dafthack 的倉庫

最近提交 2020年8月19日

A basic PHP redirection site that captures request headers

最近提交 2021年9月13日

Custom Query list for the Bloodhound GUI based off my cheatsheet

最近提交 2021年5月24日

Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrator. It's useful if you obtain a password hash for a user and want to see where they are local admin on a network. It is essentially a Frankenstein of two of my favorite tools along with some of my own code. It utilizes Kevin Robertson's (@kevin_robertson) Invoke-TheHash project for the credential checking portion. Additionally, the script utilizes modules from PowerView by Will Schroeder (@harmj0y) and Matt Graeber (@mattifestation) to enumerate domain computers to find targets for testing admin access against.

最近提交 2019年6月5日

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

最近提交 2026年4月6日

Covenant is a collaborative .NET C2 framework for red teamers.

最近提交 2020年6月9日

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!

最近提交 2024年7月11日

This module mangles two lists of names together to generate a list of potential email addresses or usernames. It can also be used to simply combine a list of full names in the format (firstname lastname) into either email addresses or usernames.

最近提交 2017年9月25日

Empire is a PowerShell and Python post-exploitation agent.

最近提交 2018年11月29日

A script for tracking and decoding input data messages sent to and from a particular Ethereum address or from every transaction in a block.

最近提交 2021年9月14日

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

最近提交 2020年6月16日

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

最近提交 2026年4月9日

This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.

最近提交 2017年10月3日

A tool for checking if MFA is enabled on multiple Microsoft Services

最近提交 2025年3月4日

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.

最近提交 2022年11月30日

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

最近提交 2025年8月7日

Random Tools

最近提交 2018年9月13日

Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise

最近提交 2020年8月6日

A script for generating custom passphrase lists to be used for password cracking with hashcat rules

最近提交 2018年6月27日

Personal AI Infrastructure for upgrading humans.

最近提交 2025年11月8日