97 Open source projects that are alternatives of or similar to Shad0w

This is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).

ParadoxiaRat : Native Windows Remote access Tool.

The SpecterOps project management and reporting engine

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Octopus - Network Scan/Infos & Web Scan

DNS Rebinding Exploitation Framework

link is a command and control framework written in rust

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Exploring in-memory execution of .NET

(l)user hunter using WinAPI calls only

This repo will contain some basic pentest/RT commands.

Impersonating JA3 signatures

Remote Administration Tool for Windows

Functions that can be used to gain Reverse Shells with PowerShell

The Shadow Attack Framework

Protecting Red Team infrastructure with cyber shield blocking AWS/AZURE/IBM/Digital Ocean/TOR/AV IP/ETC. ranges

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

一款可以检测WEB蜜罐并阻断请求的Chrome插件，能够识别并阻断长亭D-sensor、墨安幻阵的部分溯源api

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

Tips and Tutorials for Bug Bounty and also Penetration Tests.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

retrive metadata endpoint data with these one liners.

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

A bash script for recon and DOS attacks

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Aggressor scripts for use with Cobalt Strike 3.0+

Malleable C2 profiles for Cobalt Strike

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

Linux Rootkits (4.x Kernel)

A front-end JavaScript toolkit for creating DNS rebinding attacks.

Template-Driven AV/EDR Evasion Framework

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

🦄🔒 Awesome list of secrets in environment variables 🖥️

DeimosC2 is a Golang command and control framework for post-exploitation.

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

🔨 A modern multiple reverse shell sessions manager wrote in go

Dorothy is a tool to test security monitoring and detection for Okta environments

ParadoxiaRat : Native Windows Remote access Tool.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

A Golang implant that uses Slack as a command and control server

C# Based Universal API Unhooker

C2/post-exploitation framework

Bifrost C2. Open-source post-exploitation using Discord API

Python 3.5+ DNS asynchronous brute force utility

PoC script showing that MacOS leaves the wireless key in NVRAM, in plaintext and accessible to anyone.

Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡

XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring secrecy and resiliency over performance. It's micro-service oriented allowing for specialization and lower footprint. Join the community of the ulti…

An Android app that lets you use your access control card cloning devices in the field.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Fast browser-based network discovery module

Empire HTTP(S) C2 redirector setup script

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on