diff --git a/source/assets/installed_tools/lists/ad_3.1.4_amd64.csv b/source/assets/installed_tools/lists/ad_3.1.4_amd64.csv new file mode 100644 index 0000000..4bc3d5a --- /dev/null +++ b/source/assets/installed_tools/lists/ad_3.1.4_amd64.csv @@ -0,0 +1,249 @@ +Tool,Link,Description +abuseACL,https://github.com/AetherBlack/abuseACL,A python script to automatically list vulnerable Windows ACEs/ACLs. +aclpwn,https://github.com/aas-n/aclpwn.py,Tool for testing the security of Active Directory access controls. +adidnsdump,https://github.com/dirkjanm/adidnsdump,Active Directory Integrated DNS dump utility +amass,https://github.com/OWASP/Amass,A DNS enumeration / attack surface mapping & external assets discovery tool +amber,https://github.com/EgeBalci/amber,Forensic tool to recover browser history / cookies and credentials +anew,https://github.com/tomnomnom/anew,A simple tool for filtering and manipulating text data / such as log files and other outputs. +arjun,https://github.com/s0md3v/Arjun,HTTP parameter discovery suite. +arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +asrepcatcher,https://github.com/Yaxxine7/ASRepCatcher,Make your VLAN ASREProastable. +autorecon,https://github.com/Tib3rius/AutoRecon,Multi-threaded network reconnaissance tool which performs automated enumeration of services. +bloodhound,https://github.com/BloodHoundAD/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments. +BloodHound-CE,https://github.com/SpecterOps/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments (Community Edition) +bloodhound-ce.py,https://github.com/fox-it/BloodHound.py,BloodHound-CE ingestor in Python. +bloodhound-import,https://github.com/fox-it/BloodHound.py,Import data into BloodHound for analyzing active directory trust relationships +bloodhound-quickwin,https://github.com/kaluche/bloodhound-quickwin,A tool for BloodHounding on Windows machines without .NET or Powershell installed +bloodhound.py,https://github.com/fox-it/BloodHound.py,BloodHound ingestor in Python. +bloodyAD,https://github.com/CravateRouge/bloodyAD,bloodyAD is an Active Directory privilege escalation swiss army knife. +bolt,https://github.com/s0md3v/bolt,Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. +bqm,https://github.com/Acceis/bqm,Tool to deduplicate custom BloudHound queries from different datasets and merge them in one file. +bruteforce-luks,https://github.com/glv2/bruteforce-luks,A tool to help recover encrypted LUKS2 containers +burpsuite,https://portswigger.net/burp,Web application security testing tool. +byp4xx,https://github.com/lobuhi/byp4xx,A Swiss Army knife for bypassing web application firewalls and filters. +certipy,https://github.com/ly4k/Certipy,Python tool to create and sign certificates +certsync,https://github.com/zblurx/certsync,certsync is a tool that helps you synchronize certificates between two directories. +cewl,https://digi.ninja/projects/cewl.php,Generates custom wordlists by spidering a target's website and parsing the results +cewler,https://github.com/roys/cewler,CeWL alternative in Python +chisel,https://github.com/jpillora/chisel,Go based TCP tunnel with authentication and encryption support +cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. +clusterd,https://github.com/hatRiot/clusterd,A tool to distribute and remotely manage Hacking Team's RCS agents. +cmsmap,https://github.com/Dionach/CMSmap,Tool for security audit of web content management systems. +coercer,https://github.com/p0dalirius/coercer,DFS-R target coercion tool +corscanner,https://github.com/chenjj/CORScanner,a Python script for finding CORS misconfigurations. +crackhound,https://github.com/trustedsec/crackhound,A fast WPA/WPA2/WPA3 WiFi Handshake capture / password recovery and analysis tool +crackmapexec,https://github.com/Porchetta-Industries/CrackMapExec,Network scanner. +creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. +crunch,https://github.com/crunchsec/crunch,A wordlist generator where you can specify a standard character set or a character set you specify. +cupp,https://github.com/Mebus/cupp,Cupp is a tool used to generate personalized password lists based on target information. