├── LICENSE
└── README.md


/LICENSE:
--------------------------------------------------------------------------------
 1 | BSD 3-Clause License
 2 | 
 3 | Copyright (c) 2020, Rob Fuller
 4 | All rights reserved.
 5 | 
 6 | Redistribution and use in source and binary forms, with or without
 7 | modification, are permitted provided that the following conditions are met:
 8 | 
 9 | 1. Redistributions of source code must retain the above copyright notice, this
10 |    list of conditions and the following disclaimer.
11 | 
12 | 2. Redistributions in binary form must reproduce the above copyright notice,
13 |    this list of conditions and the following disclaimer in the documentation
14 |    and/or other materials provided with the distribution.
15 | 
16 | 3. Neither the name of the copyright holder nor the names of its
17 |    contributors may be used to endorse or promote products derived from
18 |    this software without specific prior written permission.
19 | 
20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # List of Repositories
  2 | 
  3 | This is just a list of repositories I tend to find useful or interesting... Not sure how well sorting will work out...
  4 | 
  5 | ## Comprehensive Resources
  6 | - https://github.com/swisskyrepo/PayloadsAllTheThings
  7 | - https://www.ired.team/
  8 | - https://github.com/danielmiessler/SecLists
  9 | - https://gtfobins.github.io/
 10 | - https://lolbas-project.github.io/
 11 | - https://github.com/trimstray/the-book-of-secret-knowledge
 12 | - https://github.com/xapax/security
 13 | - https://github.com/xrkk/awesome-cyber-security
 14 | - https://github.com/Spacial/csirt
 15 | - https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
 16 | - https://rmusser.net/docs/index.html
 17 | - https://dmcxblue.gitbook.io/red-team-notes-2-0/
 18 | 
 19 | ## Recon
 20 | 
 21 | ### External
 22 | - https://github.com/OWASP/Amass
 23 | 
 24 | ### OSINT
 25 | - LinkedIn Intel - https://github.com/vysecurity/LinkedInt
 26 | - WeakestLink (LinkedIn) - https://github.com/shellfarmer/WeakestLink
 27 | - Gather Contacts (Google) - https://github.com/clr2of8/GatherContacts
 28 | 
 29 | ### Internal
 30 | - https://github.com/rvrsh3ll/eavesarp (Watches ARP for inter-IP communication)
 31 | - https://github.com/mzfr/gtfo (Located GTFO/LOLBAS binaries on disk)
 32 | - PXE CLient - https://github.com/Meatballs1/PXEClient
 33 | 
 34 | ### Port Scanning
 35 | - RustScan - https://github.com/RustScan/RustScan
 36 | 
 37 | ### Egress Busting
 38 | - Go-Out - https://github.com/sensepost/go-out
 39 | 
 40 | ## Windows
 41 | 
 42 | ### BloodHound / SharpHound
 43 | - https://github.com/BloodHoundAD/BloodHound
 44 | - https://github.com/BloodHoundAD/SharpHound3
 45 | - https://github.com/fox-it/BloodHound.py
 46 | - Bloodhound Import (direct import into Neo4j) - https://github.com/fox-it/bloodhound-import
 47 | - Cypheroth (Awesome bloodhound query repo) - https://github.com/seajaysec/cypheroth
 48 | - "Custom Queries" (another bloodhound query repo) - https://github.com/awsmhacks/awsmBloodhoundCustomQueries
 49 | - "Custom Queries" (another bloodhound query repo - more updated) - https://github.com/hausec/Bloodhound-Custom-Queries
 50 | 
 51 | ### ActiveDirectory
 52 | - Cheat Sheet - https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
 53 | - PywerView (Python version of PowerView) - https://github.com/the-useless-one/pywerview
 54 | - ADModule (Import ActiveDirectory module without installing RSAT) - https://github.com/samratashok/ADModule
 55 | - MSLDAP - https://github.com/skelsec/msldap
 56 | 
 57 | ### GPO
 58 | - Grouper2 - https://github.com/l0ss/Grouper2
 59 | - SharpGPO - https://github.com/Dliv3/sharpgpo
