• Stars
    star
    2,444
  • Rank 18,812 (Top 0.4 %)
  • Language
    PowerShell
  • License
    Other
  • Created over 8 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

  licence badge wiki Badge stars badge forks badge issues badge

PowerUpSQLLogo

PowerUpSQL includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on scale, and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.

PowerUpSQL Wiki

For setup instructions, cheat Sheets, blogs, function overviews, and usage information check out the wiki: https://github.com/NetSPI/PowerUpSQL/wiki

Author and Contributors

  • Author: Scott Sutherland (@_nullbind) Twitter Follow
  • Major Contributors: Antti Rantasaari, Eric Gruber (@egru), Thomas Elling (@thomaselling)
  • Contributors: Alexander Leary (@0xbadjuju), @leoloobeek, Andrew Luke(@Sw4mpf0x), Mike Manzotti (@mmanzo_), @TVqQAAMA, @cobbr_io, @mariuszbit (mgeeky), @0xe7 (@exploitph), phackt(@phackt_ul), @vsamiamv, and @ktaranov

Issue Reports

I perform QA on functions before we publish them, but it's hard to consider every scenario. So I just wanted to say thanks to those of you that have taken the time to give me a heads up on issues with PowerUpSQL so that we can make it better.

  • Bug Reporters: @ClementNotin, @runvirus, @CaledoniaProject, @christruncer, rvrsh3ll(@424f424f),@mubix (Rob Fuller)

License

  • BSD 3-Clause

More Repositories

1

MicroBurst

A collection of scripts for assessing Microsoft Azure security
PowerShell
1,982
star
2

SQLInjectionWiki

A wiki focusing on aggregating and documenting various SQL injection methods
HTML
727
star
3

PESecurity

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.
PowerShell
593
star
4

PowerHuntShares

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
PowerShell
555
star
5

xssValidator

This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
Java
399
star
6

NetblockTool

Find netblocks owned by a company
Python
336
star
7

PowerShell

NetSPI PowerShell Scripts
PowerShell
300
star
8

ESC

Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.
C#
278
star
9

WebLogicPasswordDecryptor

PowerShell script and Java code to decrypt WebLogic passwords
Java
240
star
10

sshkey-grab

Grab ssh keys from ssh-agent
Python
217
star
11

JavaSerialKiller

Burp extension to perform Java Deserialization Attacks
Java
205
star
12

django.nV

Vulnerable Django Application
JavaScript
197
star
13

Wsdler

WSDL Parser extension for Burp
Java
189
star
14

Swift.nV

Security Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS
Swift
180
star
15

aws_consoler

A utility to convert your AWS CLI credentials into AWS console access.
Python
178
star
16

DAFT

DAFT: Database Audit Framework & Toolkit
C#
173
star
17

Powershell-Modules

PowerShell
158
star
18

Burp-Extensions

Central Repo for Burp extensions
Java
141
star
19

BurpCollaboratorDNSTunnel

A DNS tunnel utilizing the Burp Collaborator
Java
97
star
20

BetaFast

Vulnerable thick client applications used as examples in the Introduction to Hacking Desktop Applications blog series
C#
89
star
21

BurpExtractor

A Burp extension for generic extraction and reuse of data within HTTP requests and responses.
Java
89
star
22

AWSSigner

Burp Extension for AWS Signing
Java
86
star
23

AutoDirbuster

Automatically run and save ffuf scans for multiple IPs
Python
74
star
24

SQLC2

SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent.
PowerShell
72
star
25

PowerHunt

PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell Remoting for data collection on scale.
PowerShell
61
star
26

FuncoPop

Tools for attacking Azure Function Apps
PowerShell
60
star
27

MonkeyWorks

C#
58
star
28

cmdsql

ASP.NET
54
star
29

heapdump-ios

Dump IOS application heap space from memory
Shell
50
star
30

SpoofSpotter

A tool to catch spoofed NBNS responses.
Python
49
star
31

skl

strace keylogger PoC
44
star
32

grails-nV

Vulnerable Grails application
JavaScript
43
star
33

JSONBeautifier

JSON Beautifier for Burp written in Java
Java
36
star
34

asa_tools

Verification tools for CVE-2016-1287
Python
32
star
35

MoneyX

MoneyX is an intentionally vulnerable JSP application used for training developers in application security concepts.
Java
30
star
36

JIG

Jira Information Gatherer
Python
29
star
37

httpillage

Java
26
star
38

HTTPScrapers

NetSPI HTTP Scrapers
Python
25
star
39

binrev

Shell
24
star
40

crossdomainscanner

Python tool for expired domain discovery in crossdomain.xml files
Python
23
star
41

goat.js

Tutorial for Node.js security
CSS
20
star
42

PS_Reflector

PowerShell
19
star
43

PS_MultiCrack

A powershell script for cracking halfLMchall password hashes
PowerShell
19
star
44

PS_CC_Checker

PowerShell
17
star
45

DataLoc

Scan MSSQL databases for payment card data without relying on key words
AutoIt
16
star
46

silkwasm

HTML Smuggling with Web Assembly
Go
15
star
47

Pin

Intel pin tools
C++
12
star
48

ruby_apk_unpack

Ruby Gem to Unpack APK(s)
Ruby
12
star
49

SVNentriesParser

A powershell script to parse SVN entries files into an HTML directory listing
PowerShell
9
star
50

Dekrypto

Ruby
8
star
51

JSWS

JavaScript Web Service Proxy Burp Plugin
Java
7
star
52

gppdecrypt

Stand alone script to decrypt GPP cpassword.
Go
7
star
53

TapJacking-Demo

Java
6
star
54

WCF

C#
6
star
55

PycroBurst

Python implementation of select MicroBurst scripts.
Python
6
star
56

Custom-Passive-Scanner

Define custom findings for Burp's Passive Scanner using regex.
Java
5
star
57

doctordocker

Docker Doctor - Automated upgrading of libraries through Docker deployments.
Ruby
5
star
58

osint_scripts

Collection of Scripts of Open Source Intelligence Gathering
Ruby
5
star
59

npm-deps-parser

Parses, summarizes, and prints "npm audit" json output to markdown for nVision reports
Python
4
star
60

DetectionRules

This is a single location to store detection rules of various types.
4
star
61

Scheduled-Task

Native Binary for Creating a Scheduled Task
C++
2
star
62

rails-scope

scoping gem for rails application
Ruby
2
star
63

CollegePresentation

2
star
64

edge-cases-in-web

PHP
1
star
65

brigade-security-scripts

Brigade scripts to perform common Kubernetes and container-level security checks triggered by events.
1
star
66

WikiJekyllTheme

Wiki theme for various NetSPI wikis
HTML
1
star