Sticky-Keys-Slayer
Establishes a Remote Desktop session (RDP) with the specified hosts and sends key presses to launch the accessibility tools within the Windows Login screen. Analyzes the console and alerts if a command prompt window opens up. Screenshots are saved in a folder ('./rdp-screenshots' by default) and screenshots with a cmd.exe window are saved in a subfolder ('./rdp-screenshots/discovered' by default). Accepts a single host or a list of hosts, delimited by line and works with multiple hosts in parallel. Incorporates code from Zach Grace's sticky_keys_hunter DEFCON24 Presentation Slides.
FEATURES
ALTERNATIVES
A tool for performing hash length extension attacks against multiple hashing algorithms.
Boofuzz is a network protocol fuzzing tool that aims to fuzz everything
Collection of Windows oneliners for executing arbitrary code and downloading remote payloads.
A tool for detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
An open source network penetration testing framework with automatic recon and scanning capabilities.
A COM Command & Control framework using JScript for stealthy and flexible command and control capabilities on Windows systems.
PINNED
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
OSINTLeak
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.