On my quest to learn all things pentest and earning my OSCP, I have written some tools that I want to share.

  • MinerInTheMiddle
    • This tool injects monero javascript miners into local network traffic
  • UWP Framework Lib
    • A Universal Windows Platform framework library I’ve been slowly building
  • Alohomora
    • A tool that abuses public data for recon purposes
  • OBBScan
    • Takes a batch of urls and scans the Open Bug Bounty Database for known vulnerabilities
      • obbscan <path to list of urls (line delimited)>
  • smtpenum
    • Enumerates vulnerable SMTP services for users
  • tomcat_brute-py
    • Tomcat login brute force tool.
  • tomcat_upload-py
    • Tomcat upload exploit tool. Default bind tcp payload included.
  • vsftpd_backdoor_shell-py-tar
    • Simple script that invokes the VSFTPD Backdoor and opens a shell.
  • mssql_brute
    • MSSQL login brute force tool.
  • dist_reverse_shell
    • DistCC Daemon reverse shell exploit. Default payload included.

If you expand on these tools or have any comments please feel free to reach out to me on the tweeter @DotNetRussell