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +cyperoth,https://github.com/seajaysec/cypheroth,Automated extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. +darkarmour,https://github.com/bats3c/darkarmour,a tool to detect and evade common antivirus products +dfscoerce,https://github.com/Wh04m1001/dfscoerce,DFS-R target coercion tool +dirb,https://github.com/v0re/dirb,Web Content Scanner +dirsearch,https://github.com/maurosoria/dirsearch,Tool for searching files and directories on a web site. +divideandscan,https://github.com/snovvcrash/divideandscan,Advanced subdomain scanner +dns2tcp,https://github.com/alex-sector/dns2tcp,dns2tcp is a tool for relaying TCP connections over DNS. +dnschef,https://github.com/iphelix/dnschef,Tool for DNS MITM attacks +dnsx,https://github.com/projectdiscovery/dnsx,A tool for DNS reconnaissance that can help identify subdomains and other related domains. +donpapi,https://github.com/login-securite/DonPAPI,Dumping revelant information on compromised targets without AV detection +dploot,https://github.com/zblurx/dploot,dploot is Python rewrite of SharpDPAPI written un C#. +droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. +drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. +eaphammer,https://github.com/s0lst1c3/eaphammer,EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. +empire,https://github.com/BC-SECURITY/Empire,post-exploitation and adversary emulation framework +enum4linux-ng,https://github.com/cddmp/enum4linux-ng,Tool for enumerating information from Windows and Samba systems. +enyx,https://github.com/trickster0/enyx,Framework for building offensive security tools. +evilwinrm,https://github.com/Hackplayers/evil-winrm,Tool to connect to a remote Windows system with WinRM. +ExtractBitlockerKeys,https://github.com/p0dalirius/ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain. +eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. +fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. +feroxbuster,https://github.com/epi052/feroxbuster,Simple / fast and recursive content discovery tool +ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. +fierce,https://github.com/mschwager/fierce,A DNS reconnaissance tool for locating non-contiguous IP space +finduncommonshares,https://github.com/p0dalirius/FindUncommonShares,Script that can help identify shares that are not commonly found on a Windows system. +firefox,https://www.mozilla.org,A web browser +freeipscanner,https://github.com/scrt/freeipscanner,A simple bash script to enumerate stale ADIDNS entries +freerdp2-x11,https://github.com/FreeRDP/FreeRDP,FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) released under the Apache license. +fuxploider,https://github.com/almandin/fuxploider,a Python tool for finding and exploiting file upload forms/directories. +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +gau,https://github.com/lc/gau,Fast tool for fetching URLs +genusernames,https://gitlab.com/-/snippets/2480505/raw/main/bash,GenUsername is a Python tool for generating a list of usernames based on a name or email address. +geowordlists,https://github.com/p0dalirius/GeoWordlists,tool to generate wordlists of passwords containing cities at a defined distance around the client city. +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +git-dumper,https://github.com/arthaud/git-dumper,Small script to dump a Git repository from a website. +gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. +gmsadumper,https://github.com/micahvandeusen/gMSADumper,A tool for extracting credentials and other information from a Microsoft Active Directory domain. +gobuster,https://github.com/OJ/gobuster,Tool to discover hidden files and directories. +goldencopy,https://github.com/Dramelac/GoldenCopy,Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket +gopherus,https://github.com/tarunkant/Gopherus,Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. +gosecretsdump,https://github.com/c-sto/gosecretsdump,Implements NTLMSSP network authentication protocol in Go +goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. +gowitness,https://github.com/sensepost/gowitness,A website screenshot utility written in Golang. +GPOddity,https://github.com/synacktiv/GPOddity,Aiming at automating GPO attack vectors through NTLM relaying (and more) +gpp-decrypt,https://github.com/t0thkr1s/gpp-decrypt,A tool to decrypt Group Policy Preferences passwords +h2csmuggler,https://github.com/BishopFox/h2csmuggler,HTTP Request Smuggling tool using H2C upgrade +haiti,https://github.com/noraj/haiti,haiti is a A CLI tool (and library) to identify hash types (hash type identifier). +hakrawler,https://github.com/hakluke/hakrawler,a