AI Summary: A-Red-Teamer-diaries is a collaborative repository containing publicly accessible notes and resources for penetration testing and red teaming activities, focusing on various tools and techniques employed during security assessments. Key features include a cheatsheet for quick command reference, detailed methodologies for effective exploitation, and practical scripts for network scanning and enumeration, enhancing both learning and efficiency in cybersecurity engagements. This tool serves as a practical guide for professionals aiming to improve their pentesting methodologies in controlled environments.

AI Summary: The Active Directory Exploitation Cheat Sheet serves as a comprehensive resource for cybersecurity professionals, detailing methodologies and commands for navigating the Active Directory environment. Its primary use case involves facilitating reconnaissance, privilege escalation, and lateral movement within a network through structured commands using Powershell and .Net. Notable features include a systematic approach to various stages of the exploitation process, including domain enumeration, persistence techniques, and monitoring account vulnerabilities.

AI Summary: The Active Directory Exploitation Cheat Sheet serves as a comprehensive resource for security professionals, detailing various enumeration and attack techniques within Windows Active Directory environments. It encompasses methods for domain enumeration, local privilege escalation, lateral movement, and domain persistence, while providing actionable insights and references to essential tools such as PowerView, Mimikatz, and BloodHound. This tool is particularly notable for its structured approach to various exploitation vectors, facilitating an efficient and systematic exploitation process.

AI Summary: Awesome Hacking Resources is a comprehensive collection of materials designed for individuals looking to enhance their skills in hacking and penetration testing. The repository includes various categories such as learning resources, online courses, forums, and tools crucial for topics like malware analysis and network scanning, promoting community contribution and knowledge sharing within the cybersecurity field. Notably, it features a dedicated list of tools and links to educational content, making it a valuable resource for both beginners and advanced practitioners.

AI Summary: Awesome Privilege Escalation is a comprehensive resource that curates techniques, tools, and methodologies for privilege escalation across multiple platforms, including Linux, Windows, Docker, and cloud environments. It features a structured table of contents with links to guides, techniques, and relevant presentations, allowing security professionals to efficiently explore various escalation vectors and strategies. Notable sections include targeted discussions on specific operating system techniques and curated tools for CVE identification and exploitation.

AI Summary: Awesome-Redteam is a comprehensive knowledge base designed for red teaming and offensive security research, providing users with a curated collection of tools, scripts, and tips. It features organized sections covering various aspects such as cybersecurity cheat sheets, cryptographic methods, cyberspace search tools, and open-source intelligence resources, all intended for educational purposes. The repository emphasizes legal usage and warns against employing its content for unauthorized activities.

README

Awesome-Redteam

❗【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。 使用本项目前请先阅读 法律法规。

AI Summary: BadPotato is a penetration testing tool designed for exploiting a vulnerability within Windows operating systems, specifically targeting Windows Server 2012-2019 and Windows 8-10. Its primary use case is to escalate privileges by abusing the Print Spooler service, enabling attackers to execute arbitrary code with elevated permissions. Notable features include efficient integration with existing exploits and a straightforward execution process for security professionals.

README

BadPotato

Windows 2012-2019

Windows 8-10

AI Summary: CDK is a zero dependency container penetration toolkit designed for security testing, enabling stable exploitation across slimmed containers. Its primary use case revolves around container escaping, persistence, and lateral movement within Kubernetes clusters, featuring modules for evaluating container weaknesses, executing various exploits, and providing essential network tools. Notable capabilities include information gathering, direct interaction with the container’s environment, and the ability to initiate and manage attacks seamlessly.

README

CDK - Zero Dependency Container Penetration Toolkit

English | 简体中文

AI Summary: Coercer is a Python tool designed for assessing and exploiting Remote Procedure Calls (RPCs) on Windows servers, facilitating the coercion of authentication onto arbitrary machines. Key features include the ability to list and connect to SMB pipes, invoke vulnerable RPC functions with random UNC path generation, and customizable export formats such as SQLite, JSON, and XSLX for scan and fuzz modes. It supports both authenticated and unauthenticated scans, making it valuable for security assessments and penetration testing.

