My Github: https://github.com/ChrisTruncer
WMImplant
- A tool which allows people to operate on Device Guard protected systems. It is designed to be similar to Meterpreter in appearance and functionality.
- Github: https://github.com/ChrisTruncer/WMImplant
The Veil Framework:
- Originally an Antivirus Evasion tool, now a framework which aims to bridge the gap between pen test and red team toolsets.
- Site: https://www.veil-framework.com
- Github: https://github.com/Veil-Framework
EyeWitness:
- A tool which quickly screenshots web applications, captures server header information, attempts to identify default credentials, and generates a report.
- Blog Post: https://www.christophertruncer.com/eyewitness-2-0-release-and-user-guide/
- Github: https://github.com/ChrisTruncer/EyeWitness
Egress-Assess:
- Egress-Assess generates fake credit card or social security numbers, and attempts to exfiltrate them out of a network via multiple protocols.
- Blog Post: https://www.christophertruncer.com/egress-assess-testing-egress-data-detection-capabilities/
- Blog Post: https://www.christophertruncer.com/egress-assess-action-via-powershell/
- Github: https://github.com/ChrisTruncer/Egress-Assess
Just-Metadata
- Just-Metadata is a tool which gathers information about IP addresses from a variety of sources across the Internet, and attempts to identify meaningful relationships between IPs within a large data set.
- Use Case: Attempt to identify a potential relationship between a large number of systems that are trying to brute force into your mail system.
- Blog Post: https://www.christophertruncer.com/just-metadata-intel-gathering-and-analysis-of-ip-metadata/
- Github: https://github.com/ChrisTruncer/Just-Metadata
WMIOps
- A powershell script that allows you to utilize WMI across a network to carry out a variety of different actions, nearly all completely over WMI.
- Blog Post: https://www.christophertruncer.com/introducing-wmi-ops/
- GitHub: https://github.com/ChrisTruncer/WMIOps
Hasher:
- A tool which generates hashes, or performs a comparison of a hash and a plaintext string to verify a match.
- Blog Post: https://www.christophertruncer.com/introduction-hasher/
- Github: https://github.com/ChrisTruncer/Hasher
Random Miscellaneous Scripts:
- ColdWar: Script converts an windows executable into a .war file – https://github.com/ChrisTruncer/PenTestScripts/blob/master/ColdWar.py
- DNSInject: Python script which performs a DNS injection/modification attack. Used when Nessus Plugin 35372 pops – https://github.com/ChrisTruncer/PenTestScripts/blob/master/DNSInject.py
- ShodanSearch: Python script that searches Shodan for IPs, services, etc. – https://github.com/ChrisTruncer/PenTestScripts/blob/master/ShodanSearch.py
- WebTrace: A Ruby script that acts like a traceroute, but looks for web redirects. Currently traces 302 codes. – https://github.com/ChrisTruncer/PenTestScripts/blob/master/WebTrace.rb