551 Open source projects that are alternatives of or similar to link

Bifrost C2. Open-source post-exploitation using Discord API

AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Generates malicious LNK file payloads for data exfiltration

Just another useless C2 occupying space in some HDD somewhere.

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

(l)user hunter using WinAPI calls only

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Rubyfu, where Ruby goes evil!

PowerShell payload generator

Penetration tests guide based on OWASP including test cases, resources and examples.

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

Payload Arsenal for Pentration Tester and Bug Bounty Hunters

The LAZY script will make your life easier, and of course faster.

Go-deliver is a payload delivery tool coded in Go.

Functions that can be used to gain Reverse Shells with PowerShell

The SpecterOps project management and reporting engine

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

A proof-of-concept HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation engagements

The Collective. A repo for a collection of red-team projects found mostly on Github.

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

Windows Remote Administration Tool that uses Discord as C2

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Check Domain Fronting (chkdfront) - It checks if your domain fronting is working

🔪 Leak git repositories from misconfigured websites

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

A simple, extensible C&C beaconing system.

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

Covenant is a collaborative .NET C2 framework for red teamers.

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

This is the ToRat client, a part of the ToRat Project.

A Golang implant that uses Slack as a command and control server

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A C2 post-exploitation framework

A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.

A Visual Studio Code Extension agent for Mythic C2

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Gerar payload para qrcode estático PIX. (Sistema de pagamento instantâneo do Brasil) Sem a necessidade de conexão com um PSP.

Reverse shell manager using tmux and ncat

(Windows/Linux/Mac) Remote Administration Tool

Just Simple Code To Play With Android Payloads (;

Common Web Managers Fuzz Wordlists

A tool for helping stand up headless C2 for droppables.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Dorothy is a tool to test security monitoring and detection for Okta environments

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.

Statically-linked ssh server with reverse shell functionality for CTFs and such

Host Header Injection Checker

Kali Live Build Scripts

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Offensive Reverse Shell (Cheat Sheet)