 60 | - SharpGPOAbuse - https://github.com/FSecureLABS/SharpGPOAbuse
 61 | 
 62 | ### ACLs
 63 | - ALCPwn (connects to Neo4j and executes changes) https://github.com/fox-it/aclpwn.py
 64 | 
 65 | ### Mimikatz
 66 | - https://github.com/gentilkiwi/mimikatz
 67 | - https://github.com/gentilkiwi/kekeo
 68 | - Invoke-UpdateMimikatzScript.ps1 - https://gist.github.com/ihack4falafel/8b41d810d79cb16a4b1bca5ff6600b17
 69 | 
 70 | ### Windows Shares
 71 | - SMBMap - https://github.com/ShawnDEvans/smbmap
 72 | - Snaffler - https://github.com/SnaffCon/Snaffler
 73 | 
 74 | ### Kerberos
 75 | - https://github.com/ropnop/kerbrute
 76 | - Kerbeos Attack Cheatsheet - https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
 77 | 
 78 | ### MSSQL
 79 | - https://github.com/NetSPI/PowerUpSQL
 80 | - https://github.com/Keramas/mssqli-duet/
 81 | 
 82 | ### Sharp / CSharp Tools
 83 | - https://github.com/GhostPack/SharpDump
 84 | - SharPersist (persistence automation) - https://github.com/fireeye/SharPersist
 85 | - https://github.com/rasta-mouse/MiscTools
 86 | - Watson (looks for missing patches) - https://github.com/rasta-mouse/Watson 
 87 | - CertEXP (Extracts exportable certificates) - https://github.com/mubix/certexp
 88 | - Internal Monologue (steal creds w/o admin)  - https://github.com/eladshamir/Internal-Monologue
 89 | - ProcessInjection - https://github.com/ZeroPointSecurity/ProcessInjection
 90 | 
 91 | #### DotNet Obfuscation
 92 | - ConfuserEx - https://github.com/mkaring/ConfuserEx
 93 | 
 94 | #### DotNet DeObfuscation
 95 | - De4dot - https://github.com/0xd4d/de4dot
 96 | - De4dot with ConfuserEx deobfuscation - https://github.com/ViRb3/de4dot-cex
 97 | 
 98 | #### DotNet Deserialization
 99 | - https://github.com/Illuminopi/RCEvil.NET
100 | - YSoSerial.net - https://github.com/pwntester/ysoserial.net
101 | 
102 | ### PowerShell
103 | - PowerSploit DEV branch - https://github.com/PowerShellMafia/PowerSploit/tree/dev
104 | - PowerUpSQL - https://github.com/NetSPI/PowerUpSQL
105 | - PowerMAD - https://github.com/Kevin-Robertson/Powermad
106 | - Inveigh - https://github.com/Kevin-Robertson/Inveigh
107 | - Spooler bug PS1 Exploit / Original PoC - https://github.com/leechristensen/SpoolSample
108 | - DAMP - Remote registry exploitation - https://github.com/HarmJ0y/DAMP
109 | 
110 | ### Lateral Movement
111 | - LethalHTA (DCOM to load HTA remotely) - https://github.com/codewhitesec/LethalHTA
112 | - Excel4DCOM (DCOM to load Excel 4 macro) - https://github.com/outflanknl/Excel4-DCOM
113 | - LSASSY (Remotely dump LSASS memory) - https://github.com/Hackndo/lsassy
114 | - IOXIDResolver (identifies host with multiple interfaces w/o auth) - https://github.com/mubix/IOXIDResolver
115 | 
116 | ### Privilege Escalation
117 | - Change-LockScreen - https://github.com/nccgroup/Change-Lockscreen
118 | - RunAsTI (TrustedInstaller) - https://github.com/jschicht/RunAsTI
119 | - CEFDebug - https://github.com/taviso/cefdebug
120 | - Tokenvator - https://github.com/0xbadjuju/Tokenvator
121 | 
122 | ### WSUS Exploitation
123 | - WSUSpect (doesn't work on Win10) - https://github.com/ctxis/wsuspect-proxy
124 | - WSUSpendu - https://github.com/AlsidOfficial/WSUSpendu
125 | - SeBackupPrivilege - https://github.com/giuliano108/SeBackupPrivilege
126 | 
127 | ### Process Injection
128 | - Pinjectra - https://github.com/SafeBreach-Labs/pinjectra
129 | 
130 | ### Active Directory Certificate Services - ADCS
131 | - Whisker - https://github.com/eladshamir/Whisker
132 |   - PyWhisker (Python version of Whisker) https://github.com/ShutdownRepo/pywhisker
133 |   - These attacks require Windows 2016 functional level to have the `msDs-KeyCredentialLink` object attribute.
