hoodoer / JS-TapLinks
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
☆375Updated 2 months ago
Alternatives and similar repositories for JS-Tap
Users that are interested in JS-Tap are comparing it to the libraries listed below
Sorting:
- Session Hijacking Visual Exploitation☆201Updated last year
- Microsoft SharePoint Server Elevation of Privilege Vulnerability☆232Updated last year
- ☆87Updated 3 months ago
- ☆301Updated 4 months ago
- peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser.☆201Updated 3 months ago
- ☆512Updated last month
- ☆318Updated 4 months ago
- A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.☆363Updated 5 months ago
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.☆402Updated 6 months ago
- Everything and anything related to password spraying☆142Updated last year
- Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound☆585Updated 8 months ago
- A Red Team Activity Hub☆214Updated last week
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆314Updated 8 months ago
- Azure mindmap for penetration tests☆186Updated last year
- Password spraying tool and Bloodhound integration☆238Updated 6 months ago
- KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).☆253Updated 2 months ago
- Enhanced version of secretsdump.py from Impacket. Adds multi-threading and accepts an input file with a list of target hosts for simultan…☆221Updated last year
- Tool to remotely dump secrets from the Windows registry☆470Updated last month
- ShadowPhish is an advanced APT awareness toolkit designed to simulate real-world phishing, malware delivery, deepfakes, smishing/vishing,…☆191Updated 2 months ago
- Deploy reverse shells and perform stealthy process injection with EchoStrike – a Go-based tool for ethical hacking and Red Team operation…☆182Updated 10 months ago
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆389Updated 3 months ago
- A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented b…☆411Updated last year
- winPEAS, but for Active Directory☆153Updated 3 months ago
- ☆298Updated 2 years ago
- A suite of tools to disrupt campaigns using the Sliver C2 framework.☆279Updated last year
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆232Updated 4 months ago
- Lord Of Active Directory - automatic vulnerable active directory on AWS☆147Updated last year
- Lab used for workshop and CTF☆254Updated last month
- Multiplayer pivoting solution☆402Updated this week
- MOVEit CVE-2023-34362☆138Updated 2 years ago