Invisi-Shell Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API. Download...
Exploitation / Network PenTest
by do son · Published February 13, 2019 · Last modified February 12, 2019
DET (extensible) Data Exfiltration Toolkit DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channels(s) at the same time. The idea was to create...
PRETty “PRinter Exploitation Toolkit” LAN automation tool PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET against each individual printer, PRETty...
Bashfuscator Bashfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand. It accomplishes this by...
TransportC2 TransportC2 is a command and control server that is able to run in the background as a service. This allows penetration testers and red teamers the ability to spend time gathering target machines,...
Exploitation / Reverse Engineering
by do son · Published January 14, 2019 · Last modified October 10, 2021
Lucky CAT – Crash All the Things! What is Lucky CAT? Lucky CAT (Crash All the Things!) is a distributed fuzzing testing suite with an easy to use web interface. It allows managing several fuzzing jobs...
PyExfil Abstract This started as a PoC project but has later turned into something a bit more. Currently, it’s an Alpha-Alpha stage package, not yet tested (and will appreciate any feedbacks and commits) designed...
wep wep is a proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios....
Exploitation / Network PenTest / Sniffing & Spoofing
by do son · Published January 3, 2019 · Last modified December 1, 2020
The THC IPV6 ATTACK TOOLKIT comes already with lots of effective attacking tools: – parasite6: ICMPv6 neighbor solicitation/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite) – alive6: an effective alive...
beebug beebug is a tool that can be used to verify if a program crash could be exploitable. This tool was presented at r2con 2018 in Barcelona. Some implemented functionality are: Stack overflow on libc Crash on...
kernelpop kernelpop is a framework for performing automated kernel vulnerability enumeration and exploitation on the following operating systems: Linux Mac It is designed to be python version-agnostic, meaning that it should work with both python2 and python3 currently supported...
JSShell An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting)...
Amber is a proof of concept packer for bypassing security products and mitigations. It can pack regularly compiled PE files into reflective payloads that can load and execute itself like a shellcode. It enables...
aclpwn.py Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient...
HiddenPowerShell This project was created to explore the various evasion techniques involving PowerShell Amsi ScriptBlockLogging Constrained Language Mode AppLocker Metasploit module and payload The module manages the delivery of an hta file and a...
Secure Your Connection
