port254

OSEP/OSCP Toolkit

A comprehensive collection of security tools used throughout my Offensive Security certification journey. These tools have been instrumental in mastering penetration testing techniques, Active Directory exploitation, and post-exploitation methodologies.

Attribution Notice All tools listed here are credited to their original authors. This is a curated list of tools I've used and learned from during my OSEP and OSCP certifications. I claim no ownership - all credit goes to the talented security researchers and developers who created these tools.
91
Total Tools
12
Categories
2
Certifications
Enumeration & Reconnaissance 4
Core Security Frameworks 6
Active Directory Exploitation 13
Post-Exploitation & Lateral Movement 10
Windows Privilege Escalation 10
Networking & Command and Control 8
Password & Credential Attacks 4
Database Exploitation 4
Kernel & System Exploits 4
CVE Exploits & Research 13
Offensive Development & Evasion 6
Utilities & Misc Tools 7

Enumeration & Reconnaissance

4 tools in this category

BloodHound.py
by dirkjanm
Python-based ingestor for BloodHound, used to collect Active Directory data for attack path analysis
Original My Fork
SecLists
by danielmiessler
Comprehensive collection of wordlists for security testing including passwords, usernames, URLs, and fuzzing payloads
Original My Fork
nmapAutomator
by 21y4d
Shell script that automates Nmap scanning with different scan types and outputs organized results
Original My Fork
ADModule
by samratashok
PowerShell module for Active Directory enumeration without RSAT installed
Original My Fork

Core Security Frameworks

6 tools in this category

BloodHound
by BloodHoundAD
Six Degrees of Domain Admin - graphical Active Directory attack path analysis and relationship mapping tool
Original My Fork
PEASS-ng
by carlospolop
Privilege Escalation Awesome Scripts Suite - automated privilege escalation discovery for Windows and Linux
Original My Fork
mimikatz
by gentilkiwi
Tool for extracting plaintext passwords, hashes, and Kerberos tickets from Windows memory
Original My Fork
mimikatz
by ParrotSec
Parrot Security Team's fork of mimikatz with additional features and updates
Original My Fork
metasploit-framework
by rapid7
World's most used penetration testing framework with thousands of exploits and auxiliary modules
Original My Fork
exploitdb-bin-sploits
by offensive-security
Binary exploits database from Exploit-DB for local and remote exploitation
Original My Fork

Active Directory Exploitation

13 tools in this category

bloodyAD
by CravateRouge
Active Directory privilege escalation framework for authenticated users
Original My Fork
krbrelayx
by dirkjanm
Toolkit for Kerberos relay attacks and unconstrained delegation abuse
Original My Fork
adconnectdump
by fox-it
Dump Azure AD Connect credentials for secret synchronization
Original My Fork
Rubeus
by GhostPack
C# toolset for raw Kerberos interaction and abuse including ticket manipulation
Original My Fork
Rubeus
by Zer1t0
Enhanced fork of Rubeus with additional Kerberos attack capabilities
Original My Fork
kerbrute
by ropnop
Tool to perform Kerberos pre-auth bruteforcing and user enumeration
Original My Fork
kerbrute
by TarlogicSecurity
Python tool for Kerberos username enumeration and password spraying
Original My Fork
tickey
by TarlogicSecurity
Tool to extract Kerberos tickets from Linux kernel keys
Original My Fork
RubeusToCcache
by SolomonSklash
Convert Rubeus Kerberos tickets to ccache format for use with Impacket
Original My Fork
ticket_converter
by Zer1t0
Convert between different Kerberos ticket formats (kirbi, ccache)
Original My Fork
lsassy
by login-securite
Python library to remotely extract credentials from LSASS memory
Original My Fork
gMSADumper
by micahvandeusen
Dump and decrypt passwords for Group Managed Service Accounts
Original My Fork
AdSyncDecrypt
by VbScrub
Decrypt Azure AD Connect synchronization account password
Original My Fork

