nccgroup/autopwn

Stars
376
Rank 113,810 (Top 3 %)
Language
Python
License
GNU Affero Genera...
Created over 9 years ago
Updated over 5 years ago

nccgroup/autopwn

nccgroup

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Specify targets and run sets of tools against them

autopwn

Specify targets and run sets of tools against them

autopwn is designed to make a pentester's life easier and more consistent by allowing them to specify tools they would like to run against targets, without having to type them in a shell or write a script. This tool will probably be useful during certain exams as well..

Installation

It is recommended that you use the docker image while exposing TCP 5000 for autopwn clients to connect to. This is because the autopwn docker image is already setup (tools are installed and in the right place).

Only allow this package to listen on a loopback IP address. If you have this package listen on a public IP, you're allowing arbitrary users to execute commands as root on your server. Eventually, HTTPS and credentials will be required, but for now, don't be a moron.

From Docker

1. Execute ``docker pull rascal999/autopwn`` 2. Run ``docker run -i -t -p 127.0.0.1:5000:5000 rascal999/autopwn /usr/sbin/autopwn`` 3. Run autopwn client (you can get the Java application at https://github.com/rascal999/autopwn-gui)

From the Python Package Index (for development)

Execute pip install autopwn

From this repository

Clone the Git repository
Change into the newly created directory
Execute pip install .

Usage

Running autopwn will start the web server.

Sample output

 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
 * Restarting with stat
127.0.0.1 - - [15/Nov/2015 11:04:41] "GET /ping HTTP/1.1" 200 -
127.0.0.1 - - [15/Nov/2015 11:04:41] "GET /favicon.ico HTTP/1.1" 404 -

Contributing

Fork it!
Create your feature branch: git checkout -b my-new-feature
Commit your changes: git commit -am 'Add some feature'
Push to the branch: git push origin my-new-feature
Submit a pull request :D

Credits

Developed by Aidan Marlin (aidan [dot] marlin [at] nccgroup [dot] com) while working at NCC Group. Second release by Steven van der Baan.

I'd like to thank the following contributors for their work on previous autopwn versions:

Selfegris
0xsauby
berdario
rascal999

ScoutSuite

Multi-Cloud Security Auditing Tool

Scout2

Security auditing tool for AWS environments

sobelow

Security-focused static analysis for the Phoenix Framework

Winpayloads

Undetectable Windows Payload Generation

demiguise

HTA encryption tool for RedTeams

house

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

PMapper

A tool for quickly evaluating IAM permissions in AWS.

redsnarf

RedSnarf is a pen-testing / red-teaming tool for Windows environments

featherduster

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

SocksOverRDP

Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop

singularity

A DNS rebinding attack framework.

exploit_mitigations

Knowledge base of exploit mitigations available across numerous operating systems, architectures and applications and versions.

AutoRepeater

Automated HTTP Request Repeating With Burp Suite

fuzzowski

the Network Protocol Fuzzer that we will want to use.

aws-inventory

Discover resources created in an AWS account.

BurpSuiteHTTPSmuggler

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Sniffle

A sniffer for Bluetooth 5 and 4.x LE

sadcloud

A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure

TriforceAFL

AFL/QEMU fuzzing with full-system emulation.

nmap-nse-vulnerability-scripts

NMAP Vulnerability Scanning Scripts

LoggerPlusPlus

Advanced Burp Suite Logging Extension

nccfsas

Information released publicly by NCC Group's Full Spectrum Attack Simulation (FSAS) team.

freddy

Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans

phantap

Phantom Tap (PhanTap) - an ‘invisible’ network tap aimed at red teams

azucar

Security auditing tool for Azure environments

tracy

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

VCG

VisualCodeGrepper - Code security scanning tool.

Visual Basic .NET

Cyber-Defence

Information released publicly by NCC Group's Cyber Incident Response Team

scrying

A tool for collecting RDP, web and VNC screenshots all in one place

autochrome

This tool downloads, installs, and configures a shiny new copy of Chromium.

wssip

Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.

blackboxprotobuf

Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.

idahunt

idahunt is a framework to analyze binaries with IDA Pro and hunt for things in IDA Pro

CrossSiteContentHijacking

Content hijacking proof-of-concept using Flash, PDF and Silverlight

Solitude

Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating user privacy within an app accessible for everyone.

vlan-hopping---frogger

Easy 802.1Q VLAN Hopping

shocker

A tool to find and exploit servers vulnerable to Shellshock

DriverBuddy

DriverBuddy is an IDA Python script to assist with the reverse engineering of Windows kernel drivers.

