Evasor: bypass APPLICATIONCONTROL policies
Evasor The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be used to bypass any Application Control rules. It is...
Category: Post Exploitation
SharpNoPSExec: File less command execution for lateral movement
SharpNoPSExec File less command execution for lateral movement. SharpNoPSExec will query all services and randomly pick one with a start type disable or manual, the current status stopped and with...
Kubesploit v0.1.3 releases: cross-platform post-exploitation HTTP/2 Command & Control server
Kubesploit Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of the Merlin project by Russel Van Tuyl...
CIMplant v20210714.1 releases: C# port of WMImplant
CIMplant C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user’s session. Note: Some commands will use...
Max: Maximizing BloodHound with a simple suite of tools
Maximizing BloodHound with a simple suite of tools Description New Release: dpat – The BloodHound Domain Password Audit Tool (DPAT) A simple suite of tools: get-info – Pull lists of information from...
traitor v0.0.14 releases: Automatic Linux privesc via exploitation of low-hanging fruit
Traitor Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities in order...
Boomerang: expose multiple internal servers to web/cloud
Boomerang Boomerang is a tool to expose multiple internal servers to the web/cloud using HTTP+TCP Tunneling. The Server will expose 2 ports on the Cloud. One will be where tools...
AzureC2Relay: validates and relays Cobalt Strike beacon traffic
AzureC2Relay AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile. Any incoming requests...
Privescker: dumping all your common Windows enum, privesc and post exploitation scripts
Privescker Advisory All the binaries/scripts/code of Privescker should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the...
SharpLAPS: Retrieve LAPS password from the LDAP
SharpLAPS The attribute ms-mcs-AdmPwd stores the clear-text LAPS password. This executable is made to be executed within the Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory. Require...
SharpRelay: allows for user-mode packet interception and modification
SharpRelay SharpRelay is based on the WinDivert driver. According to its description, WinDivert is a kernel driver that allows for user-mode packet interception and modification. The user needs to specify a...
Perfusion: Exploit for the RpcEptMapper registry key permissions vulnerability
Perfusion On Windows 7, Windows Server 2008R2, Windows 8, and Windows Server 2012, the registry key of the RpcEptMapper and DnsCache (7/2008R2 only) services is configured with weak permissions. Any local user can create a Performance...
BlackMamba v1.0.41 releases: multi client C2/post exploitation framework
BlackMamba BlackMamba is a multi-client C2/post-exploitation framework with some spyware features. Powered by Python 3.8.6 and QT Framework. Some of BlackMamba features are: Multi-Client – Supports multiple client connections at the...
cornershot v0.2.17 releases: Amplify network visibility from multiple POV of other hosts
What is CornerShot In warfare, CornerShot is a weapon that allows a soldier to look past a corner (and possibly take a shot), without risking exposure. Similarly, the CornerShot package...
PortShellCrypter: E2E encryption for multi-hop tty sessions or portshells
PortShellCrypter PortShellCrypter allows to e2e encrypt shell sessions, single- or multip-hop, being agnostic of the underlying transport, as long as it is reliable and can send/receive Base64 encoded data without...