fast web crawler for gathering URLs and other information from websites +hakrevdns,https://github.com/hakluke/hakrevdns,Reverse DNS lookup utility that can help with discovering subdomains and other information. +hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery +hashonymize,https://github.com/ShutdownRepo/hashonymize,This small tool is aimed at anonymizing hashes files for offline but online cracking like Google Collab for instance (see https://github.com/ShutdownRepo/google-colab-hashcat). +Havoc,https://github.com/HavocFramework/Havoc,Command & Control Framework +hping3,https://github.com/antirez/hping,A network tool able to send custom TCP/IP packets +httpmethods,https://github.com/ShutdownRepo/httpmethods,Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.) +httprobe,https://github.com/tomnomnom/httprobe,A simple utility for enumerating HTTP and HTTPS servers. +httpx,https://github.com/projectdiscovery/httpx,A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols. +hydra,https://github.com/vanhauser-thc/thc-hydra,Hydra is a parallelized login cracker which supports numerous protocols to attack. +imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. +impacket,https://github.com/ThePorgs/impacket,Set of tools for working with network protocols (ThePorgs version). +iptables,https://linux.die.net/man/8/iptables,Userspace command line tool for configuring kernel firewall +jdwp,https://github.com/IOActive/jdwp-shellifier,This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution. +john,https://github.com/openwall/john,John the Ripper password cracker. +joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites +jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) +kadimus,https://github.com/P0cL4bs/Kadimus,a tool for detecting and exploiting file upload vulnerabilities +KeePwn,https://github.com/Orange-Cyberdefense/KeePwn,KeePwn is a tool that extracts passwords from KeePass 1.x and 2.x databases. +kerbrute,https://github.com/ropnop/kerbrute,A tool to perform Kerberos pre-auth bruteforcing +kiterunner,https://github.com/assetnote/kiterunner,Tool for operating Active Directory environments. +Kraken,https://github.com/kraken-ng/Kraken,Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python. +krbjack,https://github.com/almandin/krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse. +krbrelayx,https://github.com/dirkjanm/krbrelayx,a tool for performing Kerberos relay attacks +ldapdomaindump,https://github.com/dirkjanm/ldapdomaindump,A tool for dumping domain data from an LDAP service +ldaprelayscan,https://github.com/zyn3rgy/LdapRelayScan,Check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication. +ldapsearch,https://wiki.debian.org/LDAP/LDAPUtils,Search for and display entries (ldap) +ldapsearch-ad,https://github.com/yaap7/ldapsearch-ad,LDAP search utility with AD support +LDAPWordlistHarvester,https://github.com/p0dalirius/LDAPWordlistHarvester,Generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts +ldeep,https://github.com/franc-pentest/ldeep,ldeep is a tool to discover hidden paths on Web servers. +legba,https://github.com/evilsocket/legba,a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust +libmspack,https://github.com/kyz/libmspack,C library for Microsoft compression formats. +ligolo-ng,https://github.com/nicocha30/ligolo-ng,An advanced yet simple tunneling tool that uses a TUN interface. +linkfinder,https://github.com/GerbenJavado/LinkFinder,a Python script that finds endpoints and their parameters in JavaScript files. +lnkup,https://github.com/Plazmaz/lnkUp,This tool will allow you to generate LNK payloads. Upon rendering or being run they will exfiltrate data. +lsassy,https://github.com/Hackndo/lsassy,Windows secrets and passwords extraction tool. +manspider,https://github.com/blacklanternsecurity/MANSPIDER,Manspider will crawl every share on every target system. If provided creds don't work it will fall back to 'guest' then to a null session. +mariadb-client,https://github.com/MariaDB/server,MariaDB is a community-developed fork of the MySQL relational database management system. The mariadb-client package includes command-line utilities for interacting with a MariaDB server. +masky,https://github.com/Z4kSec/Masky,Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX or NT hashes and TGT on a larger scope +masscan,https://github.com/robertdavidgraham/masscan,Masscan