WMIcmd

A command shell wrapper using only WMI for Microsoft Windows

acCOMplice

Tools for discovery and abuse of COM hijacks

SusanRTTI

Another RTTI Parsing IDA plugin

umap

The USB host security assessment tool

metasploitavevasion

Metasploit AV Evasion Tool

keimpx

Check for valid credentials across a network over SMB

umap2

Umap2 is the second revision of NCC Group's python based USB host security assessment tool.

depthcharge

A U-Boot hacking toolkit for security researchers and tinkerers

UPnP-Pentest-Toolkit

UPnP Pentest Toolkit for Windows

GTFOBLookup

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io), LOLBAS (https://github.com/LOLBAS-Project/LOLBAS), WADComs (https://wadcoms.github.io), and HijackLibs (https://hijacklibs.net/).

G-Scout

Google Cloud Platform Security Tool

asatools

Main repository to pull all NCC Group Cisco ASA-related tool projects.

cisco-SNMP-enumeration

Automated Cisco SNMP Enumeration, Brute Force, Configuration Download and Password Cracking

thetick

A simple embedded Linux backdoor.

AWS-recipes

A number of Recipes for AWS

kube-auto-analyzer

Kubernetes Auto Analyzer

TPMGenie

TPM Genie is an I2C bus interposer for discrete Trusted Platform Modules

BinProxy

BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.

TriforceLinuxSyscallFuzzer

A linux system call fuzzer using TriforceAFL

DetectWindowsCopyOnWriteForAPI

Enumerate various traits from Windows processes as an aid to threat hunting

pybeacon

A collection of scripts for dealing with Cobalt Strike beacons in Python

BKScan

BlueKeep scanner supporting NLA

typofinder

A finder of domain typos showing country of IP address

BLESuite

BLESuite is a Python package that provides an easier way to test Bluetooth Low Energy (BLE) device

SteppingStones

A Red Team Activity Hub

libslub

tcpprox

A small command-line TCP proxy utility written in Python

requests-racer

Small Python library that makes it easy to exploit race conditions in web apps with Requests.

LazyDroid

bash script to facilitate some aspects of an Android application assessment

chuckle

An automated SMB relay exploitation script.

whalescan

Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container

gitpwnd

GitPwnd is a network penetration tool that lets you use a git repo for command and control of compromised machines

Carnivore

Tool for assessing on-premises Microsoft servers authentication such as ADFS, Skype, Exchange, and RDWeb

CollaboratorPlusPlus

Change-Lockscreen

Offensive tool to trigger network authentications as SYSTEM

Decoder-Improved

Improved decoder for Burp Suite

OutlookLeakTest

The Outlook HTML Leak Test Project

Wubes

Qubes containerization on Windows

port-scan-automation

Automate NMAP Scans and Generate Custom Nessus Policies Automatically

Hodor

Hodor! Fuzzer..

Zulu

The Zulu fuzzer

WinShareEnum

Windows Share Enumerator

memscan

Searches for strings, regex, credit card numbers of magnetic stripe card tracks in a Windows process's memory space

ebpf

eBPF - extended Berkeley Packet Filter tooling

argumentinjectionhammer

A Burp Extension designed to identify argument injection vulnerabilities.

cq

DroppedConnection

SCOMDecrypt

SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers

GOATCasino

This is an intentionally vulnerable smart contract truffle deployment aimed at allowing those interested in smart contract security to exploit a wide variety of issues in a safe environment.

OneLogicalMyth_Shell

A HTA shell to assist with breakout assessments.

BLE-Replay

BLE-Replay is a Bluetooth Low Energy (BLE) peripheral assessment tool

cloud_ip_ranges

Identify IP addresses owned by public cloud providers

web3-decoder

ccs

WindowsDACLEnumProject

A collection of tools to enumerate and analyse Windows DACLs

raccoon

Salesforce object access auditor

DIBF

Windows NT ioctl bruteforcer and modular fuzzer

go-pillage-registries

Pentester-focused Docker registry tool to enumerate and pull images

DatajackProxy

Datajack Proxy allows you to intercept TLS traffic in native x86 applications across platforms

pcap-burp

Pcap importer for Burp

jwt-reauth

Berserko

Burp Suite extension to perform Kerberos authentication