Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Stars: ✭ 405 (+820.45%)

Mutual labels: pentesting, red-team

Autordpwn

The Shadow Attack Framework

Stars: ✭ 688 (+1463.64%)

Mutual labels: pentesting, red-team

Platypus

🔨 A modern multiple reverse shell sessions manager wrote in go

Stars: ✭ 559 (+1170.45%)

Mutual labels: pentesting, red-team

Bigbountyrecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Stars: ✭ 541 (+1129.55%)

Mutual labels: pentesting, red-team

linux-rootkits-red-blue-teams

Linux Rootkits (4.x Kernel)

Stars: ✭ 56 (+27.27%)

Mutual labels: pentesting, red-team

Sessiongopher

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Stars: ✭ 833 (+1793.18%)

Mutual labels: pentesting, red-team

ycsm

This is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).

Stars: ✭ 73 (+65.91%)

Mutual labels: infrastructure, red-team

Pentmenu

A bash script for recon and DOS attacks

Stars: ✭ 288 (+554.55%)

Mutual labels: pentesting, red-team

awesome-list-of-secrets-in-environment-variables

🦄🔒 Awesome list of secrets in environment variables 🖥️

Stars: ✭ 538 (+1122.73%)

Mutual labels: pentesting, red-team

Infosec reference

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Stars: ✭ 4,162 (+9359.09%)

Mutual labels: pentesting, red-team

Hrshell

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Stars: ✭ 193 (+338.64%)

Mutual labels: pentesting, red-team

Physmem2profit

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

Stars: ✭ 244 (+454.55%)

Mutual labels: pentesting, red-team

Red Teaming Toolkit

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Stars: ✭ 5,615 (+12661.36%)

Mutual labels: pentesting, red-team

Dumpsterfire

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Stars: ✭ 775 (+1661.36%)

Mutual labels: pentesting, red-team

View All Similar Projects ➔

Sleight

Empire HTTP(S) C2 redirector setup script.

Usage:

Sleight can be used in 3 ways:

1) Setup HTTP Redirector:

Run Sleight and feed it an Empire communication profile.
Input your Empire C2's IP address and listening port.
Say no to the HTTPS prompt.
Input a site to redirect all invalid requests to.
Start an Empire HTTP listener with the 'Host' property set to the domain of your redirector.

HTTP Redirectors reference:

https://thevivi.net/2017/11/03/securing-your-empire-c2-with-apache-mod_rewrite/

2) Setup HTTPS Redirector:

Run Sleight and feed it an Empire communication profile.
Input your Empire C2's IP address and listening port.
Say yes to the HTTPS prompt.
Input a site to redirect all invalid requests to.
Input the domain assigned to your redirector (for generation of a Let's Encrypt certificate).
Agree to the certbot prompts.
Start an Empire HTTPS listener with the 'Host' property set to the domain of your redirector.

HTTPS Redirector Setup Notes:

Certificate generation will only work once your redirector's domain has propagated successfully.
You'll need DNS entries for both DOMAIN.com and www.DOMAIN.com for your redirector's domain.
You can use the default HTTPS certificates Empire comes with (located in the '/empire/data/' directory) for the 'CertPath' property when starting a HTTPS listener on your C2 server.

HTTPS Redirectors reference:

3) Rules only (no setup):

If you only want to use Sleight to convert an Empire communication profile into mod_rewrite rules and not setup your redirector, simply feed it a communication profile and say no to the "proceed with setup" prompt.

4) CLI arguments:

If you want to use Sleight non interactively, command line arguments can be found in the default output. Any value not defined at launch will be prompted for during execution.

Examples:

$ sudo python sleight.py -c profiles/default.txt

$ sudo python sleight.py --modeHTTPS=y --myDomain=3xample.com --ip=My.C2.IP.Address --redirectDomain=example.com -c profiles/default.txt --proceed=n --port=80

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 44

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