CredsleakerCredsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.
Stars: ✭ 247 (-69.69%)
Dns PersistDNS-Persist is a post-exploitation agent which uses DNS for command and control.
Stars: ✭ 191 (-76.56%)
GoPhish-TemplatesGoPhish Templates that I have retired and/or templates I've recreated.
Stars: ✭ 76 (-90.67%)
GopherC# tool to discover low hanging fruits
Stars: ✭ 73 (-91.04%)
LeakscraperLeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Stars: ✭ 227 (-72.15%)
StracciatellaOpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
Stars: ✭ 171 (-79.02%)
PandasniperLinux C2 框架demo,为期2周的”黑客编程马拉松“,从学习编程语言开始到实现一个demo的产物
Stars: ✭ 159 (-80.49%)
DNSWhotransmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV
Stars: ✭ 47 (-94.23%)
AzureCLI-ExtractorA tool to extract and abuse access tokens from AzureCLI for bypassing 2FA/MFA.
Stars: ✭ 43 (-94.72%)
HellgateLoader CSharpLoad shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
Stars: ✭ 73 (-91.04%)
palinka c2Just another useless C2 occupying space in some HDD somewhere.
Stars: ✭ 14 (-98.28%)
SerpentineC++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
Stars: ✭ 216 (-73.5%)
KnockOutlookA little tool to play with Outlook
Stars: ✭ 188 (-76.93%)
CypherothAutomated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
Stars: ✭ 179 (-78.04%)
FOFA PRO GUI用python做的十分好用且强大的FOFA的GUI版本,原创版本,点个star,谢谢支持
Stars: ✭ 14 (-98.28%)
fofa-javaA Java version of the SDK, based on the FOFA Pro API, makes it easy for Java developers to quickly integrate FOFA Pro into their projects.
Stars: ✭ 22 (-97.3%)
OSINTBookmarksOSINT Bookmarks for Firefox / Chrome / Edge / Safari
Stars: ✭ 34 (-95.83%)
InlineWhispers2Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
Stars: ✭ 156 (-80.86%)
Slack WatchmanMonitoring your Slack workspaces for sensitive information
Stars: ✭ 159 (-80.49%)
MurMurHashThis little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (-90.31%)
PwnedPasswordsCheckerSearch (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)
Stars: ✭ 52 (-93.62%)
uberduckyWireless USB Rubber Ducky triggered via BLE (make your Ubertooth quack!)
Stars: ✭ 80 (-90.18%)
SLibSLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#
Stars: ✭ 50 (-93.87%)
NtlmreconEnumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (-69.08%)
sylas根据多个不同地区进行聚合查询以获取更多 fofa 数据
Stars: ✭ 25 (-96.93%)
I See YouISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.
Stars: ✭ 246 (-69.82%)
dummyDLLUtility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.
Stars: ✭ 35 (-95.71%)
Cobalt ArsenalMy collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
Stars: ✭ 230 (-71.78%)
nTimetoolsTimestomper and Timestamp checker with nanosecond accuracy for NTFS volumes
Stars: ✭ 25 (-96.93%)
MalwlessTest Blue Team detections without running any attack.
Stars: ✭ 215 (-73.62%)
ligolo-ngAn advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Stars: ✭ 418 (-48.71%)
DoxycannonA poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy
Stars: ✭ 216 (-73.5%)
volana🌒 Shell command obfuscation to avoid detection systems
Stars: ✭ 38 (-95.34%)
Fudgec2FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
Stars: ✭ 191 (-76.56%)
Remote Desktop CachingThis tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (-79.02%)
fofaxfofax is a command line query tool based on the API of https://fofa.info/, simple is the best!
Stars: ✭ 479 (-41.23%)
Community ThreatsThe GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.
Stars: ✭ 169 (-79.26%)
atermIt records your terminal, then lets you upload to ASHIRT
Stars: ✭ 17 (-97.91%)
AboutsecurityA list of payload and bypass lists for penetration testing and red team infrastructure build.
Stars: ✭ 166 (-79.63%)
meteorA cross-platform C2/teamserver supporting multiple transport protocols, written in Go.
Stars: ✭ 31 (-96.2%)
PasscatPasswords Recovery Tool
Stars: ✭ 164 (-79.88%)
NIST-to-TechAn open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-92.52%)
Invoke ApexA PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Stars: ✭ 162 (-80.12%)
JiraffeOne stop place for exploiting Jira instances in your proximity
Stars: ✭ 157 (-80.74%)
BlueTeam.LabBlue Team detection lab created with Terraform and Ansible in Azure.
Stars: ✭ 82 (-89.94%)
RedBook基于Threathunting-book基础上完善的狩猎视角红队handbook
Stars: ✭ 56 (-93.13%)
adduser-dllSimple DLL that add a user to the local Administrators group
Stars: ✭ 48 (-94.11%)
1earnffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+355.83%)
github-watchmanMonitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (-92.64%)