We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.
Warning: Because payloads are created unique to the target system (automatically by the server), the server must be running when any bot connects for the first time. For more information on SemVer, please visit https://semver.org/.
rat reverse-shell macosx mac backdoor osx post-exploitation pentestingmerlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. To facilitate ease of use, a TLS X.509 private and public certificate is distributed with Merlin. This allows a user to start using Merlin right away. However, this key is widely distributed and is considered public knowledge. You should generate your own certificates and replace the default certificates that ship with Merlin. The default location for the certificates is the data/x509 directory. The openssl command can be used from a Linux system to generate a key pair.
http2 command-and-control c2 post-exploitation agentphpsploit - Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
backdoor persistence hacking blackhat post-exploitation stealth privilege-escalation webshell php-backdoor web-hacking c2 hacktool command-and-control hacking-framework redteam php-webshell php-webshell-backdoor advanced-persistent-threatGTFOBins
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Browse the project here.
post-exploitation unix bypass gtfobins binaries reverse-shell bind-shell exfiltration redteam blueteamemp3r0r - linux post-exploitation framework made by linux user
linux post-exploitation framework made by linux user
rootkit malware rat post-exploitation stealth hacking-tool redteaming redteam trojan-malware emp3r0rvenom - venom (metasploit) shellcode generator/compiler/listener
venom (metasploit) shellcode generator/compiler/listener
metasploit msfvenom shellcode compiler handler post-exploitationEvasor - A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies
The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be used to bypass any Application Control rules. It is very easy to use, quick, saves time and fully automated which generates for you a report including description, screenshots and mitigations suggestions, suites for both blue and red teams in the assessment of a post-exploitation phase. Download the Evasor project and complie it. Verify to exclude from the project the App.config file from the reference tree.
post-exploitation penetration-testing-tools bypass-applocker-policies full-automatedIntersect-2.5 - Post-Exploitation Framework
This project is no longer mantained and has not been updated since 2012-2013. There were plans for a future release, but life happened. That may still happen. The code does exist.. I just need to find some time to finish parts, perform testing, etc. Please refer to the Docs directory for a detailed README, Guide documentation and a How-To on writing custom modules.
penetration-testing post-exploitation python-frameworkHeraKeylogger - Chrome Keylogger Extension | Post Exploitation Tool
The use of the HeraKeylogger is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." Taken from LICENSE.
keylogger chrome python3 post-exploitationmsf-auxiliarys - My collection of metasploit auxiliary post-modules
4º - reload metasploit database ..
msf-auxiliarys metasploit post-exploitationpoet - Post-exploitation tool
A simple POst-Exploitation Tool. This is just a small sample of what Poet can do.
rat post-exploitation pentest beacon securitygo-shellcode - Load shellcode into a new process
This is a program to run shellcode as its own process, all from memory. This was written to defeat anti-virus detection. Keep in mind that only 64bit shellcode will run in a 64bit process. This can't autodetect your shellcode architecture.
shellcode redteam post-exploitationhacker-roadmap - :pushpin: A guide for amateurs pen testers and a collection of hacking tools, resources and references to practice ethical hacking, pen testing and web security
This repository is a guide for amateurs pen testers and a summary of hacking tools, resources and references to practice ethical hacking, pen testing and web security. Most of these tools are UNIX compatible and MIT licensed. Note that Linux is the best operating system to practice ethical hacking. Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.
hacking hacking-tool penetration-testing roadmap frameworks hacktools pentest web-hacking exploitation post-exploitation vulnerabilities information-gatheringDNS-Persist - DNS-Persist is a post-exploitation agent which uses DNS for command and control.
DNS-Persist is a post-exploitation agent which uses DNS for command and control. The server-side code is in Python and the agent is coded in C++. This is the first version, more features and improvements will be made in the future. DO NOT USE THIS SOFTWARE FOR ILLEGALL PURPOSES.
pentesting post-exploitation redteamzombieant - Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.
Because monolithic offensive tools are never enough and building your own offensive strategies and tools is fun. THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
evasion redteaming post-exploitation dfircovermyass - Shell script to cover your tracks on UNIX systems
Shell script to cover your tracks on UNIX systems. Designed for pen testing "covering tracks" phase, before exiting the infected server. Or, permanently disable system logs for post-exploitation. You can now use the tool using the executable.
bash cli history hacking ctf post-exploitation command-line-tool bash-script pentest tracks ctf-challengessoapy - log file scrubber
This repo is apart of the warmind project for a clone of the code see here or you can get the code from here. For a version you can download with curl/wget see here. What soa.py does is create a sort of container that will host a root terminal shell while the log files are being monitored (default logs: /var/log). After you have completed your session, the log files are scrubbed back to the second soa.py was launched.
post-exploitation hiding log-files log-file-scrubbing
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
