109 Open source projects that are alternatives of or similar to MalleableC2Profiles

Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.

Exploring in-memory execution of .NET

Wiki to collect Red Team infrastructure hardening resources

PowerShell script that decrypts password entries from a Passwordstate server.

Autowin is a framework that helps organizations simulate custom attack scenarios in order to improve detection and response capabilities.

Windows Event Log Killer

link is a command and control framework written in rust

It records your terminal, then lets you upload to ASHIRT

Bifrost C2. Open-source post-exploitation using Discord API

The swiss army knife of LSASS dumping

List of Awesome Red Teaming Resources

Load any Beacon Object File using Powershell!

LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

A tool for generating reverse shell payloads on the fly.

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

Python AV Evasion Tools

Monitoring GitHub for sensitive data shared publicly

Template-Driven AV/EDR Evasion Framework

Hacking arsenal. This script download the latest tools, wordlists, releases and install common hacking tools

PoC script showing that MacOS leaves the wireless key in NVRAM, in plaintext and accessible to anyone.

Dorothy is a tool to test security monitoring and detection for Okta environments

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Check Domain Fronting (chkdfront) - It checks if your domain fronting is working

Rubyfu, where Ruby goes evil!

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

ParadoxiaRat : Native Windows Remote access Tool.

Customized Kali Linux - Ansible playbook

Protecting Red Team infrastructure with cyber shield blocking AWS/AZURE/IBM/Digital Ocean/TOR/AV IP/ETC. ranges

Just another useless C2 occupying space in some HDD somewhere.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement

cobalt strike 自启动脚本

C# Based Universal API Unhooker

retrive metadata endpoint data with these one liners.

Covenant is a collaborative .NET C2 framework for red teamers.

A simple remote tool in C#.

A collection of Cobalt Strike aggressor scripts

A C2 post-exploitation framework

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Linux Rootkits (4.x Kernel)

JALSI - Just Another Lame Shellcode Injector

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Leaked pentesting manuals given to Conti ransomware crooks

CobatStrike-Script, Beacon上线,微信实时推送!

Octopus - Network Scan/Infos & Web Scan

easy-to-use payload hosting

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

This is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).

Automated Adversary Emulation Platform

XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring secrecy and resiliency over performance. It's micro-service oriented allowing for specialization and lower footprint. Join the community of the ulti…

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

一款可以检测WEB蜜罐并阻断请求的Chrome插件，能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Functions that can be used to gain Reverse Shells with PowerShell

🦄🔒 Awesome list of secrets in environment variables 🖥️

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Impersonating JA3 signatures