kh4sh3i / exchange-penetration-testingView external linksLinks
The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)
☆129Aug 15, 2025Updated 6 months ago
Alternatives and similar repositories for exchange-penetration-testing
Users that are interested in exchange-penetration-testing are comparing it to the libraries listed below
Sorting:
- leaking net-ntlm with webdav☆26Feb 23, 2021Updated 4 years ago
- [CVE-2017-9822] DotNetNuke Cookie Deserialization Remote Code Execution (RCE)☆20Aug 30, 2020Updated 5 years ago
- A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or B…☆26Feb 29, 2024Updated last year
- A Docker container used to easily compile Nim binaries generated by my tools (NimPackt and NimPlant)☆16Aug 31, 2023Updated 2 years ago
- Office 365 and Exchange Enumeration☆198May 7, 2019Updated 6 years ago
- ☆26Apr 1, 2022Updated 3 years ago
- ☆27Jan 27, 2022Updated 4 years ago
- ☆15Jul 10, 2025Updated 7 months ago
- Abuse leaked token handles.☆134Dec 14, 2023Updated 2 years ago
- Federated Office365 user enumeration based on correlated response trend analysis☆50May 3, 2022Updated 3 years ago
- Powershell tool to automate Active Directory enumeration.☆1,279Sep 9, 2025Updated 5 months ago
- Reverse TCP Powershell has never been this paranoid. (basically an Opsec-safe reverse powershell)☆30Feb 4, 2022Updated 4 years ago
- Static standalone binaries for Linux and Windows (x64) of Python offensive tools. Compiled using PyInstaller, Docker for Windows, WSL2, a…☆111May 19, 2022Updated 3 years ago
- Extracts Azure authentication tokens from PowerShell process minidumps.☆24May 20, 2023Updated 2 years ago
- A set of scripts to facilitate HTTP interception on mobile apps☆19Dec 9, 2025Updated 2 months ago
- MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, i…☆3,206Aug 7, 2025Updated 6 months ago
- SharpDir is a simple code set to search both local and remote file systems for files and is compatible with Cobalt Strike.☆30Jul 4, 2019Updated 6 years ago
- Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus☆248Feb 23, 2022Updated 3 years ago
- Technical notes, AD pentest methodology, list of tools, scripts and Windows commands that are useful for internal penetration tests and a…☆300Jan 1, 2026Updated last month
- A collection of tools Neil and Andy have been working on released in one place and interlinked with previous tools☆88Jul 12, 2023Updated 2 years ago
- A python based script to update DNS entries in ADIDNS☆43Apr 12, 2024Updated last year
- User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin☆484Sep 24, 2025Updated 4 months ago
- Mythic C2 wrapper for NimSyscallPacker☆25Mar 12, 2025Updated 11 months ago
- s3eker is an extensible way to find open S3 buckets.☆17Jul 31, 2020Updated 5 years ago
- A GO module to get domain name from SSL certificates when an IP address is provided.☆34Apr 14, 2023Updated 2 years ago
- Replace the .txt section of the current loaded modules from \KnownDlls\☆305Sep 28, 2022Updated 3 years ago
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆89Feb 16, 2022Updated 3 years ago
- This python script performs a number of sqlite queries (mainly password metadata) against sqlite databases (Created by ROADtools) to prov…☆22Jul 3, 2024Updated last year
- Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207☆119Aug 25, 2023Updated 2 years ago
- Tool for Active Directory Certificate Services enumeration and abuse☆3,385Dec 3, 2025Updated 2 months ago
- Simple Linux RootKit written in python☆10Dec 10, 2017Updated 8 years ago
- USENIX 2023 Artifacts☆11Nov 25, 2022Updated 3 years ago
- Dump macOS 1.8+ password hashes to a hashcat-compatible format☆14May 29, 2022Updated 3 years ago
- Kerberos relaying and unconstrained delegation abuse toolkit☆1,526Jan 27, 2025Updated last year
- Investigation about ACL abusing for Active Directory Certificate Services (AD CS)☆130Oct 10, 2021Updated 4 years ago
- xortigate-cve-2023-27997☆65Oct 12, 2023Updated 2 years ago
- Dumping LSASS with a duplicated handle from custom LSA plugin☆204Feb 23, 2022Updated 3 years ago
- TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts☆1,368Oct 22, 2025Updated 3 months ago
- ACL abuse swiss-knife☆127Feb 3, 2023Updated 3 years ago