1037 Open source projects that are alternatives of or similar to Bifrost

C2/post-exploitation framework

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

link is a command and control framework written in rust

A C2 post-exploitation framework

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.

A tool for generating reverse shell payloads on the fly.

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

unix SSH post-exploitation 1337 tool

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

A Visual Studio Code Extension agent for Mythic C2

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

☠️ The Pathwar Project ☠️

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

SSRF (Server Side Request Forgery) testing resources

A wrapper for Nmap to quickly run network scans

🔐 Docker Container for Penetration Testing & Security

Network Pivoting Toolkit

Sifter aims to be a fully loaded Op Centre for Pentesters

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

Docker images for infosec tools

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

备考 OSCP 的各种干货资料/渗透测试干货资料

ODAT: Oracle Database Attacking Tool

CVE-2016-8610 (SSL Death Alert) PoC

Set of tools to audit SIP based VoIP Systems

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

A tool to test security of json web token

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

XSS'OR - Hack with JavaScript.

Offensive tools as Dockerfiles. Lightweight & Ready to go

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Discord C2 for Redteam....Need a better name

A curated list of awesome OSCP resources

🌒 Shell command obfuscation to avoid detection systems

PoC script showing that MacOS leaves the wireless key in NVRAM, in plaintext and accessible to anyone.

An open-source post-exploitation framework for students, researchers and developers.

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

🔑 Hash type identifier (CLI & lib)

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

generates weak passwords based on current date

Quick SQL Scanner, Dorker, Webshell injector PHP

[unmaintained] Post-exploitation tool

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

This is the ToRat client, a part of the ToRat Project.

It records your terminal, then lets you upload to ASHIRT

Windows Remote Administration Tool that uses Discord as C2

Just another useless C2 occupying space in some HDD somewhere.

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Check Domain Fronting (chkdfront) - It checks if your domain fronting is working

Autowin is a framework that helps organizations simulate custom attack scenarios in order to improve detection and response capabilities.

XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring secrecy and resiliency over performance. It's micro-service oriented allowing for specialization and lower footprint. Join the community of the ulti…

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup