Explore @NetSPI Open Source projects

@NetSPI

NetSPI

Stars
10,571
Global Org. Rank 2,176 (Top 0.7 %)
Registered about 12 years ago
Most used languages

Java
21.9 %

PowerShell
20.3 %

Python
17.2 %

Ruby
9.4 %

C#
7.8 %

Shell
3.1 %

C++
3.1 %

HTML
3.1 %

Go
3.1 %

JavaScript
3.1 %

Swift
1.6 %

CSS
1.6 %

ASP.NET 1.6 %

PHP
1.6 %

AutoIt 1.6 %
Location 🇺🇸 United States
Country Total Rank 958
Country Ranking

ASP.NET 1

PowerShell
9

AutoIt 11

Java
327

HTML
344

C#
376

Swift
673

Python
1,488

Shell
2,097

CSS
2,670

Ruby
4,297

JavaScript
4,718

Go
5,289

C++
9,022

PowerUpSQL

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

MicroBurst

A collection of scripts for assessing Microsoft Azure security

SQLInjectionWiki

A wiki focusing on aggregating and documenting various SQL injection methods

PESecurity

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.

PowerHuntShares

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

xssValidator

This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.

NetblockTool

Find netblocks owned by a company

PowerShell

NetSPI PowerShell Scripts

ESC

Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.

WebLogicPasswordDecryptor

PowerShell script and Java code to decrypt WebLogic passwords

sshkey-grab

Grab ssh keys from ssh-agent

JavaSerialKiller

Burp extension to perform Java Deserialization Attacks

django.nV

Vulnerable Django Application

Wsdler

WSDL Parser extension for Burp

Swift.nV

Security Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS

aws_consoler

A utility to convert your AWS CLI credentials into AWS console access.

DAFT

DAFT: Database Audit Framework & Toolkit

Powershell-Modules

Burp-Extensions

Central Repo for Burp extensions

BurpCollaboratorDNSTunnel

A DNS tunnel utilizing the Burp Collaborator

BetaFast

Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series

BurpExtractor

A Burp extension for generic extraction and reuse of data within HTTP requests and responses.

AWSSigner

Burp Extension for AWS Signing

AutoDirbuster

Automatically run and save ffuf scans for multiple IPs

SQLC2

SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent.

MonkeyWorks

PowerHunt

PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.

cmdsql

FuncoPop

Tools for attacking Azure Function Apps

heapdump-ios

Dump IOS application heap space from memory

SpoofSpotter

A tool to catch spoofed NBNS responses.

skl

strace keylogger PoC

grails-nV

Vulnerable Grails application

JSONBeautifier

JSON Beautifier for Burp written in Java

asa_tools

Verification tools for CVE-2016-1287

MoneyX

MoneyX is an intentionally vulnerable JSP application used for training developers in application security concepts.

JIG

Jira Information Gatherer

httpillage

HTTPScrapers

NetSPI HTTP Scrapers

binrev

crossdomainscanner

Python tool for expired domain discovery in crossdomain.xml files

goat.js

Tutorial for Node.js security

PS_Reflector

PS_MultiCrack

A powershell script for cracking halfLMchall password hashes

PS_CC_Checker

DataLoc

Scan MSSQL databases for payment card data without relying on key words

Pin

Intel pin tools

ruby_apk_unpack

Ruby Gem to Unpack APK(s)

silkwasm

HTML Smuggling with Web Assembly

SVNentriesParser

A powershell script to parse SVN entries files into an HTML directory listing

Dekrypto

JSWS

JavaScript Web Service Proxy Burp Plugin

gppdecrypt

Stand alone script to decrypt GPP cpassword.

TapJacking-Demo

WCF

PycroBurst

Python implementation of select MicroBurst scripts.

Custom-Passive-Scanner

Define custom findings for Burp's Passive Scanner using regex.

doctordocker

Docker Doctor - Automated upgrading of libraries through Docker deployments.

osint_scripts

Collection of Scripts of Open Source Intelligence Gathering

npm-deps-parser

Parses, summarizes, and prints "npm audit" json output to markdown for nVision reports

DetectionRules

This is a single location to store detection rules of various types.

CollegePresentation

rails-scope

scoping gem for rails application

Scheduled-Task

Native Binary for Creating a Scheduled Task

edge-cases-in-web

brigade-security-scripts

Brigade scripts to perform common Kubernetes and container-level security checks triggered by events.

WikiJekyllTheme

Wiki theme for various NetSPI wikis