From aa9ba1634c413fbaf55ba9866cce39a674b8dd85 Mon Sep 17 00:00:00 2001 From: Ranma <54248704+cHJlaXpoZXI@users.noreply.github.com> Date: Thu, 19 Sep 2024 20:18:34 +0000 Subject: [PATCH 01/36] Arsenal custom cheatsheet added --- source/exegol-image/my-resources.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/source/exegol-image/my-resources.rst b/source/exegol-image/my-resources.rst index c1e1cff..b168e39 100644 --- a/source/exegol-image/my-resources.rst +++ b/source/exegol-image/my-resources.rst @@ -175,6 +175,15 @@ additional configuration files will be automatically loaded by zsh to take into .. tip:: It is possible to install **plugins** with the APT customization system, details :ref:`here `. +:code:`arsenal` (cheats) +~~~~~~~~~~~~~~~~~~~ + +Exegol supports adding its own arsenal **cheatsheets** file (rst or md file). + +* To automatically add all your cheatsheets into Exegol, simply put all of them in the folder ``/opt/my-resources/setup/cheatsheet/`` + +.. tip:: + You can create a structure with folders if you want some organization .. _User-setup: From cc29a295e3401c118ec739aa48f0cb1d7e02691e Mon Sep 17 00:00:00 2001 From: Ranma <54248704+cHJlaXpoZXI@users.noreply.github.com> Date: Thu, 26 Sep 2024 18:48:48 +0200 Subject: [PATCH 02/36] changed path to match with PR --- source/exegol-image/my-resources.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/exegol-image/my-resources.rst b/source/exegol-image/my-resources.rst index b168e39..8316949 100644 --- a/source/exegol-image/my-resources.rst +++ b/source/exegol-image/my-resources.rst @@ -180,7 +180,7 @@ additional configuration files will be automatically loaded by zsh to take into Exegol supports adding its own arsenal **cheatsheets** file (rst or md file). -* To automatically add all your cheatsheets into Exegol, simply put all of them in the folder ``/opt/my-resources/setup/cheatsheet/`` +* To automatically add all your cheatsheets into Exegol, simply put all of them in the folder ``/opt/my-resources/setup/my-cheats/`` .. tip:: You can create a structure with folders if you want some organization From 2d69e85e68a98790141dceb685ffffbf29fe76ec Mon Sep 17 00:00:00 2001 From: Ranma <54248704+cHJlaXpoZXI@users.noreply.github.com> Date: Thu, 26 Sep 2024 19:02:22 +0200 Subject: [PATCH 03/36] Fix nonsense sentence --- source/exegol-image/my-resources.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/exegol-image/my-resources.rst b/source/exegol-image/my-resources.rst index 8316949..74d450a 100644 --- a/source/exegol-image/my-resources.rst +++ b/source/exegol-image/my-resources.rst @@ -178,7 +178,7 @@ additional configuration files will be automatically loaded by zsh to take into :code:`arsenal` (cheats) ~~~~~~~~~~~~~~~~~~~ -Exegol supports adding its own arsenal **cheatsheets** file (rst or md file). +Exegol supports adding your own arsenal **cheatsheets** file (rst or md file). * To automatically add all your cheatsheets into Exegol, simply put all of them in the folder ``/opt/my-resources/setup/my-cheats/`` From e723f37666276092cb0bd82e153d0429a71b9ff1 Mon Sep 17 00:00:00 2001 From: Ranma <54248704+cHJlaXpoZXI@users.noreply.github.com> Date: Thu, 3 Oct 2024 21:03:16 +0200 Subject: [PATCH 04/36] change folder + add image version --- source/exegol-image/my-resources.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source/exegol-image/my-resources.rst b/source/exegol-image/my-resources.rst index 74d450a..73fc295 100644 --- a/source/exegol-image/my-resources.rst +++ b/source/exegol-image/my-resources.rst @@ -177,10 +177,12 @@ additional configuration files will be automatically loaded by zsh to take into :code:`arsenal` (cheats) ~~~~~~~~~~~~~~~~~~~ +.. seealso:: + Available from version ``3.1.5`` of any exegol image. Exegol supports adding your own arsenal **cheatsheets** file (rst or md file). -* To automatically add all your cheatsheets into Exegol, simply put all of them in the folder ``/opt/my-resources/setup/my-cheats/`` +* To automatically add all your cheatsheets into Exegol, simply put all of them in the folder ``/opt/my-resources/setup/arsenal-cheats/`` .. tip:: You can create a structure with folders if you want some organization From 6ae4d93eff512f659572c22947fc398a6e177494 Mon Sep 17 00:00:00 2001 From: Charlie Bromberg <40902872+ShutdownRepo@users.noreply.github.com> Date: Mon, 7 Oct 2024 14:53:31 +0200 Subject: [PATCH 05/36] Update my-resources.rst --- source/exegol-image/my-resources.rst | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/source/exegol-image/my-resources.rst b/source/exegol-image/my-resources.rst index 73fc295..84a3e76 100644 --- a/source/exegol-image/my-resources.rst +++ b/source/exegol-image/my-resources.rst @@ -176,13 +176,11 @@ additional configuration files will be automatically loaded by zsh to take into It is possible to install **plugins** with the APT customization system, details :ref:`here `. :code:`arsenal` (cheats) -~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~ .. seealso:: Available from version ``3.1.5`` of any exegol image. -Exegol supports adding your own arsenal **cheatsheets** file (rst or md file). - -* To automatically add all your cheatsheets into Exegol, simply put all of them in the folder ``/opt/my-resources/setup/arsenal-cheats/`` +Exegol supports adding a custom cheatsheets file (rst or md file) for Arsenal (https://github.com/Orange-Cyberdefense/arsenal) by moving them in the folder ``/opt/my-resources/setup/arsenal-cheats/``. .. tip:: You can create a structure with folders if you want some organization From 00c804790f5d460a93e1f47c88560042dd79de06 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Mon, 7 Oct 2024 23:28:35 +0200 Subject: [PATCH 06/36] PIPELINE: tools list for ad_3.1.5_amd64 --- .../installed_tools/lists/ad_3.1.5_amd64.csv | 254 ++++++++++++++++++ .../assets/installed_tools/releases_amd64.csv | 1 + 2 files changed, 255 insertions(+) create mode 100644 source/assets/installed_tools/lists/ad_3.1.5_amd64.csv diff --git a/source/assets/installed_tools/lists/ad_3.1.5_amd64.csv b/source/assets/installed_tools/lists/ad_3.1.5_amd64.csv new file mode 100644 index 0000000..b4ad50a --- /dev/null +++ b/source/assets/installed_tools/lists/ad_3.1.5_amd64.csv @@ -0,0 +1,254 @@ +Tool,Link,Description +abuseACL,https://github.com/AetherBlack/abuseACL,A python script to automatically list vulnerable Windows ACEs/ACLs. +aclpwn,https://github.com/aas-n/aclpwn.py,Tool for testing the security of Active Directory access controls. +AD-miner,https://github.com/Mazars-Tech/AD_Miner,Active Directory audit tool that leverages cypher queries. +adidnsdump,https://github.com/dirkjanm/adidnsdump,Active Directory Integrated DNS dump utility +amass,https://github.com/OWASP/Amass,A DNS enumeration / attack surface mapping & external assets discovery tool +amber,https://github.com/EgeBalci/amber,Forensic tool to recover browser history / cookies and credentials +anew,https://github.com/tomnomnom/anew,A simple tool for filtering and manipulating text data / such as log files and other outputs. +arjun,https://github.com/s0md3v/Arjun,HTTP parameter discovery suite. +arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +asrepcatcher,https://github.com/Yaxxine7/ASRepCatcher,Make your VLAN ASREProastable. +autorecon,https://github.com/Tib3rius/AutoRecon,Multi-threaded network reconnaissance tool which performs automated enumeration of services. +bloodhound,https://github.com/BloodHoundAD/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments. +BloodHound-CE,https://github.com/SpecterOps/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments (Community Edition) +bloodhound-ce.py,https://github.com/fox-it/BloodHound.py,BloodHound-CE ingestor in Python. +bloodhound-import,https://github.com/fox-it/BloodHound.py,Import data into BloodHound for analyzing active directory trust relationships +bloodhound-quickwin,https://github.com/kaluche/bloodhound-quickwin,A tool for BloodHounding on Windows machines without .NET or Powershell installed +bloodhound.py,https://github.com/fox-it/BloodHound.py,BloodHound ingestor in Python. +bloodyAD,https://github.com/CravateRouge/bloodyAD,bloodyAD is an Active Directory privilege escalation swiss army knife. +bolt,https://github.com/s0md3v/bolt,Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. +bqm,https://github.com/Acceis/bqm,Tool to deduplicate custom BloudHound queries from different datasets and merge them in one file. +bruteforce-luks,https://github.com/glv2/bruteforce-luks,A tool to help recover encrypted LUKS2 containers +burpsuite,https://portswigger.net/burp,Web application security testing tool. +byp4xx,https://github.com/lobuhi/byp4xx,A Swiss Army knife for bypassing web application firewalls and filters. +certipy,https://github.com/ly4k/Certipy,Python tool to create and sign certificates +certsync,https://github.com/zblurx/certsync,certsync is a tool that helps you synchronize certificates between two directories. +cewl,https://digi.ninja/projects/cewl.php,Generates custom wordlists by spidering a target's website and parsing the results +cewler,https://github.com/roys/cewler,CeWL alternative in Python +chisel,https://github.com/jpillora/chisel,Go based TCP tunnel with authentication and encryption support +cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. +clusterd,https://github.com/hatRiot/clusterd,A tool to distribute and remotely manage Hacking Team's RCS agents. +cmsmap,https://github.com/Dionach/CMSmap,Tool for security audit of web content management systems. +coercer,https://github.com/p0dalirius/coercer,DFS-R target coercion tool +conpass,https://github.com/login-securite/conpass,Python tool for continuous password spraying taking into account the password policy. +corscanner,https://github.com/chenjj/CORScanner,a Python script for finding CORS misconfigurations. +crackhound,https://github.com/trustedsec/crackhound,A fast WPA/WPA2/WPA3 WiFi Handshake capture / password recovery and analysis tool +creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. +crunch,https://github.com/crunchsec/crunch,A wordlist generator where you can specify a standard character set or a character set you specify. +cupp,https://github.com/Mebus/cupp,Cupp is a tool used to generate personalized password lists based on target information. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +cyperoth,https://github.com/seajaysec/cypheroth,Automated extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. +darkarmour,https://github.com/bats3c/darkarmour,a tool to detect and evade common antivirus products +dfscoerce,https://github.com/Wh04m1001/dfscoerce,DFS-R target coercion tool +dirb,https://github.com/v0re/dirb,Web Content Scanner +dirsearch,https://github.com/maurosoria/dirsearch,Tool for searching files and directories on a web site. +divideandscan,https://github.com/snovvcrash/divideandscan,Advanced subdomain scanner +dns2tcp,https://github.com/alex-sector/dns2tcp,dns2tcp is a tool for relaying TCP connections over DNS. +dnschef,https://github.com/iphelix/dnschef,Tool for DNS MITM attacks +dnsx,https://github.com/projectdiscovery/dnsx,A tool for DNS reconnaissance that can help identify subdomains and other related domains. +donpapi,https://github.com/login-securite/DonPAPI,Dumping revelant information on compromised targets without AV detection +dploot,https://github.com/zblurx/dploot,dploot is Python rewrite of SharpDPAPI written un C#. +droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. +drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. +eaphammer,https://github.com/s0lst1c3/eaphammer,EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. +empire,https://github.com/BC-SECURITY/Empire,post-exploitation and adversary emulation framework +enum4linux-ng,https://github.com/cddmp/enum4linux-ng,Tool for enumerating information from Windows and Samba systems. +enyx,https://github.com/trickster0/enyx,Framework for building offensive security tools. +evilwinrm,https://github.com/Hackplayers/evil-winrm,Tool to connect to a remote Windows system with WinRM. +ExtractBitlockerKeys,https://github.com/p0dalirius/ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain. +eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. +fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. +feroxbuster,https://github.com/epi052/feroxbuster,Simple / fast and recursive content discovery tool +ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. +fierce,https://github.com/mschwager/fierce,A DNS reconnaissance tool for locating non-contiguous IP space +finduncommonshares,https://github.com/p0dalirius/FindUncommonShares,Script that can help identify shares that are not commonly found on a Windows system. +firefox,https://www.mozilla.org,A web browser +freeipscanner,https://github.com/scrt/freeipscanner,A simple bash script to enumerate stale ADIDNS entries +freerdp2-x11,https://github.com/FreeRDP/FreeRDP,FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) released under the Apache license. +fuxploider,https://github.com/almandin/fuxploider,a Python tool for finding and exploiting file upload forms/directories. +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +gau,https://github.com/lc/gau,Fast tool for fetching URLs +genusernames,https://gitlab.com/-/snippets/2480505/raw/main/bash,GenUsername is a Python tool for generating a list of usernames based on a name or email address. +geowordlists,https://github.com/p0dalirius/GeoWordlists,tool to generate wordlists of passwords containing cities at a defined distance around the client city. +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +git-dumper,https://github.com/arthaud/git-dumper,Small script to dump a Git repository from a website. +gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. +gmsadumper,https://github.com/micahvandeusen/gMSADumper,A tool for extracting credentials and other information from a Microsoft Active Directory domain. +gobuster,https://github.com/OJ/gobuster,Tool to discover hidden files and directories. +goldencopy,https://github.com/Dramelac/GoldenCopy,Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket +gopherus,https://github.com/tarunkant/Gopherus,Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. +gosecretsdump,https://github.com/c-sto/gosecretsdump,Implements NTLMSSP network authentication protocol in Go +goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. +gowitness,https://github.com/sensepost/gowitness,A website screenshot utility written in Golang. +GPOddity,https://github.com/synacktiv/GPOddity,Aiming at automating GPO attack vectors through NTLM relaying (and more) +gpp-decrypt,https://github.com/t0thkr1s/gpp-decrypt,A tool to decrypt Group Policy Preferences passwords +h2csmuggler,https://github.com/BishopFox/h2csmuggler,HTTP Request Smuggling tool using H2C upgrade +haiti,https://github.com/noraj/haiti,haiti is a A CLI tool (and library) to identify hash types (hash type identifier). +hakrawler,https://github.com/hakluke/hakrawler,a fast web crawler for gathering URLs and other information from websites +hakrevdns,https://github.com/hakluke/hakrevdns,Reverse DNS lookup utility that can help with discovering subdomains and other information. +hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery +hashonymize,https://github.com/ShutdownRepo/hashonymize,This small tool is aimed at anonymizing hashes files for offline but online cracking like Google Collab for instance (see https://github.com/ShutdownRepo/google-colab-hashcat). +Havoc,https://github.com/HavocFramework/Havoc,Command & Control Framework +hping3,https://github.com/antirez/hping,A network tool able to send custom TCP/IP packets +httpmethods,https://github.com/ShutdownRepo/httpmethods,Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.) +httprobe,https://github.com/tomnomnom/httprobe,A simple utility for enumerating HTTP and HTTPS servers. +httpx,https://github.com/projectdiscovery/httpx,A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols. +hydra,https://github.com/vanhauser-thc/thc-hydra,Hydra is a parallelized login cracker which supports numerous protocols to attack. +imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. +impacket,https://github.com/ThePorgs/impacket,Set of tools for working with network protocols (ThePorgs version). +iptables,https://linux.die.net/man/8/iptables,Userspace command line tool for configuring kernel firewall +jdwp,https://github.com/IOActive/jdwp-shellifier,This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution. +john,https://github.com/openwall/john,John the Ripper password cracker. +joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites +jsluice,https://github.com/BishopFox/jsluice,Extract URLs / paths / secrets and other interesting data from JavaScript source code. +jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) +kadimus,https://github.com/P0cL4bs/Kadimus,a tool for detecting and exploiting file upload vulnerabilities +katana,https://github.com/projectdiscovery/katana,A next-generation crawling and spidering framework. +KeePwn,https://github.com/Orange-Cyberdefense/KeePwn,KeePwn is a tool that extracts passwords from KeePass 1.x and 2.x databases. +kerbrute,https://github.com/ropnop/kerbrute,A tool to perform Kerberos pre-auth bruteforcing +kiterunner,https://github.com/assetnote/kiterunner,Tool for operating Active Directory environments. +Kraken,https://github.com/kraken-ng/Kraken,Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python. +krbjack,https://github.com/almandin/krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse. +krbrelayx,https://github.com/dirkjanm/krbrelayx,a tool for performing Kerberos relay attacks +ldapdomaindump,https://github.com/dirkjanm/ldapdomaindump,A tool for dumping domain data from an LDAP service +ldaprelayscan,https://github.com/zyn3rgy/LdapRelayScan,Check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication. +ldapsearch,https://wiki.debian.org/LDAP/LDAPUtils,Search for and display entries (ldap) +ldapsearch-ad,https://github.com/yaap7/ldapsearch-ad,LDAP search utility with AD support +LDAPWordlistHarvester,https://github.com/p0dalirius/LDAPWordlistHarvester,Generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts +ldeep,https://github.com/franc-pentest/ldeep,ldeep is a tool to discover hidden paths on Web servers. +legba,https://github.com/evilsocket/legba,a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust +libmspack,https://github.com/kyz/libmspack,C library for Microsoft compression formats. +ligolo-ng,https://github.com/nicocha30/ligolo-ng,An advanced yet simple tunneling tool that uses a TUN interface. +linkfinder,https://github.com/GerbenJavado/LinkFinder,a Python script that finds endpoints and their parameters in JavaScript files. +lnkup,https://github.com/Plazmaz/lnkUp,This tool will allow you to generate LNK payloads. Upon rendering or being run they will exfiltrate data. +lsassy,https://github.com/Hackndo/lsassy,Windows secrets and passwords extraction tool. +manspider,https://github.com/blacklanternsecurity/MANSPIDER,Manspider will crawl every share on every target system. If provided creds don't work it will fall back to 'guest' then to a null session. +mariadb-client,https://github.com/MariaDB/server,MariaDB is a community-developed fork of the MySQL relational database management system. The mariadb-client package includes command-line utilities for interacting with a MariaDB server. +masky,https://github.com/Z4kSec/Masky,Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX or NT hashes and TGT on a larger scope +masscan,https://github.com/robertdavidgraham/masscan,Masscan is an Internet-scale port scanner +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +metasploit,https://github.com/rapid7/metasploit-framework,A popular penetration testing framework that includes many exploits and payloads +mitm6,https://github.com/fox-it/mitm6,Tool to conduct a man-in-the-middle attack against IPv6 protocols. +moodlescan,https://github.com/inc0d3/moodlescan,Scan Moodle sites for information and vulnerabilities. +msprobe,https://github.com/puzzlepeaches/msprobe,msprobe is a tool to identify Microsoft Windows hosts and servers that are running certain services. +naabu,https://github.com/projectdiscovery/naabu,A fast and reliable port scanner that can detect open ports and services. +name-that-hash,https://github.com/HashPals/Name-That-Hash,Online tool for identifying hashes. +nbtscan,https://github.com/charlesroelli/nbtscan,NBTscan is a program for scanning IP networks for NetBIOS name information. +neo4j,https://github.com/neo4j/neo4j,Database. +neovim,https://neovim.io/,hyperextensible Vim-based text editor +netdiscover,https://github.com/netdiscover-scanner/netdiscover,netdiscover is an active/passive address reconnaissance tool +netexec,https://github.com/Pennyw0rth/NetExec,Network scanner (Crackmapexec updated). +ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet +nmap,https://nmap.org,The Network Mapper - a powerful network discovery and security auditing tool +nmap-parse-ouptut,https://github.com/ernw/nmap-parse-output,Converts/manipulates/extracts data from a Nmap scan output. +noPac,https://github.com/Ridter/noPac,Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user. +nosqlmap,https://github.com/codingo/NoSQLMap,a Python tool for testing NoSQL databases for security vulnerabilities. +ntlmv1-multi,https://github.com/evilmog/ntlmv1-multi,Exploit a vulnerability in Microsoft Windows to gain system-level access. +ntlm_theft,https://github.com/Greenwolf/ntlm_theft,A tool for generating multiple types of NTLMv2 hash theft files +nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. +oaburl,https://gist.githubusercontent.com/snovvcrash/4e76aaf2a8750922f546eed81aa51438/raw/96ec2f68a905eed4d519d9734e62edba96fd15ff/oaburl.py,Find Open redirects and other vulnerabilities. +objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. +oneforall,https://github.com/shmilylty/OneForAll,a powerful subdomain collection tool. +onesixtyone,https://github.com/trailofbits/onesixtyone,onesixtyone is an SNMP scanner which utilizes a sweep technique to achieve very high performance. +pass,https://github.com/hashcat/hashcat,TODO +PassTheCert,https://github.com/AlmondOffSec/PassTheCert,PassTheCert is a tool to extract Active Directory user password hashes from a domain controller's local certificate store. +patator,https://github.com/lanjelot/patator,Login scanner. +pcredz,https://github.com/lgandx/PCredz,PowerShell credential dumper +pdfcrack,https://github.com/robins/pdfcrack,A tool for cracking password-protected PDF files +petitpotam,https://github.com/topotam/PetitPotam,Windows machine account manipulation +PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP! +phpggc,https://github.com/ambionics/phpggc,Exploit generation tool for the PHP platform. +pkcrack,https://github.com/keyunluo/pkcrack,tool to generate wordlists of passwords containing cities at a defined distance around the client city +pkinittools,https://github.com/dirkjanm/PKINITtools,Pkinit support tools +polenum,https://github.com/Wh1t3Fox/polenum,Polenum is a Python script which uses the Impacket library to extract user information through the SMB protocol. +postman,https://www.postman.com/,API platform for testing APIs +powershell,https://github.com/PowerShell/PowerShell,a command-line shell and scripting language designed for system administration and automation +pre2k,https://github.com/garrettfoster13/pre2k,pre2k is a tool to check if a Windows domain has any pre-2000 Windows 2000 logon names still in use. +pretender,https://github.com/RedTeamPentesting/pretender,an mitm tool for helping with relay attacks. +prips,https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html,A utility for quickly generating IP ranges or enumerating hosts within a specified range. +privexchange,https://github.com/dirkjanm/PrivExchange,a tool to perform attacks against Microsoft Exchange server using NTLM relay techniques +proxychains,https://github.com/rofl0r/proxychains,Proxy chains - redirect connections through proxy servers. +pth-tools,https://github.com/byt3bl33d3r/pth-toolkit,A toolkit to perform pass-the-hash attacks +pwncat,https://github.com/calebstewart/pwncat,A lightweight and versatile netcat alternative that includes various additional features. +pygpoabuse,https://github.com/Hackndo/pyGPOAbuse,A tool for abusing GPO permissions to escalate privileges +pykek,https://github.com/preempt/pykek,PyKEK (Python Kerberos Exploitation Kit) a python library to manipulate KRB5-related data. +pylaps,https://github.com/p0dalirius/pylaps,Utility for enumerating and querying LDAP servers. +pypykatz,https://github.com/skelsec/pypykatz,a Python library for mimikatz-like functionality +pywerview,https://github.com/the-useless-one/pywerview,A (partial) Python rewriting of PowerSploit's PowerView. +pywhisker,https://github.com/ShutdownRepo/pywhisker,PyWhisker is a Python equivalent of the original Whisker made by Elad Shamir and written in C#. This tool allows users to manipulate the msDS-KeyCredentialLink attribute of a target user/computer to obtain full control over that object. It's based on Impacket and on a Python equivalent of Michael Grafnetter's DSInternals called PyDSInternals made by podalirius. +pywsus,https://github.com/GoSecure/pywsus,Python implementation of a WSUS client +rdesktop,https://github.com/rdesktop/rdesktop,rdesktop is a client for Remote Desktop Protocol (RDP) used in a number of Microsoft products including Windows NT Terminal Server / Windows 2000 Server / Windows XP and Windows 2003 Server. +redis-tools,https://github.com/antirez/redis-tools,redis-tools is a collection of Redis client utilities including redis-cli and redis-benchmark. +responder,https://github.com/lgandx/Responder,a LLMNR / NBT-NS and MDNS poisoner. +rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history +ROADtools,https://github.com/dirkjanm/ROADtools,ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components / the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool. +roastinthemiddle,https://github.com/Tw1sm/RITM,RoastInTheMiddle is a tool to intercept and relay NTLM authentication requests. +robotstester,https://github.com/p0dalirius/robotstester,Utility for testing whether a website's robots.txt file is correctly configured. +routersploit,https://github.com/threat9/routersploit,Security audit tool for routers. +rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations +ruler,https://github.com/sensepost/ruler,Outlook Rules exploitation framework. +rusthound (v2),https://github.com/NH-RED-TEAM/RustHound,BloodHound-CE ingestor in Rust. +rusthound,https://github.com/NH-RED-TEAM/RustHound,BloodHound ingestor in Rust. +rustscan,https://github.com/RustScan/RustScan,The Modern Port Scanner +samdump2,https://github.com/azan121468/SAMdump2,A tool to dump Windows NT/2k/XP/Vista password hashes from SAM files +sccmhunter,https://github.com/garrettfoster13/sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain. +sccmwtf,https://github.com/xpn/sccmwtf,This code is designed for exploring SCCM in a lab. +searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB +seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments +shadowcoerce,https://github.com/ShutdownRepo/shadowcoerce,Utility for bypassing the Windows Defender antivirus by hiding a process within a legitimate process. +shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode +shuffledns,https://github.com/projectdiscovery/shuffledns,A fast and customizable DNS resolver that can be used for subdomain enumeration and other tasks. +sliver,https://github.com/BishopFox/sliver,Open source / cross-platform and extensible C2 framework +smartbrute,https://github.com/ShutdownRepo/SmartBrute,The smart password spraying and bruteforcing tool for Active Directory Domain Services. +smbclient,https://github.com/samba-team/samba,SMBclient is a command-line utility that allows you to access Windows shared resources +smbclient-ng,https://github.com/p0dalirius/smbclient-ng,smbclient-ng is a fast and user friendly way to interact with SMB shares. +smbmap,https://github.com/ShawnDEvans/smbmap,A tool to enumerate SMB shares and check for null sessions +smtp-user-enum,https://github.com/pentestmonkey/smtp-user-enum,A tool to enumerate email addresses via SMTP +smuggler,https://github.com/defparam/smuggler,Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place. +SoapUI,https://github.com/SmartBear/soapui,SoapUI is the world's leading testing tool for API testing. +sprayhound,https://github.com/Hackndo/Sprayhound,Active Directory password audit tool. +sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws +ssh-audit,https://github.com/jtesta/ssh-audit,ssh-audit is a tool to test SSH server configuration for best practices. +sshuttle,https://github.com/sshuttle/sshuttle,Transparent proxy server that tunnels traffic through an SSH server +sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers +ssrfmap,https://github.com/swisskyrepo/SSRFmap,a tool for testing SSRF vulnerabilities. +swaks,https://github.com/jetmore/swaks,Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool. +symfony-exploits,https://github.com/ambionics/symfony-exploits,Collection of Symfony exploits and PoCs. +tailscale,https://github.com/tailscale/tailscale,A secure and easy-to-use VPN alternative that is designed for teams and businesses. +targetedKerberoast,https://github.com/ShutdownRepo/targetedKerberoast,Kerberoasting against specific accounts +tcpdump,https://github.com/the-tcpdump-group/tcpdump,a powerful command-line packet analyzer for Unix-like systems +TeamsPhisher,https://github.com/Octoberfest7/TeamsPhisher,TeamsPhisher is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications. +testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers +tig,https://github.com/jonas/tig,Tig is an ncurses-based text-mode interface for git. +timing,https://github.com/ffleming/timing_attack,Tool to generate a timing profile for a given command. +tls-scanner,https://github.com/tls-attacker/tls-scanner,a simple script to check the security of a remote TLS/SSL web server +tomcatwardeployer,https://github.com/mgeeky/tomcatwardeployer,Script to deploy war file in Tomcat. +traceroute,https://github.com/iputils/iputils,Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify. +trilium,https://github.com/zadam/trilium,Personal knowledge management system. +tshark,https://github.com/wireshark/wireshark,TShark is a terminal version of Wireshark. +uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. +updog,https://github.com/sc0tfree/updog,Simple replacement for Python's SimpleHTTPServer. +uploader,https://github.com/Frozenka/uploader,Tool for quickly downloading files to a remote machine based on the target operating system +upx,https://github.com/upx/upx,UPX is an advanced executable packer +username-anarchy,https://github.com/urbanadventurer/username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. +Villain,https://github.com/t3l3machus/Villain,Command & Control Framework +wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. +webclientservicescanner,https://github.com/Hackndo/webclientservicescanner,Scans for web service endpoints +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +wfuzz,https://github.com/xmendez/wfuzz,WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques +whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information +whatweb,https://github.com/urbanadventurer/WhatWeb,Next generation web scanner that identifies what websites are running. +windapsearch-go,https://github.com/ropnop/go-windapsearch/,Active Directory enumeration tool. +wireshark,https://github.com/wireshark/wireshark,Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level. +wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites +wuzz,https://github.com/asciimoo/wuzz,a command-line tool for interacting with HTTP(S) web services +XSpear,https://github.com/hahwul/XSpear,a powerful XSS scanning and exploitation tool. +xsrfprobe,https://github.com/0xInfection/XSRFProbe,a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities +xsser,https://github.com/epsylon/xsser,XSS scanner. +xsstrike,https://github.com/s0md3v/XSStrike,a Python tool for detecting and exploiting XSS vulnerabilities. +xtightvncviewer,https://www.commandlinux.com/man-page/man1/xtightvncviewer.1.html,xtightvncviewer is an open source VNC client software. +ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. +yt-dlp,https://github.com/yt-dlp/yt-dlp,A youtube-dl fork with additional features and fixes +zerologon,https://github.com/SecuraBV/CVE-2020-1472,Exploit for the Zerologon vulnerability (CVE-2020-1472). diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index 3079632..e8598fd 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +ad,3.1.5,2024-10-07T21:28:34Z,:download:`ad_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` web,3.1.4,2024-05-05T22:26:58Z,:download:`web_3.1.4_amd64.csv ` full,3.1.4,2024-05-05T22:17:31Z,:download:`full_3.1.4_amd64.csv ` From e3cad5299f70dc03deaad10b0b33064ca46bcaab Mon Sep 17 00:00:00 2001 From: Github Actions Date: Mon, 7 Oct 2024 23:38:49 +0200 Subject: [PATCH 07/36] PIPELINE: tools list for light_3.1.5_amd64 --- .../lists/light_3.1.5_amd64.csv | 44 +++++++++++++++++++ .../assets/installed_tools/releases_amd64.csv | 1 + 2 files changed, 45 insertions(+) create mode 100644 source/assets/installed_tools/lists/light_3.1.5_amd64.csv diff --git a/source/assets/installed_tools/lists/light_3.1.5_amd64.csv b/source/assets/installed_tools/lists/light_3.1.5_amd64.csv new file mode 100644 index 0000000..0e9b71d --- /dev/null +++ b/source/assets/installed_tools/lists/light_3.1.5_amd64.csv @@ -0,0 +1,44 @@ +Tool,Link,Description +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +autorecon,https://github.com/Tib3rius/AutoRecon,Multi-threaded network reconnaissance tool which performs automated enumeration of services. +cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. +drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. +enum4linux-ng,https://github.com/cddmp/enum4linux-ng,Tool for enumerating information from Windows and Samba systems. +evilwinrm,https://github.com/Hackplayers/evil-winrm,Tool to connect to a remote Windows system with WinRM. +eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. +fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. +ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. +firefox,https://www.mozilla.org,A web browser +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. +hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery +hydra,https://github.com/vanhauser-thc/thc-hydra,Hydra is a parallelized login cracker which supports numerous protocols to attack. +impacket,https://github.com/ThePorgs/impacket,Set of tools for working with network protocols (ThePorgs version). +john,https://github.com/openwall/john,John the Ripper password cracker. +joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites +jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +metasploit,https://github.com/rapid7/metasploit-framework,A popular penetration testing framework that includes many exploits and payloads +neovim,https://neovim.io/,hyperextensible Vim-based text editor +netexec,https://github.com/Pennyw0rth/NetExec,Network scanner (Crackmapexec updated). +nmap,https://nmap.org,The Network Mapper - a powerful network discovery and security auditing tool +nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. +responder,https://github.com/lgandx/Responder,a LLMNR / NBT-NS and MDNS poisoner. +seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments +simplyemail,https://github.com/SimplySecurity/SimplyEmail,a scriptable command line tool for sending emails +smbclient,https://github.com/samba-team/samba,SMBclient is a command-line utility that allows you to access Windows shared resources +smbmap,https://github.com/ShawnDEvans/smbmap,A tool to enumerate SMB shares and check for null sessions +sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws +sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers +subfinder,https://github.com/projectdiscovery/subfinder,Tool to find subdomains associated with a domain. +testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers +theharvester,https://github.com/laramies/theHarvester,Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources +wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. +waybackurls,https://github.com/tomnomnom/waybackurls,Fetch all the URLs that the Wayback Machine knows about for a domain. +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites +ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index e8598fd..f01c931 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +light,3.1.5,2024-10-07T21:38:47Z,:download:`light_3.1.5_amd64.csv ` ad,3.1.5,2024-10-07T21:28:34Z,:download:`ad_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` web,3.1.4,2024-05-05T22:26:58Z,:download:`web_3.1.4_amd64.csv ` From e6c57f93d92bebdb03058e7cb482f5cf02ffdb59 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Mon, 7 Oct 2024 23:51:41 +0200 Subject: [PATCH 08/36] PIPELINE: tools list for full_3.1.5_amd64 --- .../lists/full_3.1.5_amd64.csv | 382 ++++++++++++++++++ .../assets/installed_tools/releases_amd64.csv | 1 + 2 files changed, 383 insertions(+) create mode 100644 source/assets/installed_tools/lists/full_3.1.5_amd64.csv diff --git a/source/assets/installed_tools/lists/full_3.1.5_amd64.csv b/source/assets/installed_tools/lists/full_3.1.5_amd64.csv new file mode 100644 index 0000000..7832b98 --- /dev/null +++ b/source/assets/installed_tools/lists/full_3.1.5_amd64.csv @@ -0,0 +1,382 @@ +Tool,Link,Description +abuseACL,https://github.com/AetherBlack/abuseACL,A python script to automatically list vulnerable Windows ACEs/ACLs. +aclpwn,https://github.com/aas-n/aclpwn.py,Tool for testing the security of Active Directory access controls. +AD-miner,https://github.com/Mazars-Tech/AD_Miner,Active Directory audit tool that leverages cypher queries. +adidnsdump,https://github.com/dirkjanm/adidnsdump,Active Directory Integrated DNS dump utility +aircrack-ng,https://www.aircrack-ng.org,A suite of tools for wireless penetration testing +amass,https://github.com/OWASP/Amass,A DNS enumeration / attack surface mapping & external assets discovery tool +amber,https://github.com/EgeBalci/amber,Forensic tool to recover browser history / cookies and credentials +androguard,https://github.com/androguard/androguard,Reverse engineering and analysis of Android applications +android-tools-adb,https://developer.android.com/studio/command-line/adb,A collection of tools for debugging Android applications +anew,https://github.com/tomnomnom/anew,A simple tool for filtering and manipulating text data / such as log files and other outputs. +angr,https://github.com/angr/angr,a platform-agnostic binary analysis framework +apksigner,https://source.android.com/security/apksigning,arguably the most important step to optimize your APK file +apktool,https://github.com/iBotPeaches/Apktool,It is a tool for reverse engineering 3rd party / closed / binary Android apps. +arjun,https://github.com/s0md3v/Arjun,HTTP parameter discovery suite. +arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +asrepcatcher,https://github.com/Yaxxine7/ASRepCatcher,Make your VLAN ASREProastable. +assetfinder,https://github.com/tomnomnom/assetfinder,Tool to find subdomains and IP addresses associated with a domain. +autoconf,https://www.gnu.org/software/autoconf/autoconf.html,Tool for producing shell scripts to configure source code packages +autorecon,https://github.com/Tib3rius/AutoRecon,Multi-threaded network reconnaissance tool which performs automated enumeration of services. +avrdude,https://github.com/avrdudes/avrdude,AVRDUDE is a command-line program that allows you to download/upload/manipulate the ROM and EEPROM contents of AVR microcontrollers using the in-system programming technique (ISP). +awscli,https://aws.amazon.com/cli/,Command-line interface for Amazon Web Services. +azure-cli,https://github.com/Azure/azure-cli,A great cloud needs great tools; we're excited to introduce Azure CLI our next generation multi-platform command line experience for Azure. +bettercap,https://github.com/bettercap/bettercap,The Swiss Army knife for 802.11 / BLE / and Ethernet networks reconnaissance and MITM attacks. +binwalk,https://github.com/ReFirmLabs/binwalk,Binwalk is a tool for analyzing / reverse engineering / and extracting firmware images. +Blackbird,https://github.com/p1ngul1n0/blackbird,An OSINT tool to search fast for accounts by username across 581 sites. +bloodhound,https://github.com/BloodHoundAD/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments. +BloodHound-CE,https://github.com/SpecterOps/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments (Community Edition) +bloodhound-ce.py,https://github.com/fox-it/BloodHound.py,BloodHound-CE ingestor in Python. +bloodhound-import,https://github.com/fox-it/BloodHound.py,Import data into BloodHound for analyzing active directory trust relationships +bloodhound-quickwin,https://github.com/kaluche/bloodhound-quickwin,A tool for BloodHounding on Windows machines without .NET or Powershell installed +bloodhound.py,https://github.com/fox-it/BloodHound.py,BloodHound ingestor in Python. +bloodyAD,https://github.com/CravateRouge/bloodyAD,bloodyAD is an Active Directory privilege escalation swiss army knife. +bolt,https://github.com/s0md3v/bolt,Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. +bqm,https://github.com/Acceis/bqm,Tool to deduplicate custom BloudHound queries from different datasets and merge them in one file. +brakeman,https://github.com/presidentbeef/brakeman,Static analysis tool for Ruby on Rails applications +bruteforce-luks,https://github.com/glv2/bruteforce-luks,A tool to help recover encrypted LUKS2 containers +bully,https://github.com/aanarchyy/bully,bully is a tool for brute-forcing WPS (Wireless Protected Setup) PINs. +burpsuite,https://portswigger.net/burp,Web application security testing tool. +buster,https://github.com/sham00n/Buster,Advanced OSINT tool +byp4xx,https://github.com/lobuhi/byp4xx,A Swiss Army knife for bypassing web application firewalls and filters. +carbon14,https://github.com/Lazza/carbon14,OSINT tool for estimating when a web page was written. +Censys,https://github.com/censys/censys-python,An easy-to-use and lightweight API wrapper for Censys APIs +certipy,https://github.com/ly4k/Certipy,Python tool to create and sign certificates +certsync,https://github.com/zblurx/certsync,certsync is a tool that helps you synchronize certificates between two directories. +cewl,https://digi.ninja/projects/cewl.php,Generates custom wordlists by spidering a target's website and parsing the results +cewler,https://github.com/roys/cewler,CeWL alternative in Python +chainsaw,https://github.com/WithSecureLabs/chainsaw,Rapidly Search and Hunt through Windows Forensic Artefacts +checksec-py,https://github.com/Wenzel/checksec.py,Python wrapper script for checksec.sh from paX. +chisel,https://github.com/jpillora/chisel,Go based TCP tunnel with authentication and encryption support +cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. +cloudmapper,https://github.com/duo-labs/cloudmapper,CloudMapper helps you analyze your Amazon Web Services (AWS) environments. +cloudsplaining,https://github.com/salesforce/cloudsplaining,AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report. +cloudsploit,https://github.com/aquasecurity/cloudsploit,Cloud Security Posture Management +clusterd,https://github.com/hatRiot/clusterd,A tool to distribute and remotely manage Hacking Team's RCS agents. +cmsmap,https://github.com/Dionach/CMSmap,Tool for security audit of web content management systems. +coercer,https://github.com/p0dalirius/coercer,DFS-R target coercion tool +conpass,https://github.com/login-securite/conpass,Python tool for continuous password spraying taking into account the password policy. +constellation,https://github.com/constellation-app/Constellation,Find and exploit vulnerabilities in mobile applications. +corscanner,https://github.com/chenjj/CORScanner,a Python script for finding CORS misconfigurations. +cowpatty,https://github.com/joswr1ght/cowpatty,cowpatty is a tool for offline dictionary attacks against WPA-PSK (Pre-Shared Key) networks. +crackhound,https://github.com/trustedsec/crackhound,A fast WPA/WPA2/WPA3 WiFi Handshake capture / password recovery and analysis tool +creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. +crunch,https://github.com/crunchsec/crunch,A wordlist generator where you can specify a standard character set or a character set you specify. +cupp,https://github.com/Mebus/cupp,Cupp is a tool used to generate personalized password lists based on target information. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +cyperoth,https://github.com/seajaysec/cypheroth,Automated extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. +darkarmour,https://github.com/bats3c/darkarmour,a tool to detect and evade common antivirus products +dex2jar,https://github.com/pxb1988/dex2jar,A tool to convert Android's dex files to Java's jar files +dfscoerce,https://github.com/Wh04m1001/dfscoerce,DFS-R target coercion tool +dirb,https://github.com/v0re/dirb,Web Content Scanner +dirsearch,https://github.com/maurosoria/dirsearch,Tool for searching files and directories on a web site. +divideandscan,https://github.com/snovvcrash/divideandscan,Advanced subdomain scanner +dns2tcp,https://github.com/alex-sector/dns2tcp,dns2tcp is a tool for relaying TCP connections over DNS. +dnschef,https://github.com/iphelix/dnschef,Tool for DNS MITM attacks +dnsenum,https://github.com/fwaeytens/dnsenum,dnsenum is a tool for enumerating DNS information about a domain. +dnsx,https://github.com/projectdiscovery/dnsx,A tool for DNS reconnaissance that can help identify subdomains and other related domains. +donpapi,https://github.com/login-securite/DonPAPI,Dumping revelant information on compromised targets without AV detection +dploot,https://github.com/zblurx/dploot,dploot is Python rewrite of SharpDPAPI written un C#. +droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. +drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. +eaphammer,https://github.com/s0lst1c3/eaphammer,EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. +empire,https://github.com/BC-SECURITY/Empire,post-exploitation and adversary emulation framework +enum4linux-ng,https://github.com/cddmp/enum4linux-ng,Tool for enumerating information from Windows and Samba systems. +enyx,https://github.com/trickster0/enyx,Framework for building offensive security tools. +evilwinrm,https://github.com/Hackplayers/evil-winrm,Tool to connect to a remote Windows system with WinRM. +exif,https://exiftool.org/,Utility to read / write and edit metadata in image / audio and video files +exifprobe,https://github.com/hfiguiere/exifprobe,Exifprobe is a command-line tool to parse EXIF data from image files. +exiftool,https://github.com/exiftool/exiftool,ExifTool is a Perl library and command-line tool for reading / writing and editing meta information in image / audio and video files. +exiv2,https://github.com/Exiv2/exiv2,Image metadata library and toolset +ExtractBitlockerKeys,https://github.com/p0dalirius/ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain. +eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. +fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. +fdisk,https://github.com/karelzak/util-linux,Collection of basic system utilities / including fdisk partitioning tool +feroxbuster,https://github.com/epi052/feroxbuster,Simple / fast and recursive content discovery tool +ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. +fierce,https://github.com/mschwager/fierce,A DNS reconnaissance tool for locating non-contiguous IP space +finalrecon,https://github.com/thewhiteh4t/FinalRecon,A web reconnaissance tool that gathers information about web pages +findomain,https://github.com/findomain/findomain,The fastest and cross-platform subdomain enumerator. +finduncommonshares,https://github.com/p0dalirius/FindUncommonShares,Script that can help identify shares that are not commonly found on a Windows system. +firefox,https://www.mozilla.org,A web browser +foremost,https://doc.ubuntu-fr.org/foremost,Foremost is a forensic tool for recovering files based on their headers / footers / and internal data structures. +freeipscanner,https://github.com/scrt/freeipscanner,A simple bash script to enumerate stale ADIDNS entries +freerdp2-x11,https://github.com/FreeRDP/FreeRDP,FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) released under the Apache license. +frida,https://github.com/frida/frida,Dynamic instrumentation toolkit +fuxploider,https://github.com/almandin/fuxploider,a Python tool for finding and exploiting file upload forms/directories. +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +gau,https://github.com/lc/gau,Fast tool for fetching URLs +genusernames,https://gitlab.com/-/snippets/2480505/raw/main/bash,GenUsername is a Python tool for generating a list of usernames based on a name or email address. +GeoPincer,https://github.com/tloja/GeoPincer,GeoPincer is a script that leverages OpenStreetMap's Overpass API in order to search for locations. +geowordlists,https://github.com/p0dalirius/GeoWordlists,tool to generate wordlists of passwords containing cities at a defined distance around the client city. +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +ghidra,https://github.com/NationalSecurityAgency/ghidra,Software reverse engineering suite of tools. +git-dumper,https://github.com/arthaud/git-dumper,Small script to dump a Git repository from a website. +githubemail,https://github.com/paulirish/github-email,a command-line tool to retrieve a user's email from Github. +gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. +gmsadumper,https://github.com/micahvandeusen/gMSADumper,A tool for extracting credentials and other information from a Microsoft Active Directory domain. +gobuster,https://github.com/OJ/gobuster,Tool to discover hidden files and directories. +goldencopy,https://github.com/Dramelac/GoldenCopy,Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket +GoMapEnum,https://github.com/nodauf/GoMapEnum,Nothing new but existing techniques are brought together in one tool. +gopherus,https://github.com/tarunkant/Gopherus,Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. +gosecretsdump,https://github.com/c-sto/gosecretsdump,Implements NTLMSSP network authentication protocol in Go +goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. +gowitness,https://github.com/sensepost/gowitness,A website screenshot utility written in Golang. +GPOddity,https://github.com/synacktiv/GPOddity,Aiming at automating GPO attack vectors through NTLM relaying (and more) +gpp-decrypt,https://github.com/t0thkr1s/gpp-decrypt,A tool to decrypt Group Policy Preferences passwords +gqrx,https://github.com/csete/gqrx,Software defined radio receiver powered by GNU Radio and Qt +gron,https://github.com/tomnomnom/gron,Make JSON greppable! +h2csmuggler,https://github.com/BishopFox/h2csmuggler,HTTP Request Smuggling tool using H2C upgrade +h8mail,https://github.com/khast3x/h8mail,Email OSINT and breach hunting. +hackrf,https://github.com/mossmann/hackrf,Low cost software defined radio platform +haiti,https://github.com/noraj/haiti,haiti is a A CLI tool (and library) to identify hash types (hash type identifier). +hakrawler,https://github.com/hakluke/hakrawler,a fast web crawler for gathering URLs and other information from websites +hakrevdns,https://github.com/hakluke/hakrevdns,Reverse DNS lookup utility that can help with discovering subdomains and other information. +hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery +hashonymize,https://github.com/ShutdownRepo/hashonymize,This small tool is aimed at anonymizing hashes files for offline but online cracking like Google Collab for instance (see https://github.com/ShutdownRepo/google-colab-hashcat). +Havoc,https://github.com/HavocFramework/Havoc,Command & Control Framework +hcxdumptool,https://github.com/ZerBea/hcxdumptool,Small tool to capture packets from wlan devices. +hcxtools,https://github.com/ZerBea/hcxtools,Tools for capturing and analyzing packets from WLAN devices. +hexedit,https://github.com/pixel/hexedit,View and edit binary files +holehe,https://github.com/megadose/holehe,mail osint tool finding out if it is used on websites. +hping3,https://github.com/antirez/hping,A network tool able to send custom TCP/IP packets +httpmethods,https://github.com/ShutdownRepo/httpmethods,Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.) +httprobe,https://github.com/tomnomnom/httprobe,A simple utility for enumerating HTTP and HTTPS servers. +httpx,https://github.com/projectdiscovery/httpx,A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols. +hydra,https://github.com/vanhauser-thc/thc-hydra,Hydra is a parallelized login cracker which supports numerous protocols to attack. +ida,https://www.hex-rays.com/products/ida/,Interactive disassembler for software analysis. +ignorant,https://github.com/megadose/ignorant,holehe but for phone numbers. +imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. +impacket,https://github.com/ThePorgs/impacket,Set of tools for working with network protocols (ThePorgs version). +ipinfo,https://github.com/ipinfo/cli,Get information about an IP address or hostname. +iptables,https://linux.die.net/man/8/iptables,Userspace command line tool for configuring kernel firewall +jackit,https://github.com/insecurityofthings/jackit,Exploit to take over a wireless mouse and keyboard +jadx,https://github.com/skylot/jadx,Java decompiler +jd-gui,https://github.com/java-decompiler/jd-gui,A standalone Java Decompiler GUI +jdwp,https://github.com/IOActive/jdwp-shellifier,This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution. +john,https://github.com/openwall/john,John the Ripper password cracker. +joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites +jsluice,https://github.com/BishopFox/jsluice,Extract URLs / paths / secrets and other interesting data from JavaScript source code. +jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) +kadimus,https://github.com/P0cL4bs/Kadimus,a tool for detecting and exploiting file upload vulnerabilities +katana,https://github.com/projectdiscovery/katana,A next-generation crawling and spidering framework. +KeePwn,https://github.com/Orange-Cyberdefense/KeePwn,KeePwn is a tool that extracts passwords from KeePass 1.x and 2.x databases. +kerbrute,https://github.com/ropnop/kerbrute,A tool to perform Kerberos pre-auth bruteforcing +kiterunner,https://github.com/assetnote/kiterunner,Tool for operating Active Directory environments. +Kraken,https://github.com/kraken-ng/Kraken,Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python. +krbjack,https://github.com/almandin/krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse. +krbrelayx,https://github.com/dirkjanm/krbrelayx,a tool for performing Kerberos relay attacks +kubectl,https://kubernetes.io/docs/reference/kubectl/overview/,Command-line interface for managing Kubernetes clusters. +ldapdomaindump,https://github.com/dirkjanm/ldapdomaindump,A tool for dumping domain data from an LDAP service +ldaprelayscan,https://github.com/zyn3rgy/LdapRelayScan,Check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication. +ldapsearch,https://wiki.debian.org/LDAP/LDAPUtils,Search for and display entries (ldap) +ldapsearch-ad,https://github.com/yaap7/ldapsearch-ad,LDAP search utility with AD support +LDAPWordlistHarvester,https://github.com/p0dalirius/LDAPWordlistHarvester,Generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts +ldeep,https://github.com/franc-pentest/ldeep,ldeep is a tool to discover hidden paths on Web servers. +legba,https://github.com/evilsocket/legba,a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust +libmspack,https://github.com/kyz/libmspack,C library for Microsoft compression formats. +libnfc,https://github.com/grundid/nfctools,Library for Near Field Communication (NFC) devices +libnfc-crypto1-crack,https://github.com/droidnewbie2/acr122uNFC,Implementation of cryptographic attack on Mifare Classic RFID cards +libusb-dev,https://github.com/libusb/libusb,Library for USB device access +ligolo-ng,https://github.com/nicocha30/ligolo-ng,An advanced yet simple tunneling tool that uses a TUN interface. +linkedin2username,https://github.com/initstring/linkedin2username,Generate a list of LinkedIn usernames from a company name. +linkfinder,https://github.com/GerbenJavado/LinkFinder,a Python script that finds endpoints and their parameters in JavaScript files. +lnkup,https://github.com/Plazmaz/lnkUp,This tool will allow you to generate LNK payloads. Upon rendering or being run they will exfiltrate data. +lsassy,https://github.com/Hackndo/lsassy,Windows secrets and passwords extraction tool. +ltrace,https://github.com/dkogan/ltrace,ltrace is a debugging program for Linux and Unix that intercepts and records dynamic library calls that are called by an executed process. +maigret,https://github.com/soxoj/maigret,Collects information about a target email (or domain) from Google and Bing search results +maltego,https://www.paterva.com/web7/downloads.php,A tool used for open-source intelligence and forensics +manspider,https://github.com/blacklanternsecurity/MANSPIDER,Manspider will crawl every share on every target system. If provided creds don't work it will fall back to 'guest' then to a null session. +mariadb-client,https://github.com/MariaDB/server,MariaDB is a community-developed fork of the MySQL relational database management system. The mariadb-client package includes command-line utilities for interacting with a MariaDB server. +masky,https://github.com/Z4kSec/Masky,Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX or NT hashes and TGT on a larger scope +masscan,https://github.com/robertdavidgraham/masscan,Masscan is an Internet-scale port scanner +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +metasploit,https://github.com/rapid7/metasploit-framework,A popular penetration testing framework that includes many exploits and payloads +mfcuk,https://github.com/nfc-tools/mfcuk,Implementation of an attack on Mifare Classic and Plus RFID cards +mfdread,https://github.com/zhovner/mfdread,Tool for reading/writing Mifare RFID tags +mfoc,https://github.com/nfc-tools/mfoc,Implementation of 'offline nested' attack by Nethemba +minicom,https://doc.ubuntu-fr.org/minicom,Minicom is a text-based serial communication program for Unix-like operating systems. +mitm6,https://github.com/fox-it/mitm6,Tool to conduct a man-in-the-middle attack against IPv6 protocols. +mobsf,https://github.com/MobSF/Mobile-Security-Framework-MobSF,Automated and all-in-one mobile application (Android/iOS/Windows) pen-testing malware analysis and security assessment framework +moodlescan,https://github.com/inc0d3/moodlescan,Scan Moodle sites for information and vulnerabilities. +mousejack,https://github.com/BastilleResearch/mousejack,Exploit to take over a wireless mouse and keyboard +msprobe,https://github.com/puzzlepeaches/msprobe,msprobe is a tool to identify Microsoft Windows hosts and servers that are running certain services. +MurMurHash,https://github.com/QU35T-code/MurMurHash,This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. +naabu,https://github.com/projectdiscovery/naabu,A fast and reliable port scanner that can detect open ports and services. +name-that-hash,https://github.com/HashPals/Name-That-Hash,Online tool for identifying hashes. +nasm,https://github.com/netwide-assembler/nasm,NASM is an 80x86 assembler designed for portability and modularity. +nbtscan,https://github.com/charlesroelli/nbtscan,NBTscan is a program for scanning IP networks for NetBIOS name information. +neo4j,https://github.com/neo4j/neo4j,Database. +neovim,https://neovim.io/,hyperextensible Vim-based text editor +netdiscover,https://github.com/netdiscover-scanner/netdiscover,netdiscover is an active/passive address reconnaissance tool +netexec,https://github.com/Pennyw0rth/NetExec,Network scanner (Crackmapexec updated). +nfct,https://github.com/grundid/nfctools,Tool for Near Field Communication (NFC) devices +ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet +nmap,https://nmap.org,The Network Mapper - a powerful network discovery and security auditing tool +nmap-parse-ouptut,https://github.com/ernw/nmap-parse-output,Converts/manipulates/extracts data from a Nmap scan output. +noPac,https://github.com/Ridter/noPac,Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user. +nosqlmap,https://github.com/codingo/NoSQLMap,a Python tool for testing NoSQL databases for security vulnerabilities. +ntlmv1-multi,https://github.com/evilmog/ntlmv1-multi,Exploit a vulnerability in Microsoft Windows to gain system-level access. +ntlm_theft,https://github.com/Greenwolf/ntlm_theft,A tool for generating multiple types of NTLMv2 hash theft files +nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. +oaburl,https://gist.githubusercontent.com/snovvcrash/4e76aaf2a8750922f546eed81aa51438/raw/96ec2f68a905eed4d519d9734e62edba96fd15ff/oaburl.py,Find Open redirects and other vulnerabilities. +objection,https://github.com/sensepost/objection,Runtime mobile exploration +objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. +oneforall,https://github.com/shmilylty/OneForAll,a powerful subdomain collection tool. +onesixtyone,https://github.com/trailofbits/onesixtyone,onesixtyone is an SNMP scanner which utilizes a sweep technique to achieve very high performance. +osrframework,https://github.com/i3visio/osrframework,Include references to a bunch of different applications related to username checking / DNS lookups / information leaks research / deep web search / regular expressions extraction and many others. +pass,https://github.com/hashcat/hashcat,TODO +PassTheCert,https://github.com/AlmondOffSec/PassTheCert,PassTheCert is a tool to extract Active Directory user password hashes from a domain controller's local certificate store. +patator,https://github.com/lanjelot/patator,Login scanner. +pcredz,https://github.com/lgandx/PCredz,PowerShell credential dumper +pcsc,https://pcsclite.apdu.fr/,Middleware for smart card readers +pdfcrack,https://github.com/robins/pdfcrack,A tool for cracking password-protected PDF files +peepdf,https://github.com/jesparza/peepdf,peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. +petitpotam,https://github.com/topotam/PetitPotam,Windows machine account manipulation +phoneinfoga,https://github.com/sundowndev/PhoneInfoga,Information gathering & OSINT framework for phone numbers. +photon,https://github.com/s0md3v/Photon,a fast web crawler which extracts URLs / files / intel & endpoints from a target. +PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP! +phpggc,https://github.com/ambionics/phpggc,Exploit generation tool for the PHP platform. +pkcrack,https://github.com/keyunluo/pkcrack,tool to generate wordlists of passwords containing cities at a defined distance around the client city +pkinittools,https://github.com/dirkjanm/PKINITtools,Pkinit support tools +polenum,https://github.com/Wh1t3Fox/polenum,Polenum is a Python script which uses the Impacket library to extract user information through the SMB protocol. +postman,https://www.postman.com/,API platform for testing APIs +powershell,https://github.com/PowerShell/PowerShell,a command-line shell and scripting language designed for system administration and automation +pp-finder,https://github.com/yeswehack/pp-finder,Prototype pollution finder tool for javascript. pp-finder lets you find prototype pollution candidates in your code. +pre2k,https://github.com/garrettfoster13/pre2k,pre2k is a tool to check if a Windows domain has any pre-2000 Windows 2000 logon names still in use. +pretender,https://github.com/RedTeamPentesting/pretender,an mitm tool for helping with relay attacks. +prips,https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html,A utility for quickly generating IP ranges or enumerating hosts within a specified range. +privexchange,https://github.com/dirkjanm/PrivExchange,a tool to perform attacks against Microsoft Exchange server using NTLM relay techniques +prowler,https://github.com/prowler-cloud/prowler,Perform Cloud Security best practices assessments / audits / incident response / compliance / continuous monitoring / hardening and forensics readiness. +proxmark3,https://github.com/RfidResearchGroup/proxmark3,Open source RFID research toolkit. +proxychains,https://github.com/rofl0r/proxychains,Proxy chains - redirect connections through proxy servers. +pst-utils,https://manpages.debian.org/jessie/pst-utils/readpst.1,pst-utils is a set of tools for working with Outlook PST files. +pth-tools,https://github.com/byt3bl33d3r/pth-toolkit,A toolkit to perform pass-the-hash attacks +pwncat,https://github.com/calebstewart/pwncat,A lightweight and versatile netcat alternative that includes various additional features. +pwndb,https://github.com/davidtavarez/pwndb,A command-line tool for searching the pwndb database of compromised credentials. +pwndbg,https://github.com/pwndbg/pwndbg,a GDB plugin that makes debugging with GDB suck less +pwnedornot,https://github.com/thewhiteh4t/pwnedOrNot,Check if a password has been leaked in a data breach. +pwninit,https://github.com/io12/pwninit,A tool for automating starting binary exploit challenges +pwntools,https://github.com/Gallopsled/pwntools,a CTF framework and exploit development library +pygpoabuse,https://github.com/Hackndo/pyGPOAbuse,A tool for abusing GPO permissions to escalate privileges +pykek,https://github.com/preempt/pykek,PyKEK (Python Kerberos Exploitation Kit) a python library to manipulate KRB5-related data. +pylaps,https://github.com/p0dalirius/pylaps,Utility for enumerating and querying LDAP servers. +pymeta,https://github.com/m8sec/pymeta,Google and Bing scraping osint tool +pypykatz,https://github.com/skelsec/pypykatz,a Python library for mimikatz-like functionality +pyrit,https://github.com/JPaulMora/Pyrit,Python-based WPA/WPA2-PSK attack tool. +pywerview,https://github.com/the-useless-one/pywerview,A (partial) Python rewriting of PowerSploit's PowerView. +pywhisker,https://github.com/ShutdownRepo/pywhisker,PyWhisker is a Python equivalent of the original Whisker made by Elad Shamir and written in C#. This tool allows users to manipulate the msDS-KeyCredentialLink attribute of a target user/computer to obtain full control over that object. It's based on Impacket and on a Python equivalent of Michael Grafnetter's DSInternals called PyDSInternals made by podalirius. +pywsus,https://github.com/GoSecure/pywsus,Python implementation of a WSUS client +radare2,https://github.com/radareorg/radare2,A complete framework for reverse-engineering and analyzing binaries +rdesktop,https://github.com/rdesktop/rdesktop,rdesktop is a client for Remote Desktop Protocol (RDP) used in a number of Microsoft products including Windows NT Terminal Server / Windows 2000 Server / Windows XP and Windows 2003 Server. +reaver,https://github.com/t6x/reaver-wps-fork-t6x,reaver is a tool for brute-forcing WPS (Wireless Protected Setup) PINs. +recon-ng,https://github.com/lanmaster53/recon-ng,External recon tool. +recondog,https://github.com/s0md3v/ReconDog,a reconnaissance tool for performing information gathering on a target. +redis-tools,https://github.com/antirez/redis-tools,redis-tools is a collection of Redis client utilities including redis-cli and redis-benchmark. +responder,https://github.com/lgandx/Responder,a LLMNR / NBT-NS and MDNS poisoner. +rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history +ROADtools,https://github.com/dirkjanm/ROADtools,ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components / the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool. +roastinthemiddle,https://github.com/Tw1sm/RITM,RoastInTheMiddle is a tool to intercept and relay NTLM authentication requests. +robotstester,https://github.com/p0dalirius/robotstester,Utility for testing whether a website's robots.txt file is correctly configured. +routersploit,https://github.com/threat9/routersploit,Security audit tool for routers. +RsaCracker,https://github.com/skyf0l/RsaCracker,Powerful RSA cracker for CTFs. Supports RSA - X509 - OPENSSH in PEM and DER formats. +rsactftool,https://github.com/RsaCtfTool/RsaCtfTool,The rsactftool tool is used for RSA cryptographic operations and analysis. +rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations +rtl-433,https://github.com/merbanan/rtl_433,Tool for decoding various wireless protocols/ signals such as those used by weather stations +ruler,https://github.com/sensepost/ruler,Outlook Rules exploitation framework. +rusthound (v2),https://github.com/NH-RED-TEAM/RustHound,BloodHound-CE ingestor in Rust. +rusthound,https://github.com/NH-RED-TEAM/RustHound,BloodHound ingestor in Rust. +rustscan,https://github.com/RustScan/RustScan,The Modern Port Scanner +samdump2,https://github.com/azan121468/SAMdump2,A tool to dump Windows NT/2k/XP/Vista password hashes from SAM files +sccmhunter,https://github.com/garrettfoster13/sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain. +sccmwtf,https://github.com/xpn/sccmwtf,This code is designed for exploring SCCM in a lab. +scout,https://github.com/nccgroup/ScoutSuite,Scout Suite is an open source multi-cloud security-auditing tool which enables security posture assessment of cloud environments. +scrcpy,https://github.com/Genymobile/scrcpy,Display and control your Android device. +searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB +seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments +semgrep,https://github.com/returntocorp/semgrep/,Static analysis tool that supports multiple languages and can find a variety of vulnerabilities and coding errors. +shadowcoerce,https://github.com/ShutdownRepo/shadowcoerce,Utility for bypassing the Windows Defender antivirus by hiding a process within a legitimate process. +shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode +Sherlock,https://github.com/sherlock-project/sherlock,Hunt down social media accounts by username across social networks. +shuffledns,https://github.com/projectdiscovery/shuffledns,A fast and customizable DNS resolver that can be used for subdomain enumeration and other tasks. +simplyemail,https://github.com/SimplySecurity/SimplyEmail,a scriptable command line tool for sending emails +sipvicious,https://github.com/enablesecurity/sipvicious,Enumeration and MITM tool for SIP devices +sleuthkit,https://github.com/sleuthkit/sleuthkit,Forensic toolkit to analyze volume and file system data +sliver,https://github.com/BishopFox/sliver,Open source / cross-platform and extensible C2 framework +smali,https://github.com/JesusFreke/smali,A tool to disassemble and assemble Android's dex files +smartbrute,https://github.com/ShutdownRepo/SmartBrute,The smart password spraying and bruteforcing tool for Active Directory Domain Services. +smbclient,https://github.com/samba-team/samba,SMBclient is a command-line utility that allows you to access Windows shared resources +smbclient-ng,https://github.com/p0dalirius/smbclient-ng,smbclient-ng is a fast and user friendly way to interact with SMB shares. +smbmap,https://github.com/ShawnDEvans/smbmap,A tool to enumerate SMB shares and check for null sessions +smtp-user-enum,https://github.com/pentestmonkey/smtp-user-enum,A tool to enumerate email addresses via SMTP +smuggler,https://github.com/defparam/smuggler,Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place. +SoapUI,https://github.com/SmartBear/soapui,SoapUI is the world's leading testing tool for API testing. +spiderfoot,https://github.com/smicallef/spiderfoot,A reconnaissance tool that automatically queries over 100 public data sources +sprayhound,https://github.com/Hackndo/Sprayhound,Active Directory password audit tool. +sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws +ssh-audit,https://github.com/jtesta/ssh-audit,ssh-audit is a tool to test SSH server configuration for best practices. +sshuttle,https://github.com/sshuttle/sshuttle,Transparent proxy server that tunnels traffic through an SSH server +sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers +ssrfmap,https://github.com/swisskyrepo/SSRFmap,a tool for testing SSRF vulnerabilities. +steghide,https://github.com/StefanoDeVuono/steghide,steghide is a steganography program that is able to hide data in various kinds of image and audio files. +stegolsb,https://github.com/KyTn/STEGOLSB,Steganography tool to hide data in BMP images using least significant bit algorithm +stegosuite,https://github.com/osde8info/stegosuite,Stegosuite is a free steganography tool that allows you to hide data in image and audio files. +strace,https://github.com/strace/strace,strace is a debugging utility for Linux that allows you to monitor and diagnose system calls made by a process. +subfinder,https://github.com/projectdiscovery/subfinder,Tool to find subdomains associated with a domain. +sublist3r,https://github.com/aboul3la/Sublist3r,a Python tool designed to enumerate subdomains of websites. +swaks,https://github.com/jetmore/swaks,Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool. +symfony-exploits,https://github.com/ambionics/symfony-exploits,Collection of Symfony exploits and PoCs. +tailscale,https://github.com/tailscale/tailscale,A secure and easy-to-use VPN alternative that is designed for teams and businesses. +targetedKerberoast,https://github.com/ShutdownRepo/targetedKerberoast,Kerberoasting against specific accounts +tcpdump,https://github.com/the-tcpdump-group/tcpdump,a powerful command-line packet analyzer for Unix-like systems +TeamsPhisher,https://github.com/Octoberfest7/TeamsPhisher,TeamsPhisher is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications. +testdisk,https://github.com/cgsecurity/testdisk,Partition recovery and file undelete utility +testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers +theharvester,https://github.com/laramies/theHarvester,Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources +tig,https://github.com/jonas/tig,Tig is an ncurses-based text-mode interface for git. +timing,https://github.com/ffleming/timing_attack,Tool to generate a timing profile for a given command. +tls-map,https://github.com/sec-it/tls-map,tls-map is a library for mapping TLS cipher algorithm names. +tls-scanner,https://github.com/tls-attacker/tls-scanner,a simple script to check the security of a remote TLS/SSL web server +tomcatwardeployer,https://github.com/mgeeky/tomcatwardeployer,Script to deploy war file in Tomcat. +tor,https://github.com/torproject/tor,Anonymity tool that can help protect your privacy and online identity by routing your traffic through a network of servers. +toutatis,https://github.com/megadose/Toutatis,Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails / phone numbers and more. +traceroute,https://github.com/iputils/iputils,Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify. +trevorspray,https://github.com/blacklanternsecurity/TREVORspray,TREVORspray is a modular password sprayer with threading SSH proxying loot modules / and more +trid,https://mark0.net/soft-trid-e.html,File identifier +trilium,https://github.com/zadam/trilium,Personal knowledge management system. +tshark,https://github.com/wireshark/wireshark,TShark is a terminal version of Wireshark. +uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. +updog,https://github.com/sc0tfree/updog,Simple replacement for Python's SimpleHTTPServer. +uploader,https://github.com/Frozenka/uploader,Tool for quickly downloading files to a remote machine based on the target operating system +upx,https://github.com/upx/upx,UPX is an advanced executable packer +username-anarchy,https://github.com/urbanadventurer/username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. +Villain,https://github.com/t3l3machus/Villain,Command & Control Framework +volatility2,https://github.com/volatilityfoundation/volatility,Volatile memory extraction utility framework +volatility3,https://github.com/volatilityfoundation/volatility3,Advanced memory forensics framework +wabt,https://github.com/WebAssembly/wabt,The WebAssembly Binary Toolkit (WABT) is a suite of tools for WebAssembly (Wasm) including assembler and disassembler / a syntax checker / and a binary format validator. +wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. +waybackurls,https://github.com/tomnomnom/waybackurls,Fetch all the URLs that the Wayback Machine knows about for a domain. +webclientservicescanner,https://github.com/Hackndo/webclientservicescanner,Scans for web service endpoints +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +wfuzz,https://github.com/xmendez/wfuzz,WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques +whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information +whatweb,https://github.com/urbanadventurer/WhatWeb,Next generation web scanner that identifies what websites are running. +whois,https://packages.debian.org/sid/whois,See information about a specific domain name or IP address. +wifite2,https://github.com/derv82/wifite2,Script for auditing wireless networks. +windapsearch-go,https://github.com/ropnop/go-windapsearch/,Active Directory enumeration tool. +wireshark,https://github.com/wireshark/wireshark,Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level. +wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites +wuzz,https://github.com/asciimoo/wuzz,a command-line tool for interacting with HTTP(S) web services +XSpear,https://github.com/hahwul/XSpear,a powerful XSS scanning and exploitation tool. +xsrfprobe,https://github.com/0xInfection/XSRFProbe,a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities +xsser,https://github.com/epsylon/xsser,XSS scanner. +xsstrike,https://github.com/s0md3v/XSStrike,a Python tool for detecting and exploiting XSS vulnerabilities. +xtightvncviewer,https://www.commandlinux.com/man-page/man1/xtightvncviewer.1.html,xtightvncviewer is an open source VNC client software. +Yalis,https://github.com/EatonChips/yalis,Yet Another LinkedIn Scraper +youtubedl,https://github.com/ytdl-org/youtube-dl,Download videos from YouTube and other sites. +ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. +yt-dlp,https://github.com/yt-dlp/yt-dlp,A youtube-dl fork with additional features and fixes +zerologon,https://github.com/SecuraBV/CVE-2020-1472,Exploit for the Zerologon vulnerability (CVE-2020-1472). +zipalign,https://developer.android.com/studio/command-line/zipalign,arguably the most important step to optimize your APK file +zsteg,https://github.com/zed-0xff/zsteg,Detect steganography hidden in PNG and BMP images diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index f01c931..13619d3 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +full,3.1.5,2024-10-07T21:51:39Z,:download:`full_3.1.5_amd64.csv ` light,3.1.5,2024-10-07T21:38:47Z,:download:`light_3.1.5_amd64.csv ` ad,3.1.5,2024-10-07T21:28:34Z,:download:`ad_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` From cfae918f47d821589bb6b612aa94fe45f5ef2c13 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Tue, 8 Oct 2024 00:00:02 +0200 Subject: [PATCH 09/36] PIPELINE: tools list for web_3.1.5_amd64 --- .../installed_tools/lists/web_3.1.5_amd64.csv | 161 ++++++++++++++++++ .../assets/installed_tools/releases_amd64.csv | 1 + 2 files changed, 162 insertions(+) create mode 100644 source/assets/installed_tools/lists/web_3.1.5_amd64.csv diff --git a/source/assets/installed_tools/lists/web_3.1.5_amd64.csv b/source/assets/installed_tools/lists/web_3.1.5_amd64.csv new file mode 100644 index 0000000..fa1a5d0 --- /dev/null +++ b/source/assets/installed_tools/lists/web_3.1.5_amd64.csv @@ -0,0 +1,161 @@ +Tool,Link,Description +amass,https://github.com/OWASP/Amass,A DNS enumeration / attack surface mapping & external assets discovery tool +anew,https://github.com/tomnomnom/anew,A simple tool for filtering and manipulating text data / such as log files and other outputs. +arjun,https://github.com/s0md3v/Arjun,HTTP parameter discovery suite. +arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +assetfinder,https://github.com/tomnomnom/assetfinder,Tool to find subdomains and IP addresses associated with a domain. +Blackbird,https://github.com/p1ngul1n0/blackbird,An OSINT tool to search fast for accounts by username across 581 sites. +bolt,https://github.com/s0md3v/bolt,Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. +brakeman,https://github.com/presidentbeef/brakeman,Static analysis tool for Ruby on Rails applications +bruteforce-luks,https://github.com/glv2/bruteforce-luks,A tool to help recover encrypted LUKS2 containers +burpsuite,https://portswigger.net/burp,Web application security testing tool. +buster,https://github.com/sham00n/Buster,Advanced OSINT tool +byp4xx,https://github.com/lobuhi/byp4xx,A Swiss Army knife for bypassing web application firewalls and filters. +carbon14,https://github.com/Lazza/carbon14,OSINT tool for estimating when a web page was written. +Censys,https://github.com/censys/censys-python,An easy-to-use and lightweight API wrapper for Censys APIs +cewl,https://digi.ninja/projects/cewl.php,Generates custom wordlists by spidering a target's website and parsing the results +cewler,https://github.com/roys/cewler,CeWL alternative in Python +cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. +clusterd,https://github.com/hatRiot/clusterd,A tool to distribute and remotely manage Hacking Team's RCS agents. +cmsmap,https://github.com/Dionach/CMSmap,Tool for security audit of web content management systems. +constellation,https://github.com/constellation-app/Constellation,Find and exploit vulnerabilities in mobile applications. +corscanner,https://github.com/chenjj/CORScanner,a Python script for finding CORS misconfigurations. +creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. +crunch,https://github.com/crunchsec/crunch,A wordlist generator where you can specify a standard character set or a character set you specify. +cupp,https://github.com/Mebus/cupp,Cupp is a tool used to generate personalized password lists based on target information. