hoodoer / JS-Tap
JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients, and a "mimic" feature that automatically generates custom payloads.
☆338Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for JS-Tap
- Session Hijacking Visual Exploitation☆194Updated 8 months ago
- ☆191Updated last month
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.☆383Updated 4 months ago
- Deploy reverse shells and perform stealthy process injection with EchoStrike – a Go-based tool for ethical hacking and Red Team operation…☆159Updated 2 months ago
- Leak of any user's NetNTLM hash. Fixed in KB5040434☆240Updated 3 months ago
- Everything and anything related to password spraying☆126Updated 6 months ago
- ☆280Updated 11 months ago
- Microsoft SharePoint Server Elevation of Privilege Vulnerability☆228Updated last year
- A Red Team Activity Hub☆175Updated this week
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆265Updated last week
- Slides and Codes used for the workshop Red Team Infrastructure Automation☆174Updated 7 months ago
- A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.☆332Updated 3 weeks ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆516Updated 4 months ago
- Lab used for workshop and CTF☆156Updated last month
- Azure mindmap for penetration tests☆161Updated last year
- ☆275Updated last year
- Impacket is a collection of Python classes for working with network protocols.☆268Updated 3 weeks ago
- Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality. With the int…☆106Updated last week
- The Template Injection Table is intended to help during the testing of an application for template injection vulnerabilities.☆65Updated 8 months ago
- Kraken, a modular multi-language webshell coded by @secu_x11☆515Updated 9 months ago
- ☆135Updated 6 months ago
- Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound☆426Updated last week
- ☆135Updated last month
- ☆493Updated 7 months ago
- Certified Red Team Operator☆195Updated 2 years ago
- KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).☆209Updated 3 months ago
- Azure DevOps Services Attack Toolkit☆259Updated 3 months ago
- Different methods to get current username without using whoami☆172Updated 9 months ago
- Weaponized Browser-in-the-Middle (BitM) for Penetration Testers☆402Updated 3 months ago
- This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be…☆178Updated this week