AI Summary: CVE-2024-1086 is a universal local privilege escalation exploit targeting Linux kernels from v5.14 to v6.6, with a notable success rate of 99.4% in KernelCTF environments. It allows users to gain root access under specific conditions related to user namespaces and kernel configurations, while also showcasing a deliberate kernel panic after execution to deter malicious exploitation. The tool includes both source code for building as well as a compiled binary for ease of use.

AI Summary: DeepCE is a lightweight tool designed for Docker container enumeration, privilege escalation, and container escapes, written in pure shell script to maximize compatibility. It performs a variety of enumerations, including container-specific data collection and host system scanning, and offers multiple exploits such as Docker group privilege escalation and command execution in privileged mode. Notably, DeepCE minimizes disk writes during enumeration, making it suitable for stealthy assessments in containerized environments.

AI Summary: The InfoSec Reference project serves as a comprehensive resource for individuals seeking to enhance their understanding of Information Security, offering a curated list of techniques, tools, and tactics. Its primary use case revolves around providing a “Yellow Pages” style reference for users to browse and learn about various aspects of infosec, helping them build skills and recall pertinent information. Notably, it encourages community contributions and maintains regular updates, while emphasizing a commitment to ethical practices in cybersecurity.

AI Summary: Juicy Potato is a Local Privilege Escalation tool designed to exploit COM servers for escalating privileges from Windows Service Accounts to NT AUTHORITY\SYSTEM. Notable features include customizable CLSID targeting, flexible COM listening configurations (IP and port), and multiple process creation modes, enabling users to launch executables or scripts with different impersonation privileges. This tool is particularly effective for users with SeImpersonate or SeAssignPrimaryToken privileges, allowing them to bypass security mechanisms on Windows systems.

AI Summary: K8tools is a collection of security research and penetration testing tools designed for use in various environments, including remote command execution and web shells. Notably, these tools are modified to enhance compatibility and stability, catering to security professionals who require reliable functionalities. The repository serves as a hub for downloading tools, accessing documentation, and submitting feedback for continuous improvement.

README

K8tools

声明: 工具仅供安全研究或授权渗透，非法用途后果自负。
下载: https://github.com/k8gege/K8tools
文档: http://k8gege.org/p/72f1fea6.html

AI Summary: The xairy/kernel-exploits repository contains a collection of Linux kernel exploit code samples for various vulnerabilities, primarily focusing on local privilege escalation (LPE) and information leak scenarios. Each entry is associated with specific Common Vulnerabilities and Exposures (CVEs), detailing the exploit’s impact and vector, enhancing understanding and mitigation strategies for kernel security vulnerabilities. Notable features include the absence of licensing, making the code freely available for educational and research purposes.

AI Summary: The Linux Exploit Suggester (LES) is a tool for auditing Linux systems to identify potential privilege escalation vulnerabilities, assessing the system’s exposure to known exploits by utilizing heuristic methods. It calculates the likelihood of exploitation for each vulnerability and verifies kernel hardening configurations, offering a comprehensive analysis of both compile-time and run-time security settings. Notable features include detailed exploit documentation, exposure assessment ratings, and integration with kernel hardening verification, making it a valuable resource for security assessments on Linux-based environments.

AI Summary: The Linux Kernel Exploitation repository serves as a curated collection of resources pertaining to Linux kernel security and exploitation techniques. It provides extensive links to books, methodologies, tools for fuzzing, and training exercises, making it a comprehensive reference for security researchers and practitioners interested in kernel vulnerabilities and exploitation strategies. Notable features include regular updates, categorized content on various exploitation techniques, and a community-driven approach encouraging contributions via pull requests.

