{"uuid": "0a9694fd-95f0-4a5f-a0ca-62243b38a18e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42278", "type": "published-proof-of-concept", "source": "https://t.me/NinjaSec/348", "content": "Offensive Security (for exams like OSCP, OSWE, OSEP, etc.). \n\n\nPowerful Offensive Security Tools\n\n1. DeathStar \u2013 Automated AD privilege escalation\nhttps://github.com/byt3bl33d3r/DeathStar\n\n\n2. Frogger \u2013 Lateral movement visualizer for BloodHound\nhttps://github.com/FSecureLABS/Frogger\n\n\n3. InSpy \u2013 LinkedIn-based OSINT tool for target enumeration\nhttps://github.com/leapsecurity/InSpy\n\n\n4. NoPac-Tool \u2013 Exploits CVE-2021-42287 & CVE-2021-42278 (Kerberos)\nhttps://github.com/Ridter/noPac\n\n\n5. LaZagne \u2013 Credential recovery from local machines\nhttps://github.com/AlessandroZ/LaZagne\n\n\n6. Egress-Assess \u2013 Test outbound firewall egress rules\nhttps://github.com/FortyNorthSecurity/Egress-Assess\n\n\n7. SessionGopher \u2013 Gathers saved session data\nhttps://github.com/fireeye/SessionGopher\n\n\n8. RustScan \u2013 Lightning-fast modern port scanner\nhttps://github.com/RustScan/RustScan\n\n\n9. Grouper2 \u2013 Active Directory ACL auditing\nhttps://github.com/l0ss/Grouper2\n\n\n10. ADACLScanner \u2013 Find misconfigured ACLs in AD\nhttps://github.com/canix1/ADACLScanner\n\n\n11. CredNinja \u2013 Brute-forces AD credentials over SMB\nhttps://github.com/byt3bl33d3r/CredNinja\n\n\n12. PetitPotam \u2013 Coerce NTLM authentication via MS-EFSRPC\nhttps://github.com/topotam/PetitPotam\n\n\n13. ZAP CLI \u2013 Command-line tool for OWASP ZAP automation\nhttps://github.com/Grunny/zap-cli\n\n\n14. Brutespray \u2013 Combines Nmap and Hydra for bruteforcing\nhttps://github.com/x90skysn3k/brutespray\n\n\n15. Chankro \u2013 DLL sideloading helper tool\nhttps://github.com/ivan-sincek/chankro\n\n\n16. 0d1n \u2013 Web application brute-forcing tool\nhttps://github.com/danielmiessler/0d1n\n\n\n17. Silenthound \u2013 BloodHound alternative using .NET\nhttps://github.com/dievus/silenthound\n\n\n18. LDAPDomainDump \u2013 Dumps Active Directory info via LDAP\nhttps://github.com/dirkjanm/ldapdomaindump\n\n\n19. SharpView \u2013 AD enumeration using C# (OPSEC-safe alternative to PowerView)\nhttps://github.com/tevora-threat/SharpView\n\n\n20. SharpHound.ps1 \u2013 Standalone version for stealthier BloodHound collection\nhttps://github.com/BloodHoundAD/BloodHound\n\n\n21. Nishang \u2013 PowerShell for offensive use\nhttps://github.com/samratashok/nishang\n\n\n22. PowerSharpPack \u2013 Collection of PowerShell offensive tools\nhttps://github.com/S3cur3Th1sSh1t/PowerSharpPack\n\n\n23. EvilClippy \u2013 Weaponize MS Office documents\nhttps://github.com/outflanknl/EvilClippy\n\n\n24. PSAttack \u2013 PowerShell attack toolkit\nhttps://github.com/jaredhaight/PSAttack\n\n\n25. Praeda \u2013 Collects sensitive info from embedded devices\nhttps://github.com/percx/Praeda\n\n\n#HackersFactory", "creation_timestamp": "2025-06-20T22:08:37.000000Z"}