BoobSnail BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation. Features: various infection techniques; various obfuscation techniques; translation of formulas into languages other...
365-Stealer 365-Stealer is a tool written in Python3 which can be used in illicit consent grant attacks. When the victim grants his consent we get their Refresh Token which can be used to request...
BadAssMacros Proof of Concept tool to generate malicious macros leveraging techniques like VBA Purging and Shellcode Obfuscation to evade AV engines. This tool takes in raw shellcode that can be generated by popular C2...
Offensive VBA and XLS Entanglement This repo provides examples of how VBA can be used for offensive purposes beyond a simple dropper or shell injector. As we develop more use cases, the repo will...
Ditto Ditto is a small tool that accepts a domain name as input and generates all its variants for a homograph attack as output, checking which ones are available and which are already registered. Usage...
DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options...
What is QRLJacking? QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as...
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is simple...
Social Engineering Using “Hidden” Macros In Excel You may ask why not simply use code that doesn’t actually touch the workbook and the main reason why is to avoid network traffic. And of course,...
DeepSea Phishing Gear DeepSea phishing gear aims to help RTOs and pentesters with the delivery of opsec-tight, flexible email phishing campaigns carried out on the outside as well as on the inside of a...