134 | - PKINIT Tools - https://github.com/dirkjanm/PKINITtools
135 | 
136 | ## OSX
137 | 
138 | - MacSwift C2 - https://github.com/cedowens/MacShellSwift/tree/master/MacShellSwift
139 | 
140 | ### Jamf
141 | - https://github.com/FSecureLABS/Jamf-Attack-Toolkit
142 | 
143 | 
144 | ## Linux
145 | 
146 | - Kernel Exploits (3+ year old repo) https://github.com/lucyoa/kernel-exploits
147 | - NFSpy (exploiting/mounting NFS) - https://github.com/bonsaiviking/NfSpy
148 | 
149 | ## C2 Frameworks
150 | 
151 | - Metasploit - https://github.com/rapid7/metasploit-framework
152 | - Empire 2- https://github.com/BC-SECURITY/Empire
153 | - Covenant - https://github.com/cobbr/Covenant
154 | - PoshC2 - https://github.com/nettitude/PoshC2
155 | - Sliver - https://github.com/BishopFox/sliver
156 |   - Sliver Scripting - https://github.com/moloch--/sliver-script
157 | - Merlin - https://github.com/Ne0nd0g/merlin
158 | - Koadic C3 - https://github.com/zerosum0x0/koadic
159 | - SilentTrinity - https://github.com/byt3bl33d3r/SILENTTRINITY
160 | 
161 | ### CobaltStrike Resources
162 | - https://github.com/killswitch-GUI/CobaltStrike-ToolKit
163 | - https://github.com/dcsync/pycobalt
164 | 
165 | ## DNS
166 | - DNS Ftp (Download file over DNS) - https://github.com/breenmachine/dnsftp
167 | 
168 | ## WWW
169 | 
170 | - API key usage / hacks - https://github.com/streaak/keyhacks 
171 | - Jenkins PWN - https://github.com/gquere/pwn_jenkins
172 | - CORStest (CORS scanner) - https://github.com/RUB-NDS/CORStest
173 | 
174 | ### Web Enumeration
175 | - GAU (Gather All Links) - https://github.com/lc/gau
176 | 
177 | ### Web Screenshots
178 | - GoWitness - https://github.com/sensepost/gowitness
179 | 
180 | ### Web Shells
181 | - ABPTTS - https://github.com/nccgroup/ABPTTS
182 | 
183 | ## Passwords
184 | 
185 | ### Hash Cracking
186 | - Hashcat - https://github.com/hashcat
187 | - John the Ripper - https://github.com/magnumripper/JohnTheRipper
188 | 
189 | ### Cracking Rules
190 | - OneRuleToRuleThemAll - https://github.com/NotSoSecure/password_cracking_rules
191 | 
192 | ### Cracking Masks
193 | - Microsoft mask is really effective - https://github.com/xfox64x/Hashcat-Stuffs
194 | 
195 | ### Word Lists
196 | - WordSmith - https://github.com/skahwah/wordsmith
197 | - PwDB-Public - https://github.com/FlameOfIgnis/Pwdb-Public
198 | 
199 | ### Password Spraying
200 | - PurpleSpray - https://github.com/mvelazc0/PurpleSpray
201 | - KerBrute - https://github.com/TarlogicSecurity/kerbrute
202 | 
203 | ### Password Brute Forcing
204 | - Patator - https://github.com/lanjelot/patator
205 | 
206 | 
207 | ## Go Projects (Generic)
208 | - Run shellcode (Windows or Unix via hex command line arg) - https://github.com/brimstone/go-shellcode
209 | - Hershell - https://github.com/lesnuages/hershell
210 | 
211 | ## VMWare / vSphere
212 | - GoVC - https://github.com/vmware/govmomi/tree/master/govc
213 | 
214 | ### AWS
215 | 
216 | - DuffleBag (Search public EBS for secrets) - https://github.com/BishopFox/dufflebag
