drop ClickJacking PoC development assistance tool.

Nikto for Windows with some extra features.

Test for SSL heartbeat vulnerability (CVE-2014-0160)

A tool to abuse Exchange services

Wadi Fuzzing Harness

Evil client portion of EAP relay attack

Windows 8.1 x64 Exploit for MS16-098 RNGOBJ_Integer_Overflow

Liniaal - A communication extension to Ruler

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.

☄️ go-out - A Golang egress buster.

A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions

Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi.

*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

SensePost Unified Data API (SPUD) is a wrapper for apps requiring use of the deprecated Google API.

Google DNS name / sub domain miner.

Proxy Server network scanner and tunnelling tool.

(extensible) Data Exfiltration Toolkit (DET)

Snoopy: A distributed tracking and data interception framework

Python script to inject existing Android applications with a Meterpreter payload.

DNS-Shell is an interactive Shell over DNS channel

Universal Serial aBUSe is a project to demonstrate the risks of hardware bypasses of software security by Rogan Dawes at SensePost.

🕳godoh - A DNS-over-HTTPS C2

Snoopy v2.0 - modular digital terrestrial tracking framework

Automated DLL Enumerator

SensePost's modified hostapd for wifi attacks.

📱 objection - runtime mobile exploration

Create a TCP circuit through validly formed HTTP requests

Auto Domain Admin and Network Exploitation.

A while back antirez, in a post to Bugtraq, detailed a new Tcp portscan method.

Quick python script to automatically load NTLM hashes from Responder logs and fires up Hashcat to crack them

Docker images for learning wifi hacking

Simple tool to extract the most common substrings from an input text. Built for password cracking.

No description, website, or topics provided.

d(ockerp)wn - a docker pwn tool manager

DC25 5A1F - Demystifying Windows Kernel Exploitation by Abusing GDI Objects

👊 A small utility to play with IBM MQ

Script for orchestrating mana rogue WiFi Access Points.

The Bi-directional Link Extractor.

Checks X11 and outputs a screenshot to of the display if allowed and the display is active

Suru is one of the original Man In The Middle (MITM) proxies that sits between the user's browser and the web application.

SQL Injection without the pain of syringes.