Recently, I was working on an Active Directory lab where the challenge was to extract a password stored in a user’s description field. I successfully completed the task using CrackMapExec on my primary computer. However...
Category - opensource
Happy to share github_cves_search project: a script to discover public GitHub exploits for specific CVEs! This tool, available at , allows you to find GitHub exploits related to a particular CVE by extracting information from...
I am excited to announce the release of payload_launcher, a cutting-edge custom BurpSuite plugin developed by myself in Python that streamlines the process of identifying web vulnerabilities. With payload_launcher, you no longer...
1. Filter by IP address: “ip.addr == x.x.x.x”, where “x.x.x.x” is the IP address you want to filter 2. Filter by IP address range: “ip.addr >= x.x.x.x and ip.addr <= y.y.y.y”, where...
10 plugins useful for web penetration testing : Plugin 1 : H1 Report Finder Usage: Finds public security reports published on Hackerone Link of the repository : Plugin 2 : WordPress Scanner Usage: Finds known vulnerabilities in...
Summary of open source tools of the week I dedicated this week (from february 06th to february 10th 2023) to present opensource tools in coordination with penetration testing, below is the summary: Tool 1 : crackmapexec Usage:...
IntelSpy is a multi-threaded network intelligence tool which performs automated network services enumeration. In an automated way, it performs live hosts detection scans, port scans, services enumeration scans, web content scans...
Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. The goal is to save as much time as possible during network/web pentests by automating...
Have you ever heard of CrackMapExec ? CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. It took part in enumeration and exploitation of many...