716 Open source projects that are alternatives of or similar to gtfo

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

The goal of this repository is to document the most common techniques to bypass AppLocker.

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

Offensive Reverse Shell (Cheat Sheet)

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

备考 OSCP 的各种干货资料/渗透测试干货资料

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

🙃 Reverse Shell Cheat Sheet 🙃

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Python AV Evasion Tools

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

Linux post exploitation privilege escalation enumeration

Functions that can be used to gain Reverse Shells with PowerShell

This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.

A framework for Backdoor development!

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

An evil RAT (Remote Administration Tool) for macOS / OS X.

JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.

Hershell is a simple TCP reverse shell written in Go.

Reverse shell generator written in Python 3.

Reverse shell generator

Red Teaming Tactics and Techniques

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

ShellCodeLoader via DInvoke

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Penelope Shell Handler

Assist reverse tcp shells in post-exploration tasks

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

gtfo, now with the speed of golang

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

DNS File EXfiltration

metasploit-framework 图形界面 / 图形化内网渗透工具

This is the ToRat client, a part of the ToRat Project.

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV

Exfiltration based on custom X509 certificates

Blue Team detection lab created with Terraform and Ansible in Azure.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Suggests programs to run against services found during the enumeration phase of a Pentest

一款适用于红蓝对抗中的仿真钓鱼系统

GodOfWar - Malicious Java WAR builder with built-in payloads

PHP shells that work on Linux OS, macOS, and Windows OS.

Simple DLL that add a user to the local Administrators group

Get GTFOBins info about a given exploit from the command line

linux post-exploitation framework made by linux user

Load shellcode into a new process

Monitoring GitHub for sensitive data shared publicly