AI Summary: Linux Smart Enumeration (LSE) is a shell script designed for penetration testing and Capture The Flag (CTF) challenges, aimed at gathering security-relevant information to assist in privilege escalation on Linux systems. Notable features include customizable verbosity levels, targeted section execution, process monitoring, and the ability to serve the script over the network for remote retrieval. The tool is intended to expose vulnerabilities gradually, prioritizing information based on its significance for privilege escalation.

AI Summary: Linuxprivchecker is a Python script designed for local execution on Linux systems, aimed at enumerating system information and identifying common privilege escalation vectors, such as world writable files and misconfigurations. Its primary use case is to assist users in learning about potential privilege escalation opportunities within Linux environments without performing direct exploits. Noteworthy features include support for both Python 2 and 3, command options for customizing searches and log outputs, and an emphasis on educational utility for those preparing for penetration testing certifications like OSCP and HTB.

AI Summary: Metarget is a framework designed to automatically deploy vulnerable cloud-native infrastructures for security research purposes. It allows users to swiftly instantiate environments with known vulnerabilities (e.g., Docker and Kubernetes exploits) using simple command-line instructions, thus minimizing setup time for ethical hacking and testing scenarios. Notable features include the ability to “install” vulnerabilities like software packages, enabling researchers to quickly create multilayer vulnerable scenes for comprehensive testing and learning.

AI Summary: Moonwalk is a lightweight tool designed for penetration testing on Unix systems, enabling users to erase their traces during exploitation by restoring system logs and filesystem timestamps to their previous state. Key features include a fast execution time of under 5 milliseconds, the ability to save and revert user shell history, and a world-writable path for session logging, ensuring that no evidence of the testing remains.

README

AI Summary: MSDAT (Microsoft SQL Database Attacking Tool) is an open-source penetration testing utility designed for assessing the security of Microsoft SQL databases remotely. Its primary use case includes discovering valid credentials, privilege escalation, and executing operating system commands through various SQL features. Notable features of MSDAT include the ability to perform dictionary attacks, capture SMB authentication, execute SQL requests, and manipulate files on the server, while supporting multiple Microsoft SQL Server versions.

AI Summary: ODAT (Oracle Database Attacking Tool) is an open-source penetration testing tool designed to assess the security of Oracle databases remotely. Key features include the capability to identify valid SIDs and credentials, escalate privileges to DBA or SYSDBA, and execute system commands like reverse shells. It supports various Oracle Database versions and offers extensive options for connectivity checks and detailed database information extraction.

README

ODAT

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely.

AI Summary: The OSCP repository contains a collection of scripts and tools designed to assist in penetration testing and privilege escalation, particularly for the OSCP exam. Notable features include custom scripts for Linux privilege checks, port knocking, cron job analysis, and a comprehensive Windows privilege escalation check, along with a SQL injection cheatsheet for manual exploitation techniques. This repository is aimed at providing streamlined and efficient tools for security practitioners during their testing processes.

AI Summary: PhpSploit is a full-featured Command and Control (C2) framework that maintains a persistent presence on web servers using a polymorphic PHP one-liner. Its primary use case is for penetration testing and exploitation, enabling users to execute commands, manage files remotely, interact with a SQL console, and escalate privileges through over 20 available plugins. Notable features include obfuscated communication via HTTP headers and seamless file upload/download capabilities, facilitating robust interactions with target systems while bypassing standard PHP security measures.

AI Summary: PrivEsc is a collection of privilege escalation scripts and exploits designed for Windows, Linux, and MySQL environments. Its primary use case is to help security professionals identify and exploit privilege escalation vulnerabilities in various systems. Notable features include compatibility with multiple operating systems and exploitation capabilities tailored for common service vulnerabilities.

README

PrivEsc by 1N3@CrowdShield

http://crowdshield.com

ABOUT:

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

AI Summary: PrivescCheck is a PowerShell script designed for identifying common Windows vulnerabilities and configuration issues outside the scope of public security standards, facilitating exploitation and post-exploitation tasks. It allows users to run various checks—including basic, extended, and audit checks—generate human-readable reports in multiple formats (TXT, HTML, CSV, XML), and includes options for silent execution and risky checks, making it suitable for penetration testing, research, and auditing purposes. Notably, the tool performs context-aware access control checks to provide accurate findings based on the current user’s privileges.