217 | 
218 | ### Office365 / Azure
219 | - UhOh356 - https://github.com/Raikia/UhOh365
220 | - MSOLSpray - https://github.com/dafthack/MSOLSpray
221 | - ROADtools - https://github.com/dirkjanm/ROADtools
222 | 
223 | ### DevOps Tools
224 | - Master of Servers (Puppet, Cheff, Ansible exploitation) - https://github.com/master-of-servers/mose
225 | 
226 | ### Browser
227 | - Chrome Password Dumper - https://github.com/roflsandwich/Chrome-Password-Dumper
228 | - Browser Exploitation list - https://github.com/Escapingbug/awesome-browser-exploit
229 | - Chrome Cookie stealer via Remote Debugging port - https://github.com/slyd0g/WhiteChocolateMacademiaNut
230 | - BrowserPass (Steals Firefox and IE creds, but needs a lot of DLLs) - https://github.com/jabiel/BrowserPass
231 | 
232 | ## Phishing
233 | - https://github.com/UndeadSec/SocialFish
234 | - Fudge (auto-download embedded files) - https://github.com/dale-ruane/fudge
235 | 
236 | ## Wireless
237 | - Wifi Phisher - https://github.com/wifiphisher/wifiphisher
238 | - EAP Hammer - https://github.com/s0lst1c3/eaphammer
239 | 
240 | ## Secrets Extraction
241 | - Gralwer (git) - https://github.com/jregele/grawler (ShmooCon 2018)
242 | - GitGot - https://github.com/BishopFox/GitGot
243 | - Blacklist3r - https://github.com/NotSoSecure/Blacklist3r (ASP Machine Keys - DotNet Deserialization)
244 | 
245 | ## Kubernetes
246 | - Finding and exploiting Kubernetes - https://github.com/averonesis/kubolt
247 | 
248 | ## Hardware
249 | - Defeating BIOS passwords - https://github.com/skysafe/reblog/tree/master/0000-defeating-a-laptops-bios-password
250 | 
251 | ## Routers and Switches
252 | - Routopsy (attack dynamic routing protocols) - https://github.com/sensepost/routopsy
253 | 
254 | ## ThreatHunting
255 | - ThreatHunter's playbooks - https://github.com/hunters-forge/ThreatHunter-Playbook/
256 | - BlueSPAWN - https://github.com/ION28/BLUESPAWN
257 | - PeaceMaker - https://github.com/D4stiny/PeaceMaker
258 | - OSCtrl (OSQuery open source management tool) - https://github.com/jmpsec/osctrl
259 | 
260 | ## LAB Creation
261 | 
262 | - DetectionLab - https://github.com/clong/DetectionLab
263 | - DynamicLabs - https://github.com/ctxis/DynamicLabs
264 | - Mini-Internet using LXC - https://github.com/flesueur/mi-lxc
265 | - Microsoft's Defend the Flag - https://github.com/microsoft/DefendTheFlag/
266 | 
267 | ### Atomic Red Teaming
268 | - Leonidas by @fsecurelabs https://github.com/fsecurelabs/leonidas
269 | 
270 | ## Live Memory Editing / Game Cheats
271 | - Squalr - https://github.com/Squalr/Squalr
272 | 
273 | ## Pentesting Documents
274 | - Physical Docs - https://github.com/trustedsec/physical-docs
275 | 
276 | ## Honey Pots
277 | - https://github.com/s0md3v/Predator
278 | 
279 | ## Classes
280 | - Modern Binary Exploiration - https://github.com/RPISEC/MBE
281 | 


--------------------------------------------------------------------------------