is an Internet-scale port scanner +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +metasploit,https://github.com/rapid7/metasploit-framework,A popular penetration testing framework that includes many exploits and payloads +mitm6,https://github.com/fox-it/mitm6,Tool to conduct a man-in-the-middle attack against IPv6 protocols. +moodlescan,https://github.com/inc0d3/moodlescan,Scan Moodle sites for information and vulnerabilities. +msprobe,https://github.com/puzzlepeaches/msprobe,msprobe is a tool to identify Microsoft Windows hosts and servers that are running certain services. +naabu,https://github.com/projectdiscovery/naabu,A fast and reliable port scanner that can detect open ports and services. +name-that-hash,https://github.com/HashPals/Name-That-Hash,Online tool for identifying hashes. +nbtscan,https://github.com/charlesroelli/nbtscan,NBTscan is a program for scanning IP networks for NetBIOS name information. +neo4j,https://github.com/neo4j/neo4j,Database. +neovim,https://neovim.io/,hyperextensible Vim-based text editor +netdiscover,https://github.com/netdiscover-scanner/netdiscover,netdiscover is an active/passive address reconnaissance tool +netexec,https://github.com/Pennyw0rth/NetExec,Network scanner (Crackmapexec updated). +ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet +nmap,https://nmap.org,The Network Mapper - a powerful network discovery and security auditing tool +nmap-parse-ouptut,https://github.com/ernw/nmap-parse-output,Converts/manipulates/extracts data from a Nmap scan output. +noPac,https://github.com/Ridter/noPac,Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user. +nosqlmap,https://github.com/codingo/NoSQLMap,a Python tool for testing NoSQL databases for security vulnerabilities. +ntlmv1-multi,https://github.com/evilmog/ntlmv1-multi,Exploit a vulnerability in Microsoft Windows to gain system-level access. +ntlm_theft,https://github.com/Greenwolf/ntlm_theft,A tool for generating multiple types of NTLMv2 hash theft files +nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. +oaburl,https://gist.githubusercontent.com/snovvcrash/4e76aaf2a8750922f546eed81aa51438/raw/96ec2f68a905eed4d519d9734e62edba96fd15ff/oaburl.py,Find Open redirects and other vulnerabilities. +objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. +oneforall,https://github.com/shmilylty/OneForAll,a powerful subdomain collection tool. +onesixtyone,https://github.com/trailofbits/onesixtyone,onesixtyone is an SNMP scanner which utilizes a sweep technique to achieve very high performance. +pass,https://github.com/hashcat/hashcat,TODO +PassTheCert,https://github.com/AlmondOffSec/PassTheCert,PassTheCert is a tool to extract Active Directory user password hashes from a domain controller's local certificate store. +patator,https://github.com/lanjelot/patator,Login scanner. +pcredz,https://github.com/lgandx/PCredz,PowerShell credential dumper +pdfcrack,https://github.com/robins/pdfcrack,A tool for cracking password-protected PDF files +petitpotam,https://github.com/topotam/PetitPotam,Windows machine account manipulation +PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP! +phpggc,https://github.com/ambionics/phpggc,Exploit generation tool for the PHP platform. +pkcrack,https://github.com/keyunluo/pkcrack,tool to generate wordlists of passwords containing cities at a defined distance around the client city +pkinittools,https://github.com/dirkjanm/PKINITtools,Pkinit support tools +polenum,https://github.com/Wh1t3Fox/polenum,Polenum is a Python script which uses the Impacket library to extract user information through the SMB protocol. +powershell,https://github.com/PowerShell/PowerShell,a command-line shell and scripting language designed for system administration and automation +pre2k,https://github.com/garrettfoster13/pre2k,pre2k is a tool to check if a Windows domain has any pre-2000 Windows 2000 logon names still in use. +pretender,https://github.com/RedTeamPentesting/pretender,an mitm tool for helping with relay attacks. +prips,https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html,A utility for quickly generating IP ranges or enumerating hosts within a specified range. +privexchange,https://github.com/dirkjanm/PrivExchange,a tool to perform attacks against Microsoft Exchange server using NTLM relay techniques +proxychains,https://github.com/rofl0r/proxychains,Proxy chains - redirect connections through