Auto DANE attempts to automate the process of exploiting, pivoting and escalating privileges on windows domains.



BIRP is a tool that will assist in the security assessment of mainframe applications served over TN3270. Much like what BURP and other web application proxies do for web application assessments, BIRP aims to do the same for TN3270 application assessments. And, much like with web applications, being able to see and modify fields that the application developer assumed were neither visible nor modifiable allows security assumptions be bypassed.

In particular, BIRP provides two capabilities for the aspiring TN3270 hacker. The first is that it shows all the data returned by the application in the screen. This includes hidden fields. The second is that it allows fields marked as "protected" aka "non modifiable" to be modified. Depending on how the application has been developed, this can allow application functionality to be modified.


SPartan is a Frontpage and Sharepoint fingerprinting and attack tool. Features:

Sharepoint and Frontpage fingerprinting
Management of Friendly 404s
Default Sharepoint and Frontpage file and folder enumeration
Active Directory account enumeration
Download interesting files and documents, including detection of uninterpreted ASP and ASPX
Search for keywords in identified pages
Saves state from previous scans
Site crawling
Accepts NTLM creds and session cookies for authenticated scans


WMIOps is a powershell script that uses WMI to perform a variety of actions on hosts, local or remote, within a Windows environment. It's designed primarily for use on penetration tests or red team engagements.

Penetration Testers Framework

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.

The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It's super simple to configure and add them and only takes a few minute.


SprayWMI is a method for mass spraying Unicorn PowerShell injection to CIDR notations.

More Information:
"We wanted mass exploitation so we decided to write a tool to help automate mass exploitation. Introducing SprayWMI which leverages wmis and Magic Unicorn to automatically sweep subnet ranges for 135 and automatically attempts to login with either a password or hashes and automatically generate powershell injection to give you access to your payloads instantly and without touching disk. This is a full replacement for traditional PSEXEC and recommended."

Mana Toolkit

A toolkit for rogue access point (evilAP) attacks first presented at Defcon 22.

More specifically, it contains the improvements to KARMA attacks we implemented into hostapd, as well as some useful configs for conducting MitM once you've managed to get a victim to connect.

Cortana Scripts by Mudge

Cortana is a scripting language for Armitage and Cobalt Strike. This is a collection of Cortana scripts that can be used with Cobalt Strike and Armitage.


Netcat: The powershell version. (Powershell Version 2 and Later Supported)

More Information:

Functions & Parameters:

Start-PowerCat # Starts a listener/server.

-Mode # Defaults to Tcp, can also specify Udp or Smb.
-Port # The port to listen on.
-PipeName # Name of pipe to listen on.

-SslCn # Common name for Ssl encrypting Tcp.
-Relay # Format: ":"
-Execute # Execute a console process or powershell.
-SendFile # Filepath of file to send.
-ReceiveFile # Filepath of file to be written.
-Disconnect # Disconnect after connecting.
-KeepAlive # Restart after disconnecting.
-Timeout # Timeout option. Default: 60 seconds

Connect-PowerCat # Connects a client to a listener/server.

-Mode # Defaults to Tcp, can also specify Udp or Smb
-RemoteIp # IPv4 address of host to connect to.
-Port # The port to connect to.
-PipeName # Name of pipe to connect to.

-SslCn # Common name for Ssl encrypting Tcp.
-Relay # Format: "::"
-Execute # Execute a console process or powershell.
-SendFile # Filepath of file to send.
-ReceiveFile # Filepath of file to be written.
-Disconnect # Disconnect after connecting.
-Timeout # Timeout option. Default: 60 seconds
Basic Connections

By default, PowerCat uses TCP and reads from / writes to the console.

# Basic Listener:
Start-PowerCat -Port 443

# Basic Client:
Connect-PowerCat -RemoteIp -Port 443
File Transfer

PowerCat can be used to transfer files using the -SendFile and -ReceiveFile parameters.

# Send File:
Connect-PowerCat -RemoteIp -Port 443 -SendFile C:\pathto\inputfile

# Receive File:

Veil Framework

The Veil-Framework is a red team toolkit focused on evading detection. It currently contains Veil-Evasion for generating AV-evading payloads, Veil-Catapult for delivering them to targets, and Veil-PowerView for gaining situational awareness on Windows domains.

Syndicate content