AI Summary: Privilege Escalation is a comprehensive cheat sheet and reference guide tailored for penetration testers, CTF participants, and cybersecurity students, focusing on methods to escalate privileges in compromised systems. This tool includes a wealth of exploitation techniques, such as abusing sudo rights, exploiting SUID bits, and identifying vulnerable Docker instances, alongside detailed enumeration and exploitation methods. Notable features include practical examples, links to external resources, and an organized structure for efficient referencing in both educational and professional penetration testing scenarios.

AI Summary: pspy is an unprivileged Linux process monitoring tool that allows users to observe commands executed by other processes, including cron jobs, in real-time without requiring root access. It leverages procfs scans and inotify filesystem watchers to detect short-lived processes and can be particularly useful for system enumeration in Capture The Flag (CTF) challenges, as well as for demonstrating secure coding practices regarding command-line argument handling. Notable features include customizable process and filesystem event monitoring, with options for output formatting and scan intervals.

AI Summary: RamiGPT is an AI-driven offensive security tool that facilitates privilege escalation to root accounts using OpenAI’s technology and PwnTools. Its primary use case involves quickly exploiting vulnerabilities across various systems, achieving root access in under a minute, as demonstrated by its performance on multiple VulnHub scenarios. The tool features a user-friendly GUI and seamless integration with Docker for easy deployment and configuration, leveraging tools like BeRoot and LinPEAS for effective enumeration.

AI Summary: SUDO_KILLER is a cybersecurity tool designed for professionals such as pentesters and security auditors, focusing on privilege escalation vulnerabilities in Linux systems related to SUDO configuration and usage. It manually identifies issues such as misconfigurations, risky binaries, and version-based vulnerabilities (CVEs), enabling users to exploit these weaknesses for gaining root-level privileges. The tool provides a detailed checklist of potential local exploits and requires users to perform the exploitation process manually, ensuring a controlled approach to privilege escalation testing.

AI Summary: Traitor is a privilege escalation tool designed to automatically exploit local vulnerabilities and misconfigurations in Unix-like systems to achieve a root shell. It incorporates various methods from GTFOBins and specific CVEs, allowing users to discover potential exploits with options to directly attempt them if necessary. Notable features include the ability to analyze sudo permissions, the option to exploit specific vulnerabilities, and support for various privilege escalation vectors.

README

Traitor

Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy!

AI Summary: WADComs is an interactive cheat sheet designed for offensive security professionals, offering a curated list of tools and their commands specifically for targeting Windows and Active Directory environments. Its primary use case is to aid security experts in executing effective penetration testing by providing quick access to essential commands. Notable features include its comprehensive tool listings and command syntaxes, all consolidated in a web-based format for ease of use.

AI Summary: The Windows Local Privilege Escalation Cookbook is designed to educate users on local privilege escalation techniques within Windows environments, focusing on exploiting misconfiguration vulnerabilities. It provides structured guidance, including sections on description, lab setup, enumeration, exploitation, and mitigation for various vulnerabilities, while also emphasizing ethical usage and the need for responsible application of the techniques outlined. Notably, it excludes evasion tactics and includes a PowerShell script for disabling Windows Defender under specific conditions.

AI Summary: WinPwn is a comprehensive PowerShell-based tool designed for internal penetration testing, emphasizing automation and proxy support for reconnaissance and exploitation tasks. Its notable features include modules for session management, credential dumping, local and domain reconnaissance, and privilege escalation checks, alongside the ability to operate offline and integrate well-known offensive security scripts. The tool streamlines the penetration testing process with an interactive menu for selecting various attack methods and extensive built-in reconnaissance capabilities.