383 Open source projects that are alternatives of or similar to c2

Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.

Automated Pentest Tools Designed For Parrot Linux

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

Collect email addresses by crawling search engine results.

Generates malicious LNK file payloads for data exfiltration

Boxer: A fast directory bruteforce tool written in Python with concurrency.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

NekRos is an Open-Source Ransomeware, with advanced Features, Which Looks Like Wannacry and Has C&C Server which can be Used to Retrive KEY

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

Windows Remote Administration Tool that uses Discord as C2

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

PENIOT: Penetration Testing Tool for IoT

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

An open-source, centralized HTTPS botnet

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

pure python remote adb scanner + nmap scan module

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

Awesome Vulnerable Applications

Opening the door, one reverse shell at a time

Code from Blackhat Python book

Work in progress...

Tools used for Penetration testing / Red Teaming

🔐 Docker Container for Penetration Testing & Security

PowerShell payload generator

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Linux Privilege Escalation Tool By WazeHell

Turn PuTTY into an SSH login bruteforcing tool.

备考 OSCP 的各种干货资料/渗透测试干货资料

GoPhish Templates that I have retired and/or templates I've recreated.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Penetration Testing Notes and Playbook (PTP)

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

Audit tool to find common vulnerabilities in PHP source code

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

A penetration testing tool for finding file upload bugs (NDSS 2020)

The LAZY script will make your life easier, and of course faster.

Python script wrote to automate the process of generating various reverse shells.

Docker - Ubuntu with a bunch of PenTesting tools and wordlists

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

Multi source CVE/exploit parser.

Automated NoSQL database enumeration and web application exploitation tool.

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Bash script that automates the enumeration of domains and DNS servers in the active information gathering.

Mobile penetration testing android & iOS command cheatsheet

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

recon-ng modules for Censys

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Cheat-Sheet of tools for penetration testing