WEASEL: DNS covert channel implant for Red Teams
WEASEL: A Stealthy DNS Beacon WEASEL is a small in-memory implant using Python 3 with no dependencies. The beacon client sends a small amount of identifying information about its host to a DNS zone...
Category: Network PenTest
IoTGoat v1.0 releases: deliberately insecure firmware based on OpenWrt
The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on...
Unicorn v3.8.7 released: PowerShell downgrade attack
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s PowerShell attacks and the PowerShell bypass technique presented by David Kennedy (TrustedSec) and...
ghost v5.0 releases: Android post exploitation framework
Ghost Framework Ghost Framework is an Android post-exploitation framework that uses an Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration....
C2concealer: generates randomized C2 malleable profiles
C2concealer C2concealer is a command-line tool that generates randomized C2 malleable profiles for use in Cobalt Strike. How it works We poured over the Cobalt Strike documentation and defined ranges of values that would...
PrivescCheck: Privilege Escalation Enumeration Script for Windows
PrivescCheck – Privilege Escalation Enumeration Script for Windows This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and/or post-exploitation. Features Current User Invoke-UserCheck –...
Octopus v1.0 releases: Open source pre-operation C2 server based on python and powershell
What is Octopus? Octopus is an open-source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S. The main purpose of creating Octopus is for use before any red...
aleph v3.6.3 releases: find the people and companies you look for
Aleph is a tool for indexing large amounts of both documents (PDF, Word, HTML) and structured (CSV, XLS, SQL) data for easy browsing and search. It is built with investigative reporting as a primary use...
SharpDPAPI v1.6.1 releases: C# port of some Mimikatz DPAPI functionality
SharpDPAPI SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi‘s Mimikatz project. The SharpChrome subproject is an adaptation of work from @gentilkiwi and @djhohnstein, specifically his SharpChrome project. However, this version of SharpChrome uses a different version of the C# SQL library that...
Stowaway v1.5 releases: Multi-hop proxy tool for security researchers and pentesters
Stowaway Stowaway is a Multi-hop proxy tool for security researchers and pentesters Users can easily proxy their network traffic to intranet nodes (multi-layer) PS: The files under demo folder are Stowaway’s beta version, it’s...