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +dirb,https://github.com/v0re/dirb,Web Content Scanner +dirsearch,https://github.com/maurosoria/dirsearch,Tool for searching files and directories on a web site. +dnsenum,https://github.com/fwaeytens/dnsenum,dnsenum is a tool for enumerating DNS information about a domain. +droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. +drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. +exifprobe,https://github.com/hfiguiere/exifprobe,Exifprobe is a command-line tool to parse EXIF data from image files. +exiftool,https://github.com/exiftool/exiftool,ExifTool is a Perl library and command-line tool for reading / writing and editing meta information in image / audio and video files. +eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. +fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. +feroxbuster,https://github.com/epi052/feroxbuster,Simple / fast and recursive content discovery tool +ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. +finalrecon,https://github.com/thewhiteh4t/FinalRecon,A web reconnaissance tool that gathers information about web pages +findomain,https://github.com/findomain/findomain,The fastest and cross-platform subdomain enumerator. +firefox,https://www.mozilla.org,A web browser +fuxploider,https://github.com/almandin/fuxploider,a Python tool for finding and exploiting file upload forms/directories. +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +gau,https://github.com/lc/gau,Fast tool for fetching URLs +genusernames,https://gitlab.com/-/snippets/2480505/raw/main/bash,GenUsername is a Python tool for generating a list of usernames based on a name or email address. +GeoPincer,https://github.com/tloja/GeoPincer,GeoPincer is a script that leverages OpenStreetMap's Overpass API in order to search for locations. +geowordlists,https://github.com/p0dalirius/GeoWordlists,tool to generate wordlists of passwords containing cities at a defined distance around the client city. +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +git-dumper,https://github.com/arthaud/git-dumper,Small script to dump a Git repository from a website. +githubemail,https://github.com/paulirish/github-email,a command-line tool to retrieve a user's email from Github. +gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. +gobuster,https://github.com/OJ/gobuster,Tool to discover hidden files and directories. +GoMapEnum,https://github.com/nodauf/GoMapEnum,Nothing new but existing techniques are brought together in one tool. +gopherus,https://github.com/tarunkant/Gopherus,Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. +goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. +gowitness,https://github.com/sensepost/gowitness,A website screenshot utility written in Golang. +gron,https://github.com/tomnomnom/gron,Make JSON greppable! +h2csmuggler,https://github.com/BishopFox/h2csmuggler,HTTP Request Smuggling tool using H2C upgrade +h8mail,https://github.com/khast3x/h8mail,Email OSINT and breach hunting. +haiti,https://github.com/noraj/haiti,haiti is a A CLI tool (and library) to identify hash types (hash type identifier). +hakrawler,https://github.com/hakluke/hakrawler,a fast web crawler for gathering URLs and other information from websites +hakrevdns,https://github.com/hakluke/hakrevdns,Reverse DNS lookup utility that can help with discovering subdomains and other information. +hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery +holehe,https://github.com/megadose/holehe,mail osint tool finding out if it is used on websites. +httpmethods,https://github.com/ShutdownRepo/httpmethods,Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.) +httprobe,https://github.com/tomnomnom/httprobe,A simple utility for enumerating HTTP and HTTPS servers. +httpx,https://github.com/projectdiscovery/httpx,A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols. +ignorant,https://github.com/megadose/ignorant,holehe but for phone numbers. +imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. +ipinfo,https://github.com/ipinfo/cli,Get information about an IP address or hostname. +jdwp,https://github.com/IOActive/jdwp-shellifier,This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution. +john,https://github.com/openwall/john,John the Ripper password cracker. +joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites +jsluice,https://github.com/BishopFox/jsluice,Extract URLs / paths / secrets and other interesting data from JavaScript source code. +jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) +kadimus,https://github.com/P0cL4bs/Kadimus,a tool for detecting and exploiting file upload vulnerabilities +katana,https://github.com/projectdiscovery/katana,A next-generation crawling and spidering framework. +kiterunner,https://github.com/assetnote/kiterunner,Tool for operating Active Directory environments. +Kraken,https://github.com/kraken-ng/Kraken,Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python. +linkedin2username,https://github.com/initstring/linkedin2username,Generate a list of LinkedIn usernames from a company name. +linkfinder,https://github.com/GerbenJavado/LinkFinder,a Python script that finds endpoints and their parameters in JavaScript files. +maigret,https://github.com/soxoj/maigret,Collects information about a target email (or domain) from Google and Bing search results +maltego,https://www.paterva.com/web7/downloads.php,A tool used for open-source intelligence and forensics +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +moodlescan,https://github.com/inc0d3/moodlescan,Scan Moodle sites for information and vulnerabilities. +MurMurHash,https://github.com/QU35T-code/MurMurHash,This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. +naabu,https://github.com/projectdiscovery/naabu,A fast and reliable port scanner that can detect open ports and services. +name-that-hash,https://github.com/HashPals/Name-That-Hash,Online tool for identifying hashes. +neovim,https://neovim.io/,hyperextensible Vim-based text editor +ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet +nosqlmap,https://github.com/codingo/NoSQLMap,a Python tool for testing NoSQL databases for security vulnerabilities. +nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. +objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. +oneforall,https://github.com/shmilylty/OneForAll,a powerful subdomain collection tool. +osrframework,https://github.com/i3visio/osrframework,Include references to a bunch of different applications related to username checking / DNS lookups / information leaks research / deep web search / regular expressions extraction and many others. +pass,https://github.com/hashcat/hashcat,TODO +patator,https://github.com/lanjelot/patator,Login scanner. +pdfcrack,https://github.com/robins/pdfcrack,A tool for cracking password-protected PDF files +phoneinfoga,https://github.com/sundowndev/PhoneInfoga,Information gathering & OSINT framework for phone numbers. +photon,https://github.com/s0md3v/Photon,a fast web crawler which extracts URLs / files / intel & endpoints from a target. +PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP! +phpggc,https://github.com/ambionics/phpggc,Exploit generation tool for the PHP platform. +pkcrack,https://github.com/keyunluo/pkcrack,tool to generate wordlists of passwords containing cities at a defined distance around the client city +postman,https://www.postman.com/,API platform for testing APIs +pp-finder,https://github.com/yeswehack/pp-finder,Prototype pollution finder tool for javascript. pp-finder lets you find prototype pollution candidates in your code. +prips,https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html,A utility for quickly generating IP ranges or enumerating hosts within a specified range. +pwndb,https://github.com/davidtavarez/pwndb,A command-line tool for searching the pwndb database of compromised credentials. +pwnedornot,https://github.com/thewhiteh4t/pwnedOrNot,Check if a password has been leaked in a data breach. +pymeta,https://github.com/m8sec/pymeta,Google and Bing scraping osint tool +recon-ng,https://github.com/lanmaster53/recon-ng,External recon tool. +recondog,https://github.com/s0md3v/ReconDog,a reconnaissance tool for performing information gathering on a target. +rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history +robotstester,https://github.com/p0dalirius/robotstester,Utility for testing whether a website's robots.txt file is correctly configured. +rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations +searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB +seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments +semgrep,https://github.com/returntocorp/semgrep/,Static analysis tool that supports multiple languages and can find a variety of vulnerabilities and coding errors. +shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode +Sherlock,https://github.com/sherlock-project/sherlock,Hunt down social media accounts by username across social networks. +simplyemail,https://github.com/SimplySecurity/SimplyEmail,a scriptable command line tool for sending emails +smuggler,https://github.com/defparam/smuggler,Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place. +SoapUI,https://github.com/SmartBear/soapui,SoapUI is the world's leading testing tool for API testing. +spiderfoot,https://github.com/smicallef/spiderfoot,A reconnaissance tool that automatically queries over 100 public data sources +sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws +sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers +ssrfmap,https://github.com/swisskyrepo/SSRFmap,a tool for testing SSRF vulnerabilities. +subfinder,https://github.com/projectdiscovery/subfinder,Tool to find subdomains associated with a domain. +sublist3r,https://github.com/aboul3la/Sublist3r,a Python tool designed to enumerate subdomains of websites. +swaks,https://github.com/jetmore/swaks,Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool. +symfony-exploits,https://github.com/ambionics/symfony-exploits,Collection of Symfony exploits and PoCs. +testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers +theharvester,https://github.com/laramies/theHarvester,Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources +tig,https://github.com/jonas/tig,Tig is an ncurses-based text-mode interface for git. +timing,https://github.com/ffleming/timing_attack,Tool to generate a timing profile for a given command. +tls-scanner,https://github.com/tls-attacker/tls-scanner,a simple script to check the security of a remote TLS/SSL web server +tomcatwardeployer,https://github.com/mgeeky/tomcatwardeployer,Script to deploy war file in Tomcat. +tor,https://github.com/torproject/tor,Anonymity tool that can help protect your privacy and online identity by routing your traffic through a network of servers. +toutatis,https://github.com/megadose/Toutatis,Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails / phone numbers and more. +trevorspray,https://github.com/blacklanternsecurity/TREVORspray,TREVORspray is a modular password sprayer with threading SSH proxying loot modules / and more +trilium,https://github.com/zadam/trilium,Personal knowledge management system. +uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. +updog,https://github.com/sc0tfree/updog,Simple replacement for Python's SimpleHTTPServer. +uploader,https://github.com/Frozenka/uploader,Tool for quickly downloading files to a remote machine based on the target operating system +username-anarchy,https://github.com/urbanadventurer/username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. +wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. +waybackurls,https://github.com/tomnomnom/waybackurls,Fetch all the URLs that the Wayback Machine knows about for a domain. +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +wfuzz,https://github.com/xmendez/wfuzz,WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques +whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information +whatweb,https://github.com/urbanadventurer/WhatWeb,Next generation web scanner that identifies what websites are running. +whois,https://packages.debian.org/sid/whois,See information about a specific domain name or IP address. +wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites +wuzz,https://github.com/asciimoo/wuzz,a command-line tool for interacting with HTTP(S) web services +XSpear,https://github.com/hahwul/XSpear,a powerful XSS scanning and exploitation tool. +xsrfprobe,https://github.com/0xInfection/XSRFProbe,a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities +xsser,https://github.com/epsylon/xsser,XSS scanner. +xsstrike,https://github.com/s0md3v/XSStrike,a Python tool for detecting and exploiting XSS vulnerabilities. +Yalis,https://github.com/EatonChips/yalis,Yet Another LinkedIn Scraper +youtubedl,https://github.com/ytdl-org/youtube-dl,Download videos from YouTube and other sites. +ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. +yt-dlp,https://github.com/yt-dlp/yt-dlp,A youtube-dl fork with additional features and fixes diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index 13619d3..44b545b 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +web,3.1.5,2024-10-07T22:00:01Z,:download:`web_3.1.5_amd64.csv ` full,3.1.5,2024-10-07T21:51:39Z,:download:`full_3.1.5_amd64.csv ` light,3.1.5,2024-10-07T21:38:47Z,:download:`light_3.1.5_amd64.csv ` ad,3.1.5,2024-10-07T21:28:34Z,:download:`ad_3.1.5_amd64.csv ` From 8dc6de55c08ae985294d1117740cf05643aed0e8 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Tue, 8 Oct 2024 00:03:01 +0200 Subject: [PATCH 10/36] PIPELINE: tools list for osint_3.1.5_amd64 --- .../lists/osint_3.1.5_amd64.csv | 68 +++++++++++++++++++ .../assets/installed_tools/releases_amd64.csv | 1 + 2 files changed, 69 insertions(+) create mode 100644 source/assets/installed_tools/lists/osint_3.1.5_amd64.csv diff --git a/source/assets/installed_tools/lists/osint_3.1.5_amd64.csv b/source/assets/installed_tools/lists/osint_3.1.5_amd64.csv new file mode 100644 index 0000000..7474a23 --- /dev/null +++ b/source/assets/installed_tools/lists/osint_3.1.5_amd64.csv @@ -0,0 +1,68 @@ +Tool,Link,Description +arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +assetfinder,https://github.com/tomnomnom/assetfinder,Tool to find subdomains and IP addresses associated with a domain. +Blackbird,https://github.com/p1ngul1n0/blackbird,An OSINT tool to search fast for accounts by username across 581 sites. +buster,https://github.com/sham00n/Buster,Advanced OSINT tool +carbon14,https://github.com/Lazza/carbon14,OSINT tool for estimating when a web page was written. +Censys,https://github.com/censys/censys-python,An easy-to-use and lightweight API wrapper for Censys APIs +constellation,https://github.com/constellation-app/Constellation,Find and exploit vulnerabilities in mobile applications. +creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +dnsenum,https://github.com/fwaeytens/dnsenum,dnsenum is a tool for enumerating DNS information about a domain. +exifprobe,https://github.com/hfiguiere/exifprobe,Exifprobe is a command-line tool to parse EXIF data from image files. +exiftool,https://github.com/exiftool/exiftool,ExifTool is a Perl library and command-line tool for reading / writing and editing meta information in image / audio and video files. +finalrecon,https://github.com/thewhiteh4t/FinalRecon,A web reconnaissance tool that gathers information about web pages +findomain,https://github.com/findomain/findomain,The fastest and cross-platform subdomain enumerator. +firefox,https://www.mozilla.org,A web browser +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +GeoPincer,https://github.com/tloja/GeoPincer,GeoPincer is a script that leverages OpenStreetMap's Overpass API in order to search for locations. +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +githubemail,https://github.com/paulirish/github-email,a command-line tool to retrieve a user's email from Github. +GoMapEnum,https://github.com/nodauf/GoMapEnum,Nothing new but existing techniques are brought together in one tool. +goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. +gron,https://github.com/tomnomnom/gron,Make JSON greppable! +h8mail,https://github.com/khast3x/h8mail,Email OSINT and breach hunting. +holehe,https://github.com/megadose/holehe,mail osint tool finding out if it is used on websites. +ignorant,https://github.com/megadose/ignorant,holehe but for phone numbers. +imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. +ipinfo,https://github.com/ipinfo/cli,Get information about an IP address or hostname. +linkedin2username,https://github.com/initstring/linkedin2username,Generate a list of LinkedIn usernames from a company name. +maigret,https://github.com/soxoj/maigret,Collects information about a target email (or domain) from Google and Bing search results +maltego,https://www.paterva.com/web7/downloads.php,A tool used for open-source intelligence and forensics +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +MurMurHash,https://github.com/QU35T-code/MurMurHash,This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. +neovim,https://neovim.io/,hyperextensible Vim-based text editor +ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet +objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. +osrframework,https://github.com/i3visio/osrframework,Include references to a bunch of different applications related to username checking / DNS lookups / information leaks research / deep web search / regular expressions extraction and many others. +phoneinfoga,https://github.com/sundowndev/PhoneInfoga,Information gathering & OSINT framework for phone numbers. +photon,https://github.com/s0md3v/Photon,a fast web crawler which extracts URLs / files / intel & endpoints from a target. +pwndb,https://github.com/davidtavarez/pwndb,A command-line tool for searching the pwndb database of compromised credentials. +pwnedornot,https://github.com/thewhiteh4t/pwnedOrNot,Check if a password has been leaked in a data breach. +pymeta,https://github.com/m8sec/pymeta,Google and Bing scraping osint tool +recon-ng,https://github.com/lanmaster53/recon-ng,External recon tool. +recondog,https://github.com/s0md3v/ReconDog,a reconnaissance tool for performing information gathering on a target. +rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history +rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations +searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB +shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode +Sherlock,https://github.com/sherlock-project/sherlock,Hunt down social media accounts by username across social networks. +simplyemail,https://github.com/SimplySecurity/SimplyEmail,a scriptable command line tool for sending emails +spiderfoot,https://github.com/smicallef/spiderfoot,A reconnaissance tool that automatically queries over 100 public data sources +subfinder,https://github.com/projectdiscovery/subfinder,Tool to find subdomains associated with a domain. +sublist3r,https://github.com/aboul3la/Sublist3r,a Python tool designed to enumerate subdomains of websites. +theharvester,https://github.com/laramies/theHarvester,Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources +tig,https://github.com/jonas/tig,Tig is an ncurses-based text-mode interface for git. +tor,https://github.com/torproject/tor,Anonymity tool that can help protect your privacy and online identity by routing your traffic through a network of servers. +toutatis,https://github.com/megadose/Toutatis,Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails / phone numbers and more. +trevorspray,https://github.com/blacklanternsecurity/TREVORspray,TREVORspray is a modular password sprayer with threading SSH proxying loot modules / and more +trilium,https://github.com/zadam/trilium,Personal knowledge management system. +uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. +uploader,https://github.com/Frozenka/uploader,Tool for quickly downloading files to a remote machine based on the target operating system +waybackurls,https://github.com/tomnomnom/waybackurls,Fetch all the URLs that the Wayback Machine knows about for a domain. +whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information +whois,https://packages.debian.org/sid/whois,See information about a specific domain name or IP address. +Yalis,https://github.com/EatonChips/yalis,Yet Another LinkedIn Scraper +youtubedl,https://github.com/ytdl-org/youtube-dl,Download videos from YouTube and other sites. +yt-dlp,https://github.com/yt-dlp/yt-dlp,A youtube-dl fork with additional features and fixes diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index 44b545b..ef58ef0 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +osint,3.1.5,2024-10-07T22:03:00Z,:download:`osint_3.1.5_amd64.csv ` web,3.1.5,2024-10-07T22:00:01Z,:download:`web_3.1.5_amd64.csv ` full,3.1.5,2024-10-07T21:51:39Z,:download:`full_3.1.5_amd64.csv ` light,3.1.5,2024-10-07T21:38:47Z,:download:`light_3.1.5_amd64.csv ` From 1c43a011b092bffb714a64eaf9b0d2f815e6533b Mon Sep 17 00:00:00 2001 From: Github Actions Date: Tue, 8 Oct 2024 04:37:19 +0200 Subject: [PATCH 11/36] PIPELINE: tools list for light_3.1.5_arm64 --- .../lists/light_3.1.5_arm64.csv | 44 +++++++++++++++++++ .../assets/installed_tools/releases_arm64.csv | 1 + 2 files changed, 45 insertions(+) create mode 100644 source/assets/installed_tools/lists/light_3.1.5_arm64.csv diff --git a/source/assets/installed_tools/lists/light_3.1.5_arm64.csv b/source/assets/installed_tools/lists/light_3.1.5_arm64.csv new file mode 100644 index 0000000..0e9b71d --- /dev/null +++ b/source/assets/installed_tools/lists/light_3.1.5_arm64.csv @@ -0,0 +1,44 @@ +Tool,Link,Description +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +autorecon,https://github.com/Tib3rius/AutoRecon,Multi-threaded network reconnaissance tool which performs automated enumeration of services. +cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. +drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. +enum4linux-ng,https://github.com/cddmp/enum4linux-ng,Tool for enumerating information from Windows and Samba systems. +evilwinrm,https://github.com/Hackplayers/evil-winrm,Tool to connect to a remote Windows system with WinRM. +eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. +fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. +ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. +firefox,https://www.mozilla.org,A web browser +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. +hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery +hydra,https://github.com/vanhauser-thc/thc-hydra,Hydra is a parallelized login cracker which supports numerous protocols to attack. +impacket,https://github.com/ThePorgs/impacket,Set of tools for working with network protocols (ThePorgs version). +john,https://github.com/openwall/john,John the Ripper password cracker. +joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites +jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +metasploit,https://github.com/rapid7/metasploit-framework,A popular penetration testing framework that includes many exploits and payloads +neovim,https://neovim.io/,hyperextensible Vim-based text editor +netexec,https://github.com/Pennyw0rth/NetExec,Network scanner (Crackmapexec updated). +nmap,https://nmap.org,The Network Mapper - a powerful network discovery and security auditing tool +nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. +responder,https://github.com/lgandx/Responder,a LLMNR / NBT-NS and MDNS poisoner. +seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments +simplyemail,https://github.com/SimplySecurity/SimplyEmail,a scriptable command line tool for sending emails +smbclient,https://github.com/samba-team/samba,SMBclient is a command-line utility that allows you to access Windows shared resources +smbmap,https://github.com/ShawnDEvans/smbmap,A tool to enumerate SMB shares and check for null sessions +sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws +sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers +subfinder,https://github.com/projectdiscovery/subfinder,Tool to find subdomains associated with a domain. +testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers +theharvester,https://github.com/laramies/theHarvester,Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources +wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. +waybackurls,https://github.com/tomnomnom/waybackurls,Fetch all the URLs that the Wayback Machine knows about for a domain. +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites +ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index 19889d7..4c751ca 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +light,3.1.5,2024-10-08T02:37:18Z,:download:`light_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` web,3.1.4,2024-05-05T21:43:14Z,:download:`web_3.1.4_arm64.csv ` full,3.1.4,2024-05-05T21:38:02Z,:download:`full_3.1.4_arm64.csv ` From 095e43aa84e7969ec04b2437fbe1d23661536823 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Tue, 8 Oct 2024 04:45:34 +0200 Subject: [PATCH 12/36] PIPELINE: tools list for ad_3.1.5_arm64 --- .../installed_tools/lists/ad_3.1.5_arm64.csv | 253 ++++++++++++++++++ .../assets/installed_tools/releases_arm64.csv | 1 + 2 files changed, 254 insertions(+) create mode 100644 source/assets/installed_tools/lists/ad_3.1.5_arm64.csv diff --git a/source/assets/installed_tools/lists/ad_3.1.5_arm64.csv b/source/assets/installed_tools/lists/ad_3.1.5_arm64.csv new file mode 100644 index 0000000..5cdc7f6 --- /dev/null +++ b/source/assets/installed_tools/lists/ad_3.1.5_arm64.csv @@ -0,0 +1,253 @@ +Tool,Link,Description +abuseACL,https://github.com/AetherBlack/abuseACL,A python script to automatically list vulnerable Windows ACEs/ACLs. +aclpwn,https://github.com/aas-n/aclpwn.py,Tool for testing the security of Active Directory access controls. +AD-miner,https://github.com/Mazars-Tech/AD_Miner,Active Directory audit tool that leverages cypher queries. +adidnsdump,https://github.com/dirkjanm/adidnsdump,Active Directory Integrated DNS dump utility +amass,https://github.com/OWASP/Amass,A DNS enumeration / attack surface mapping & external assets discovery tool +amber,https://github.com/EgeBalci/amber,Forensic tool to recover browser history / cookies and credentials +anew,https://github.com/tomnomnom/anew,A simple tool for filtering and manipulating text data / such as log files and other outputs. +arjun,https://github.com/s0md3v/Arjun,HTTP parameter discovery suite. +arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +asrepcatcher,https://github.com/Yaxxine7/ASRepCatcher,Make your VLAN ASREProastable. +autorecon,https://github.com/Tib3rius/AutoRecon,Multi-threaded network reconnaissance tool which performs automated enumeration of services. +bloodhound,https://github.com/BloodHoundAD/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments. +BloodHound-CE,https://github.com/SpecterOps/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments (Community Edition) +bloodhound-ce.py,https://github.com/fox-it/BloodHound.py,BloodHound-CE ingestor in Python. +bloodhound-import,https://github.com/fox-it/BloodHound.py,Import data into BloodHound for analyzing active directory trust relationships +bloodhound-quickwin,https://github.com/kaluche/bloodhound-quickwin,A tool for BloodHounding on Windows machines without .NET or Powershell installed +bloodhound.py,https://github.com/fox-it/BloodHound.py,BloodHound ingestor in Python. +bloodyAD,https://github.com/CravateRouge/bloodyAD,bloodyAD is an Active Directory privilege escalation swiss army knife. +bolt,https://github.com/s0md3v/bolt,Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. +bqm,https://github.com/Acceis/bqm,Tool to deduplicate custom BloudHound queries from different datasets and merge them in one file. +bruteforce-luks,https://github.com/glv2/bruteforce-luks,A tool to help recover encrypted LUKS2 containers +burpsuite,https://portswigger.net/burp,Web application security testing tool. +byp4xx,https://github.com/lobuhi/byp4xx,A Swiss Army knife for bypassing web application firewalls and filters. +certipy,https://github.com/ly4k/Certipy,Python tool to create and sign certificates +certsync,https://github.com/zblurx/certsync,certsync is a tool that helps you synchronize certificates between two directories. +cewl,https://digi.ninja/projects/cewl.php,Generates custom wordlists by spidering a target's website and parsing the results +cewler,https://github.com/roys/cewler,CeWL alternative in Python +chisel,https://github.com/jpillora/chisel,Go based TCP tunnel with authentication and encryption support +cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. +clusterd,https://github.com/hatRiot/clusterd,A tool to distribute and remotely manage Hacking Team's RCS agents. +cmsmap,https://github.com/Dionach/CMSmap,Tool for security audit of web content management systems. +coercer,https://github.com/p0dalirius/coercer,DFS-R target coercion tool +conpass,https://github.com/login-securite/conpass,Python tool for continuous password spraying taking into account the password policy. +corscanner,https://github.com/chenjj/CORScanner,a Python script for finding CORS misconfigurations. +crackhound,https://github.com/trustedsec/crackhound,A fast WPA/WPA2/WPA3 WiFi Handshake capture / password recovery and analysis tool +creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. +crunch,https://github.com/crunchsec/crunch,A wordlist generator where you can specify a standard character set or a character set you specify. +cupp,https://github.com/Mebus/cupp,Cupp is a tool used to generate personalized password lists based on target information. