Boomerang: expose multiple internal servers to web/cloud
Boomerang Boomerang is a tool to expose multiple internal servers to the web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports on the Cloud. One will be where tools...
Boomerang Boomerang is a tool to expose multiple internal servers to the web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports on the Cloud. One will be where tools...
Maintaining Access / Post Exploitation
by do son · Published January 5, 2021 · Last modified May 11, 2023
Apollo Apollo is a Windows agent written in C# using the 4.0 .NET Framework designed to be used in SpecterOps training offerings. Apollo lacks some evasive tradecraft provided by other...
serval Serval is a lightweight, easy-to-use, binary for spawning reverse and bind shells for pentests or pentesting exercises. It is cross-platform and can be compiled for both Windows 32 &...
Maintaining Access / Post Exploitation
by do son · Published September 23, 2020 · Last modified November 12, 2020
Maalik Network Pivoting and Post Exploitation Framework. Features Console Features Desktop notification on new sessions. Kill Online sessions easily. Build Maalik Client, Fhdawn easily. Configurable values in settings.ini Root shell. Multithreaded,...
GRAT2 GRAT2 is a Command and Control (C2) tool written in python3 and the client in .NET 4.0. The main idea came from Georgios Koumettou who initiated the project. Current Features: Evasion...
pivotnacci Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server that communicates with HTTP agents. The architecture looks like the following: This tool...
TELEMETRY TELEMETRY is a C# For Windows PERSISTENCE Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in...
Socks Over RDP This tool adds the capability of a SOCKS proxy to Terminal Services (or Remote Desktop Services). It uses Dynamic Virtual Channel that enables us to communicate over...
gTunnel A TCP tunneling suite built with golang and gRPC. gTunnel can manage multiple forward and reverse tunnels that are all carried over a single TCP/HTTP2 connection. I wanted to...
Ligolo: Reverse Tunneling made easy for pentesters, by pentesters Ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with the elliptical curve). It is comparable...
StayKit – Cobalt Strike persistence kit StayKit is an extension for Cobalt Strike persistence by leveraging the execute_assembly function with the SharpStay .NET assembly. The aggressor script handles payload creation...
PowerProxy PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse...
iox Tool for port forward & intranet proxy, just like lcx/ew, but better Why write? lcx and ew are awesome but can be improved. when I first used them, I can’t remember...
Maintaining Access / Post Exploitation
by do son · Published April 21, 2020 · Last modified November 2, 2021
pwncat Netcat with Firewall and IPS evasion, bind and reverse shell, local and remote port-forward. Motivation Ever accidentally hit Ctrl+c on your reverse shell and it was gone for good? Ever waited...
NAT Tunnel If you have access to a server with public IP and unfiltered ports you can run NAT Tunnel (NT) server on the server, and NT client on your...