blackninja23's Projects
A walkthrough on how I set up Microsoft Server 2019 on a Virtual Machine to run Active Directory on it. I then configure a Domain Controller that will allow me to run a domain. After that I ran a Powershell script to create over 1000 users in Active Directory and log into those newly created accounts on another client that uses the domain I set up
All about bug bounty (bypasses, payloads, and etc)
This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010
My blog
Poor (rich?) man's bug bounty pipeline https://dubell.io
A repository that includes all the important wordlists used while bug hunting.
Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Python / scapy module implementing SRVLOC/SLP protocol and scans for enabled OpenSLP services.
Exploit for CVE-2023-3460. Unauthorized admin access for Ultimate Member plugin < v2.6.7
Python script to detect bluekeep vulnerability (CVE-2019-0708) with TLS/SSL and x509 support
DNS Enumeration Script
Python tool for enumerating directories and files on web servers that contain a publicly readable .ds_store file.
Proof of concept for abusing SeLoadDriverPrivilege (Privilege Escalation in Windows)
Generate a malicious macro in your doc to reverse shell in powershell
Compiled Binaries for Ghostpack (.NET v4.0)
Utility to enumerate users, groups and computers from a Windows domain through LDAP queries
GraphQL security workshop labs
Another version of katana, more automated but less stable. the purpose of this small tool is to run a Google based passive recon against your scope.
HAProxy Load Balancer's development branch (mirror of git.haproxy.org)
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
Infoga - Email OSINT
IOXIDResolver.py from AirBus Security
Convert kirbi ticket from mimikatz into hashcat format to crack it
Credentials recovery project
AD ACL abuse
A little tool to play with Windows security
A repository of tools for pentesting of restricted and isolated environments.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.