hoodoer / JS-TapLinks
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
☆416Updated last week
Alternatives and similar repositories for JS-Tap
Users that are interested in JS-Tap are comparing it to the libraries listed below
Sorting:
- Session Hijacking Visual Exploitation☆210Updated last year
- Microsoft SharePoint Server Elevation of Privilege Vulnerability☆235Updated 2 years ago
- ☆96Updated 6 months ago
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.☆403Updated last year
- Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound☆669Updated 3 months ago
- A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.☆372Updated 4 months ago
- Deploy reverse shells and perform stealthy process injection with EchoStrike – a Go-based tool for ethical hacking and Red Team operation…☆191Updated last year
- ☆306Updated 10 months ago
- peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser.☆222Updated 9 months ago
- Everything and anything related to password spraying☆151Updated last year
- ☆412Updated 11 months ago
- ☆325Updated 2 years ago
- Google Calendar RAT is a PoC of Command&Control over Google Calendar Events☆261Updated 5 months ago
- winPEAS, but for Active Directory☆171Updated 10 months ago
- A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented b…☆441Updated last year
- ☆618Updated this week
- Enhance Your Active Directory Password Spraying with User Intelligence.☆312Updated last month
- ☆243Updated last year
- ☆567Updated last year
- MOVEit CVE-2023-34362☆139Updated 2 years ago
- Multiplayer pivoting solution☆482Updated 3 months ago
- Kraken, a modular multi-language webshell coded by @secu_x11☆550Updated 2 years ago
- The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)☆129Updated 5 months ago
- Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance.☆219Updated last year
- Tool to remotely dump secrets from the Windows registry☆521Updated 2 months ago
- Password spraying tool and Bloodhound integration☆248Updated last year
- Leak of any user's NetNTLM hash. Fixed in KB5040434☆259Updated last year
- Offensive MSSQL toolkit written in Python, based off SQLRecon☆207Updated last year
- Catspin rotates the IP address of HTTP requests making IP based blocks or slowdown measures ineffective. It is based on AWS API Gateway a…☆265Updated last year
- Azure mindmap for penetration tests☆195Updated 2 years ago