https://zyn3rgy.io/tools/Recent content in Tools on zyn3rgy.ioHugoen-USTue, 04 Nov 2025 00:00:00 +0000https://zyn3rgy.io/tools/ldaprelayscan/Sun, 16 Jan 2022 00:00:00 +0000https://zyn3rgy.io/tools/ldaprelayscan/<p>Checks whether Domain Controllers enforce LDAP channel binding and LDAP server signing requirements — two key protections against NTLM relay attacks targeting LDAP/S. LDAPS channel binding can be checked unauthenticated; LDAP signing checks require valid domain credentials. Supports Docker deployment and SOCKS proxy for use through C2.</p>https://zyn3rgy.io/tools/smbtakeover/Thu, 01 Aug 2024 00:00:00 +0000https://zyn3rgy.io/tools/smbtakeover/<p>Unbinds and rebinds 445/tcp on Windows without loading a driver, injecting a module into LSASS, or rebooting the host — easing SMB-based NTLM relay operations over C2. Available as both a Python implementation and a Beacon Object File (BOF), using RPC over TCP to interact with the Server Service.</p>https://zyn3rgy.io/tools/relayinformer/Tue, 04 Nov 2025 00:00:00 +0000https://zyn3rgy.io/tools/relayinformer/<p>Determines Extended Protection for Authentication (EPA) enforcement levels of popular NTLM relay targets from an offensive perspective. Helps inform relay setup by identifying services where EPA could block relay attacks. Available as both Python and BOF implementations.</p>https://zyn3rgy.io/tools/clickoncehunter/Fri, 14 Oct 2022 00:00:00 +0000https://zyn3rgy.io/tools/clickoncehunter/<p>A web scraper that uses chromedp and HTTP requests to find published ClickOnce applications via Google and Swisscows search engines. Supports AWS API Gateway IP rotation to avoid rate limiting and HTTP proxy for routing traffic.</p>https://zyn3rgy.io/tools/ecp-slap/Fri, 23 Oct 2020 00:00:00 +0000https://zyn3rgy.io/tools/ecp-slap/<p>Scans and exploits CVE-2020-0688 on on-premises Exchange servers. Includes three functions: scan (cookie extraction + version check), generate (ysoserial payload creation), and exploit (authenticated remote code execution via deserialization).</p>