This repository contains a collection of binaries and tools that I have utilized during my OSCP (Offensive Security Certified Professional) certification and various Capture The Flag (CTF) challenges. These tools are essential for tasks such as penetration testing, privilege escalation, exploitation, and post-exploitation.
- The links to the tools are not updated.
Clone the repository:
git clone --recurse-submodules https://github.com/hardsoftsecurity/Offensive-Security-Tools.git
| Name | Description | GitHub Link |
|---|---|---|
| checkDisabledFunc.php | A PHP script to check for disabled functions in PHP environments | checkDisabledFunc.php |
| uncommonWinPorts.ps1 | A script to identify uncommon open ports on Windows | uncommonWinPorts.ps1 |
| Name | Description | GitHub Link |
|---|---|---|
| dirsearch | A simple command line tool designed to brute force directories and files in web servers | dirsearch |
| linpeas.sh | A script that searches for possible paths to escalate privileges on Linux/Unix systems | linpeas |
| nmap.exe | A network scanning tool for discovering hosts and services on a computer network | nmap |
| nmap.zip | A network scanning tool for discovering hosts and services on a computer network | nmap |
| nmap_linux | A network scanning tool for discovering hosts and services on a computer network | nmap |
| pspy64 | A tool to monitor Linux processes without root permissions | pspy |
| winPEAS.bat | A batch script to check for common misconfigurations and vulnerabilities for Windows privilege escalation | winPEAS |
| winPEASx64.exe | The 64-bit version of winPEAS for Windows privilege escalation | winPEAS |
| Name | Description | GitHub Link |
|---|---|---|
| directoryLists | A collection of directory listings used for web application fuzzing | directoryLists |
| gdb_commands | A collection of GDB commands and scripts for debugging | gdb_commands |
| git-dumper | A tool to dump a git repository from a website | git-dumper |
| ntlm_theft | Tools for capturing NTLM hashes | ntlm_theft |
| passwordList | A collection of commonly used passwords for brute-force attacks | passwordList |
| Name | Description | GitHub Link |
|---|---|---|
| chisel | A fast TCP tunnel, transported over HTTP, secured via SSH | chisel |
| ligolo-agent | Ligolo is a simple, lightweight, and fast reverse-tunneling tool optimized for penetration testers | ligolo |
| ligolo-agent.exe | Windows version of the Ligolo agent | ligolo |
| ligolo-proxy | Proxy component for Ligolo reverse tunneling | ligolo |
| plink.exe | PuTTY Link: a command-line connection tool similar to SSH | plink |
| socat | A relay for bidirectional data transfer between two independent data channels | socat |
| socat.zip | A relay for bidirectional data transfer between two independent data channels | socat |
| Name | Description | GitHub Link |
|---|---|---|
| DecryptAutoLogon.exe | Tool used to decrypt saved credentials for auto logon | DecryptAutoLogon |
| Invoke-Mimikatz.ps1 | A PowerShell script to run the famous Mimikatz tool for credential dumping | Mimikatz |
| PowerUp.ps1 | A PowerShell script for privilege escalation on Windows machines | PowerUp |
| PrivescCheck.ps1 | A PowerShell script to enumerate possible paths to escalate privileges on a Windows machine | PrivescCheck |
| Rubeus.exe | A tool for Kerberos abuse, including ticket requests and renewals | Rubeus |
| RunasCs.exe | A tool for executing commands with different user privileges | RunasCs |
| RunasCs.zip | A tool for executing commands with different user privileges | RunasCs |
| RunasCs_net2.exe | Another variant of RunasCs for specific .NET environments | RunasCs |
| Seatbelt.exe | A C# project that performs a number of security-related checks on a Windows system | Seatbelt |
| SharpHound.exe | A tool for gathering Active Directory information for BloodHound | SharpHound |
| SharpHound.ps1 | A PowerShell script for gathering Active Directory information for BloodHound | SharpHound |
| mimikatz.exe | A tool for dumping credentials from Windows systems | Mimikatz |
| mimikatz64.exe | The 64-bit version of Mimikatz | Mimikatz |
| mimikatz_trunk | The development branch of Mimikatz with the latest features | Mimikatz |
| mimikatz_trunk.zip | The development branch of Mimikatz with the latest features | Mimikatz |
| pypykatz | A Python implementation of Mimikatz to extract credentials from memory dumps | pypykatz |
| unix-privesc-check | A script to check for common misconfigurations and vulnerabilities for Unix privilege escalation | unix-privesc-check |
| Name | Description | GitHub Link |
|---|---|---|
| PowerShellGenerators | A collection of PowerShell scripts for various offensive tasks | PowerShellGenerators |
| nc | Netcat, a versatile networking tool | nc |
| nc.exe | The Windows version of Netcat | nc |
| nc64.exe | The 64-bit version of Netcat for Windows | nc |
| pentestmonkey | A collection of pentesting scripts | pentestmonkey |
| powercat.ps1 | A PowerShell TCP/IP Swiss army knife, a tool for network interactions | powercat |
| Name | Description | GitHub Link |
|---|---|---|
| GodPotato-NET4.exe | A privilege escalation tool exploiting COM services | GodPotato |
| JuicyPotato.exe | A privilege escalation tool for Windows exploiting the token duplication vulnerability | JuicyPotato |
| JuicyPotatoNG.exe | An updated version of JuicyPotato for Windows privilege escalation | JuicyPotatoNG |
| JuicyPotatoNG.zip | An updated version of JuicyPotato for Windows privilege escalation | JuicyPotatoNG |
| PrintSpoofer64.exe | A tool for privilege escalation using the Print Spooler service | PrintSpoofer |
| SharpEfsPotato.exe | A tool for exploiting Windows EFS to gain privileges | SharpEfsPotato |
| SweetPotato.exe | Another privilege escalation tool similar to JuicyPotato | SweetPotato |
| Name | Description | GitHub Link |
|---|---|---|
| CrackMapExec | A Swiss army knife for pentesting Windows/Active Directory environments | CrackMapExec |
| evil-winrm | The ultimate WinRM shell for hacking/pentesting | evil-winrm |
| impacket | A collection of Python classes for working with network protocols | impacket |
| joomscan | A vulnerability scanner for Joomla CMS | joomscan |
| kerbrute_linux_amd64 | A tool to quickly brute force and enumerate valid Active Directory accounts | kerbrute |
| kr | A tool to quickly brute force and enumerate valid Active Directory accounts | kerbrute |
| powerview.ps1 | A PowerShell tool to gain network situational awareness on Windows domains | PowerView |
To use any of these tools, simply navigate to the appropriate directory and execute the binary or script. Ensure that you have the necessary permissions and environment set up for each tool to function correctly.
This configuration was inspired by various tools and configurations available online. Special thanks to the offensive security community for their contributions and shared knowledge.
Feel free to contribute to this repository by opening issues or submitting pull requests with improvements and suggestions.