HRShell HRShell is an HTTPS/HTTP reverse shell built with flask. It’s compatible with python 3.x and has been successfully tested on: Linux ubuntu 18.04 LTS macOS Mojave Windows 7/10 🎉 Features It’s stealthy TLS support 🔑 Either using on-the-fly certificates or By...
TransportC2 TransportC2 is a command and control server that is able to run in the background as a service. This allows penetration testers and red teamers the ability to spend time gathering target machines,...
DoHC2 DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary Simulation and Red Team...
gorsh A Golang Implant and Tmux-driven C2 Interface Originally forked from – sysdream/hershell Fork Changes Changes after fork: Uses tmux as a pseudo-C2-like interface, creating a new window with each agent callback Download files with...
XIP XIP generates a list of IP addresses by applying a set of transformations used to bypass security measures e.g. blacklist filtering, WAF, etc. Below are the implemented transformations: Hexadecimal Decimal Octal IPV4 to...
boofuzz: Network Protocol Fuzzing for Humans It is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, it aims for extensibility. The goal: fuzz everything. Features Like Sulley, boofuzz...
gscript Genesis Scripting Engine Genesis Scripting (gscript for short) is a technology I’ve developed to enable more intelligent malware stagers. Typically, stagers are pretty dumb. Most stagers are unique to the malware they deploy...
reverse-shell Easy to remember reverse shell that should work on most Unix-like systems. Detects available software on the target and runs an appropriate payload. Download git clone https://github.com/lukechilds/reverse-shell.git Usage 1. Listen for connection On your...
Exploitation / Information Gathering / Network PenTest / Vulnerability Analysis
by do son · Published July 12, 2017 · Last modified May 1, 2024
Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into...
Cloak Cloak is an intelligent python backdoor framework. What it exactly does? Cloak generates a python payload via msfvenom and then intelligently injects it into the python script you specify. To evade basic detection, Cloak breaks the...
Exploitation / Network PenTest / Sniffing & Spoofing
by do son · Published February 10, 2018 · Last modified May 1, 2024
This repository contains some bettercap transparent proxy example modules. HTTP(S) Proxy Modules http/beefbox.rb – Similar to injectjs but specialized to work with the BeEF framework. http/debug.rb – Debug HTTP requests and responses. http/curl_log.rb – A simple logging module where all...
Ropper You can use ropper to display information about binary files in different file formats and you can search for gadgets to build rop chains for different architectures (x86/X86_64, ARM/ARM64, MIPS/MIPS64, PowerPC). For disassembly,...
Demiguise – HTA encryption tool What does it do? The aim of this project is to generate .html files that contain an encrypted HTA file. The idea is that when your target visits the page, the key...
dnsteal v 2.0 This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below are a couple of different images showing examples of multiple...
Phishing catcher Catching malicious phishing domain names using certstream SSL certificates live stream. This is just a working PoC, feel free to contribute and tweak the code to fit your needs Installation git clone https://github.com/x0rz/phishing_catcher.git pip install...
Secure Your Connection