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +cyperoth,https://github.com/seajaysec/cypheroth,Automated extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. +darkarmour,https://github.com/bats3c/darkarmour,a tool to detect and evade common antivirus products +dfscoerce,https://github.com/Wh04m1001/dfscoerce,DFS-R target coercion tool +dirb,https://github.com/v0re/dirb,Web Content Scanner +dirsearch,https://github.com/maurosoria/dirsearch,Tool for searching files and directories on a web site. +divideandscan,https://github.com/snovvcrash/divideandscan,Advanced subdomain scanner +dns2tcp,https://github.com/alex-sector/dns2tcp,dns2tcp is a tool for relaying TCP connections over DNS. +dnschef,https://github.com/iphelix/dnschef,Tool for DNS MITM attacks +dnsx,https://github.com/projectdiscovery/dnsx,A tool for DNS reconnaissance that can help identify subdomains and other related domains. +donpapi,https://github.com/login-securite/DonPAPI,Dumping revelant information on compromised targets without AV detection +dploot,https://github.com/zblurx/dploot,dploot is Python rewrite of SharpDPAPI written un C#. +droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. +drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. +eaphammer,https://github.com/s0lst1c3/eaphammer,EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. +empire,https://github.com/BC-SECURITY/Empire,post-exploitation and adversary emulation framework +enum4linux-ng,https://github.com/cddmp/enum4linux-ng,Tool for enumerating information from Windows and Samba systems. +enyx,https://github.com/trickster0/enyx,Framework for building offensive security tools. +evilwinrm,https://github.com/Hackplayers/evil-winrm,Tool to connect to a remote Windows system with WinRM. +ExtractBitlockerKeys,https://github.com/p0dalirius/ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain. +eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. +fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. +feroxbuster,https://github.com/epi052/feroxbuster,Simple / fast and recursive content discovery tool +ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. +fierce,https://github.com/mschwager/fierce,A DNS reconnaissance tool for locating non-contiguous IP space +finduncommonshares,https://github.com/p0dalirius/FindUncommonShares,Script that can help identify shares that are not commonly found on a Windows system. +firefox,https://www.mozilla.org,A web browser +freeipscanner,https://github.com/scrt/freeipscanner,A simple bash script to enumerate stale ADIDNS entries +freerdp2-x11,https://github.com/FreeRDP/FreeRDP,FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) released under the Apache license. +fuxploider,https://github.com/almandin/fuxploider,a Python tool for finding and exploiting file upload forms/directories. +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +gau,https://github.com/lc/gau,Fast tool for fetching URLs +genusernames,https://gitlab.com/-/snippets/2480505/raw/main/bash,GenUsername is a Python tool for generating a list of usernames based on a name or email address. +geowordlists,https://github.com/p0dalirius/GeoWordlists,tool to generate wordlists of passwords containing cities at a defined distance around the client city. +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +git-dumper,https://github.com/arthaud/git-dumper,Small script to dump a Git repository from a website. +gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. +gmsadumper,https://github.com/micahvandeusen/gMSADumper,A tool for extracting credentials and other information from a Microsoft Active Directory domain. +gobuster,https://github.com/OJ/gobuster,Tool to discover hidden files and directories. +goldencopy,https://github.com/Dramelac/GoldenCopy,Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket +gopherus,https://github.com/tarunkant/Gopherus,Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. +gosecretsdump,https://github.com/c-sto/gosecretsdump,Implements NTLMSSP network authentication protocol in Go +goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. +gowitness,https://github.com/sensepost/gowitness,A website screenshot utility written in Golang. +GPOddity,https://github.com/synacktiv/GPOddity,Aiming at automating GPO attack vectors through NTLM relaying (and more) +gpp-decrypt,https://github.com/t0thkr1s/gpp-decrypt,A tool to decrypt Group Policy Preferences passwords +h2csmuggler,https://github.com/BishopFox/h2csmuggler,HTTP Request Smuggling tool using H2C upgrade +haiti,https://github.com/noraj/haiti,haiti is a A CLI tool (and library) to identify hash types (hash type identifier). +hakrawler,https://github.com/hakluke/hakrawler,a fast web crawler for gathering URLs and other information from websites +hakrevdns,https://github.com/hakluke/hakrevdns,Reverse DNS lookup utility that can help with discovering subdomains and other information. +hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery +hashonymize,https://github.com/ShutdownRepo/hashonymize,This small tool is aimed at anonymizing hashes files for offline but online cracking like Google Collab for instance (see https://github.com/ShutdownRepo/google-colab-hashcat). +Havoc,https://github.com/HavocFramework/Havoc,Command & Control Framework +hping3,https://github.com/antirez/hping,A network tool able to send custom TCP/IP packets +httpmethods,https://github.com/ShutdownRepo/httpmethods,Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.) +httprobe,https://github.com/tomnomnom/httprobe,A simple utility for enumerating HTTP and HTTPS servers. +httpx,https://github.com/projectdiscovery/httpx,A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols. +hydra,https://github.com/vanhauser-thc/thc-hydra,Hydra is a parallelized login cracker which supports numerous protocols to attack. +imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. +impacket,https://github.com/ThePorgs/impacket,Set of tools for working with network protocols (ThePorgs version). +iptables,https://linux.die.net/man/8/iptables,Userspace command line tool for configuring kernel firewall +jdwp,https://github.com/IOActive/jdwp-shellifier,This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution. +john,https://github.com/openwall/john,John the Ripper password cracker. +joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites +jsluice,https://github.com/BishopFox/jsluice,Extract URLs / paths / secrets and other interesting data from JavaScript source code. +jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) +kadimus,https://github.com/P0cL4bs/Kadimus,a tool for detecting and exploiting file upload vulnerabilities +katana,https://github.com/projectdiscovery/katana,A next-generation crawling and spidering framework. +KeePwn,https://github.com/Orange-Cyberdefense/KeePwn,KeePwn is a tool that extracts passwords from KeePass 1.x and 2.x databases. +kerbrute,https://github.com/ropnop/kerbrute,A tool to perform Kerberos pre-auth bruteforcing +kiterunner,https://github.com/assetnote/kiterunner,Tool for operating Active Directory environments. +Kraken,https://github.com/kraken-ng/Kraken,Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python. +krbjack,https://github.com/almandin/krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse. +krbrelayx,https://github.com/dirkjanm/krbrelayx,a tool for performing Kerberos relay attacks +ldapdomaindump,https://github.com/dirkjanm/ldapdomaindump,A tool for dumping domain data from an LDAP service +ldaprelayscan,https://github.com/zyn3rgy/LdapRelayScan,Check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication. +ldapsearch,https://wiki.debian.org/LDAP/LDAPUtils,Search for and display entries (ldap) +ldapsearch-ad,https://github.com/yaap7/ldapsearch-ad,LDAP search utility with AD support +LDAPWordlistHarvester,https://github.com/p0dalirius/LDAPWordlistHarvester,Generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts +ldeep,https://github.com/franc-pentest/ldeep,ldeep is a tool to discover hidden paths on Web servers. +legba,https://github.com/evilsocket/legba,a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust +libmspack,https://github.com/kyz/libmspack,C library for Microsoft compression formats. +ligolo-ng,https://github.com/nicocha30/ligolo-ng,An advanced yet simple tunneling tool that uses a TUN interface. +linkfinder,https://github.com/GerbenJavado/LinkFinder,a Python script that finds endpoints and their parameters in JavaScript files. +lnkup,https://github.com/Plazmaz/lnkUp,This tool will allow you to generate LNK payloads. Upon rendering or being run they will exfiltrate data. +lsassy,https://github.com/Hackndo/lsassy,Windows secrets and passwords extraction tool. +manspider,https://github.com/blacklanternsecurity/MANSPIDER,Manspider will crawl every share on every target system. If provided creds don't work it will fall back to 'guest' then to a null session. +mariadb-client,https://github.com/MariaDB/server,MariaDB is a community-developed fork of the MySQL relational database management system. The mariadb-client package includes command-line utilities for interacting with a MariaDB server. +masky,https://github.com/Z4kSec/Masky,Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX or NT hashes and TGT on a larger scope +masscan,https://github.com/robertdavidgraham/masscan,Masscan is an Internet-scale port scanner +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +metasploit,https://github.com/rapid7/metasploit-framework,A popular penetration testing framework that includes many exploits and payloads +mitm6,https://github.com/fox-it/mitm6,Tool to conduct a man-in-the-middle attack against IPv6 protocols. +moodlescan,https://github.com/inc0d3/moodlescan,Scan Moodle sites for information and vulnerabilities. +msprobe,https://github.com/puzzlepeaches/msprobe,msprobe is a tool to identify Microsoft Windows hosts and servers that are running certain services. +naabu,https://github.com/projectdiscovery/naabu,A fast and reliable port scanner that can detect open ports and services. +name-that-hash,https://github.com/HashPals/Name-That-Hash,Online tool for identifying hashes. +nbtscan,https://github.com/charlesroelli/nbtscan,NBTscan is a program for scanning IP networks for NetBIOS name information. +neo4j,https://github.com/neo4j/neo4j,Database. +neovim,https://neovim.io/,hyperextensible Vim-based text editor +netdiscover,https://github.com/netdiscover-scanner/netdiscover,netdiscover is an active/passive address reconnaissance tool +netexec,https://github.com/Pennyw0rth/NetExec,Network scanner (Crackmapexec updated). +ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet +nmap,https://nmap.org,The Network Mapper - a powerful network discovery and security auditing tool +nmap-parse-ouptut,https://github.com/ernw/nmap-parse-output,Converts/manipulates/extracts data from a Nmap scan output. +noPac,https://github.com/Ridter/noPac,Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user. +nosqlmap,https://github.com/codingo/NoSQLMap,a Python tool for testing NoSQL databases for security vulnerabilities. +ntlmv1-multi,https://github.com/evilmog/ntlmv1-multi,Exploit a vulnerability in Microsoft Windows to gain system-level access. +ntlm_theft,https://github.com/Greenwolf/ntlm_theft,A tool for generating multiple types of NTLMv2 hash theft files +nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. +oaburl,https://gist.githubusercontent.com/snovvcrash/4e76aaf2a8750922f546eed81aa51438/raw/96ec2f68a905eed4d519d9734e62edba96fd15ff/oaburl.py,Find Open redirects and other vulnerabilities. +objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. +oneforall,https://github.com/shmilylty/OneForAll,a powerful subdomain collection tool. +onesixtyone,https://github.com/trailofbits/onesixtyone,onesixtyone is an SNMP scanner which utilizes a sweep technique to achieve very high performance. +pass,https://github.com/hashcat/hashcat,TODO +PassTheCert,https://github.com/AlmondOffSec/PassTheCert,PassTheCert is a tool to extract Active Directory user password hashes from a domain controller's local certificate store. +patator,https://github.com/lanjelot/patator,Login scanner. +pcredz,https://github.com/lgandx/PCredz,PowerShell credential dumper +pdfcrack,https://github.com/robins/pdfcrack,A tool for cracking password-protected PDF files +petitpotam,https://github.com/topotam/PetitPotam,Windows machine account manipulation +PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP! +phpggc,https://github.com/ambionics/phpggc,Exploit generation tool for the PHP platform. +pkcrack,https://github.com/keyunluo/pkcrack,tool to generate wordlists of passwords containing cities at a defined distance around the client city +pkinittools,https://github.com/dirkjanm/PKINITtools,Pkinit support tools +polenum,https://github.com/Wh1t3Fox/polenum,Polenum is a Python script which uses the Impacket library to extract user information through the SMB protocol. +postman,https://www.postman.com/,API platform for testing APIs +powershell,https://github.com/PowerShell/PowerShell,a command-line shell and scripting language designed for system administration and automation +pre2k,https://github.com/garrettfoster13/pre2k,pre2k is a tool to check if a Windows domain has any pre-2000 Windows 2000 logon names still in use. +pretender,https://github.com/RedTeamPentesting/pretender,an mitm tool for helping with relay attacks. +prips,https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html,A utility for quickly generating IP ranges or enumerating hosts within a specified range. +privexchange,https://github.com/dirkjanm/PrivExchange,a tool to perform attacks against Microsoft Exchange server using NTLM relay techniques +proxychains,https://github.com/rofl0r/proxychains,Proxy chains - redirect connections through proxy servers. +pwncat,https://github.com/calebstewart/pwncat,A lightweight and versatile netcat alternative that includes various additional features. +pygpoabuse,https://github.com/Hackndo/pyGPOAbuse,A tool for abusing GPO permissions to escalate privileges +pykek,https://github.com/preempt/pykek,PyKEK (Python Kerberos Exploitation Kit) a python library to manipulate KRB5-related data. +pylaps,https://github.com/p0dalirius/pylaps,Utility for enumerating and querying LDAP servers. +pypykatz,https://github.com/skelsec/pypykatz,a Python library for mimikatz-like functionality +pywerview,https://github.com/the-useless-one/pywerview,A (partial) Python rewriting of PowerSploit's PowerView. +pywhisker,https://github.com/ShutdownRepo/pywhisker,PyWhisker is a Python equivalent of the original Whisker made by Elad Shamir and written in C#. This tool allows users to manipulate the msDS-KeyCredentialLink attribute of a target user/computer to obtain full control over that object. It's based on Impacket and on a Python equivalent of Michael Grafnetter's DSInternals called PyDSInternals made by podalirius. +pywsus,https://github.com/GoSecure/pywsus,Python implementation of a WSUS client +rdesktop,https://github.com/rdesktop/rdesktop,rdesktop is a client for Remote Desktop Protocol (RDP) used in a number of Microsoft products including Windows NT Terminal Server / Windows 2000 Server / Windows XP and Windows 2003 Server. +redis-tools,https://github.com/antirez/redis-tools,redis-tools is a collection of Redis client utilities including redis-cli and redis-benchmark. +responder,https://github.com/lgandx/Responder,a LLMNR / NBT-NS and MDNS poisoner. +rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history +ROADtools,https://github.com/dirkjanm/ROADtools,ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components / the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool. +roastinthemiddle,https://github.com/Tw1sm/RITM,RoastInTheMiddle is a tool to intercept and relay NTLM authentication requests. +robotstester,https://github.com/p0dalirius/robotstester,Utility for testing whether a website's robots.txt file is correctly configured. +routersploit,https://github.com/threat9/routersploit,Security audit tool for routers. +rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations +ruler,https://github.com/sensepost/ruler,Outlook Rules exploitation framework. +rusthound (v2),https://github.com/NH-RED-TEAM/RustHound,BloodHound-CE ingestor in Rust. +rusthound,https://github.com/NH-RED-TEAM/RustHound,BloodHound ingestor in Rust. +rustscan,https://github.com/RustScan/RustScan,The Modern Port Scanner +samdump2,https://github.com/azan121468/SAMdump2,A tool to dump Windows NT/2k/XP/Vista password hashes from SAM files +sccmhunter,https://github.com/garrettfoster13/sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain. +sccmwtf,https://github.com/xpn/sccmwtf,This code is designed for exploring SCCM in a lab. +searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB +seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments +shadowcoerce,https://github.com/ShutdownRepo/shadowcoerce,Utility for bypassing the Windows Defender antivirus by hiding a process within a legitimate process. +shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode +shuffledns,https://github.com/projectdiscovery/shuffledns,A fast and customizable DNS resolver that can be used for subdomain enumeration and other tasks. +sliver,https://github.com/BishopFox/sliver,Open source / cross-platform and extensible C2 framework +smartbrute,https://github.com/ShutdownRepo/SmartBrute,The smart password spraying and bruteforcing tool for Active Directory Domain Services. +smbclient,https://github.com/samba-team/samba,SMBclient is a command-line utility that allows you to access Windows shared resources +smbclient-ng,https://github.com/p0dalirius/smbclient-ng,smbclient-ng is a fast and user friendly way to interact with SMB shares. +smbmap,https://github.com/ShawnDEvans/smbmap,A tool to enumerate SMB shares and check for null sessions +smtp-user-enum,https://github.com/pentestmonkey/smtp-user-enum,A tool to enumerate email addresses via SMTP +smuggler,https://github.com/defparam/smuggler,Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place. +SoapUI,https://github.com/SmartBear/soapui,SoapUI is the world's leading testing tool for API testing. +sprayhound,https://github.com/Hackndo/Sprayhound,Active Directory password audit tool. +sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws +ssh-audit,https://github.com/jtesta/ssh-audit,ssh-audit is a tool to test SSH server configuration for best practices. +sshuttle,https://github.com/sshuttle/sshuttle,Transparent proxy server that tunnels traffic through an SSH server +sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers +ssrfmap,https://github.com/swisskyrepo/SSRFmap,a tool for testing SSRF vulnerabilities. +swaks,https://github.com/jetmore/swaks,Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool. +symfony-exploits,https://github.com/ambionics/symfony-exploits,Collection of Symfony exploits and PoCs. +tailscale,https://github.com/tailscale/tailscale,A secure and easy-to-use VPN alternative that is designed for teams and businesses. +targetedKerberoast,https://github.com/ShutdownRepo/targetedKerberoast,Kerberoasting against specific accounts +tcpdump,https://github.com/the-tcpdump-group/tcpdump,a powerful command-line packet analyzer for Unix-like systems +TeamsPhisher,https://github.com/Octoberfest7/TeamsPhisher,TeamsPhisher is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications. +testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers +tig,https://github.com/jonas/tig,Tig is an ncurses-based text-mode interface for git. +timing,https://github.com/ffleming/timing_attack,Tool to generate a timing profile for a given command. +tls-scanner,https://github.com/tls-attacker/tls-scanner,a simple script to check the security of a remote TLS/SSL web server +tomcatwardeployer,https://github.com/mgeeky/tomcatwardeployer,Script to deploy war file in Tomcat. +traceroute,https://github.com/iputils/iputils,Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify. +trilium,https://github.com/zadam/trilium,Personal knowledge management system. +tshark,https://github.com/wireshark/wireshark,TShark is a terminal version of Wireshark. +uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. +updog,https://github.com/sc0tfree/updog,Simple replacement for Python's SimpleHTTPServer. +uploader,https://github.com/Frozenka/uploader,Tool for quickly downloading files to a remote machine based on the target operating system +upx,https://github.com/upx/upx,UPX is an advanced executable packer +username-anarchy,https://github.com/urbanadventurer/username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. +Villain,https://github.com/t3l3machus/Villain,Command & Control Framework +wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. +webclientservicescanner,https://github.com/Hackndo/webclientservicescanner,Scans for web service endpoints +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +wfuzz,https://github.com/xmendez/wfuzz,WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques +whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information +whatweb,https://github.com/urbanadventurer/WhatWeb,Next generation web scanner that identifies what websites are running. +windapsearch-go,https://github.com/ropnop/go-windapsearch/,Active Directory enumeration tool. +wireshark,https://github.com/wireshark/wireshark,Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level. +wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites +wuzz,https://github.com/asciimoo/wuzz,a command-line tool for interacting with HTTP(S) web services +XSpear,https://github.com/hahwul/XSpear,a powerful XSS scanning and exploitation tool. +xsrfprobe,https://github.com/0xInfection/XSRFProbe,a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities +xsser,https://github.com/epsylon/xsser,XSS scanner. +xsstrike,https://github.com/s0md3v/XSStrike,a Python tool for detecting and exploiting XSS vulnerabilities. +xtightvncviewer,https://www.commandlinux.com/man-page/man1/xtightvncviewer.1.html,xtightvncviewer is an open source VNC client software. +ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. +yt-dlp,https://github.com/yt-dlp/yt-dlp,A youtube-dl fork with additional features and fixes +zerologon,https://github.com/SecuraBV/CVE-2020-1472,Exploit for the Zerologon vulnerability (CVE-2020-1472). diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index 4c751ca..5e60b47 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +ad,3.1.5,2024-10-08T02:45:33Z,:download:`ad_3.1.5_arm64.csv ` light,3.1.5,2024-10-08T02:37:18Z,:download:`light_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` web,3.1.4,2024-05-05T21:43:14Z,:download:`web_3.1.4_arm64.csv ` From 1123010f3aa87c928734c0a816035ff5bf25f35a Mon Sep 17 00:00:00 2001 From: Github Actions Date: Tue, 8 Oct 2024 04:56:58 +0200 Subject: [PATCH 13/36] PIPELINE: tools list for full_3.1.5_arm64 --- .../lists/full_3.1.5_arm64.csv | 375 ++++++++++++++++++ .../assets/installed_tools/releases_arm64.csv | 1 + 2 files changed, 376 insertions(+) create mode 100644 source/assets/installed_tools/lists/full_3.1.5_arm64.csv diff --git a/source/assets/installed_tools/lists/full_3.1.5_arm64.csv b/source/assets/installed_tools/lists/full_3.1.5_arm64.csv new file mode 100644 index 0000000..06b6d0f --- /dev/null +++ b/source/assets/installed_tools/lists/full_3.1.5_arm64.csv @@ -0,0 +1,375 @@ +Tool,Link,Description +abuseACL,https://github.com/AetherBlack/abuseACL,A python script to automatically list vulnerable Windows ACEs/ACLs. +aclpwn,https://github.com/aas-n/aclpwn.py,Tool for testing the security of Active Directory access controls. +AD-miner,https://github.com/Mazars-Tech/AD_Miner,Active Directory audit tool that leverages cypher queries. +adidnsdump,https://github.com/dirkjanm/adidnsdump,Active Directory Integrated DNS dump utility +aircrack-ng,https://www.aircrack-ng.org,A suite of tools for wireless penetration testing +amass,https://github.com/OWASP/Amass,A DNS enumeration / attack surface mapping & external assets discovery tool +amber,https://github.com/EgeBalci/amber,Forensic tool to recover browser history / cookies and credentials +androguard,https://github.com/androguard/androguard,Reverse engineering and analysis of Android applications +android-tools-adb,https://developer.android.com/studio/command-line/adb,A collection of tools for debugging Android applications +anew,https://github.com/tomnomnom/anew,A simple tool for filtering and manipulating text data / such as log files and other outputs. +angr,https://github.com/angr/angr,a platform-agnostic binary analysis framework +apksigner,https://source.android.com/security/apksigning,arguably the most important step to optimize your APK file +apktool,https://github.com/iBotPeaches/Apktool,It is a tool for reverse engineering 3rd party / closed / binary Android apps. +arjun,https://github.com/s0md3v/Arjun,HTTP parameter discovery suite. +arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +asrepcatcher,https://github.com/Yaxxine7/ASRepCatcher,Make your VLAN ASREProastable. +assetfinder,https://github.com/tomnomnom/assetfinder,Tool to find subdomains and IP addresses associated with a domain. +autoconf,https://www.gnu.org/software/autoconf/autoconf.html,Tool for producing shell scripts to configure source code packages +autorecon,https://github.com/Tib3rius/AutoRecon,Multi-threaded network reconnaissance tool which performs automated enumeration of services. +avrdude,https://github.com/avrdudes/avrdude,AVRDUDE is a command-line program that allows you to download/upload/manipulate the ROM and EEPROM contents of AVR microcontrollers using the in-system programming technique (ISP). +awscli,https://aws.amazon.com/cli/,Command-line interface for Amazon Web Services. +azure-cli,https://github.com/Azure/azure-cli,A great cloud needs great tools; we're excited to introduce Azure CLI our next generation multi-platform command line experience for Azure. +bettercap,https://github.com/bettercap/bettercap,The Swiss Army knife for 802.11 / BLE / and Ethernet networks reconnaissance and MITM attacks. +binwalk,https://github.com/ReFirmLabs/binwalk,Binwalk is a tool for analyzing / reverse engineering / and extracting firmware images. +Blackbird,https://github.com/p1ngul1n0/blackbird,An OSINT tool to search fast for accounts by username across 581 sites. +bloodhound,https://github.com/BloodHoundAD/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments. +BloodHound-CE,https://github.com/SpecterOps/BloodHound,Active Directory security tool for reconnaissance and attacking AD environments (Community Edition) +bloodhound-ce.py,https://github.com/fox-it/BloodHound.py,BloodHound-CE ingestor in Python. +bloodhound-import,https://github.com/fox-it/BloodHound.py,Import data into BloodHound for analyzing active directory trust relationships +bloodhound-quickwin,https://github.com/kaluche/bloodhound-quickwin,A tool for BloodHounding on Windows machines without .NET or Powershell installed +bloodhound.py,https://github.com/fox-it/BloodHound.py,BloodHound ingestor in Python. +bloodyAD,https://github.com/CravateRouge/bloodyAD,bloodyAD is an Active Directory privilege escalation swiss army knife. +bolt,https://github.com/s0md3v/bolt,Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. +bqm,https://github.com/Acceis/bqm,Tool to deduplicate custom BloudHound queries from different datasets and merge them in one file. +brakeman,https://github.com/presidentbeef/brakeman,Static analysis tool for Ruby on Rails applications +bruteforce-luks,https://github.com/glv2/bruteforce-luks,A tool to help recover encrypted LUKS2 containers +bully,https://github.com/aanarchyy/bully,bully is a tool for brute-forcing WPS (Wireless Protected Setup) PINs. +burpsuite,https://portswigger.net/burp,Web application security testing tool. +buster,https://github.com/sham00n/Buster,Advanced OSINT tool +byp4xx,https://github.com/lobuhi/byp4xx,A Swiss Army knife for bypassing web application firewalls and filters. +carbon14,https://github.com/Lazza/carbon14,OSINT tool for estimating when a web page was written. +Censys,https://github.com/censys/censys-python,An easy-to-use and lightweight API wrapper for Censys APIs +certipy,https://github.com/ly4k/Certipy,Python tool to create and sign certificates +certsync,https://github.com/zblurx/certsync,certsync is a tool that helps you synchronize certificates between two directories. +cewl,https://digi.ninja/projects/cewl.php,Generates custom wordlists by spidering a target's website and parsing the results +cewler,https://github.com/roys/cewler,CeWL alternative in Python +chainsaw,https://github.com/WithSecureLabs/chainsaw,Rapidly Search and Hunt through Windows Forensic Artefacts +checksec-py,https://github.com/Wenzel/checksec.py,Python wrapper script for checksec.sh from paX. +chisel,https://github.com/jpillora/chisel,Go based TCP tunnel with authentication and encryption support +cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. +cloudmapper,https://github.com/duo-labs/cloudmapper,CloudMapper helps you analyze your Amazon Web Services (AWS) environments. +cloudsplaining,https://github.com/salesforce/cloudsplaining,AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report. +cloudsploit,https://github.com/aquasecurity/cloudsploit,Cloud Security Posture Management +clusterd,https://github.com/hatRiot/clusterd,A tool to distribute and remotely manage Hacking Team's RCS agents. +cmsmap,https://github.com/Dionach/CMSmap,Tool for security audit of web content management systems. +coercer,https://github.com/p0dalirius/coercer,DFS-R target coercion tool +conpass,https://github.com/login-securite/conpass,Python tool for continuous password spraying taking into account the password policy. +corscanner,https://github.com/chenjj/CORScanner,a Python script for finding CORS misconfigurations. +cowpatty,https://github.com/joswr1ght/cowpatty,cowpatty is a tool for offline dictionary attacks against WPA-PSK (Pre-Shared Key) networks. +crackhound,https://github.com/trustedsec/crackhound,A fast WPA/WPA2/WPA3 WiFi Handshake capture / password recovery and analysis tool +creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. +crunch,https://github.com/crunchsec/crunch,A wordlist generator where you can specify a standard character set or a character set you specify. +cupp,https://github.com/Mebus/cupp,Cupp is a tool used to generate personalized password lists based on target information. