Beau Bullock's Projects
A collection of documented and undocumented AWS API models
Fetch all public IP addresses tied to your AWS account. Works with IPv4/IPv6, Classic/VPC networking, and across all AWS services
A basic PHP redirection site that captures request headers
Official Black Hat Arsenal Security Tools Repository
A curated list of blockchain security incidents including exchange hacks, DeFi compromises, blockchain attacks, and others.
Custom Query list for the Bloodhound GUI based off my cheatsheet
Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrator. It's useful if you obtain a password hash for a user and want to see where they are local admin on a network. It is essentially a Frankenstein of two of my favorite tools along with some of my own code. It utilizes Kevin Robertson's (@kevin_robertson) Invoke-TheHash project for the credential checking portion. Additionally, the script utilizes modules from PowerView by Will Schroeder (@harmj0y) and Matt Graeber (@mattifestation) to enumerate domain computers to find targets for testing admin access against.
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
Covenant is a collaborative .NET C2 framework for red teamers.
About Me
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
This module mangles two lists of names together to generate a list of potential email addresses or usernames. It can also be used to simply combine a list of full names in the format (firstname lastname) into either email addresses or usernames.
Empire is a PowerShell and Python post-exploitation agent.
A script for tracking and decoding input data messages sent to and from a particular Ethereum address or from every transaction in a block.
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
Scan git repos for secrets using regex and entropy 🔑
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.
Resolves an IP address to the cloud provider it is hosted on
Repo for hosting various scripts for creating users for password spraying and other password attacks.
Enumerate Microsoft 365 Groups in a tenant with their metadata
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
A tool for checking if MFA is enabled on multiple Microsoft Services