Search the Community

RedTeam Toolkit Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teaming together for the security specialist to identify vulnerabilities. The cybersecurity open-source projects are integrated with what will be a powerful toolkit together. Currently, it supports the following options: FullScan (scan ports and vulnerabilities/CVEs on the target – PDF output) Livehosts (scan all live hosts in the network scale – PDF output) DirScan (scan all directories on a target – PDF output) CVE Description ( CveID Search) SSH Dictionary Attack RDP BruteForce WebApps Section F5 BIG-IP PoC ( CVE-2022-1388 ) Apache Path Traversal PoC ( CVE-2021-41773 ) Automated XSS Finder Web Crawler for gathering URLs SubDomain Enumeration HTTP Verb Tampering (SQLi will be added soon) Windows Section (Being updated, other major CVEs will be added) Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 ) Linux Section to implement major Linux CVEs (UNDER MAINTENANCE) Changelog v0.1.5 The Dockerized version (#19 ) of the RedTeam Toolkit. is deployed now Moreover, it now includes the following new modules: CVE-2022-1388 PoC (for F5 BIG-IP Automated XSS Finder to server a website and find XSS on that A new module for content discovery (Gathering all URLs) [hide][Hidden Content]]

What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an “execution plan”. While having a pre-generated execution plan that describes the spraying operation well before it occurs has many other benefits that Spray365 leverages, this also allows password sprays to be resumed (-R option) after a network error or other interruption. While it is easiest to generate a Spray365 execution plan using Spray365 directly, other tools that produce a compatible JSON structure make it easy to build unique password spraying workflows. Spray365 exposes a few options that are useful when spraying credentials. Random user agents can be used to detect and bypass insecure conditional access policies that are configured to limit the types of allowed devices. Similarly, the –shuffle_auth_order argument is a great way to spray credentials in a less-predictable manner. This option was added in an attempt to bypass intelligent account lockouts (e.g., Azure Smart Lockout). While it’s not perfect, randomizing the order in which credentials are attempted has other benefits too, like making the detection of these spraying operations even more difficult. Spray365 also supports proxying traffic over HTTP/HTTPS, which integrates well with other tools like Burp Suite for manipulating the source of the spraying operation. Changelog v0.1.5 beta What’s New 🎉 Spray365 is now split into two modes (generate and spray) for more logical argument handling. This is a breaking change that requires Spray365 to be executed using new syntax. Example comparing new and old for generating an execution plan Old Syntax: spray365.py -g demo.s365 -d <domain> -u <username_file> -pf <password_file> --delay 10 New Syntax: spray365.py generate --execution_plan demo.s365 -d <domain> -u <username_file> -pf <password_file> --delay 10 Example comparing new and old for password spraying: Old Syntax: spray365.py -s demo.s365 --lockout 3 New Syntax: spray365.py spray --execution_plan demo.s365 --lockout 3 Successive authentication attempts for a given user with known good credentials will be skipped. This new default behavior can be reverted with the -i / --ignore_success argument in spray mode. What’s Changed An authentication request requiring interactive login (AAD error “AADSTS65001”) is now considered a successful login Help documentation improved and updated to match Spray365 capabilities [hide][Hidden Content]]

The Trident project is an automated password spraying tool developed to meet the following requirements: the ability to be deployed on several cloud platforms/execution providers the ability to schedule spraying campaigns in accordance with a target’s account lockout policy the ability to increase the IP pool that authentication attempts originate from for operational security purposes the ability to quickly extend functionality to include newly-encountered authentication platforms v0.1.5 Latest fixed bug in o365 nozzle (thank you jfish) [hide][Hidden Content]]

BurpCrypto Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! [hide][Hidden Content]]