GitHub - 0xdea/tactical-exploitation: Modern tactical exploitation toolkit.
source link: https://github.com/0xdea/tactical-exploitation
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
tactical-exploitation
"The Other Way to Pen-Test"
-- HD Moore & Valsmith
I've always been a big proponent of a tactical approach to penetration testing that does not focus on exploiting known software vulnerabilities, but relies on old school techniques such as information gathering and brute force. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.
This repository aims to provide a tactical exploitation toolkit to assist penetration testers during their assignments. The tools currently released are described below. See also http://www.0xdeadbeef.info/ for some older tools and techniques.
Related blog posts:
https://web.archive.org/web/20200509050017/https://techblog.mediaservice.net/2017/10/in-praise-of-tactical-exploitation/
https://web.archive.org/web/20200702153318/https://techblog.mediaservice.net/2017/11/how-a-unix-hacker-discovered-the-windows-powershell/
These tools are proofs of concept. They are functional but may be buggy or incomplete. Use at your own risk.
easywin.py
Easywin is a Python script that provides a toolkit for exploit-less attacks aimed at Windows and Active Directory environments, by leveraging information gathering and brute force capabilities against the SMB protocol.
letmein.ps1
Letmein is a pure PowerShell implementation of the staging protocols used by the Metasploit Framework. Start an exploit/multi/handler (Generic Payload Handler) instance on your attack box configured to handle one of the supported Meterpreter payloads, run letmein.ps1 (ideally as Administrator) on a compromised Windows box, and wait for your session. This technique is quite effective in order to bypass the antivirus and obtain a Meterpreter shell on Windows. An alternative Python implementation is also provided for educational purposes, however its use is not recommended in the field.
letme.go
Letme.go is a minimalistic Go implementation of the main staging protocols used by the Metasploit Framework. Start an exploit/multi/handler instance on the attack box configured to handle one of the supported Meterpreter payloads, run letme.exe on the target Windows system, and enjoy your session!
poriluk.py
Poriluk is a helper script that provides a comfortable interface to exploit common information leakage vulnerabilities. At the moment, the following attacks are supported: dictionary-based user enumeration via SMTP VRFY/EXPN/RCPT and HTTP Apache mod_userdir.
botshot.py
Botshot is a Python script that captures screenshots of websites from the command line. It is useful to automate mapping of the web attack surface of large networks.
verbal.py
Verbal is a HTTP request method security scanner. It tries a series of interesting HTTP methods against a list of website paths, in order to determine which methods are available and accessible. The following HTTP methods are currently supported: GET, OPTIONS, TRACE, DEBUG, PUT.
netdork.py
Netdork is a Python script that uses the Google Custom Search Engine API to collect interesting information on public networks and stealthily map the available attack surface. The following attacks are supported: network search sweep based on target CIDRs and subdomain discovery via search engine.
seitan.py
Seitan is a Python script that uses the Shodan.io API search to collect open source intelligence on targets. The following attacks are currently supported: ipaddr (view all available information for an IP address) and domain (search services related to a domain or host name).
Recommend
-
69
In these tcpdump examples you will find 22 tactical commands to zero in on the key packets. Know your network with this powerful packet capture tool. Examples for http, icmp, dns, snmp and more.
-
52
README.md Table of contents About Domain description G...
-
17
TinaCMS Getting Started Website Documentation
-
23
The IBM® X-Force® Command Cyber Tactical Operations Center (C-TOC) provides the industry’s first mobile cyber range and watch floor, with 23 tons of cyber capabilities on wheels, wherever they are needed. The X-Force Co...
-
7
Scaling-down for Tactical Apps with Azure Jan 11, 2010 lokad...
-
14
Fight ferocious aliens using Maori martial arts The Protagonist: EX1 is the new game from indie studio 3Mind Games and publisher All in! Games. It's a tactical RPG with a twist that's been slated fo...
-
10
announcing Android’s modern toolkit for building native UI Jetpack Compose is now 1.0: announcing Android’s modern toolkit for building native UI...
-
6
Fish Fight Introduction Fish Fight is a tactical 2D shooter, played by up to 4 players online or on a shared screen. Aim either left or right; the rest is up to clever movement and positioning in this fish-on-fish brawler! F...
-
4
'Mario + Rabbids: Sparks of Hope' aims to be a more modern tactical adventureMat Smith·Bureau Chief, UK
-
8
Fish Folk: Jumpy
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK