SensePost ORG

📱 objection - runtime mobile exploration

A runtime security testing toolkit for iOS and Android apps that works without jailbreaking your device, letting you inspect network traffic, file storage, and memory of running apps.

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

A tool to abuse Exchange services

*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM

(extensible) Data Exfiltration Toolkit (DET)

🕳 godoh - A DNS-over-HTTPS C2

Python script to inject existing Android applications with a Meterpreter payload.

SensePost's modified hostapd for wifi attacks.

Snoopy: A distributed tracking and data interception framework

Automated DLL Enumerator

DNS-Shell is an interactive Shell over DNS channel

Universal Serial aBUSe is a project to demonstrate the risks of hardware bypasses of software security by Rogan Dawes at SensePost.

Snoopy v2.0 - modular digital terrestrial tracking framework

Frack - Keep and Maintain your breach data

Create a TCP circuit through validly formed HTTP requests

A Windows Named Pipe Multi-tool / Proxy

A windows token impersonation tool

psexecsvc - a python implementation of PSExec's native service implementation

A sock, with a wire, so you can tunnel all you desire.

Auto Domain Admin and Network Exploitation.

Mallet is an intercepting proxy for arbitrary protocols

Frontpage and Sharepoint fingerprinting and attack tool.

Script for orchestrating mana rogue WiFi Access Points.

Evil client portion of EAP relay attack

Domain user enumeration tool

Drag and Drop ClickJacking PoC development assistance tool.

Nikto for Windows with some extra features.

Routopsy - Hacking Routers with Routers

Test for SSL heartbeat vulnerability (CVE-2014-0160)

d(ockerp)wn - a docker pwn tool manager

DC25 5A1F - Demystifying Windows Kernel Exploitation by Abusing GDI Objects

Crack MSCHAPv2 challenge/responses quickly using a database of NT hashes

☄️ go-out - A Golang egress buster.

Big Iron Recon & Pwnage

Wadi Fuzzing Harness

No description.

InvokeADCheck is a PowerShell module designed to evaluate the security of Active Directory environments.

No description.

A collection of Frida hooks for experimentation on Windows platforms.

Liniaal - A communication extension to Ruler

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

Windows 8.1 x64 Exploit for MS16-098 RNGOBJ_Integer_Overflow

Offensive RPC PoC

LPE / RCE Exploits for various vulnerable "Bloatware" products

Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS.

Script to perform some hashcracking logic automagically

Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.

A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions

Quick python script to automatically load NTLM hashes from Responder logs and fires up Hashcat to crack them

No description.

Docker images for learning wifi hacking

Peanuts is a free and open source wifi tracking tool. Based on the SensePosts Snoopy-NG project that is now closed.

Exchangelib wrapper for pentesting

Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi.

👊 A small utility to play with IBM MQ

Simple tool to extract the most common substrings from an input text. Built for password cracking.

A websocket proxy

The Bi-directional Link Extractor.

Memcache hacking tool.

Pseudo-shell for RCE scenarios: tunnels commands via /tmp sockets to a local daemon, keeps context, no bind or reverse shell needed.

SensePost's network footprinting and enumeration tool. You can't pwn what you don't know about.

Mainframe bruter and screen automation utility.

No description.

Left To My Own Devices - NT hash tools

A repository with toy implementations of MSCHAPv2, MPEE and WPA/2 to understand EAP better

A scanner for the FortiNet vulnerability CVE-2025-64446

No description.

Collection of information security policies.

Miscellaneous projects related to attacking Windows.

Suru is one of the original Man In The Middle (MITM) proxies that sits between the user's browser and the web application.

A steampipe plugin to query projectdiscovery.io tools.

Simple development DNS server written in python

SQL Injection without the pain of syringes.

Detect public repository dependencies in the GitHub repositories with an orphan required library.

Checks X11 and outputs a screenshot to of the display if allowed and the display is active

hostapd and wpa_supplicant 2.7 vulnerable to Mathy's WPA3 bugs

A set of local skype transforms for Maltego to utilise Skype and search the directory

visually see issues with supported cipher suites

SApCap is a SAP packet sniffer and decompression tool for analysing SAP GUI (DIAG) traffic

Tools to combine MVS data with external sources and visualise the output in Maltego.

Service desk password tools.

A while back antirez, in a post to Bugtraq, detailed a new Tcp portscan method.

Framework for Man-In-The-Middle attacks

Basic script to pull addresses from a NTP server using the monlist command.

Sniffs sensitive data from interface or pcap

Runtime analysis of windows phone 7 applications.

SAPProx is a proof of concept tool for intercepting and modifying SAP GUI (DIAG protocol) traffic.

Scan websites CSP policies and visualise their vunlnerabilities from a dashboard

HTTP Brute Forcer (Java replacement for SP's CrowBar).

Casper is a tiny system tray application that can be used to view the invisible windows on your desktop.

No description.

Our fork of the esp-link firmware with a built in VNC server for passing input events to an AVR. Part of our Universal Serial aBUSe project.

Local Transform Wrapper for Maltego

Metasploit things, modules, plugins, exploits

Solving CAPTCHA with Image Classification

Alpine hostapd-mana based RADIUS server

GUI for cleaning out evercookie persistence locations.

SensePost Unified Data API (SPUD) is a wrapper for apps requiring use of the deprecated Google API.

Google DNS name / sub domain miner.

Port scan through Glype proxies.

No description.

Android Manifest.xml tool

BiLE stands for Bi-directional Link Extraction. It is used in the footprinting process to find non-obvious relationships between different web sites.

JCertChecker is used to check HTTPS certificates.

Finder.pl remotely checks IIS Servers for most of the methods used by WebDAV.

Create an OpenAPI/Swagger spec from a WordPress REST entry point.

A few short scripts to look at the performance of various file read strategies.

Check squid logs for possible Carbanak malware.

Proxy Server network scanner and tunnelling tool.

No description.

a bring your own client programming game

Scully is a client interface to MSSQL and MySQL database servers.

Script to perform some hashcracking logic automagically

Seriously primitive portscanner using Squid proxy.

A simple way to decode a known protocol in GRC in real time.

IDS evasion for web-based exploits via encoding built into a "proxy"

Wifi Hacking Tools Collection

A collection of CTF challenges

PERL script to possibly kill firewall systems that actively block IP numbers if the system detects that the IP is scanning more than 20 ports on a network behind the firewall.

For working with IIS servers with the Unicode bug

Confirm the presence of HTTP methods per directory.

Hippy tool for interaction with "modern" databases.

A modification of the apngopt to aid in heap exploitation

Client Portion of EAP relay focused on PPP VPNs

Discord Bot used for the SenseCon 2021 Challenges: https://sensepost.com/blog/2021/sensecon-2021-wargames-edition/

Sensedecode includes 2 perl scripts which exploit the IIS url decoding bug.

A PHP, Arbitrary Object Instantiation Lab

A set of simple WebAssembly demos

Deprecated BroadView API Client - see https://bitbucket.org/checksec/bvapi

memunpin

Polyglot Collection Website

A toy, C# Cobalt Strike Beacon TCP to Named Pipe Frame Proxy

https://sensepost.com/blog/2020/szensecon-discord-bot/