Security Tools
Open-source security tools and utilities developed by our team to help security professionals and developers.
MSSqlPwner
Penetration Testing
Penetration testing tool for compromising Microsoft SQL Server environments. Enables privilege escalation through xp_cmdshell abuse, lateral movement via linked servers, credential harvesting through NTLM relay attacks, and post-exploitation through custom assemblies and command execution.
Features:
- Automated SQL Server enumeration and discovery
- Privilege escalation through xp_cmdshell and sp_oacreate
- Linked server exploitation and lateral movement
- CLR assembly injection for code execution
- Credential extraction and hash dumping
- Advanced SQL injection exploitation
DVS
Penetration Testing
Penetration testing module for exploiting DCOM vulnerabilities during red team operations. Facilitates lateral movement through vulnerable DCOM objects, remote code execution while evading detection, privilege escalation via permission manipulation, and post-exploitation persistence.
Features:
- DCOM vulnerability exploitation for lateral movement
- Remote code execution through vulnerable COM objects
- Evasion techniques to bypass security monitoring
- Privilege escalation via DCOM permission manipulation
- Persistence mechanisms for post-exploitation
- Automated discovery of vulnerable DCOM endpoints
Invoke-Unconstrained
Penetration Testing
Penetration testing tool for exploiting unconstrained delegation vulnerabilities in Active Directory. Automates domain compromise through delegation abuse, enables privilege escalation to domain admin, facilitates credential harvesting via Kerberos ticket manipulation, and supports covert operations from non-domain systems.
Features:
- Automatic detection of unconstrained delegation
- Kerberos ticket extraction and manipulation
- Domain controller impersonation attacks
- Cross-forest trust exploitation
- Golden and silver ticket generation
- Automated privilege escalation paths
Need Custom Tools?
We can develop custom security tools tailored to your specific needs and integrate them with your existing security infrastructure.