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +cyperoth,https://github.com/seajaysec/cypheroth,Automated extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. +darkarmour,https://github.com/bats3c/darkarmour,a tool to detect and evade common antivirus products +dex2jar,https://github.com/pxb1988/dex2jar,A tool to convert Android's dex files to Java's jar files +dfscoerce,https://github.com/Wh04m1001/dfscoerce,DFS-R target coercion tool +dirb,https://github.com/v0re/dirb,Web Content Scanner +dirsearch,https://github.com/maurosoria/dirsearch,Tool for searching files and directories on a web site. +divideandscan,https://github.com/snovvcrash/divideandscan,Advanced subdomain scanner +dns2tcp,https://github.com/alex-sector/dns2tcp,dns2tcp is a tool for relaying TCP connections over DNS. +dnschef,https://github.com/iphelix/dnschef,Tool for DNS MITM attacks +dnsenum,https://github.com/fwaeytens/dnsenum,dnsenum is a tool for enumerating DNS information about a domain. +dnsx,https://github.com/projectdiscovery/dnsx,A tool for DNS reconnaissance that can help identify subdomains and other related domains. +donpapi,https://github.com/login-securite/DonPAPI,Dumping revelant information on compromised targets without AV detection +dploot,https://github.com/zblurx/dploot,dploot is Python rewrite of SharpDPAPI written un C#. +droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. +drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. +eaphammer,https://github.com/s0lst1c3/eaphammer,EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. +empire,https://github.com/BC-SECURITY/Empire,post-exploitation and adversary emulation framework +enum4linux-ng,https://github.com/cddmp/enum4linux-ng,Tool for enumerating information from Windows and Samba systems. +enyx,https://github.com/trickster0/enyx,Framework for building offensive security tools. +evilwinrm,https://github.com/Hackplayers/evil-winrm,Tool to connect to a remote Windows system with WinRM. +exif,https://exiftool.org/,Utility to read / write and edit metadata in image / audio and video files +exifprobe,https://github.com/hfiguiere/exifprobe,Exifprobe is a command-line tool to parse EXIF data from image files. +exiftool,https://github.com/exiftool/exiftool,ExifTool is a Perl library and command-line tool for reading / writing and editing meta information in image / audio and video files. +exiv2,https://github.com/Exiv2/exiv2,Image metadata library and toolset +ExtractBitlockerKeys,https://github.com/p0dalirius/ExtractBitlockerKeys,A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain. +eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. +fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. +fdisk,https://github.com/karelzak/util-linux,Collection of basic system utilities / including fdisk partitioning tool +feroxbuster,https://github.com/epi052/feroxbuster,Simple / fast and recursive content discovery tool +ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. +fierce,https://github.com/mschwager/fierce,A DNS reconnaissance tool for locating non-contiguous IP space +finalrecon,https://github.com/thewhiteh4t/FinalRecon,A web reconnaissance tool that gathers information about web pages +findomain,https://github.com/findomain/findomain,The fastest and cross-platform subdomain enumerator. +finduncommonshares,https://github.com/p0dalirius/FindUncommonShares,Script that can help identify shares that are not commonly found on a Windows system. +firefox,https://www.mozilla.org,A web browser +foremost,https://doc.ubuntu-fr.org/foremost,Foremost is a forensic tool for recovering files based on their headers / footers / and internal data structures. +freeipscanner,https://github.com/scrt/freeipscanner,A simple bash script to enumerate stale ADIDNS entries +freerdp2-x11,https://github.com/FreeRDP/FreeRDP,FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) released under the Apache license. +frida,https://github.com/frida/frida,Dynamic instrumentation toolkit +fuxploider,https://github.com/almandin/fuxploider,a Python tool for finding and exploiting file upload forms/directories. +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +gau,https://github.com/lc/gau,Fast tool for fetching URLs +genusernames,https://gitlab.com/-/snippets/2480505/raw/main/bash,GenUsername is a Python tool for generating a list of usernames based on a name or email address. +GeoPincer,https://github.com/tloja/GeoPincer,GeoPincer is a script that leverages OpenStreetMap's Overpass API in order to search for locations. +geowordlists,https://github.com/p0dalirius/GeoWordlists,tool to generate wordlists of passwords containing cities at a defined distance around the client city. +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +ghidra,https://github.com/NationalSecurityAgency/ghidra,Software reverse engineering suite of tools. +git-dumper,https://github.com/arthaud/git-dumper,Small script to dump a Git repository from a website. +githubemail,https://github.com/paulirish/github-email,a command-line tool to retrieve a user's email from Github. +gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. +gmsadumper,https://github.com/micahvandeusen/gMSADumper,A tool for extracting credentials and other information from a Microsoft Active Directory domain. +gobuster,https://github.com/OJ/gobuster,Tool to discover hidden files and directories. +goldencopy,https://github.com/Dramelac/GoldenCopy,Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket +GoMapEnum,https://github.com/nodauf/GoMapEnum,Nothing new but existing techniques are brought together in one tool. +gopherus,https://github.com/tarunkant/Gopherus,Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. +gosecretsdump,https://github.com/c-sto/gosecretsdump,Implements NTLMSSP network authentication protocol in Go +goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. +gowitness,https://github.com/sensepost/gowitness,A website screenshot utility written in Golang. +GPOddity,https://github.com/synacktiv/GPOddity,Aiming at automating GPO attack vectors through NTLM relaying (and more) +gpp-decrypt,https://github.com/t0thkr1s/gpp-decrypt,A tool to decrypt Group Policy Preferences passwords +gqrx,https://github.com/csete/gqrx,Software defined radio receiver powered by GNU Radio and Qt +gron,https://github.com/tomnomnom/gron,Make JSON greppable! +h2csmuggler,https://github.com/BishopFox/h2csmuggler,HTTP Request Smuggling tool using H2C upgrade +h8mail,https://github.com/khast3x/h8mail,Email OSINT and breach hunting. +hackrf,https://github.com/mossmann/hackrf,Low cost software defined radio platform +haiti,https://github.com/noraj/haiti,haiti is a A CLI tool (and library) to identify hash types (hash type identifier). +hakrawler,https://github.com/hakluke/hakrawler,a fast web crawler for gathering URLs and other information from websites +hakrevdns,https://github.com/hakluke/hakrevdns,Reverse DNS lookup utility that can help with discovering subdomains and other information. +hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery +hashonymize,https://github.com/ShutdownRepo/hashonymize,This small tool is aimed at anonymizing hashes files for offline but online cracking like Google Collab for instance (see https://github.com/ShutdownRepo/google-colab-hashcat). +Havoc,https://github.com/HavocFramework/Havoc,Command & Control Framework +hcxdumptool,https://github.com/ZerBea/hcxdumptool,Small tool to capture packets from wlan devices. +hcxtools,https://github.com/ZerBea/hcxtools,Tools for capturing and analyzing packets from WLAN devices. +hexedit,https://github.com/pixel/hexedit,View and edit binary files +holehe,https://github.com/megadose/holehe,mail osint tool finding out if it is used on websites. +hping3,https://github.com/antirez/hping,A network tool able to send custom TCP/IP packets +httpmethods,https://github.com/ShutdownRepo/httpmethods,Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.) +httprobe,https://github.com/tomnomnom/httprobe,A simple utility for enumerating HTTP and HTTPS servers. +httpx,https://github.com/projectdiscovery/httpx,A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols. +hydra,https://github.com/vanhauser-thc/thc-hydra,Hydra is a parallelized login cracker which supports numerous protocols to attack. +ignorant,https://github.com/megadose/ignorant,holehe but for phone numbers. +imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. +impacket,https://github.com/ThePorgs/impacket,Set of tools for working with network protocols (ThePorgs version). +ipinfo,https://github.com/ipinfo/cli,Get information about an IP address or hostname. +iptables,https://linux.die.net/man/8/iptables,Userspace command line tool for configuring kernel firewall +jackit,https://github.com/insecurityofthings/jackit,Exploit to take over a wireless mouse and keyboard +jadx,https://github.com/skylot/jadx,Java decompiler +jd-gui,https://github.com/java-decompiler/jd-gui,A standalone Java Decompiler GUI +jdwp,https://github.com/IOActive/jdwp-shellifier,This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution. +john,https://github.com/openwall/john,John the Ripper password cracker. +joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites +jsluice,https://github.com/BishopFox/jsluice,Extract URLs / paths / secrets and other interesting data from JavaScript source code. +jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) +kadimus,https://github.com/P0cL4bs/Kadimus,a tool for detecting and exploiting file upload vulnerabilities +katana,https://github.com/projectdiscovery/katana,A next-generation crawling and spidering framework. +KeePwn,https://github.com/Orange-Cyberdefense/KeePwn,KeePwn is a tool that extracts passwords from KeePass 1.x and 2.x databases. +kerbrute,https://github.com/ropnop/kerbrute,A tool to perform Kerberos pre-auth bruteforcing +kiterunner,https://github.com/assetnote/kiterunner,Tool for operating Active Directory environments. +Kraken,https://github.com/kraken-ng/Kraken,Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python. +krbjack,https://github.com/almandin/krbjack,A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse. +krbrelayx,https://github.com/dirkjanm/krbrelayx,a tool for performing Kerberos relay attacks +kubectl,https://kubernetes.io/docs/reference/kubectl/overview/,Command-line interface for managing Kubernetes clusters. +ldapdomaindump,https://github.com/dirkjanm/ldapdomaindump,A tool for dumping domain data from an LDAP service +ldaprelayscan,https://github.com/zyn3rgy/LdapRelayScan,Check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication. +ldapsearch,https://wiki.debian.org/LDAP/LDAPUtils,Search for and display entries (ldap) +ldapsearch-ad,https://github.com/yaap7/ldapsearch-ad,LDAP search utility with AD support +LDAPWordlistHarvester,https://github.com/p0dalirius/LDAPWordlistHarvester,Generate a wordlist from the information present in LDAP in order to crack passwords of domain accounts +ldeep,https://github.com/franc-pentest/ldeep,ldeep is a tool to discover hidden paths on Web servers. +legba,https://github.com/evilsocket/legba,a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust +libmspack,https://github.com/kyz/libmspack,C library for Microsoft compression formats. +libnfc,https://github.com/grundid/nfctools,Library for Near Field Communication (NFC) devices +libnfc-crypto1-crack,https://github.com/droidnewbie2/acr122uNFC,Implementation of cryptographic attack on Mifare Classic RFID cards +libusb-dev,https://github.com/libusb/libusb,Library for USB device access +ligolo-ng,https://github.com/nicocha30/ligolo-ng,An advanced yet simple tunneling tool that uses a TUN interface. +linkedin2username,https://github.com/initstring/linkedin2username,Generate a list of LinkedIn usernames from a company name. +linkfinder,https://github.com/GerbenJavado/LinkFinder,a Python script that finds endpoints and their parameters in JavaScript files. +lnkup,https://github.com/Plazmaz/lnkUp,This tool will allow you to generate LNK payloads. Upon rendering or being run they will exfiltrate data. +lsassy,https://github.com/Hackndo/lsassy,Windows secrets and passwords extraction tool. +maigret,https://github.com/soxoj/maigret,Collects information about a target email (or domain) from Google and Bing search results +maltego,https://www.paterva.com/web7/downloads.php,A tool used for open-source intelligence and forensics +manspider,https://github.com/blacklanternsecurity/MANSPIDER,Manspider will crawl every share on every target system. If provided creds don't work it will fall back to 'guest' then to a null session. +mariadb-client,https://github.com/MariaDB/server,MariaDB is a community-developed fork of the MySQL relational database management system. The mariadb-client package includes command-line utilities for interacting with a MariaDB server. +masky,https://github.com/Z4kSec/Masky,Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX or NT hashes and TGT on a larger scope +masscan,https://github.com/robertdavidgraham/masscan,Masscan is an Internet-scale port scanner +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +metasploit,https://github.com/rapid7/metasploit-framework,A popular penetration testing framework that includes many exploits and payloads +mfcuk,https://github.com/nfc-tools/mfcuk,Implementation of an attack on Mifare Classic and Plus RFID cards +mfdread,https://github.com/zhovner/mfdread,Tool for reading/writing Mifare RFID tags +mfoc,https://github.com/nfc-tools/mfoc,Implementation of 'offline nested' attack by Nethemba +minicom,https://doc.ubuntu-fr.org/minicom,Minicom is a text-based serial communication program for Unix-like operating systems. +mitm6,https://github.com/fox-it/mitm6,Tool to conduct a man-in-the-middle attack against IPv6 protocols. +mobsf,https://github.com/MobSF/Mobile-Security-Framework-MobSF,Automated and all-in-one mobile application (Android/iOS/Windows) pen-testing malware analysis and security assessment framework +moodlescan,https://github.com/inc0d3/moodlescan,Scan Moodle sites for information and vulnerabilities. +mousejack,https://github.com/BastilleResearch/mousejack,Exploit to take over a wireless mouse and keyboard +msprobe,https://github.com/puzzlepeaches/msprobe,msprobe is a tool to identify Microsoft Windows hosts and servers that are running certain services. +MurMurHash,https://github.com/QU35T-code/MurMurHash,This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. +naabu,https://github.com/projectdiscovery/naabu,A fast and reliable port scanner that can detect open ports and services. +name-that-hash,https://github.com/HashPals/Name-That-Hash,Online tool for identifying hashes. +nbtscan,https://github.com/charlesroelli/nbtscan,NBTscan is a program for scanning IP networks for NetBIOS name information. +neo4j,https://github.com/neo4j/neo4j,Database. +neovim,https://neovim.io/,hyperextensible Vim-based text editor +netdiscover,https://github.com/netdiscover-scanner/netdiscover,netdiscover is an active/passive address reconnaissance tool +netexec,https://github.com/Pennyw0rth/NetExec,Network scanner (Crackmapexec updated). +nfct,https://github.com/grundid/nfctools,Tool for Near Field Communication (NFC) devices +ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet +nmap,https://nmap.org,The Network Mapper - a powerful network discovery and security auditing tool +nmap-parse-ouptut,https://github.com/ernw/nmap-parse-output,Converts/manipulates/extracts data from a Nmap scan output. +noPac,https://github.com/Ridter/noPac,Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user. +nosqlmap,https://github.com/codingo/NoSQLMap,a Python tool for testing NoSQL databases for security vulnerabilities. +ntlmv1-multi,https://github.com/evilmog/ntlmv1-multi,Exploit a vulnerability in Microsoft Windows to gain system-level access. +ntlm_theft,https://github.com/Greenwolf/ntlm_theft,A tool for generating multiple types of NTLMv2 hash theft files +nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. +oaburl,https://gist.githubusercontent.com/snovvcrash/4e76aaf2a8750922f546eed81aa51438/raw/96ec2f68a905eed4d519d9734e62edba96fd15ff/oaburl.py,Find Open redirects and other vulnerabilities. +objection,https://github.com/sensepost/objection,Runtime mobile exploration +objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. +oneforall,https://github.com/shmilylty/OneForAll,a powerful subdomain collection tool. +onesixtyone,https://github.com/trailofbits/onesixtyone,onesixtyone is an SNMP scanner which utilizes a sweep technique to achieve very high performance. +osrframework,https://github.com/i3visio/osrframework,Include references to a bunch of different applications related to username checking / DNS lookups / information leaks research / deep web search / regular expressions extraction and many others. +pass,https://github.com/hashcat/hashcat,TODO +PassTheCert,https://github.com/AlmondOffSec/PassTheCert,PassTheCert is a tool to extract Active Directory user password hashes from a domain controller's local certificate store. +patator,https://github.com/lanjelot/patator,Login scanner. +pcredz,https://github.com/lgandx/PCredz,PowerShell credential dumper +pcsc,https://pcsclite.apdu.fr/,Middleware for smart card readers +pdfcrack,https://github.com/robins/pdfcrack,A tool for cracking password-protected PDF files +peepdf,https://github.com/jesparza/peepdf,peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. +petitpotam,https://github.com/topotam/PetitPotam,Windows machine account manipulation +phoneinfoga,https://github.com/sundowndev/PhoneInfoga,Information gathering & OSINT framework for phone numbers. +photon,https://github.com/s0md3v/Photon,a fast web crawler which extracts URLs / files / intel & endpoints from a target. +PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP! +phpggc,https://github.com/ambionics/phpggc,Exploit generation tool for the PHP platform. +pkcrack,https://github.com/keyunluo/pkcrack,tool to generate wordlists of passwords containing cities at a defined distance around the client city +pkinittools,https://github.com/dirkjanm/PKINITtools,Pkinit support tools +polenum,https://github.com/Wh1t3Fox/polenum,Polenum is a Python script which uses the Impacket library to extract user information through the SMB protocol. +postman,https://www.postman.com/,API platform for testing APIs +powershell,https://github.com/PowerShell/PowerShell,a command-line shell and scripting language designed for system administration and automation +pp-finder,https://github.com/yeswehack/pp-finder,Prototype pollution finder tool for javascript. pp-finder lets you find prototype pollution candidates in your code. +pre2k,https://github.com/garrettfoster13/pre2k,pre2k is a tool to check if a Windows domain has any pre-2000 Windows 2000 logon names still in use. +pretender,https://github.com/RedTeamPentesting/pretender,an mitm tool for helping with relay attacks. +prips,https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html,A utility for quickly generating IP ranges or enumerating hosts within a specified range. +privexchange,https://github.com/dirkjanm/PrivExchange,a tool to perform attacks against Microsoft Exchange server using NTLM relay techniques +prowler,https://github.com/prowler-cloud/prowler,Perform Cloud Security best practices assessments / audits / incident response / compliance / continuous monitoring / hardening and forensics readiness. +proxmark3,https://github.com/RfidResearchGroup/proxmark3,Open source RFID research toolkit. +proxychains,https://github.com/rofl0r/proxychains,Proxy chains - redirect connections through proxy servers. +pst-utils,https://manpages.debian.org/jessie/pst-utils/readpst.1,pst-utils is a set of tools for working with Outlook PST files. +pwncat,https://github.com/calebstewart/pwncat,A lightweight and versatile netcat alternative that includes various additional features. +pwndb,https://github.com/davidtavarez/pwndb,A command-line tool for searching the pwndb database of compromised credentials. +pwndbg,https://github.com/pwndbg/pwndbg,a GDB plugin that makes debugging with GDB suck less +pwnedornot,https://github.com/thewhiteh4t/pwnedOrNot,Check if a password has been leaked in a data breach. +pwninit,https://github.com/io12/pwninit,A tool for automating starting binary exploit challenges +pwntools,https://github.com/Gallopsled/pwntools,a CTF framework and exploit development library +pygpoabuse,https://github.com/Hackndo/pyGPOAbuse,A tool for abusing GPO permissions to escalate privileges +pykek,https://github.com/preempt/pykek,PyKEK (Python Kerberos Exploitation Kit) a python library to manipulate KRB5-related data. +pylaps,https://github.com/p0dalirius/pylaps,Utility for enumerating and querying LDAP servers. +pymeta,https://github.com/m8sec/pymeta,Google and Bing scraping osint tool +pypykatz,https://github.com/skelsec/pypykatz,a Python library for mimikatz-like functionality +pyrit,https://github.com/JPaulMora/Pyrit,Python-based WPA/WPA2-PSK attack tool. +pywerview,https://github.com/the-useless-one/pywerview,A (partial) Python rewriting of PowerSploit's PowerView. +pywhisker,https://github.com/ShutdownRepo/pywhisker,PyWhisker is a Python equivalent of the original Whisker made by Elad Shamir and written in C#. This tool allows users to manipulate the msDS-KeyCredentialLink attribute of a target user/computer to obtain full control over that object. It's based on Impacket and on a Python equivalent of Michael Grafnetter's DSInternals called PyDSInternals made by podalirius. +pywsus,https://github.com/GoSecure/pywsus,Python implementation of a WSUS client +radare2,https://github.com/radareorg/radare2,A complete framework for reverse-engineering and analyzing binaries +rdesktop,https://github.com/rdesktop/rdesktop,rdesktop is a client for Remote Desktop Protocol (RDP) used in a number of Microsoft products including Windows NT Terminal Server / Windows 2000 Server / Windows XP and Windows 2003 Server. +reaver,https://github.com/t6x/reaver-wps-fork-t6x,reaver is a tool for brute-forcing WPS (Wireless Protected Setup) PINs. +recon-ng,https://github.com/lanmaster53/recon-ng,External recon tool. +recondog,https://github.com/s0md3v/ReconDog,a reconnaissance tool for performing information gathering on a target. +redis-tools,https://github.com/antirez/redis-tools,redis-tools is a collection of Redis client utilities including redis-cli and redis-benchmark. +responder,https://github.com/lgandx/Responder,a LLMNR / NBT-NS and MDNS poisoner. +rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history +ROADtools,https://github.com/dirkjanm/ROADtools,ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components / the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool. +roastinthemiddle,https://github.com/Tw1sm/RITM,RoastInTheMiddle is a tool to intercept and relay NTLM authentication requests. +robotstester,https://github.com/p0dalirius/robotstester,Utility for testing whether a website's robots.txt file is correctly configured. +routersploit,https://github.com/threat9/routersploit,Security audit tool for routers. +RsaCracker,https://github.com/skyf0l/RsaCracker,Powerful RSA cracker for CTFs. Supports RSA - X509 - OPENSSH in PEM and DER formats. +rsactftool,https://github.com/RsaCtfTool/RsaCtfTool,The rsactftool tool is used for RSA cryptographic operations and analysis. +rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations +rtl-433,https://github.com/merbanan/rtl_433,Tool for decoding various wireless protocols/ signals such as those used by weather