805 Open source projects that are alternatives of or similar to Gtfobins.github.io

Search for Unix binaries that can be exploited to bypass system security restrictions.

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries

The goal of this repository is to document the most common techniques to bypass AppLocker.

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

备考 OSCP 的各种干货资料/渗透测试干货资料

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

This is the ToRat client, a part of the ToRat Project.

A framework for Backdoor development!

Penelope Shell Handler

🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)

C++ Windows Reverse Shell - Universal DLL Hijack | SSL Encryption | Statically Linked

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Monitoring GitLab for sensitive data shared publicly

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Blue Team detection lab created with Terraform and Ansible in Azure.

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

linux post-exploitation framework made by linux user

Test Blue Team detections without running any attack.

Purple Team Exercise Framework

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Python AV Evasion Tools

Offensive Reverse Shell (Cheat Sheet)

DNS File EXfiltration

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

Functions that can be used to gain Reverse Shells with PowerShell

A PowerShell module to deploy active directory decoy objects.

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Monitoring your Slack workspaces for sensitive information

A collection of scripts I've written to help red and blue teams with malware persistence techniques.

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Monitoring GitHub for sensitive data shared publicly

unix SSH post-exploitation 1337 tool

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

ShellCodeLoader via DInvoke

Load shellcode into a new process

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

gtfo, now with the speed of golang

GodOfWar - Malicious Java WAR builder with built-in payloads

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Exfiltration based on custom X509 certificates

Automatic Reverse Shell Generator

Hershell is a simple TCP reverse shell written in Go.

transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV

一款适用于红蓝对抗中的仿真钓鱼系统

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))

Assist reverse tcp shells in post-exploration tasks

This repository contains full code examples from the book Gray Hat C#

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

Script collection to bypass Network Access Control (NAC, 802.1x)

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.

🙃 Reverse Shell Cheat Sheet 🙃