SMB and LDAP Protocol Scanners

SecLists is a centralized library of security assessment data designed to support vulnerability discovery and penetration testing. It functions as a comprehensive repository of wordlists, payloads, and testing methodologies used to audit software, firmware, and internet-connected hardware for technical vulnerabilities. The project distinguishes itself through a standardized taxonomy and a language-agnostic data format, which allows security tools to predictably ingest and utilize its assets regardless of the underlying programming environment. By decoupling raw testing data from execution logic, the repository ensures that its collections of usernames, passwords, and injection patterns remain portable and compatible with a wide range of custom auditing frameworks and automated security tools. The collection covers a broad spectrum of security testing domains, including brute-force credential testing, web application fuzzing, and automated vulnerability scanning. It also provides structured guidance for firmware analysis and internet-connected device hardening, enabling researchers to apply consistent methodologies when identifying insecure configurations or potential system flaws. The repository is organized as a collection of flat-file assets within a hierarchical directory structure, facilitating integration into automated security workflows.

LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, providing a reference for security research and threat detection engineering. The project covers a wide range of operational capabilities, including code execution via signed proxies, credential theft and exfiltration, and defense evasion through the use of alternate data streams. It also encompasses tools for file management, network communication, and the creation of detection signatures to identify abnormal execution patterns of trusted binaries. The binary data is available for export in JSON, CSV, and YAML formats to facilitate integration with external security tools.

Web-check is a self-hosted diagnostic platform designed to perform comprehensive technical reconnaissance and security audits on web domains. It functions as a network scanner that inspects infrastructure by querying IP addresses, DNS records, SSL certificate chains, and server headers to identify potential misconfigurations or vulnerabilities. The platform is built to run within private infrastructure, ensuring that site investigations remain independent of external tracking or third-party data logging. By utilizing server-side request proxying, the tool bypasses client-side security restrictions to conduct direct network-level inspections. It further enhances its diagnostic capabilities by orchestrating concurrent requests to various third-party services, aggregating metadata into structured intelligence through a modular pipeline. The application is packaged as a containerized service, allowing for consistent deployment across cloud environments or local servers. Users can configure the platform’s behavior and service rate limits through environment variables, enabling the activation of specific analysis checks based on individual requirements. The software supports multiple installation methods, including one-click cloud deployments, container-based execution, and manual builds from source code.

BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hijacking and a system for simulating phishing campaigns to track user interactions. The platform covers a broad set of offensive security capabilities, including credential harvesting from memory and local stores, Kerberos and PKI manipulation, and infrastructure enumeration targeting system management tools. It also provides tools for remote command execution, lateral movement through authentication coercion, and the discovery of privilege escalation vectors across host configurations. The system is deployed as a multi-tier container architecture and can be installed and configured via a command-line utility.

This project is a command-line tool that automates the entire lifecycle of security certificates using standard domain validation protocols. It functions as a background service to manage the issuance, renewal, and installation of certificates, ensuring that encrypted web traffic remains active without requiring manual intervention. The tool distinguishes itself through extensive support for automated domain ownership verification, including the ability to issue wildcard certificates by programmatically interacting with external domain name system providers. It provides flexible validation options, such as using a temporary, ephemeral web server to handle challenges in isolated environments, which allows for certificate generation without needing an existing web server or active website. Beyond issuance, the system includes robust deployment capabilities that integrate directly with server environments. Through customizable hooks, it can automatically update server configuration files and reload services to apply new cryptographic assets immediately upon renewal. The software is built as a modular collection of POSIX-compliant scripts that leverage standard system utilities and support various cryptographic key types to meet diverse security requirements.

BloodHound is a graph-based security analysis tool designed to map trust relationships and attack vectors within Active Directory environments. It functions as an attack path mapper and risk assessment system that uses graph theory to identify hidden relationships and paths leading to high-privilege accounts. The tool specializes in network attack surface mapping and privilege escalation pathfinding. It quantifies security risks by measuring the reliability of attack paths to critical targets, allowing for the prioritization of vulnerability elimination. The system provides capabilities for directed graph visualization and permission-based path analysis. It utilizes query-driven data extraction to pull permission sets and group memberships, storing them in a schema-mapped format to calculate the shortest routes to high-value targets.

Pi-hole is a self-hosted network utility that functions as a DNS sinkhole server to provide network-wide ad blocking. By acting as a dedicated network gateway, it intercepts and discards requests for known advertising, tracking, and malicious domains across an entire local network, preventing unwanted content from loading on any connected device. The software operates through a lightweight background daemon that handles high volumes of concurrent DNS queries with minimal resource overhead. It utilizes a host-file injection mechanism to redirect traffic toward its local filtering engine and applies regex-based pattern matching to identify and block specific domain requests. Users manage these operations and monitor network traffic statistics through a centralized, web-based configuration interface. Beyond blocking, the project provides tools for comprehensive DNS traffic management and home network security. By resolving domain names locally, it offers increased visibility into outgoing internet traffic and helps optimize network performance by preventing the download of resource-heavy tracking scripts and advertisements.

Bloodhound is an Active Directory attack path mapper and security auditor designed to visualize trust relationships and permission chains. It serves as an attack surface management tool that identifies paths to domain administrator and other high-privileged accounts. The project uses a graph database analyzer to map complex identity and access relationships. It quantifies the risk of privilege escalation by identifying misconfigured permissions and trust links within Windows domains. The system provides capabilities for Active Directory security analysis, identity and access auditing, and network attack path visualization to detect potential security vulnerabilities.

GoodbyeDPI is a censorship circumvention utility designed to bypass deep packet inspection and restrictive network filtering. It functions as a background engine that intercepts and modifies network traffic at the kernel level, allowing users to maintain connectivity in environments where specific protocols or web content are blocked. The tool employs active manipulation techniques to confuse inspection hardware, including TCP stream fragmentation, HTTP header obfuscation, and the injection of out-of-order packets. By altering packet structures and dropping specific redirection patterns, it masks browsing activity and prevents automated systems from identifying or blocking outgoing requests. The application operates as a persistent system service, ensuring that traffic filtering remains active across reboots. Users manage these operations through a command-line interface, which provides granular control over packet modification strategies, DNS redirection, and various bypass parameters.

Mitmproxy is an interactive, programmable network proxy engine designed for traffic analysis and protocol manipulation. It functions as a gateway that intercepts, inspects, and modifies network traffic in real-time, supporting HTTP, HTTPS, WebSocket, DNS, and generic TCP or UDP streams. By acting as a trusted certificate authority, the proxy can dynamically generate and sign certificates to decrypt and analyze secure TLS-encrypted connections. The project distinguishes itself through a highly extensible, event-driven architecture that allows users to automate traffic transformation using custom scripts. It provides a unified command-based interface for manual interaction, enabling users to define custom key bindings, content views, and command-line tools. The engine supports multiple operational modes, including explicit, transparent, reverse, and SOCKS proxying, as well as a userspace WireGuard VPN mode for capturing traffic without requiring client-side configuration changes. Beyond basic interception, the platform includes comprehensive tools for recording and replaying network conversations to simulate complex interactions or automate repetitive tasks. It offers advanced capabilities such as request blocking, header and body modification, and local resource mapping. The system also provides robust support for debugging and performance analysis, including integration with external tools through secret logging and structured data representation. The software is designed for rapid iteration, featuring live script reloading that updates custom logic without restarting the proxy process. It includes extensive documentation for managing certificates, configuring proxy modes, and implementing custom addons through a well-defined programmatic interface.