BifrostBifrost C2. Open-source post-exploitation using Discord API
Stars: ✭ 37 (-89.28%)
dark-lord-obamaAV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities
Stars: ✭ 61 (-82.32%)
ChimeraChimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Stars: ✭ 463 (+34.2%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+9438.84%)
LnkupGenerates malicious LNK file payloads for data exfiltration
Stars: ✭ 205 (-40.58%)
palinka c2Just another useless C2 occupying space in some HDD somewhere.
Stars: ✭ 14 (-95.94%)
ShonyDanzaA customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
Stars: ✭ 86 (-75.07%)
Hunter(l)user hunter using WinAPI calls only
Stars: ✭ 359 (+4.06%)
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (-44.06%)
RubyfuRubyfu, where Ruby goes evil!
Stars: ✭ 228 (-33.91%)
xecaPowerShell payload generator
Stars: ✭ 103 (-70.14%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+281.45%)
EzxssezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
Stars: ✭ 1,022 (+196.23%)
PayloadsPayload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (+22.03%)
LscriptThe LAZY script will make your life easier, and of course faster.
Stars: ✭ 3,056 (+785.8%)
Go Deliver Go-deliver is a payload delivery tool coded in Go.
Stars: ✭ 103 (-70.14%)
ReversePowerShellFunctions that can be used to gain Reverse Shells with PowerShell
Stars: ✭ 48 (-86.09%)
GhostwriterThe SpecterOps project management and reporting engine
Stars: ✭ 394 (+14.2%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+1106.38%)
WarFoxA proof-of-concept HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation engagements
Stars: ✭ 129 (-62.61%)
ThecollectiveThe Collective. A repo for a collection of red-team projects found mostly on Github.
Stars: ✭ 85 (-75.36%)
ArmorArmor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.
Stars: ✭ 228 (-33.91%)
DiscoverCustom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+638.55%)
disctopia-c2Windows Remote Administration Tool that uses Discord as C2
Stars: ✭ 216 (-37.39%)
pwn-pulseExploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
Stars: ✭ 126 (-63.48%)
chkdfrontCheck Domain Fronting (chkdfront) - It checks if your domain fronting is working
Stars: ✭ 42 (-87.83%)
Gitjacker🔪 Leak git repositories from misconfigured websites
Stars: ✭ 1,249 (+262.03%)
transportc2PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.
Stars: ✭ 22 (-93.62%)
DartDART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
Stars: ✭ 207 (-40%)
c2A simple, extensible C&C beaconing system.
Stars: ✭ 93 (-73.04%)
maalikFeature-rich Post Exploitation Framework with Network Pivoting capabilities.
Stars: ✭ 75 (-78.26%)
BrutalPayload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )
Stars: ✭ 678 (+96.52%)
WhonowA "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)
Stars: ✭ 533 (+54.49%)
CovenantCovenant is a collaborative .NET C2 framework for red teamers.
Stars: ✭ 2,747 (+696.23%)
MerlinMerlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Stars: ✭ 3,522 (+920.87%)
WriteupsThis repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-82.32%)
ToRat clientThis is the ToRat client, a part of the ToRat Project.
Stars: ✭ 29 (-91.59%)
Slackor A Golang implant that uses Slack as a command and control server
Stars: ✭ 392 (+13.62%)
NishangNishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+1622.61%)
AlanFrameworkA C2 post-exploitation framework
Stars: ✭ 405 (+17.39%)
meteorA cross-platform C2/teamserver supporting multiple transport protocols, written in Go.
Stars: ✭ 31 (-91.01%)
venusA Visual Studio Code Extension agent for Mythic C2
Stars: ✭ 47 (-86.38%)
pix-payload-generator.netGerar payload para qrcode estático PIX. (Sistema de pagamento instantâneo do Brasil) Sem a necessidade de conexão com um PSP.
Stars: ✭ 23 (-93.33%)
rsmReverse shell manager using tmux and ncat
Stars: ✭ 29 (-91.59%)
WinRAT(Windows/Linux/Mac) Remote Administration Tool
Stars: ✭ 35 (-89.86%)
Horus-EyeJust Simple Code To Play With Android Payloads (;
Stars: ✭ 54 (-84.35%)
girltalkA tool for helping stand up headless C2 for droppables.
Stars: ✭ 16 (-95.36%)
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (-29.86%)
dorothyDorothy is a tool to test security monitoring and detection for Okta environments
Stars: ✭ 85 (-75.36%)
HatVenomHatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.
Stars: ✭ 84 (-75.65%)
MailRipV3SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
Stars: ✭ 28 (-91.88%)
CamRaptorCamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.
Stars: ✭ 106 (-69.28%)
reverse-sshStatically-linked ssh server with reverse shell functionality for CTFs and such
Stars: ✭ 548 (+58.84%)
hinjectHost Header Injection Checker
Stars: ✭ 64 (-81.45%)
Reconky-Automated Bash ScriptReconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-51.59%)