proxy servers. +pth-tools,https://github.com/byt3bl33d3r/pth-toolkit,A toolkit to perform pass-the-hash attacks +pwncat,https://github.com/calebstewart/pwncat,A lightweight and versatile netcat alternative that includes various additional features. +pygpoabuse,https://github.com/Hackndo/pyGPOAbuse,A tool for abusing GPO permissions to escalate privileges +pykek,https://github.com/preempt/pykek,PyKEK (Python Kerberos Exploitation Kit) a python library to manipulate KRB5-related data. +pylaps,https://github.com/p0dalirius/pylaps,Utility for enumerating and querying LDAP servers. +pypykatz,https://github.com/skelsec/pypykatz,a Python library for mimikatz-like functionality +pywerview,https://github.com/the-useless-one/pywerview,A (partial) Python rewriting of PowerSploit's PowerView. +pywhisker,https://github.com/ShutdownRepo/pywhisker,PyWhisker is a Python equivalent of the original Whisker made by Elad Shamir and written in C#. This tool allows users to manipulate the msDS-KeyCredentialLink attribute of a target user/computer to obtain full control over that object. It's based on Impacket and on a Python equivalent of Michael Grafnetter's DSInternals called PyDSInternals made by podalirius. +pywsus,https://github.com/GoSecure/pywsus,Python implementation of a WSUS client +rdesktop,https://github.com/rdesktop/rdesktop,rdesktop is a client for Remote Desktop Protocol (RDP) used in a number of Microsoft products including Windows NT Terminal Server / Windows 2000 Server / Windows XP and Windows 2003 Server. +redis-tools,https://github.com/antirez/redis-tools,redis-tools is a collection of Redis client utilities including redis-cli and redis-benchmark. +remmina,https://github.com/FreeRDP/Remmina,Remote desktop client. +responder,https://github.com/lgandx/Responder,a LLMNR / NBT-NS and MDNS poisoner. +rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history +ROADtools,https://github.com/dirkjanm/ROADtools,ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components / the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool. +roastinthemiddle,https://github.com/Tw1sm/RITM,RoastInTheMiddle is a tool to intercept and relay NTLM authentication requests. +robotstester,https://github.com/p0dalirius/robotstester,Utility for testing whether a website's robots.txt file is correctly configured. +routersploit,https://github.com/threat9/routersploit,Security audit tool for routers. +rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations +ruler,https://github.com/sensepost/ruler,Outlook Rules exploitation framework. +rusthound (v2),https://github.com/OPENCYBER-FR/RustHound,BloodHound-CE ingestor in Rust. +rusthound,https://github.com/OPENCYBER-FR/RustHound,BloodHound ingestor in Rust. +rustscan,https://github.com/RustScan/RustScan,The Modern Port Scanner +samdump2,https://github.com/azan121468/SAMdump2,A tool to dump Windows NT/2k/XP/Vista password hashes from SAM files +sccmhunter,https://github.com/garrettfoster13/sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain. +sccmwtf,https://github.com/xpn/sccmwtf,This code is designed for exploring SCCM in a lab. +searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB +seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments +shadowcoerce,https://github.com/ShutdownRepo/shadowcoerce,Utility for bypassing the Windows Defender antivirus by hiding a process within a legitimate process. +shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode +shuffledns,https://github.com/projectdiscovery/shuffledns,A fast and customizable DNS resolver that can be used for subdomain enumeration and other tasks. +sliver,https://github.com/BishopFox/sliver,Open source / cross-platform and extensible C2 framework +smartbrute,https://github.com/ShutdownRepo/SmartBrute,The smart password spraying and bruteforcing tool for Active Directory Domain Services. +smbclient,https://github.com/samba-team/samba,SMBclient is a command-line utility that allows you to access Windows shared resources +smbmap,https://github.com/ShawnDEvans/smbmap,A tool to enumerate SMB shares and check for null sessions +smtp-user-enum,https://github.com/pentestmonkey/smtp-user-enum,A tool to enumerate email addresses via SMTP +smuggler,https://github.com/defparam/smuggler,Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place. +SoapUI,https://github.com/SmartBear/soapui,SoapUI is the world's leading testing tool for API