MacC2: macOS post exploitation tool for purple team
MacC2 MacC2 is a macOS post-exploitation tool written in python that uses Objective C calls or python libraries as opposed to command-line executions. I wrote this tool to aid purple...
Category: Post Exploitation
RogueWinRM: local privilege escalation exploit
RogueWinRM RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to a Local System account if WinRM service is not running (default...
UAC-SilentClean: SilentClean UAC bypass via binary planting
SilentClean UAC bypass via binary planting This project implements a DLL planting technique to bypass UAC Always Notify and execute code in a high integrity process. When the SilentCleanup task...
Chalumeau: automated, extendable and customizable credential dumping tool
Chalumeau Chalumeau is an automated, extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting /...
PrintSpoofer: Abusing Impersonation Privileges on Windows 10/Server 2019
PrintSpoofer From LOCAL/NETWORK SERVICE to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 and Server 2016/2019. For more information. Usage You can check the help message using the -h option. C:\TOOLS>PrintSpoofer.exe -h PrintSpoofer...
invoke-antivm: perform VM detection and fingerprinting via Powershell
Invoke-AntiVM Invoke-AntiVM is a set of modules to perform VM detection and fingerprinting (with exfiltration) via Powershell. Compatibility Run the script check-compatibility.ps1 to check what modules or functions are compatible...
TruffleSnout: Iterative AD discovery toolkit for offensive operations
TruffleSnout Iterative AD discovery toolkit for offensive operators. Situational awareness and targeted low noise enumeration. Preference for OpSec. Discover: Forests and Trusts Domains and Trusts GCs/DCs Search and Query AD:...
HiveJack: dump Windows credentials from an already-compromised host
HiveJack This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY, and SAM registry hives and...
patch-checker: Web-based check for Windows privesc vulnerabilities
PatchChecker This is the code base for the service running on here. In short, PatchChecker is a web application (running on a flask) that provides output similar to that of...
PowerShell Red Team: PowerShell functions for Red Team to collect data from a machine
PowerShell Red Team Enum Collection of PowerShell functions a Red Teamer may use to collect data from a machine or gain access to a target. I added ps1 files for...
linuxprivcheck: Python script for privilege escalation for Linux
linuxprivcheck Python script for privilege escalation for Linux The original author is Mike Czumak (T_v3rn1x) — @SecuritySift. Scripts old-linuxprivchecker.py: Famous linuxprivchecker.py (Python) with updates – I’ll not update it anymore....
SwiftBelt: macOS enumeration tool
SwiftBelt SwiftBelt is a macOS enumerator inspired by @harmjoy’s Windows-based Seatbelt enumeration tool. It does not utilize any command-line utilities and instead uses Swift code (leveraging the Cocoa Framework, Foundation...
maalik v2.4.3 releases: Network Pivoting and Post Exploitation Framework for Windows
Maalik Network Pivoting and Post Exploitation Framework. Features Console Features Desktop notification on new sessions. Kill Online sessions easily. Build Maalik Client, Fhdawn easily. Configurable values in settings.ini Root shell. Multithreaded,...
shad0w: post exploitation framework
shad0w SHAD0W is a modular C2 framework designed to successfully operate in mature environments. It will use a range of methods to evade EDR and AV while allowing the operator...
Impost3r: A linux password thief
Impost3r Impost3r is a tool that aims to steal many kinds of Linux passwords(including ssh,su,sudo) written by C Attackers can use Impost3r to make a trap to steal the legal...
