hoodoer / JS-TapLinks
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
☆416Updated 8 months ago
Alternatives and similar repositories for JS-Tap
Users that are interested in JS-Tap are comparing it to the libraries listed below
Sorting:
- Session Hijacking Visual Exploitation☆209Updated last year
- ☆96Updated 6 months ago
- Microsoft SharePoint Server Elevation of Privilege Vulnerability☆234Updated 2 years ago
- ☆306Updated 10 months ago
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.☆403Updated last year
- peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser.☆221Updated 9 months ago
- ☆408Updated 10 months ago
- A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.☆372Updated 4 months ago
- Multiplayer pivoting solution☆479Updated 2 months ago
- Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound☆667Updated 3 months ago
- Everything and anything related to password spraying☆151Updated last year
- A Red Team Activity Hub☆235Updated last week
- Deploy reverse shells and perform stealthy process injection with EchoStrike – a Go-based tool for ethical hacking and Red Team operation…☆191Updated last year
- ☆612Updated 3 weeks ago
- ☆243Updated last year
- winPEAS, but for Active Directory☆171Updated 9 months ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆355Updated last month
- Enhanced version of secretsdump.py from Impacket. Adds multi-threading and accepts an input file with a list of target hosts for simultan…☆247Updated 2 years ago
- Azure mindmap for penetration tests☆194Updated 2 years ago
- Leak of any user's NetNTLM hash. Fixed in KB5040434☆259Updated last year
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆400Updated 6 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆259Updated 11 months ago
- Password spraying tool and Bloodhound integration☆248Updated last year
- MOVEit CVE-2023-34362☆139Updated 2 years ago
- KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).☆264Updated last month
- Certified Red Team Operator (CRTO) Cheatsheet and Checklist☆207Updated last year
- Tool to remotely dump secrets from the Windows registry☆521Updated 2 months ago
- Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC☆156Updated last year
- ☆566Updated last year
- Impacket is a collection of Python classes for working with network protocols.☆303Updated last week