187 Open source projects that are alternatives of or similar to fofa_viewer

Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

GoPhish Templates that I have retired and/or templates I've recreated.

redteam.wiki

备考 OSCP 的各种干货资料/渗透测试干货资料

C# tool to discover low hanging fruits

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Cobalt Strike AggressorScripts For Red Team

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...

Red Teaming Tactics and Techniques

Linux C2 框架demo，为期2周的”黑客编程马拉松“，从学习编程语言开始到实现一个demo的产物

transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV

A tool to extract and abuse access tokens from AzureCLI for bypassing 2FA/MFA.

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

Some notes and examples for cobalt strike's functionality

Just another useless C2 occupying space in some HDD somewhere.

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

A little tool to play with Outlook

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

用python做的十分好用且强大的FOFA的GUI版本，原创版本，点个star，谢谢支持

泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统

A Java version of the SDK, based on the FOFA Pro API, makes it easy for Java developers to quickly integrate FOFA Pro into their projects.

🔺 Red Team Hardware Toolkit 🔺

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Monitoring your Slack workspaces for sensitive information

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)

Purple Team Exercise Framework

Wireless USB Rubber Ducky triggered via BLE (make your Ubertooth quack!)

SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#

Enumerate information from NTLM authentication enabled web endpoints 🔎

根据多个不同地区进行聚合查询以获取更多 fofa 数据

ISeeYou is a Bash and Javascript tool to find the exact location of the users during social engineering or phishing engagements. Using exact location coordinates an attacker can perform preliminary reconnaissance which will help them in performing further targeted attacks.

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

Timestomper and Timestamp checker with nanosecond accuracy for NTFS volumes

Test Blue Team detections without running any attack.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

🌒 Shell command obfuscation to avoid detection systems

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

ShellCodeLoader via DInvoke

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

fofax is a command line query tool based on the API of https://fofa.info/, simple is the best!

The GitHub of Adversary Emulation Plans in JSON. Share SCYTHE threats with the community. #ThreatThursday adversary emulation plans are shared here.

It records your terminal, then lets you upload to ASHIRT

A list of payload and bypass lists for penetration testing and red team infrastructure build.

A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.

Passwords Recovery Tool

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

One stop place for exploiting Jira instances in your proximity

Blue Team detection lab created with Terraform and Ansible in Azure.

基于Threathunting-book基础上完善的狩猎视角红队handbook

Simple DLL that add a user to the local Administrators group

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

A Cobalt Strike Aggressor script to generate GadgetToJScript payloads

Monitoring GitHub for sensitive data shared publicly