stations +ruler,https://github.com/sensepost/ruler,Outlook Rules exploitation framework. +rusthound (v2),https://github.com/NH-RED-TEAM/RustHound,BloodHound-CE ingestor in Rust. +rusthound,https://github.com/NH-RED-TEAM/RustHound,BloodHound ingestor in Rust. +rustscan,https://github.com/RustScan/RustScan,The Modern Port Scanner +samdump2,https://github.com/azan121468/SAMdump2,A tool to dump Windows NT/2k/XP/Vista password hashes from SAM files +sccmhunter,https://github.com/garrettfoster13/sccmhunter,SCCMHunter is a post-ex tool built to streamline identifying profiling and attacking SCCM related assets in an Active Directory domain. +sccmwtf,https://github.com/xpn/sccmwtf,This code is designed for exploring SCCM in a lab. +scout,https://github.com/nccgroup/ScoutSuite,Scout Suite is an open source multi-cloud security-auditing tool which enables security posture assessment of cloud environments. +scrcpy,https://github.com/Genymobile/scrcpy,Display and control your Android device. +searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB +seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments +semgrep,https://github.com/returntocorp/semgrep/,Static analysis tool that supports multiple languages and can find a variety of vulnerabilities and coding errors. +shadowcoerce,https://github.com/ShutdownRepo/shadowcoerce,Utility for bypassing the Windows Defender antivirus by hiding a process within a legitimate process. +shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode +Sherlock,https://github.com/sherlock-project/sherlock,Hunt down social media accounts by username across social networks. +shuffledns,https://github.com/projectdiscovery/shuffledns,A fast and customizable DNS resolver that can be used for subdomain enumeration and other tasks. +simplyemail,https://github.com/SimplySecurity/SimplyEmail,a scriptable command line tool for sending emails +sipvicious,https://github.com/enablesecurity/sipvicious,Enumeration and MITM tool for SIP devices +sleuthkit,https://github.com/sleuthkit/sleuthkit,Forensic toolkit to analyze volume and file system data +sliver,https://github.com/BishopFox/sliver,Open source / cross-platform and extensible C2 framework +smali,https://github.com/JesusFreke/smali,A tool to disassemble and assemble Android's dex files +smartbrute,https://github.com/ShutdownRepo/SmartBrute,The smart password spraying and bruteforcing tool for Active Directory Domain Services. +smbclient,https://github.com/samba-team/samba,SMBclient is a command-line utility that allows you to access Windows shared resources +smbclient-ng,https://github.com/p0dalirius/smbclient-ng,smbclient-ng is a fast and user friendly way to interact with SMB shares. +smbmap,https://github.com/ShawnDEvans/smbmap,A tool to enumerate SMB shares and check for null sessions +smtp-user-enum,https://github.com/pentestmonkey/smtp-user-enum,A tool to enumerate email addresses via SMTP +smuggler,https://github.com/defparam/smuggler,Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place. +SoapUI,https://github.com/SmartBear/soapui,SoapUI is the world's leading testing tool for API testing. +spiderfoot,https://github.com/smicallef/spiderfoot,A reconnaissance tool that automatically queries over 100 public data sources +sprayhound,https://github.com/Hackndo/Sprayhound,Active Directory password audit tool. +sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws +ssh-audit,https://github.com/jtesta/ssh-audit,ssh-audit is a tool to test SSH server configuration for best practices. +sshuttle,https://github.com/sshuttle/sshuttle,Transparent proxy server that tunnels traffic through an SSH server +sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers +ssrfmap,https://github.com/swisskyrepo/SSRFmap,a tool for testing SSRF vulnerabilities. +steghide,https://github.com/StefanoDeVuono/steghide,steghide is a steganography program that is able to hide data in various kinds of image and audio files. +stegolsb,https://github.com/KyTn/STEGOLSB,Steganography tool to hide data in BMP images using least significant bit algorithm +stegosuite,https://github.com/osde8info/stegosuite,Stegosuite is a free steganography tool that allows you to hide data in image and audio files. +subfinder,https://github.com/projectdiscovery/subfinder,Tool to find subdomains associated with a domain. +sublist3r,https://github.com/aboul3la/Sublist3r,a Python tool designed to enumerate subdomains of websites. +swaks,https://github.com/jetmore/swaks,Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool. +symfony-exploits,https://github.com/ambionics/symfony-exploits,Collection of Symfony exploits and PoCs. +tailscale,https://github.com/tailscale/tailscale,A secure and easy-to-use VPN alternative that is designed for teams and businesses. +targetedKerberoast,https://github.com/ShutdownRepo/targetedKerberoast,Kerberoasting against specific accounts +tcpdump,https://github.com/the-tcpdump-group/tcpdump,a powerful command-line packet analyzer for Unix-like systems +TeamsPhisher,https://github.com/Octoberfest7/TeamsPhisher,TeamsPhisher is a Python3 program that facilitates the delivery of phishing messages and attachments to Microsoft Teams users whose organizations allow external communications. +testdisk,https://github.com/cgsecurity/testdisk,Partition recovery and file undelete utility +testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers +theharvester,https://github.com/laramies/theHarvester,Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources +tig,https://github.com/jonas/tig,Tig is an ncurses-based text-mode interface for git. +timing,https://github.com/ffleming/timing_attack,Tool to generate a timing profile for a given command. +tls-map,https://github.com/sec-it/tls-map,tls-map is a library for mapping TLS cipher algorithm names. +tls-scanner,https://github.com/tls-attacker/tls-scanner,a simple script to check the security of a remote TLS/SSL web server +tomcatwardeployer,https://github.com/mgeeky/tomcatwardeployer,Script to deploy war file in Tomcat. +tor,https://github.com/torproject/tor,Anonymity tool that can help protect your privacy and online identity by routing your traffic through a network of servers. +toutatis,https://github.com/megadose/Toutatis,Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails / phone numbers and more. +traceroute,https://github.com/iputils/iputils,Traceroute is a command which can show you the path a packet of information takes from your computer to one you specify. +trevorspray,https://github.com/blacklanternsecurity/TREVORspray,TREVORspray is a modular password sprayer with threading SSH proxying loot modules / and more +trid,https://mark0.net/soft-trid-e.html,File identifier +trilium,https://github.com/zadam/trilium,Personal knowledge management system. +tshark,https://github.com/wireshark/wireshark,TShark is a terminal version of Wireshark. +uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. +updog,https://github.com/sc0tfree/updog,Simple replacement for Python's SimpleHTTPServer. +uploader,https://github.com/Frozenka/uploader,Tool for quickly downloading files to a remote machine based on the target operating system +upx,https://github.com/upx/upx,UPX is an advanced executable packer +username-anarchy,https://github.com/urbanadventurer/username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. +Villain,https://github.com/t3l3machus/Villain,Command & Control Framework +volatility2,https://github.com/volatilityfoundation/volatility,Volatile memory extraction utility framework +volatility3,https://github.com/volatilityfoundation/volatility3,Advanced memory forensics framework +wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. +waybackurls,https://github.com/tomnomnom/waybackurls,Fetch all the URLs that the Wayback Machine knows about for a domain. +webclientservicescanner,https://github.com/Hackndo/webclientservicescanner,Scans for web service endpoints +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +wfuzz,https://github.com/xmendez/wfuzz,WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques +whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information +whatweb,https://github.com/urbanadventurer/WhatWeb,Next generation web scanner that identifies what websites are running. +whois,https://packages.debian.org/sid/whois,See information about a specific domain name or IP address. +wifite2,https://github.com/derv82/wifite2,Script for auditing wireless networks. +windapsearch-go,https://github.com/ropnop/go-windapsearch/,Active Directory enumeration tool. +wireshark,https://github.com/wireshark/wireshark,Wireshark is a network protocol analyzer that lets you see what’s happening on your network at a microscopic level. +wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites +wuzz,https://github.com/asciimoo/wuzz,a command-line tool for interacting with HTTP(S) web services +XSpear,https://github.com/hahwul/XSpear,a powerful XSS scanning and exploitation tool. +xsrfprobe,https://github.com/0xInfection/XSRFProbe,a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities +xsser,https://github.com/epsylon/xsser,XSS scanner. +xsstrike,https://github.com/s0md3v/XSStrike,a Python tool for detecting and exploiting XSS vulnerabilities. +xtightvncviewer,https://www.commandlinux.com/man-page/man1/xtightvncviewer.1.html,xtightvncviewer is an open source VNC client software. +Yalis,https://github.com/EatonChips/yalis,Yet Another LinkedIn Scraper +youtubedl,https://github.com/ytdl-org/youtube-dl,Download videos from YouTube and other sites. +ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. +yt-dlp,https://github.com/yt-dlp/yt-dlp,A youtube-dl fork with additional features and fixes +zerologon,https://github.com/SecuraBV/CVE-2020-1472,Exploit for the Zerologon vulnerability (CVE-2020-1472). +zipalign,https://developer.android.com/studio/command-line/zipalign,arguably the most important step to optimize your APK file +zsteg,https://github.com/zed-0xff/zsteg,Detect steganography hidden in PNG and BMP images diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index 5e60b47..2afe30b 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +full,3.1.5,2024-10-08T02:56:56Z,:download:`full_3.1.5_arm64.csv ` ad,3.1.5,2024-10-08T02:45:33Z,:download:`ad_3.1.5_arm64.csv ` light,3.1.5,2024-10-08T02:37:18Z,:download:`light_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` From 7515dd51d235e53da5cc1731a3545fd653c794e2 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Tue, 8 Oct 2024 04:59:14 +0200 Subject: [PATCH 14/36] PIPELINE: tools list for osint_3.1.5_arm64 --- .../lists/osint_3.1.5_arm64.csv | 67 +++++++++++++++++++ .../assets/installed_tools/releases_arm64.csv | 1 + 2 files changed, 68 insertions(+) create mode 100644 source/assets/installed_tools/lists/osint_3.1.5_arm64.csv diff --git a/source/assets/installed_tools/lists/osint_3.1.5_arm64.csv b/source/assets/installed_tools/lists/osint_3.1.5_arm64.csv new file mode 100644 index 0000000..ebd2658 --- /dev/null +++ b/source/assets/installed_tools/lists/osint_3.1.5_arm64.csv @@ -0,0 +1,67 @@ +Tool,Link,Description +arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +assetfinder,https://github.com/tomnomnom/assetfinder,Tool to find subdomains and IP addresses associated with a domain. +Blackbird,https://github.com/p1ngul1n0/blackbird,An OSINT tool to search fast for accounts by username across 581 sites. +buster,https://github.com/sham00n/Buster,Advanced OSINT tool +carbon14,https://github.com/Lazza/carbon14,OSINT tool for estimating when a web page was written. +Censys,https://github.com/censys/censys-python,An easy-to-use and lightweight API wrapper for Censys APIs +creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +dnsenum,https://github.com/fwaeytens/dnsenum,dnsenum is a tool for enumerating DNS information about a domain. +exifprobe,https://github.com/hfiguiere/exifprobe,Exifprobe is a command-line tool to parse EXIF data from image files. +exiftool,https://github.com/exiftool/exiftool,ExifTool is a Perl library and command-line tool for reading / writing and editing meta information in image / audio and video files. +finalrecon,https://github.com/thewhiteh4t/FinalRecon,A web reconnaissance tool that gathers information about web pages +findomain,https://github.com/findomain/findomain,The fastest and cross-platform subdomain enumerator. +firefox,https://www.mozilla.org,A web browser +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +GeoPincer,https://github.com/tloja/GeoPincer,GeoPincer is a script that leverages OpenStreetMap's Overpass API in order to search for locations. +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +githubemail,https://github.com/paulirish/github-email,a command-line tool to retrieve a user's email from Github. +GoMapEnum,https://github.com/nodauf/GoMapEnum,Nothing new but existing techniques are brought together in one tool. +goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. +gron,https://github.com/tomnomnom/gron,Make JSON greppable! +h8mail,https://github.com/khast3x/h8mail,Email OSINT and breach hunting. +holehe,https://github.com/megadose/holehe,mail osint tool finding out if it is used on websites. +ignorant,https://github.com/megadose/ignorant,holehe but for phone numbers. +imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. +ipinfo,https://github.com/ipinfo/cli,Get information about an IP address or hostname. +linkedin2username,https://github.com/initstring/linkedin2username,Generate a list of LinkedIn usernames from a company name. +maigret,https://github.com/soxoj/maigret,Collects information about a target email (or domain) from Google and Bing search results +maltego,https://www.paterva.com/web7/downloads.php,A tool used for open-source intelligence and forensics +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +MurMurHash,https://github.com/QU35T-code/MurMurHash,This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. +neovim,https://neovim.io/,hyperextensible Vim-based text editor +ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet +objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. +osrframework,https://github.com/i3visio/osrframework,Include references to a bunch of different applications related to username checking / DNS lookups / information leaks research / deep web search / regular expressions extraction and many others. +phoneinfoga,https://github.com/sundowndev/PhoneInfoga,Information gathering & OSINT framework for phone numbers. +photon,https://github.com/s0md3v/Photon,a fast web crawler which extracts URLs / files / intel & endpoints from a target. +pwndb,https://github.com/davidtavarez/pwndb,A command-line tool for searching the pwndb database of compromised credentials. +pwnedornot,https://github.com/thewhiteh4t/pwnedOrNot,Check if a password has been leaked in a data breach. +pymeta,https://github.com/m8sec/pymeta,Google and Bing scraping osint tool +recon-ng,https://github.com/lanmaster53/recon-ng,External recon tool. +recondog,https://github.com/s0md3v/ReconDog,a reconnaissance tool for performing information gathering on a target. +rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history +rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations +searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB +shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode +Sherlock,https://github.com/sherlock-project/sherlock,Hunt down social media accounts by username across social networks. +simplyemail,https://github.com/SimplySecurity/SimplyEmail,a scriptable command line tool for sending emails +spiderfoot,https://github.com/smicallef/spiderfoot,A reconnaissance tool that automatically queries over 100 public data sources +subfinder,https://github.com/projectdiscovery/subfinder,Tool to find subdomains associated with a domain. +sublist3r,https://github.com/aboul3la/Sublist3r,a Python tool designed to enumerate subdomains of websites. +theharvester,https://github.com/laramies/theHarvester,Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources +tig,https://github.com/jonas/tig,Tig is an ncurses-based text-mode interface for git. +tor,https://github.com/torproject/tor,Anonymity tool that can help protect your privacy and online identity by routing your traffic through a network of servers. +toutatis,https://github.com/megadose/Toutatis,Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails / phone numbers and more. +trevorspray,https://github.com/blacklanternsecurity/TREVORspray,TREVORspray is a modular password sprayer with threading SSH proxying loot modules / and more +trilium,https://github.com/zadam/trilium,Personal knowledge management system. +uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. +uploader,https://github.com/Frozenka/uploader,Tool for quickly downloading files to a remote machine based on the target operating system +waybackurls,https://github.com/tomnomnom/waybackurls,Fetch all the URLs that the Wayback Machine knows about for a domain. +whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information +whois,https://packages.debian.org/sid/whois,See information about a specific domain name or IP address. +Yalis,https://github.com/EatonChips/yalis,Yet Another LinkedIn Scraper +youtubedl,https://github.com/ytdl-org/youtube-dl,Download videos from YouTube and other sites. +yt-dlp,https://github.com/yt-dlp/yt-dlp,A youtube-dl fork with additional features and fixes diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index 2afe30b..c126746 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +osint,3.1.5,2024-10-08T02:59:13Z,:download:`osint_3.1.5_arm64.csv ` full,3.1.5,2024-10-08T02:56:56Z,:download:`full_3.1.5_arm64.csv ` ad,3.1.5,2024-10-08T02:45:33Z,:download:`ad_3.1.5_arm64.csv ` light,3.1.5,2024-10-08T02:37:18Z,:download:`light_3.1.5_arm64.csv ` From c89bf163ff31a5e5575dd6708cc682263140b04f Mon Sep 17 00:00:00 2001 From: Github Actions Date: Tue, 8 Oct 2024 05:05:10 +0200 Subject: [PATCH 15/36] PIPELINE: tools list for web_3.1.5_arm64 --- .../installed_tools/lists/web_3.1.5_arm64.csv | 160 ++++++++++++++++++ .../assets/installed_tools/releases_arm64.csv | 1 + 2 files changed, 161 insertions(+) create mode 100644 source/assets/installed_tools/lists/web_3.1.5_arm64.csv diff --git a/source/assets/installed_tools/lists/web_3.1.5_arm64.csv b/source/assets/installed_tools/lists/web_3.1.5_arm64.csv new file mode 100644 index 0000000..dd316cc --- /dev/null +++ b/source/assets/installed_tools/lists/web_3.1.5_arm64.csv @@ -0,0 +1,160 @@ +Tool,Link,Description +amass,https://github.com/OWASP/Amass,A DNS enumeration / attack surface mapping & external assets discovery tool +anew,https://github.com/tomnomnom/anew,A simple tool for filtering and manipulating text data / such as log files and other outputs. +arjun,https://github.com/s0md3v/Arjun,HTTP parameter discovery suite. +arsenal,https://github.com/Orange-Cyberdefense/arsenal,Powerful weapons for penetration testing. +asdf,https://github.com/asdf-vm/asdf,Extendable version manager with support for ruby python go etc +assetfinder,https://github.com/tomnomnom/assetfinder,Tool to find subdomains and IP addresses associated with a domain. +Blackbird,https://github.com/p1ngul1n0/blackbird,An OSINT tool to search fast for accounts by username across 581 sites. +bolt,https://github.com/s0md3v/bolt,Bolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing. +brakeman,https://github.com/presidentbeef/brakeman,Static analysis tool for Ruby on Rails applications +bruteforce-luks,https://github.com/glv2/bruteforce-luks,A tool to help recover encrypted LUKS2 containers +burpsuite,https://portswigger.net/burp,Web application security testing tool. +buster,https://github.com/sham00n/Buster,Advanced OSINT tool +byp4xx,https://github.com/lobuhi/byp4xx,A Swiss Army knife for bypassing web application firewalls and filters. +carbon14,https://github.com/Lazza/carbon14,OSINT tool for estimating when a web page was written. +Censys,https://github.com/censys/censys-python,An easy-to-use and lightweight API wrapper for Censys APIs +cewl,https://digi.ninja/projects/cewl.php,Generates custom wordlists by spidering a target's website and parsing the results +cewler,https://github.com/roys/cewler,CeWL alternative in Python +cloudfail,https://github.com/m0rtem/CloudFail,a reconnaissance tool for identifying misconfigured CloudFront domains. +clusterd,https://github.com/hatRiot/clusterd,A tool to distribute and remotely manage Hacking Team's RCS agents. +cmsmap,https://github.com/Dionach/CMSmap,Tool for security audit of web content management systems. +corscanner,https://github.com/chenjj/CORScanner,a Python script for finding CORS misconfigurations. +creds,https://github.com/ihebski/DefaultCreds-cheat-sheet,One place for all the default credentials to assist pentesters during an engagement. This document has several products default login/password gathered from multiple sources. +crunch,https://github.com/crunchsec/crunch,A wordlist generator where you can specify a standard character set or a character set you specify. +cupp,https://github.com/Mebus/cupp,Cupp is a tool used to generate personalized password lists based on target information. +CyberChef,https://github.com/gchq/CyberChef/,The Cyber Swiss Army Knife +dirb,https://github.com/v0re/dirb,Web Content Scanner +dirsearch,https://github.com/maurosoria/dirsearch,Tool for searching files and directories on a web site. +dnsenum,https://github.com/fwaeytens/dnsenum,dnsenum is a tool for enumerating DNS information about a domain. +droopescan,https://github.com/droope/droopescan,Scan Drupal websites for vulnerabilities. +drupwn,https://github.com/immunIT/drupwn,Drupal security scanner. +exifprobe,https://github.com/hfiguiere/exifprobe,Exifprobe is a command-line tool to parse EXIF data from image files. +exiftool,https://github.com/exiftool/exiftool,ExifTool is a Perl library and command-line tool for reading / writing and editing meta information in image / audio and video files. +eyewitness,https://github.com/FortyNorthSecurity/EyeWitness,a tool to take screenshots of websites / provide some server header info / and identify default credentials if possible. +fcrackzip,https://github.com/hyc/fcrackzip,Password cracker for zip archives. +feroxbuster,https://github.com/epi052/feroxbuster,Simple / fast and recursive content discovery tool +ffuf,https://github.com/ffuf/ffuf,Fast web fuzzer written in Go. +finalrecon,https://github.com/thewhiteh4t/FinalRecon,A web reconnaissance tool that gathers information about web pages +findomain,https://github.com/findomain/findomain,The fastest and cross-platform subdomain enumerator. +firefox,https://www.mozilla.org,A web browser +fuxploider,https://github.com/almandin/fuxploider,a Python tool for finding and exploiting file upload forms/directories. +fzf,https://github.com/junegunn/fzf,🌸 A command-line fuzzy finder +gau,https://github.com/lc/gau,Fast tool for fetching URLs +genusernames,https://gitlab.com/-/snippets/2480505/raw/main/bash,GenUsername is a Python tool for generating a list of usernames based on a name or email address. +GeoPincer,https://github.com/tloja/GeoPincer,GeoPincer is a script that leverages OpenStreetMap's Overpass API in order to search for locations. +geowordlists,https://github.com/p0dalirius/GeoWordlists,tool to generate wordlists of passwords containing cities at a defined distance around the client city. +gf,https://github.com/tomnomnom/gf,A wrapper around grep to avoid typing common patterns +git-dumper,https://github.com/arthaud/git-dumper,Small script to dump a Git repository from a website. +githubemail,https://github.com/paulirish/github-email,a command-line tool to retrieve a user's email from Github. +gittools,https://github.com/internetwache/GitTools,A collection of Git tools including a powerful Dumper for dumping Git repositories. +gobuster,https://github.com/OJ/gobuster,Tool to discover hidden files and directories. +GoMapEnum,https://github.com/nodauf/GoMapEnum,Nothing new but existing techniques are brought together in one tool. +gopherus,https://github.com/tarunkant/Gopherus,Gopherus is a simple command line tool for exploiting vulnerable Gopher servers. +goshs,https://github.com/patrickhener/goshs,Goshs is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S with either self-signed certificate or user provided certificate and you can use HTTP basic auth. +gowitness,https://github.com/sensepost/gowitness,A website screenshot utility written in Golang. +gron,https://github.com/tomnomnom/gron,Make JSON greppable! +h2csmuggler,https://github.com/BishopFox/h2csmuggler,HTTP Request Smuggling tool using H2C upgrade +h8mail,https://github.com/khast3x/h8mail,Email OSINT and breach hunting. +haiti,https://github.com/noraj/haiti,haiti is a A CLI tool (and library) to identify hash types (hash type identifier). +hakrawler,https://github.com/hakluke/hakrawler,a fast web crawler for gathering URLs and other information from websites +hakrevdns,https://github.com/hakluke/hakrevdns,Reverse DNS lookup utility that can help with discovering subdomains and other information. +hashcat,https://hashcat.net/hashcat,A tool for advanced password recovery +holehe,https://github.com/megadose/holehe,mail osint tool finding out if it is used on websites. +httpmethods,https://github.com/ShutdownRepo/httpmethods,Tool for exploiting HTTP methods (e.g. PUT / DELETE / etc.) +httprobe,https://github.com/tomnomnom/httprobe,A simple utility for enumerating HTTP and HTTPS servers. +httpx,https://github.com/projectdiscovery/httpx,A tool for identifying web technologies and vulnerabilities / including outdated software versions and weak encryption protocols. +ignorant,https://github.com/megadose/ignorant,holehe but for phone numbers. +imagemagick,https://github.com/ImageMagick/ImageMagick,ImageMagick is a free and open-source image manipulation tool used to create / edit / compose / or convert bitmap images. +ipinfo,https://github.com/ipinfo/cli,Get information about an IP address or hostname. +jdwp,https://github.com/IOActive/jdwp-shellifier,This exploitation script is meant to be used by pentesters against active JDWP service / in order to gain Remote Code Execution. +john,https://github.com/openwall/john,John the Ripper password cracker. +joomscan,https://github.com/rezasp/joomscan,A tool to enumerate Joomla-based websites +jsluice,https://github.com/BishopFox/jsluice,Extract URLs / paths / secrets and other interesting data from JavaScript source code. +jwt,https://github.com/ticarpi/jwt_tool,a command-line tool for working with JSON Web Tokens (JWTs) +kadimus,https://github.com/P0cL4bs/Kadimus,a tool for detecting and exploiting file upload vulnerabilities +katana,https://github.com/projectdiscovery/katana,A next-generation crawling and spidering framework. +kiterunner,https://github.com/assetnote/kiterunner,Tool for operating Active Directory environments. +Kraken,https://github.com/kraken-ng/Kraken,Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP / JSP and ASPX) and is core is developed in Python. +linkedin2username,https://github.com/initstring/linkedin2username,Generate a list of LinkedIn usernames from a company name. +linkfinder,https://github.com/GerbenJavado/LinkFinder,a Python script that finds endpoints and their parameters in JavaScript files. +maigret,https://github.com/soxoj/maigret,Collects information about a target email (or domain) from Google and Bing search results +maltego,https://www.paterva.com/web7/downloads.php,A tool used for open-source intelligence and forensics +mdcat,https://github.com/swsnr/mdcat,Fancy cat for Markdown +moodlescan,https://github.com/inc0d3/moodlescan,Scan Moodle sites for information