Post-Exploitation & Lateral Movement

10 tools in this category

Empire
by EmpireProject
PowerShell and Python post-exploitation agent framework with extensive module library
Original My Fork
PowerSploit
by PowerShellMafia
Collection of PowerShell scripts for post-exploitation including privilege escalation and persistence
Original My Fork
PowerSharpPack
by S3cur3Th1sSh1t
Offensive C# tools compiled and packaged for easy deployment
Original My Fork
PSBits
by gtworek
Collection of PowerShell scripts for security research and post-exploitation
Original My Fork
RottenPotato
by foxglovesec
Windows privilege escalation via token manipulation and NTLM relay
Original My Fork
Tater
by Kevin-Robertson
PowerShell implementation of Hot Potato privilege escalation
Original My Fork
Churrasco
by Re4son
Windows privilege escalation exploit for token kidnapping
Original My Fork
donut
by TheWover
Generate position-independent shellcode from .NET assemblies for in-memory execution
Original My Fork
sharpshooter
by mdsecactivebreach
Payload creation framework for retrieval and execution of arbitrary CSharp source code
Original My Fork
SharpFinder
by s0lst1c3
C# tool for domain subdomain enumeration and discovery
Original My Fork

Windows Privilege Escalation

10 tools in this category

SeBackupPrivilege
by giuliano108
Abuse SeBackupPrivilege to copy sensitive files like NTDS.dit and SAM
Original My Fork
PrintSpoofer
by itm4n
Abuse the Print Spooler service to escalate privileges on Windows
Original My Fork
SpoolSample
by leechristensen
PoC to coerce Windows hosts to authenticate to arbitrary servers using Print Spooler
Original My Fork
GMSAPasswordReader
by rvazarkar
Read Group Managed Service Account passwords from Active Directory
Original My Fork
SharpLAPS
by swisskyrepo
Retrieve LAPS passwords from Active Directory using C#
Original My Fork
StandIn
by FuzzySecurity
Toolset for Active Directory post-compromise operations and privilege escalation
Original My Fork
SharpView
by tevora-threat
C# port of PowerView for Active Directory enumeration
Original My Fork
SharpRDP
by 0xthirteen
Remote Desktop Protocol console application for command execution
Original My Fork
SharpNoPSExec
by juliourena
Execute commands on remote Windows systems without using PSExec
Original My Fork
Windows-Exploit-Suggester
by GDSSecurity
Compare target patch levels against Microsoft vulnerability database
Original My Fork

Networking & Command and Control

8 tools in this category

evil-winrm
by Hackplayers
Ultimate WinRM shell for hacking and pentesting with upload/download capabilities
Original My Fork
Responder
by SpiderLabs
LLMNR, NBT-NS and MDNS poisoner for credential theft on local networks
Original My Fork
caldera
by mitre
Automated adversary emulation platform for testing security controls
Original My Fork
SirepRAT
by SafeBreach-Labs
Remote command execution tool for Windows IoT Core devices
Original My Fork
impacket
by fortra
Collection of Python classes for working with network protocols (SMB, MSRPC, Kerberos)
Original My Fork
impacket
by SecureAuthCorp
Original Impacket library for network protocol manipulation
Original My Fork
impacket
by ShutdownRepo
Enhanced fork with additional tools and improvements
Original My Fork
impacket
by ThePorgs
Community fork with bleeding edge features
Original My Fork

Password & Credential Attacks

4 tools in this category

JohnTheRipper
by magnumripper
Fast password cracker supporting hundreds of hash and cipher types
Original My Fork
thc-hydra
by vanhauser-thc
Fast network authentication cracker supporting many protocols
Original My Fork
vncpwd
by jeroennijhof
Decrypt VNC encrypted passwords from registry or files
Original My Fork
firepwd
by lclevy
Python tool to decrypt Mozilla Firefox saved passwords
Original My Fork