testing. +sprayhound,https://github.com/Hackndo/Sprayhound,Active Directory password audit tool. +sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws +ssh-audit,https://github.com/jtesta/ssh-audit,ssh-audit is a tool to test SSH server configuration for best practices. +sshuttle,https://github.com/sshuttle/sshuttle,Transparent proxy server that tunnels traffic through an SSH server +sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers +ssrfmap,https://github.com/swisskyrepo/SSRFmap,a tool for testing SSRF vulnerabilities. +swaks,https://github.com/jetmore/swaks,Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool. +symfony-exploits,https://github.com/ambionics/symfony-exploits,Collection of Symfony exploits and PoCs. +tailscale,https://github.com/tailscale/tailscale,A secure and easy-to-use VPN alternative that is designed for teams and businesses. +targetedKerberoast,https://github.com/ShutdownRepo/targetedKerberoast,Kerberoasting against specific accounts +tcpdump,https://github.com/the-tcpdump-group/tcpdump,a powerful command-line packet analyzer for Unix-like systems +TeamsPhisher,https://github.com/Octoberfest7/TeamsPhisher,TeamsPhisher is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications. +testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers +tig,https://github.com/jonas/tig,Tig is an ncurses-based text-mode interface for git. +timing,https://github.com/ffleming/timing_attack,Tool to generate a timing profile for a given command. +tls-scanner,https://github.com/tls-attacker/tls-scanner,a simple script to check the security of a remote TLS/SSL web server +tomcatwardeployer,https://github.com/mgeeky/tomcatwardeployer,Script to deploy war file in Tomcat. +traceroute,https://github.com/iputils/iputils,Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify. +trilium,https://github.com/zadam/trilium,Personal knowledge management system. +tshark,https://github.com/wireshark/wireshark,TShark is a terminal version of Wireshark. +uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. +updog,https://github.com/sc0tfree/updog,Simple replacement for Python's SimpleHTTPServer. +upx,https://github.com/upx/upx,UPX is an advanced executable packer +username-anarchy,https://github.com/urbanadventurer/username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. +Villain,https://github.com/t3l3machus/Villain,Command & Control Framework +wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. +webclientservicescanner,https://github.com/Hackndo/webclientservicescanner,Scans for web service endpoints +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +wfuzz,https://github.com/xmendez/wfuzz,WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques +whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information +whatweb,https://github.com/urbanadventurer/WhatWeb,Next generation web scanner that identifies what websites are running. +windapsearch-go,https://github.com/ropnop/go-windapsearch/,Active Directory enumeration tool. +wireshark,https://github.com/wireshark/wireshark,Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level. +wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites +wuzz,https://github.com/asciimoo/wuzz,a command-line tool for interacting with HTTP(S) web services +XSpear,https://github.com/hahwul/XSpear,a powerful XSS scanning and exploitation tool. +xsrfprobe,https://github.com/0xInfection/XSRFProbe,a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities +xsser,https://github.com/epsylon/xsser,XSS scanner. +xsstrike,https://github.com/s0md3v/XSStrike,a Python tool for detecting and exploiting XSS vulnerabilities. +xtightvncviewer,https://www.commandlinux.com/man-page/man1/xtightvncviewer.1.html,xtightvncviewer is an open source VNC client software. +ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. +yt-dlp,https://github.com/yt-dlp/yt-dlp,A youtube-dl fork with additional features and fixes +zerologon,https://github.com/SecuraBV/CVE-2020-1472,Exploit for the Zerologon vulnerability (CVE-2020-1472). diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index d45f136..007c06d 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +ad,3.1.4,2024-05-04T21:24:09Z,:download:`ad_3.1.4_amd64.csv ` light,3.1.4,2024-05-04T21:15:16Z,:download:`light_3.1.4_amd64.csv ` web,3.1.4,2024-05-04T21:05:04Z,:download:`web_3.1.4_amd64.csv ` osint,3.1.4,2024-05-04T20:58:48Z,:download:`osint_3.1.4_amd64.csv `