Gorsair Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair...
TrevorC2 – Command, and Control via Legitimate Behavior over HTTP Written by: Dave Kennedy (@HackingDave) Website: https://www.trustedsec.com Note that this is a very early release – heavy randomization and encryption to...
Exploitation / Reverse Engineering
by do son · Published March 25, 2019 · Last modified July 30, 2022
Zeratool Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems This tool uses angr to concolically analyze binaries by hooking printf and looking for unconstrained paths. These program states are...
Virtual Reality This is a backdoor project for windows operating systems. Intended audience This is a proof-of-concept stealthy backdoor aimed to aid red teams in maintaining control of their targets...
AVET AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. What & Why: when running an exe...
gorsh A Golang Implant and Tmux-driven C2 Interface Originally forked from – sysdream/hershell Fork Changes Changes after fork: Uses tmux as a pseudo-C2-like interface, creating a new window with each agent...
ThunderShell ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network...
Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as...
Exploitation / Vulnerability Analysis
by do son · Published February 26, 2019 · Last modified November 4, 2024
msf-autoshell Give it a .nessus file and it’ll get you Metasploit shells. I’ve included the early and incomplete programs to make it easier for people who want to learn how...
Exploitation / Post Exploitation
by do son · Published February 25, 2019 · Last modified May 20, 2020
AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim’s desktop without his consent, and...
DoHC2 DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). This is built for the popular Adversary...
What is Kitty? Kitty is an open-source modular and extensible fuzzing framework written in Python, inspired by OpenRCE’s Sulley and Michael Eddington’s (and now Deja Vu Security’s) Peach Fuzzer. Goal When we started...
Invisi-Shell Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is performed via...
Exploitation / Network PenTest
by do son · Published February 13, 2019 · Last modified November 4, 2024
DET (extensible) Data Exfiltration Toolkit DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channels(s) at the same time. The...
PRETty “PRinter Exploitation Toolkit” LAN automation tool PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET against...
Support Securityonline.info site. Thanks!
