bats3c / Shad0w
Licence: mit
A post exploitation framework designed to operate covertly on heavily monitored environments
Stars: ✭ 1,166
Projects that are alternatives of or similar to Shad0w
Nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+409.69%)
Mutual labels: red-team
Sessiongopher
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Stars: ✭ 833 (-28.56%)
Mutual labels: red-team
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-53.6%)
Mutual labels: red-team
Packetwhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (-65.27%)
Mutual labels: red-team
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (-2.57%)
Mutual labels: red-team
Pi Pwnbox Rogueap
Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡
Stars: ✭ 798 (-31.56%)
Mutual labels: red-team
Aggressorscripts
Aggressor scripts for use with Cobalt Strike 3.0+
Stars: ✭ 501 (-57.03%)
Mutual labels: red-team
Red Teaming Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Stars: ✭ 5,615 (+381.56%)
Mutual labels: red-team
Bashfuscator
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Stars: ✭ 690 (-40.82%)
Mutual labels: red-team
Dns Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks.
Stars: ✭ 435 (-62.69%)
Mutual labels: red-team
Aggressorscripts
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
Stars: ✭ 1,008 (-13.55%)
Mutual labels: red-team
Deimosc2
DeimosC2 is a Golang command and control framework for post-exploitation.
Stars: ✭ 423 (-63.72%)
Mutual labels: red-team
Platypus
🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (-52.06%)
Mutual labels: red-team
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (-33.53%)
Mutual labels: red-team
SHAD0W
SHAD0W is a modular C2 framework designed to successfully operate on mature environments.
It uses a range of methods to evade EDR and AV while allowing the operator to continue using tooling and tradecraft they are familiar with. Its powered by Python 3.8 and C, and uses Donut for payload generation. By using Donut along with the process injection capabilities of SHAD0W, it provides the operator the ability to execute .NET assemblies, DLLs, EXEs, JS, VBS or XSLs fully inside memory. Dynamically resolved syscalls are heavily used to avoid userland API hooking, anti DLL injection to make it harder for EDR to load code into the beacons and offical Microsoft mitigation methods to protect spawn processes.
See the wiki for installation and usage instructions.
Main features of SHAD0W C2:
- Built for Docker - Runs fully inside of Docker allowing cross platform usage
- Extremely modular - Easy to create new modules to interact and task beacons
- HTTPS C2 communication - All traffic between beacons and the C2 are encrypted and transmitted over HTTPS
- JSON based protocol - Custom beaons are able to be built and used with an easy to implement protocol
- Live proxy and mirror - The C2 server is able to mirror any website in real time, relaying all non C2 traffic to that site, making it look less subject when viewed in a web browser
- Modern CLI - The CLI is built on prompt-toolkit
Main features of SHAD0W beacons:
- EXE, PowerShell, shellcode and more - Beacons can be generated and used in many different formats
-
Process injection - Allows the operator to
dllinject,migrate,shinjectand more - Bypass AV - Payloads are frequently updated to evade common Anti-Virus products
- Highly configurable - Custom jitters, user agents and more
- HTTPS C2 communication - Traffic to and from the C2 is encrypted via HTTPS
- Proxy aware - All callbacks can use the current system proxy
Current Modules:
- Elevate - Built in PrivEsc exploits
- Ghost in the Logs - Disable ETW & Sysmon, more info can be found here
- GhostPack - Binaries compiled nightly via an Azure pipeline. Thanks to @Flangvik
- Mimikatz - For all your credential theft needs
- SharpCollection - A ton of .NET offensive tools, more info can be found here
- SharpSocks - Reverse SOCKS proxy over HTTPS
- StdAPI - Common commands to interact with the file system
- Unmanaged PowerShell - Contains built in AMSI bypass
- Upload and Download - Easy data exfiltration
Official Discord
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].