and vulnerabilities. +MurMurHash,https://github.com/QU35T-code/MurMurHash,This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. +naabu,https://github.com/projectdiscovery/naabu,A fast and reliable port scanner that can detect open ports and services. +name-that-hash,https://github.com/HashPals/Name-That-Hash,Online tool for identifying hashes. +neovim,https://neovim.io/,hyperextensible Vim-based text editor +ngrok,https://github.com/inconshreveable/ngrok,Expose a local server behind a NAT or firewall to the internet +nosqlmap,https://github.com/codingo/NoSQLMap,a Python tool for testing NoSQL databases for security vulnerabilities. +nuclei,https://github.com/projectdiscovery/nuclei,A fast and customizable vulnerability scanner that can detect a wide range of issues / including XSS / SQL injection / and misconfigured servers. +objectwalker,https://github.com/p0dalirius/objectwalker,A python module to explore the object tree to extract paths to interesting objects in memory. +oneforall,https://github.com/shmilylty/OneForAll,a powerful subdomain collection tool. +osrframework,https://github.com/i3visio/osrframework,Include references to a bunch of different applications related to username checking / DNS lookups / information leaks research / deep web search / regular expressions extraction and many others. +pass,https://github.com/hashcat/hashcat,TODO +patator,https://github.com/lanjelot/patator,Login scanner. +pdfcrack,https://github.com/robins/pdfcrack,A tool for cracking password-protected PDF files +phoneinfoga,https://github.com/sundowndev/PhoneInfoga,Information gathering & OSINT framework for phone numbers. +photon,https://github.com/s0md3v/Photon,a fast web crawler which extracts URLs / files / intel & endpoints from a target. +PHP filter chain generator,https://github.com/synacktiv/php_filter_chain_generator,A CLI to generate PHP filters chain / get your RCE without uploading a file if you control entirely the parameter passed to a require or an include in PHP! +phpggc,https://github.com/ambionics/phpggc,Exploit generation tool for the PHP platform. +pkcrack,https://github.com/keyunluo/pkcrack,tool to generate wordlists of passwords containing cities at a defined distance around the client city +postman,https://www.postman.com/,API platform for testing APIs +pp-finder,https://github.com/yeswehack/pp-finder,Prototype pollution finder tool for javascript. pp-finder lets you find prototype pollution candidates in your code. +prips,https://manpages.ubuntu.com/manpages/focal/man1/prips.1.html,A utility for quickly generating IP ranges or enumerating hosts within a specified range. +pwndb,https://github.com/davidtavarez/pwndb,A command-line tool for searching the pwndb database of compromised credentials. +pwnedornot,https://github.com/thewhiteh4t/pwnedOrNot,Check if a password has been leaked in a data breach. +pymeta,https://github.com/m8sec/pymeta,Google and Bing scraping osint tool +recon-ng,https://github.com/lanmaster53/recon-ng,External recon tool. +recondog,https://github.com/s0md3v/ReconDog,a reconnaissance tool for performing information gathering on a target. +rlwrap,https://github.com/hanslub42/rlwrap,rlwrap is a small utility that wraps input and output streams of executables / making it possible to edit and re-run input history +robotstester,https://github.com/p0dalirius/robotstester,Utility for testing whether a website's robots.txt file is correctly configured. +rsync,https://packages.debian.org/sid/rsync,File synchronization tool for efficiently copying and updating data between local or remote locations +searchsploit,https://gitlab.com/exploit-database/exploitdb,A command line search tool for Exploit-DB +seclists,https://github.com/danielmiessler/SecLists,A collection of multiple types of lists used during security assessments +semgrep,https://github.com/returntocorp/semgrep/,Static analysis tool that supports multiple languages and can find a variety of vulnerabilities and coding errors. +shellerator,https://github.com/ShutdownRepo/Shellerator,a simple command-line tool for generating shellcode +Sherlock,https://github.com/sherlock-project/sherlock,Hunt down social media accounts by username across social networks. +simplyemail,https://github.com/SimplySecurity/SimplyEmail,a scriptable command line tool for sending emails +smuggler,https://github.com/defparam/smuggler,Smuggler is a tool that helps pentesters and red teamers to smuggle data into and out of the network even when there are multiple layers of security in place. +SoapUI,https://github.com/SmartBear/soapui,SoapUI is the world's leading testing tool for API testing. +spiderfoot,https://github.com/smicallef/spiderfoot,A reconnaissance tool that automatically queries over 100 public data sources +sqlmap,https://github.com/sqlmapproject/sqlmap,Sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws +sslscan,https://github.com/rbsec/sslscan,a tool for testing SSL/TLS encryption on servers +ssrfmap,https://github.com/swisskyrepo/SSRFmap,a tool for testing SSRF vulnerabilities. +subfinder,https://github.com/projectdiscovery/subfinder,Tool to find subdomains associated with a domain. +sublist3r,https://github.com/aboul3la/Sublist3r,a Python tool designed to enumerate subdomains of websites. +swaks,https://github.com/jetmore/swaks,Swaks is a featureful flexible scriptable transaction-oriented SMTP test tool. +symfony-exploits,https://github.com/ambionics/symfony-exploits,Collection of Symfony exploits and PoCs. +testssl,https://github.com/drwetter/testssl.sh,a tool for testing SSL/TLS encryption on servers +theharvester,https://github.com/laramies/theHarvester,Tool for gathering e-mail accounts / subdomain names / virtual host / open ports / banners / and employee names from different public sources +tig,https://github.com/jonas/tig,Tig is an ncurses-based text-mode interface for git. +timing,https://github.com/ffleming/timing_attack,Tool to generate a timing profile for a given command. +tls-scanner,https://github.com/tls-attacker/tls-scanner,a simple script to check the security of a remote TLS/SSL web server +tomcatwardeployer,https://github.com/mgeeky/tomcatwardeployer,Script to deploy war file in Tomcat. +tor,https://github.com/torproject/tor,Anonymity tool that can help protect your privacy and online identity by routing your traffic through a network of servers. +toutatis,https://github.com/megadose/Toutatis,Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails / phone numbers and more. +trevorspray,https://github.com/blacklanternsecurity/TREVORspray,TREVORspray is a modular password sprayer with threading SSH proxying loot modules / and more +trilium,https://github.com/zadam/trilium,Personal knowledge management system. +uberfile,https://github.com/ShutdownRepo/Uberfile,Uberfile is a simple command-line tool aimed to help pentesters quickly generate file downloader one-liners in multiple contexts (wget / curl / powershell / certutil...). This project code is based on my other similar project for one-liner reverseshell generation Shellerator. +updog,https://github.com/sc0tfree/updog,Simple replacement for Python's SimpleHTTPServer. +uploader,https://github.com/Frozenka/uploader,Tool for quickly downloading files to a remote machine based on the target operating system +username-anarchy,https://github.com/urbanadventurer/username-anarchy,Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. +wafw00f,https://github.com/EnableSecurity/wafw00f,a Python tool that helps to identify and fingerprint web application firewall (WAF) products. +waybackurls,https://github.com/tomnomnom/waybackurls,Fetch all the URLs that the Wayback Machine knows about for a domain. +weevely,https://github.com/epinna/weevely3,a webshell designed for post-exploitation purposes that can be extended over the network at runtime. +wfuzz,https://github.com/xmendez/wfuzz,WFuzz is a web application vulnerability scanner that allows you to find vulnerabilities using a wide range of attack payloads and fuzzing techniques +whatportis,https://github.com/ncrocfer/whatportis,Command-line tool to lookup port information +whatweb,https://github.com/urbanadventurer/WhatWeb,Next generation web scanner that identifies what websites are running. +whois,https://packages.debian.org/sid/whois,See information about a specific domain name or IP address. +wpscan,https://github.com/wpscanteam/wpscan,A tool to enumerate WordPress-based websites +wuzz,https://github.com/asciimoo/wuzz,a command-line tool for interacting with HTTP(S) web services +XSpear,https://github.com/hahwul/XSpear,a powerful XSS scanning and exploitation tool. +xsrfprobe,https://github.com/0xInfection/XSRFProbe,a tool for detecting and exploiting Cross-Site Request Forgery (CSRF) vulnerabilities +xsser,https://github.com/epsylon/xsser,XSS scanner. +xsstrike,https://github.com/s0md3v/XSStrike,a Python tool for detecting and exploiting XSS vulnerabilities. +Yalis,https://github.com/EatonChips/yalis,Yet Another LinkedIn Scraper +youtubedl,https://github.com/ytdl-org/youtube-dl,Download videos from YouTube and other sites. +ysoserial,https://github.com/frohoff/ysoserial,A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. +yt-dlp,https://github.com/yt-dlp/yt-dlp,A youtube-dl fork with additional features and fixes diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index c126746..a4ffc0e 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,4 +1,5 @@ Image tag,Version,Build date,Tools list +web,3.1.5,2024-10-08T03:05:08Z,:download:`web_3.1.5_arm64.csv ` osint,3.1.5,2024-10-08T02:59:13Z,:download:`osint_3.1.5_arm64.csv ` full,3.1.5,2024-10-08T02:56:56Z,:download:`full_3.1.5_arm64.csv ` ad,3.1.5,2024-10-08T02:45:33Z,:download:`ad_3.1.5_arm64.csv ` From 0599250b77acafe52e1bda313398134ebd67ec8d Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 07:31:40 +0200 Subject: [PATCH 16/36] PIPELINE: tools list for light_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index ef58ef0..e68f831 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,8 +1,8 @@ Image tag,Version,Build date,Tools list +light,3.1.5,2024-10-11T05:31:39Z,:download:`light_3.1.5_amd64.csv ` osint,3.1.5,2024-10-07T22:03:00Z,:download:`osint_3.1.5_amd64.csv ` web,3.1.5,2024-10-07T22:00:01Z,:download:`web_3.1.5_amd64.csv ` full,3.1.5,2024-10-07T21:51:39Z,:download:`full_3.1.5_amd64.csv ` -light,3.1.5,2024-10-07T21:38:47Z,:download:`light_3.1.5_amd64.csv ` ad,3.1.5,2024-10-07T21:28:34Z,:download:`ad_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` web,3.1.4,2024-05-05T22:26:58Z,:download:`web_3.1.4_amd64.csv ` From 782d7478ac6f3a0255831efdfae9d263f4c0539e Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 07:36:24 +0200 Subject: [PATCH 17/36] PIPELINE: tools list for osint_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index e68f831..3bb947f 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,6 +1,6 @@ Image tag,Version,Build date,Tools list +osint,3.1.5,2024-10-11T05:36:23Z,:download:`osint_3.1.5_amd64.csv ` light,3.1.5,2024-10-11T05:31:39Z,:download:`light_3.1.5_amd64.csv ` -osint,3.1.5,2024-10-07T22:03:00Z,:download:`osint_3.1.5_amd64.csv ` web,3.1.5,2024-10-07T22:00:01Z,:download:`web_3.1.5_amd64.csv ` full,3.1.5,2024-10-07T21:51:39Z,:download:`full_3.1.5_amd64.csv ` ad,3.1.5,2024-10-07T21:28:34Z,:download:`ad_3.1.5_amd64.csv ` From b7da465fbfe1b4a3a4101712130d91c76bdb56e8 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 07:47:11 +0200 Subject: [PATCH 18/36] PIPELINE: tools list for full_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index 3bb947f..2ef7a33 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,8 +1,8 @@ Image tag,Version,Build date,Tools list +full,3.1.5,2024-10-11T05:47:10Z,:download:`full_3.1.5_amd64.csv ` osint,3.1.5,2024-10-11T05:36:23Z,:download:`osint_3.1.5_amd64.csv ` light,3.1.5,2024-10-11T05:31:39Z,:download:`light_3.1.5_amd64.csv ` web,3.1.5,2024-10-07T22:00:01Z,:download:`web_3.1.5_amd64.csv ` -full,3.1.5,2024-10-07T21:51:39Z,:download:`full_3.1.5_amd64.csv ` ad,3.1.5,2024-10-07T21:28:34Z,:download:`ad_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` web,3.1.4,2024-05-05T22:26:58Z,:download:`web_3.1.4_amd64.csv ` From 3e968e676d338bd28a39560b121a5de04bd788c2 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 07:56:09 +0200 Subject: [PATCH 19/36] PIPELINE: tools list for ad_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index 2ef7a33..5931c7d 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,9 +1,9 @@ Image tag,Version,Build date,Tools list +ad,3.1.5,2024-10-11T05:56:07Z,:download:`ad_3.1.5_amd64.csv ` full,3.1.5,2024-10-11T05:47:10Z,:download:`full_3.1.5_amd64.csv ` osint,3.1.5,2024-10-11T05:36:23Z,:download:`osint_3.1.5_amd64.csv ` light,3.1.5,2024-10-11T05:31:39Z,:download:`light_3.1.5_amd64.csv ` web,3.1.5,2024-10-07T22:00:01Z,:download:`web_3.1.5_amd64.csv ` -ad,3.1.5,2024-10-07T21:28:34Z,:download:`ad_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` web,3.1.4,2024-05-05T22:26:58Z,:download:`web_3.1.4_amd64.csv ` full,3.1.4,2024-05-05T22:17:31Z,:download:`full_3.1.4_amd64.csv ` From 3e2c7e97497a38843a34f468951a67214953e75e Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 08:05:05 +0200 Subject: [PATCH 20/36] PIPELINE: tools list for web_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index 5931c7d..9fa1921 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,9 +1,9 @@ Image tag,Version,Build date,Tools list +web,3.1.5,2024-10-11T06:05:03Z,:download:`web_3.1.5_amd64.csv ` ad,3.1.5,2024-10-11T05:56:07Z,:download:`ad_3.1.5_amd64.csv ` full,3.1.5,2024-10-11T05:47:10Z,:download:`full_3.1.5_amd64.csv ` osint,3.1.5,2024-10-11T05:36:23Z,:download:`osint_3.1.5_amd64.csv ` light,3.1.5,2024-10-11T05:31:39Z,:download:`light_3.1.5_amd64.csv ` -web,3.1.5,2024-10-07T22:00:01Z,:download:`web_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` web,3.1.4,2024-05-05T22:26:58Z,:download:`web_3.1.4_amd64.csv ` full,3.1.4,2024-05-05T22:17:31Z,:download:`full_3.1.4_amd64.csv ` From dd5f6a0f3ee04fd609c30213725c68f3183cd5b7 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 17:15:24 +0200 Subject: [PATCH 21/36] PIPELINE: tools list for osint_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index a4ffc0e..18370e8 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,6 +1,6 @@ Image tag,Version,Build date,Tools list +osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` web,3.1.5,2024-10-08T03:05:08Z,:download:`web_3.1.5_arm64.csv ` -osint,3.1.5,2024-10-08T02:59:13Z,:download:`osint_3.1.5_arm64.csv ` full,3.1.5,2024-10-08T02:56:56Z,:download:`full_3.1.5_arm64.csv ` ad,3.1.5,2024-10-08T02:45:33Z,:download:`ad_3.1.5_arm64.csv ` light,3.1.5,2024-10-08T02:37:18Z,:download:`light_3.1.5_arm64.csv ` From e177303ef8490ca9f75e35ad62ec544e0df1731e Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 17:21:09 +0200 Subject: [PATCH 22/36] PIPELINE: tools list for web_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index 18370e8..91d88c5 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,6 +1,6 @@ Image tag,Version,Build date,Tools list +web,3.1.5,2024-10-11T15:21:08Z,:download:`web_3.1.5_arm64.csv ` osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` -web,3.1.5,2024-10-08T03:05:08Z,:download:`web_3.1.5_arm64.csv ` full,3.1.5,2024-10-08T02:56:56Z,:download:`full_3.1.5_arm64.csv ` ad,3.1.5,2024-10-08T02:45:33Z,:download:`ad_3.1.5_arm64.csv ` light,3.1.5,2024-10-08T02:37:18Z,:download:`light_3.1.5_arm64.csv ` From e71833d6c8c11ead149cda238becbf3979baee14 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 17:32:21 +0200 Subject: [PATCH 23/36] PIPELINE: tools list for full_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index 91d88c5..1c2cf08 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,7 +1,7 @@ Image tag,Version,Build date,Tools list +full,3.1.5,2024-10-11T15:32:20Z,:download:`full_3.1.5_arm64.csv ` web,3.1.5,2024-10-11T15:21:08Z,:download:`web_3.1.5_arm64.csv ` osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` -full,3.1.5,2024-10-08T02:56:56Z,:download:`full_3.1.5_arm64.csv ` ad,3.1.5,2024-10-08T02:45:33Z,:download:`ad_3.1.5_arm64.csv ` light,3.1.5,2024-10-08T02:37:18Z,:download:`light_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` From 4e768ccf7eabecb4d3dca6f5486d704957731820 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 17:36:49 +0200 Subject: [PATCH 24/36] PIPELINE: tools list for light_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index 1c2cf08..63726ec 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,9 +1,9 @@ Image tag,Version,Build date,Tools list +light,3.1.5,2024-10-11T15:36:48Z,:download:`light_3.1.5_arm64.csv ` full,3.1.5,2024-10-11T15:32:20Z,:download:`full_3.1.5_arm64.csv ` web,3.1.5,2024-10-11T15:21:08Z,:download:`web_3.1.5_arm64.csv ` osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` ad,3.1.5,2024-10-08T02:45:33Z,:download:`ad_3.1.5_arm64.csv ` -light,3.1.5,2024-10-08T02:37:18Z,:download:`light_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` web,3.1.4,2024-05-05T21:43:14Z,:download:`web_3.1.4_arm64.csv ` full,3.1.4,2024-05-05T21:38:02Z,:download:`full_3.1.4_arm64.csv ` From b822949322da5d1a371a0a7144741e2fb40f79fa Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 11 Oct 2024 17:45:08 +0200 Subject: [PATCH 25/36] PIPELINE: tools list for ad_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index 63726ec..c8d4756 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,9 +1,9 @@ Image tag,Version,Build date,Tools list +ad,3.1.5,2024-10-11T15:45:07Z,:download:`ad_3.1.5_arm64.csv ` light,3.1.5,2024-10-11T15:36:48Z,:download:`light_3.1.5_arm64.csv ` full,3.1.5,2024-10-11T15:32:20Z,:download:`full_3.1.5_arm64.csv ` web,3.1.5,2024-10-11T15:21:08Z,:download:`web_3.1.5_arm64.csv ` osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` -ad,3.1.5,2024-10-08T02:45:33Z,:download:`ad_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` web,3.1.4,2024-05-05T21:43:14Z,:download:`web_3.1.4_arm64.csv ` full,3.1.4,2024-05-05T21:38:02Z,:download:`full_3.1.4_arm64.csv ` From f6edd22caa3a220610b429d4f023820709e6adb7 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 12:18:24 +0200 Subject: [PATCH 26/36] PIPELINE: tools list for light_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index c8d4756..ed252b6 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,6 +1,6 @@ Image tag,Version,Build date,Tools list +light,3.1.5,2024-10-18T10:18:23Z,:download:`light_3.1.5_arm64.csv ` ad,3.1.5,2024-10-11T15:45:07Z,:download:`ad_3.1.5_arm64.csv ` -light,3.1.5,2024-10-11T15:36:48Z,:download:`light_3.1.5_arm64.csv ` full,3.1.5,2024-10-11T15:32:20Z,:download:`full_3.1.5_arm64.csv ` web,3.1.5,2024-10-11T15:21:08Z,:download:`web_3.1.5_arm64.csv ` osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` From 4869baf05c44b47423a5cc9d09746e32d6db0267 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 12:24:28 +0200 Subject: [PATCH 27/36] PIPELINE: tools list for web_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index ed252b6..a32ac2c 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,8 +1,8 @@ Image tag,Version,Build date,Tools list +web,3.1.5,2024-10-18T10:24:27Z,:download:`web_3.1.5_arm64.csv ` light,3.1.5,2024-10-18T10:18:23Z,:download:`light_3.1.5_arm64.csv ` ad,3.1.5,2024-10-11T15:45:07Z,:download:`ad_3.1.5_arm64.csv ` full,3.1.5,2024-10-11T15:32:20Z,:download:`full_3.1.5_arm64.csv ` -web,3.1.5,2024-10-11T15:21:08Z,:download:`web_3.1.5_arm64.csv ` osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` web,3.1.4,2024-05-05T21:43:14Z,:download:`web_3.1.4_arm64.csv ` From e1008945869a8c099909e53b1c1fdbe1cd88886a Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 12:30:44 +0200 Subject: [PATCH 28/36] PIPELINE: tools list for light_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index 9fa1921..b6068cf 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,9 +1,9 @@ Image tag,Version,Build date,Tools list +light,3.1.5,2024-10-18T10:30:43Z,:download:`light_3.1.5_amd64.csv ` web,3.1.5,2024-10-11T06:05:03Z,:download:`web_3.1.5_amd64.csv ` ad,3.1.5,2024-10-11T05:56:07Z,:download:`ad_3.1.5_amd64.csv ` full,3.1.5,2024-10-11T05:47:10Z,:download:`full_3.1.5_amd64.csv ` osint,3.1.5,2024-10-11T05:36:23Z,:download:`osint_3.1.5_amd64.csv ` -light,3.1.5,2024-10-11T05:31:39Z,:download:`light_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` web,3.1.4,2024-05-05T22:26:58Z,:download:`web_3.1.4_amd64.csv ` full,3.1.4,2024-05-05T22:17:31Z,:download:`full_3.1.4_amd64.csv ` From 7dca3169c0c58473bded1b9aa5b3150b334c5e46 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 12:35:56 +0200 Subject: [PATCH 29/36] PIPELINE: tools list for ad_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index a32ac2c..3450304 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,7 +1,7 @@ Image tag,Version,Build date,Tools list +ad,3.1.5,2024-10-18T10:35:55Z,:download:`ad_3.1.5_arm64.csv ` web,3.1.5,2024-10-18T10:24:27Z,:download:`web_3.1.5_arm64.csv ` light,3.1.5,2024-10-18T10:18:23Z,:download:`light_3.1.5_arm64.csv ` -ad,3.1.5,2024-10-11T15:45:07Z,:download:`ad_3.1.5_arm64.csv ` full,3.1.5,2024-10-11T15:32:20Z,:download:`full_3.1.5_arm64.csv ` osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` From ca5f9e317c7828d23f4ef9ada295e188134544eb Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 12:42:20 +0200 Subject: [PATCH 30/36] PIPELINE: tools list for web_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index b6068cf..ee94578 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,6 +1,6 @@ Image tag,Version,Build date,Tools list +web,3.1.5,2024-10-18T10:42:19Z,:download:`web_3.1.5_amd64.csv ` light,3.1.5,2024-10-18T10:30:43Z,:download:`light_3.1.5_amd64.csv ` -web,3.1.5,2024-10-11T06:05:03Z,:download:`web_3.1.5_amd64.csv ` ad,3.1.5,2024-10-11T05:56:07Z,:download:`ad_3.1.5_amd64.csv ` full,3.1.5,2024-10-11T05:47:10Z,:download:`full_3.1.5_amd64.csv ` osint,3.1.5,2024-10-11T05:36:23Z,:download:`osint_3.1.5_amd64.csv ` From 849aa1f3190a28e6324ee44fb6ad76b3208d5fc7 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 12:54:29 +0200 Subject: [PATCH 31/36] PIPELINE: tools list for full_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index 3450304..fb54682 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,8 +1,8 @@ Image tag,Version,Build date,Tools list +full,3.1.5,2024-10-18T10:54:27Z,:download:`full_3.1.5_arm64.csv ` ad,3.1.5,2024-10-18T10:35:55Z,:download:`ad_3.1.5_arm64.csv ` web,3.1.5,2024-10-18T10:24:27Z,:download:`web_3.1.5_arm64.csv ` light,3.1.5,2024-10-18T10:18:23Z,:download:`light_3.1.5_arm64.csv ` -full,3.1.5,2024-10-11T15:32:20Z,:download:`full_3.1.5_arm64.csv ` osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` web,3.1.4,2024-05-05T21:43:14Z,:download:`web_3.1.4_arm64.csv ` From 40e7a0f9eed3d711d123171b5398b551b54ebc0d Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 12:57:16 +0200 Subject: [PATCH 32/36] PIPELINE: tools list for osint_3.1.5_arm64 --- source/assets/installed_tools/releases_arm64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_arm64.csv b/source/assets/installed_tools/releases_arm64.csv index fb54682..bb724ab 100644 --- a/source/assets/installed_tools/releases_arm64.csv +++ b/source/assets/installed_tools/releases_arm64.csv @@ -1,9 +1,9 @@ Image tag,Version,Build date,Tools list +osint,3.1.5,2024-10-18T10:57:14Z,:download:`osint_3.1.5_arm64.csv ` full,3.1.5,2024-10-18T10:54:27Z,:download:`full_3.1.5_arm64.csv ` ad,3.1.5,2024-10-18T10:35:55Z,:download:`ad_3.1.5_arm64.csv ` web,3.1.5,2024-10-18T10:24:27Z,:download:`web_3.1.5_arm64.csv ` light,3.1.5,2024-10-18T10:18:23Z,:download:`light_3.1.5_arm64.csv ` -osint,3.1.5,2024-10-11T15:15:23Z,:download:`osint_3.1.5_arm64.csv ` ad,3.1.4,2024-05-05T22:24:12Z,:download:`ad_3.1.4_arm64.csv ` web,3.1.4,2024-05-05T21:43:14Z,:download:`web_3.1.4_arm64.csv ` full,3.1.4,2024-05-05T21:38:02Z,:download:`full_3.1.4_arm64.csv ` From 4aa300ca04fa937f5070f03305edd715157e72ae Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 12:59:05 +0200 Subject: [PATCH 33/36] PIPELINE: tools list for ad_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index ee94578..ca08b23 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,7 +1,7 @@ Image tag,Version,Build date,Tools list +ad,3.1.5,2024-10-18T10:59:04Z,:download:`ad_3.1.5_amd64.csv ` web,3.1.5,2024-10-18T10:42:19Z,:download:`web_3.1.5_amd64.csv ` light,3.1.5,2024-10-18T10:30:43Z,:download:`light_3.1.5_amd64.csv ` -ad,3.1.5,2024-10-11T05:56:07Z,:download:`ad_3.1.5_amd64.csv ` full,3.1.5,2024-10-11T05:47:10Z,:download:`full_3.1.5_amd64.csv ` osint,3.1.5,2024-10-11T05:36:23Z,:download:`osint_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` From 97517f2cb80bfaa9780648fa98045d1121e904b2 Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 13:10:20 +0200 Subject: [PATCH 34/36] PIPELINE: tools list for full_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index ca08b23..e78ec5d 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,8 +1,8 @@ Image tag,Version,Build date,Tools list +full,3.1.5,2024-10-18T11:10:19Z,:download:`full_3.1.5_amd64.csv ` ad,3.1.5,2024-10-18T10:59:04Z,:download:`ad_3.1.5_amd64.csv ` web,3.1.5,2024-10-18T10:42:19Z,:download:`web_3.1.5_amd64.csv ` light,3.1.5,2024-10-18T10:30:43Z,:download:`light_3.1.5_amd64.csv ` -full,3.1.5,2024-10-11T05:47:10Z,:download:`full_3.1.5_amd64.csv ` osint,3.1.5,2024-10-11T05:36:23Z,:download:`osint_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` web,3.1.4,2024-05-05T22:26:58Z,:download:`web_3.1.4_amd64.csv ` From 15bfe31680e75b23ef36349789aac1a1e8bf14af Mon Sep 17 00:00:00 2001 From: Github Actions Date: Fri, 18 Oct 2024 13:13:55 +0200 Subject: [PATCH 35/36] PIPELINE: tools list for osint_3.1.5_amd64 --- source/assets/installed_tools/releases_amd64.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/assets/installed_tools/releases_amd64.csv b/source/assets/installed_tools/releases_amd64.csv index e78ec5d..487cfcd 100644 --- a/source/assets/installed_tools/releases_amd64.csv +++ b/source/assets/installed_tools/releases_amd64.csv @@ -1,9 +1,9 @@ Image tag,Version,Build date,Tools list +osint,3.1.5,2024-10-18T11:13:54Z,:download:`osint_3.1.5_amd64.csv ` full,3.1.5,2024-10-18T11:10:19Z,:download:`full_3.1.5_amd64.csv ` ad,3.1.5,2024-10-18T10:59:04Z,:download:`ad_3.1.5_amd64.csv ` web,3.1.5,2024-10-18T10:42:19Z,:download:`web_3.1.5_amd64.csv ` light,3.1.5,2024-10-18T10:30:43Z,:download:`light_3.1.5_amd64.csv ` -osint,3.1.5,2024-10-11T05:36:23Z,:download:`osint_3.1.5_amd64.csv ` ad,3.1.4,2024-05-05T22:35:39Z,:download:`ad_3.1.4_amd64.csv ` web,3.1.4,2024-05-05T22:26:58Z,:download:`web_3.1.4_amd64.csv ` full,3.1.4,2024-05-05T22:17:31Z,:download:`full_3.1.4_amd64.csv ` From e7fb4278f43a944fcb6ea1fd2f53272ea8f11e74 Mon Sep 17 00:00:00 2001 From: QU35T-code Date: Sun, 20 Oct 2024 12:31:47 +0200 Subject: [PATCH 36/36] Update faketime tip with examples --- source/getting-started/tips-and-tricks.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/source/getting-started/tips-and-tricks.rst b/source/getting-started/tips-and-tricks.rst index 08cf606..17c680b 100644 --- a/source/getting-started/tips-and-tricks.rst +++ b/source/getting-started/tips-and-tricks.rst @@ -19,6 +19,16 @@ Faketime manipulates the system time for a given child command. For example with faketime 'YYYY-MM-DD hh:mm:ss' zsh +The following examples automate the synchronization of a remote domain controller's clock to initiate a corresponding zsh session. + +.. code-block:: bash + + faketime "$(rdate -n $DC_IP -p | awk '{print $2, $3, $4}' | date -f - "+%Y-%m-%d %H:%M:%S")" zsh + +.. code-block:: bash + + faketime "$(date +'%Y-%m-%d') $(net time -S $DC_IP | awk '{print $4}')" + .. note:: Here is an example of how ``faketime`` can be used.