hoodoer / JS-TapLinks
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
☆378Updated 3 months ago
Alternatives and similar repositories for JS-Tap
Users that are interested in JS-Tap are comparing it to the libraries listed below
Sorting:
- Session Hijacking Visual Exploitation☆204Updated last year
- ☆90Updated last month
- Microsoft SharePoint Server Elevation of Privilege Vulnerability☆233Updated last year
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.☆401Updated 7 months ago
- ☆303Updated 5 months ago
- ☆529Updated this week
- peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser.☆207Updated 4 months ago
- Everything and anything related to password spraying☆144Updated last year
- Multiplayer pivoting solution☆415Updated 3 weeks ago
- Deploy reverse shells and perform stealthy process injection with EchoStrike – a Go-based tool for ethical hacking and Red Team operation…☆188Updated 11 months ago
- Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound☆595Updated 9 months ago
- ☆334Updated 6 months ago
- A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.☆366Updated 6 months ago
- ☆304Updated 2 years ago
- Azure mindmap for penetration tests☆187Updated last year
- Tool to remotely dump secrets from the Windows registry☆480Updated 2 months ago
- Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway a…☆264Updated last year
- Password spraying tool and Bloodhound integration☆241Updated 8 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆241Updated 6 months ago
- winPEAS, but for Active Directory☆156Updated 5 months ago
- ☆236Updated 9 months ago
- A Red Team Activity Hub☆220Updated 3 weeks ago
- KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).☆254Updated last month
- Offensive MSSQL toolkit written in Python, based off SQLRecon☆203Updated 7 months ago
- ☆547Updated last year
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆324Updated 9 months ago
- Lab used for workshop and CTF☆268Updated 3 weeks ago
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆394Updated last month
- ShadowPhish is an advanced APT awareness toolkit designed to simulate real-world phishing, malware delivery, deepfakes, smishing/vishing,…☆203Updated 4 months ago
- MOVEit CVE-2023-34362☆138Updated 2 years ago