Christopher Maddalena

Automated network asset, email, and social media profile discovery and cataloguing.

A Python script to collect campaign data from Gophish and generate a report

Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute.

A companion tool for BloodHound offering Active Directory statistics and number crunching

A Python tool for ingesting HTML and producing HTML source suitable for phishing campaigns.

A repo for holding cheat sheets for myself that cover various penetration testing tools and commands.

A collection of useful scripts

An MSF plugin to send notifications to Slack when shells are created or killed

A simple script that edits the XML of a macro-enabled Word document (.docm or Word 97 document) to add a reference to a remote stylesheet.

No description.

Practice exploit development and misc things

subTee gists code backups

A PowerShell script for helping to find vulnerable settings in AD Group Policy.

Python tool to aid in the collection of OSINT data

Tool to audit and attack LAPS environments

The SpecterOps project management and reporting engine

Arduino-controlled work from home status board based on the Adafruit Huzzah

Tool for checking a list of domains for the purpose of gathering emails and social media handles and checking for potential issues

For use with Kali Linux - custom bash scripts used to automate various portions of a pentest.

Bloodhound Attack Path Automation in CobaltStrike

My personal scripts for generating labs using AutomatedLab

A semi-interactive PHP shell compressed into a single file.

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

Some fun Rubber Ducky scripts

Python script for managing and recording data with a Raspberry PI Sense HAT

cute banner that reminds you that a meeting is upcoming.

Public source of the Dreadnode capabilities in app.dreadnode.io — agents, tools, skills, MCP servers, and workers.

Grimmory is the successor of booklore.

No description.

My clone repository

Six Degrees of Domain Admin

No description.

No description.

Six Degrees of Domain Admin

3D design files to accompany the Printing Props book

Rust port of Yjs

Convert Cobalt Strike profiles to modrewrite scripts

No description.

Golang CLI binaries to replace the bash scripts controlling Mythic

🔐 API key permissions for Django REST Framework

:sparkles: Build a beautiful and simple website in literally minutes. Demo at http://deanattali.com/beautiful-jekyll

Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. The security community recognizes Kali Linux as the go-to penetration testing platform for those that prefer Linux. Commando VM is for penetration testers that prefer Windows. We know that building a Windows penetration testing environment can be tedious - we aim to streamline and simplify this process. Commando VM includes over 140 tools.

A guided introduction to Github Actions

A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.

SpecterOps Presentations

Mass target enumeration

HTTP(s) Screenshots for Pen Testers Who Value Their Time

python reverse dns script

Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

Scan for open S3 buckets and dump

Security Tool to Look For Interesting Files in S3 Buckets

New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.

The state of the art network attack and monitoring framework.

A list of Domain Frontable Domains by CDN

No description.

Copy of Subtee's Repository That's Taken Down

Search for potential frontable domains

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Some useful scripts for CobaltStrike

windows-operating-system-archaeology @Enigma0x3 @subTee

Koadic C3 COM Command & Control - JScript RAT

Payloads for the Hak5 Bash Bunny

No description.

Check.py - An extended ip / domain lookup tool

No description.

Metasploit Framework

SSH server auditing (banner, key exchange, encryption, mac, compression, compatbility, etc)

A Burp Suite content discovery plugin that add the smart into the Buster!

Small scripts for doing repeatable tasks

Duct Tape Command and Control!

E-mail, subdomain and people names harvester

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

CodeMash 2016 Presentation - "What to Expect from a Penetration Test"