Recently, I was working on an Active Directory lab where the challenge was to extract a password stored in a user’s description field. I successfully completed the task using CrackMapExec on my primary computer. However...
Category - pentest
Happy to share github_cves_search project: a script to discover public GitHub exploits for specific CVEs! This tool, available at , allows you to find GitHub exploits related to a particular CVE by extracting information from...
Hello all, recently I’ve faced an issue during an active directory pentest where the resolution allows me to learn something more. Hereby I am sharing how to exploit AllExtendedRights ACL between nodes in Active...
I am excited to announce the release of payload_launcher, a cutting-edge custom BurpSuite plugin developed by myself in Python that streamlines the process of identifying web vulnerabilities. With payload_launcher, you no longer...
10 plugins useful for web penetration testing : Plugin 1 : H1 Report Finder Usage: Finds public security reports published on Hackerone Link of the repository : Plugin 2 : WordPress Scanner Usage: Finds known vulnerabilities in...
Summary of open source tools of the week I dedicated this week (from february 06th to february 10th 2023) to present opensource tools in coordination with penetration testing, below is the summary: Tool 1 : crackmapexec Usage:...
IntelSpy is a multi-threaded network intelligence tool which performs automated network services enumeration. In an automated way, it performs live hosts detection scans, port scans, services enumeration scans, web content scans...
Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. The goal is to save as much time as possible during network/web pentests by automating...
Have you ever heard of CrackMapExec ? CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. It took part in enumeration and exploitation of many...
I’m thrilled to publish my first BurpSuite plugin that I’ve built. The purpose is to find bugs on websites without typing any code, just by doing a normal browsing. This first version focuses only on XSS vulnerability...