NetSPI Open Source tools
The NetSPI Agents, our security experts, dedicate time and resources to develop open-source tool sets that strengthen the infosec community. Want to see more of our open source projects?
Explore tools created by The NetSPI Agents
PowerUpSQL
PowerUpSQL supports SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale for internal penetration testing and red team engagements.
MicroBurst
MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping.
PowerHunt
PowerHunt is a modular threat hunting framework written in PowerShell that leverages PowerShell remoting for data collection at scale. Identify signs of compromise based on artifacts left behind by common MITRE ATT&CK techniques.
PowerHuntShares
PowerHuntShares is used to inventory, analyze, and report SMB shares configured with excessive permissions on computers in Active Directory environments. Gain a better understanding of your SMB share attack surface, how to exploit it, and how to group results to streamline remediation.
Inveigh
Inveigh is a PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.
Inveigh Zero
InveighZero is a C# LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.
NetSPI SQL Injection Wiki
Our wiki is a comprehensive knowledge base for SQL injection. You’ll find resources on identifying, exploiting, and escalating SQL injection vulnerabilities across database management systems.
PESecurity
PESECURITY is a PowerShell script that displays whether images (DLLs and EXEs) are compiled with ASLR, DEP, and SafeSEH.
Evil SQL Client
Evil SQL Client (ESC) is an interactive .NET SQL console client that supports enhanced SQL Server discovery, access, and data exfiltration capabilities. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.
Burp Extractor
Burp Extractor is a one-size-fits-all tool that uses regex for extracting data from HTTP responses – such as CSRF tokens, Auth Bearer tokens, timestamps, etc. – to be reused in HTTP requests sent through Burp.
JSON Beautifier
JSON Beautifier is a Burp Extension for beautifying JSON output, so it is easier to view and modify unparsed JSON strings.
BurpSuite: AWSSigner
AWSSigner looks for the “X-AMZ-Date” header in Burp requests. If it finds a request, it will update the signature in the request with your access key, secret key region and service.
BurpSuite: WSDLR
This extension takes a WSDL request, parses out the operations that are associated with the targeted web service, and generates SOAP requests that can then be sent to the SOAP endpoints.
Tokenvator
Tokenvator is a .NET tool used to elevate permissions on Windows. It works by impersonating or altering authentication tokens.
WheresMyImplant: A C# Bring-Your-Own-Land toolkit
WheresMyImplant is tool to gain and maintain access to a target system. It can also be installed as WMI provider for covert long-term persistence.
SQLC2
SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent.
goddi (Go Dump Domain Info)
GODDI dumps Active Directory domain users, groups, domain controllers, and related information into CSV output, in just a matter of seconds. It runs on both Windows and Linux.
Java Serial Killer
Burp extension to perform Java Deserialization Attacks using the ysoserial payload generator tool.
WebLogic Password Decryptor
WebLogic Password Decryptor is a PowerShell and Java tool to decrypt WebLogic passwords and gain access to other systems and Oracle databases.
Invoke-ExternalDomainBruteForce
Invoke-ExternalDomainBruteForce is a bruteforce tool for automated password-guessing on managed and federated domains.
Get-AdDecodedPassword
Get-AdDecodedPassword uses the Active Directory PowerShell Module to query Active Directory and decode UnixUserPassword, UserPassword, unicodePwd, or msSFU30Password fields.
GET-MSSQLALLCredentials
GET-MSSQLALLCredentials is a PowerShell tool to identify all MSSQL instances on a server, determine the encryption algorithm and automate credential password decryption.
DAFT: Database Audit Framework & Toolkit
DAFT is a MSSQL database auditing and assessment tool written in C# that can identify non-default databases and database tables, search for sensitive data by keyword and execute SQL commands.
PowerSkype
PowerSkype is a PowerShell tool to attack federated Skype for Business instances that allows you to validate email addresses, get Skype availability, send phishing messages and more.
Invoke-TheHash
Invoke-TheHash is a PowerShell to pass the hash WMI and SMB tasks. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol.
Powermad
Powermad is a collection of PowerShell MachineAccountQuota and DNS exploit tools to launch man-in-the-middle attacks.