Database Exploitation

4 tools in this category

odat
by quentinhardy
Oracle Database Attacking Tool for testing security of Oracle databases
Original My Fork
MSSQL-Attacker
by RikunjSindhwad
Tool for testing and exploiting Microsoft SQL Server instances
Original My Fork
SQLServerEx
by cepxeo
SQL Server privilege escalation and post-exploitation toolkit
Original My Fork
smbmap
by ShawnDEvans
Enumerate SMB shares and permissions across domain
Original My Fork

Kernel & System Exploits

4 tools in this category

kernel-exploits
by lucyoa
Curated collection of Linux kernel exploits for various CVEs
Original My Fork
windows-kernel-exploits
by SecWiki
Comprehensive collection of Windows kernel exploits
Original My Fork
CVE-2022-0847-dirty-pipe-checker
by basharkey
Check if Linux system is vulnerable to Dirty Pipe
Original My Fork
CVE-2022-0847-DirtyPipe-Exploits
by AlexisAhmed
Dirty Pipe exploitation for privilege escalation on Linux
Original My Fork

CVE Exploits & Research

13 tools in this category

dnSpy
by 0xd4d
.NET debugger and assembly editor for reverse engineering .NET applications
Original My Fork
AutoBlue-MS17-010
by 3ndG4me
Automated EternalBlue (MS17-010) exploitation against Windows SMB
Original My Fork
shells
by 4ndr34z
Collection of reverse shell one-liners for multiple languages and platforms
Original My Fork
NVMS1000-Exploit
by AleDiBen
Buffer overflow exploit for NVMS-1000 network video monitoring
Original My Fork
CVE-2021-1675
by cube0x0
PrintNightmare LPE and RCE exploit for Windows Print Spooler
Original My Fork
explodingcan
by danigargu
Linux kernel exploit for CVE-2017-6074 DCCP double-free
Original My Fork
CVE-2015-6967
by dix0nym
Privilege escalation vulnerability in Unmanic on Linux
Original My Fork
CVE-2015-1701
by hfiref0x
Windows kernel privilege escalation exploit
Original My Fork
CVE-2021-22205
by inspiringz
GitLab unauthenticated remote code execution exploit
Original My Fork
Sudo-1.8.31-Root-Exploit
by mohinparamasivam
Heap-based buffer overflow in sudo for privilege escalation
Original My Fork
Umbraco-RCE
by noraj
Remote code execution exploit for Umbraco CMS
Original My Fork
chakra-2016-11
by theori-io
Proof of concept exploit for Microsoft Edge Chakra engine
Original My Fork
NSClient-0.5.2.35---Privilege-Escalation
by xtizi
Privilege escalation exploit for NSClient++ monitoring software
Original My Fork

Offensive Development & Evasion

6 tools in this category

BadAssMacros
by Inf0secRabbit
Collection of malicious Office macros for initial access
Original My Fork
EvilClippy
by outflanknl
Cross-platform assistant for creating malicious MS Office documents
Original My Fork
DotNetToJScript
by tyranid
Tool to create JScript files from .NET assemblies for script-based attacks
Original My Fork
bypass-clm
by calebstewart
Techniques and tools to bypass PowerShell Constrained Language Mode
Original My Fork
OSEP-Code-Snippets
by chvancooten
Code snippets and tools from OSEP certification preparation
Original My Fork
RDPThiefInject
by S3cur3Th1sSh1t
Extract credentials from RDP sessions via DLL injection
Original My Fork

Utilities & Misc Tools

7 tools in this category

XenSpawn
by X0RW3LL
Generate custom payloads and shells for penetration testing
Original My Fork
PrecompiledBinaries
by jtmpu
Collection of precompiled Windows exploitation tools and binaries
Original My Fork
nc.exe
by int0x33
Netcat for Windows - Swiss army knife of networking
Original My Fork
php-reverse-shell
by pentestmonkey
PHP reverse shell for web application exploitation
Original My Fork
Toolies
by expl0itabl3
Curated collection of pentesting tools and resources
Original My Fork
pentesting
by MrW0l05zyn
Penetration testing resources and cheat sheets
Original My Fork
public
by tinysec
Public security tools and research
Original My Fork