Discover NetSPI/DataLoc Open Source project by @NetSPI

A collection of scripts for assessing Microsoft Azure security

2,444

MicroBurst

A wiki focusing on aggregating and documenting various SQL injection methods

1,982

SQLInjectionWiki

HTML

727

PESecurity

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

593

PowerHuntShares

This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.

555

xssValidator

Find netblocks owned by a company

399

NetblockTool

NetSPI PowerShell Scripts

336

PowerShell

Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.

300

ESC

278

WebLogicPasswordDecryptor

PowerShell script and Java code to decrypt WebLogic passwords

Grab ssh keys from ssh-agent

240

sshkey-grab

Burp extension to perform Java Deserialization Attacks

217

JavaSerialKiller

Vulnerable Django Application

205

django.nV

JavaScript

197

Wsdler

WSDL Parser extension for Burp

Security Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS

189

Swift.nV

Swift

180

aws_consoler

A utility to convert your AWS CLI credentials into AWS console access.

DAFT: Database Audit Framework & Toolkit

178

DAFT

173

Powershell-Modules

Central Repo for Burp extensions

158

Burp-Extensions

A DNS tunnel utilizing the Burp Collaborator

141

BurpCollaboratorDNSTunnel

Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series

BetaFast

BurpExtractor

A Burp extension for generic extraction and reuse of data within HTTP requests and responses.

Burp Extension for AWS Signing

AWSSigner

Automatically run and save ffuf scans for multiple IPs

AutoDirbuster

SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent.

SQLC2

PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.

PowerHunt

Tools for attacking Azure Function Apps

FuncoPop

Dump IOS application heap space from memory

MonkeyWorks

cmdsql

ASP.NET

heapdump-ios

Shell

SpoofSpotter

A tool to catch spoofed NBNS responses.

Vulnerable Grails application

skl

strace keylogger PoC

grails-nV

JavaScript

JSONBeautifier

JSON Beautifier for Burp written in Java

Verification tools for CVE-2016-1287

asa_tools

MoneyX is an intentionally vulnerable JSP application used for training developers in application security concepts.

MoneyX

Jira Information Gatherer

JIG

httpillage

HTTPScrapers

binrev

crossdomainscanner

Python tool for expired domain discovery in crossdomain.xml files

Tutorial for Node.js security

goat.js

CSS

PS_Reflector

A powershell script for cracking halfLMchall password hashes

PS_MultiCrack

PS_CC_Checker

HTML Smuggling with Web Assembly

silkwasm

Intel pin tools

C++

ruby_apk_unpack

Ruby Gem to Unpack APK(s)

A powershell script to parse SVN entries files into an HTML directory listing

SVNentriesParser

Dekrypto

JavaScript Web Service Proxy Burp Plugin

JSWS

Stand alone script to decrypt GPP cpassword.

gppdecrypt

TapJacking-Demo

Python implementation of select MicroBurst scripts.

WCF

PycroBurst

Define custom findings for Burp's Passive Scanner using regex.

Custom-Passive-Scanner

Docker Doctor - Automated upgrading of libraries through Docker deployments.

doctordocker

Collection of Scripts of Open Source Intelligence Gathering

osint_scripts

Parses, summarizes, and prints "npm audit" json output to markdown for nVision reports

npm-deps-parser

This is a single location to store detection rules of various types.

DetectionRules

Scheduled-Task

Native Binary for Creating a Scheduled Task

C++

rails-scope

scoping gem for rails application