EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.

•    Python

Warning: Because payloads are created unique to the target system (automatically by the server), the server must be running when any bot connects for the first time. For more information on SemVer, please visit https://semver.org/.

merlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang

•    PowerShell

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control  server and agent written in golang. To facilitate ease of use, a TLS X.509 private and public certificate is distributed with Merlin. This allows a user to start using Merlin right away. However, this key is widely distributed and is considered public knowledge. You should generate your own certificates and replace the default certificates that ship with Merlin. The default location for the certificates is the data/x509 directory. The openssl command can be used from a Linux system to generate a key pair.

phpsploit - Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

•    Python

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

GTFOBins

•    HTML

GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Browse the project here.

emp3r0r - linux post-exploitation framework made by linux user

•    Go

linux post-exploitation framework made by linux user

venom - venom (metasploit) shellcode generator/compiler/listener

•    Shell

venom (metasploit) shellcode generator/compiler/listener

Evasor - A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies

•    CSharp

The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be used to bypass any Application Control rules. It is very easy to use, quick, saves time and fully automated which generates for you a report including description, screenshots and mitigations suggestions, suites for both blue and red teams in the assessment of a post-exploitation phase. Download the Evasor project and complie it. Verify to exclude from the project the App.config file from the reference tree.

Intersect-2.5 - Post-Exploitation Framework

•    Python

This project is no longer mantained and has not been updated since 2012-2013. There were plans for a future release, but life happened. That may still happen. The code does exist.. I just need to find some time to finish parts, perform testing, etc. Please refer to the Docs directory for a detailed README, Guide documentation and a How-To on writing custom modules.

HeraKeylogger - Chrome Keylogger Extension | Post Exploitation Tool

•    Python

The use of the HeraKeylogger is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." Taken from LICENSE.

msf-auxiliarys - My collection of metasploit auxiliary post-modules

•    Ruby

4º - reload metasploit database ..

poet - Post-exploitation tool

•    Python

A simple POst-Exploitation Tool. This is just a small sample of what Poet can do.

go-shellcode - Load shellcode into a new process

•    Go

This is a program to run shellcode as its own process, all from memory. This was written to defeat anti-virus detection. Keep in mind that only 64bit shellcode will run in a 64bit process. This can't autodetect your shellcode architecture.

hacker-roadmap - :pushpin: A guide for amateurs pen testers and a collection of hacking tools, resources and references to practice ethical hacking, pen testing and web security

This repository is a guide for amateurs pen testers and a summary of hacking tools, resources and references to practice ethical hacking, pen testing and web security. Most of these tools are UNIX compatible and MIT licensed. Note that Linux is the best operating system to practice ethical hacking. Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system.

DNS-Persist - DNS-Persist is a post-exploitation agent which uses DNS for command and control.

•    C++

DNS-Persist is a post-exploitation agent which uses DNS for command and control. The server-side code is in Python and the agent is coded in C++. This is the first version, more features and improvements will be made in the future. DO NOT USE THIS SOFTWARE FOR ILLEGALL PURPOSES.

zombieant - Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

•    C

Because monolithic offensive tools are never enough and building your own offensive strategies and tools is fun. THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

covermyass - Shell script to cover your tracks on UNIX systems

•    Shell

Shell script to cover your tracks on UNIX systems. Designed for pen testing "covering tracks" phase, before exiting the infected server. Or, permanently disable system logs for post-exploitation. You can now use the tool using the executable.

soapy - log file scrubber

•    Python

This repo is apart of the warmind project for a clone of the code see here or you can get the code from here. For a version you can download with curl/wget see here. What soa.py does is create a sort of container that will host a root terminal shell while the log files are being monitored (default logs: /var/log). After you have completed your session, the log files are scrubbed back to the second soa.py was launched.