We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
There are currently three different lists. The goal of these lists are to document every binary, script and library that can be used for Living Off The Land techniques.
lolbins lolscripts redteam blueteam purpleteam dfir living-off-the-landsherlock - 🔎 Hunt down social media accounts by username across social networks
Accounts found will be stored in an individual text file with the corresponding username (e.g user123.txt). If you are using Anaconda in Windows, using 'python3' might not work. Use 'python' instead.
cli osint tools sherlock python3 information-gathering reconnaissance redteamphpsploit - Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
backdoor persistence hacking blackhat post-exploitation stealth privilege-escalation webshell php-backdoor web-hacking c2 hacktool command-and-control hacking-framework redteam php-webshell php-webshell-backdoor advanced-persistent-threatchashell - Chashell is a Go reverse shell that communicates over DNS
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks. It comes with a multi-client control server, named chaserv.
reverse-shell infosec pentest redteamGTFOBins
GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Browse the project here.
post-exploitation unix bypass gtfobins binaries reverse-shell bind-shell exfiltration redteam blueteamemp3r0r - linux post-exploitation framework made by linux user
linux post-exploitation framework made by linux user
rootkit malware rat post-exploitation stealth hacking-tool redteaming redteam trojan-malware emp3r0rserpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
Disclaimer: serpentine is created for educational and research purposes, and is only intended to be employed in legal red team operations. Malicious and illegal use is not condoned and author/contributors do not take any responsbility for any damage caused by malicious actors using any software presented herein. serpentine is a Windows RAT (Remote Administration Tool) that lets you interact with the clients using a multiplatform RESTful C2 server.
virus malware trojan penetration-testing rat remote-admin-tool redteam remote-administrator-tool remote-administration-tool remote-administration windows-ratgray_hat_csharp_code - This repository contains full code examples from the book Gray Hat C#
This repository contains fully-fleshed out code examples from the book Gray Hat C#. In this book, a wide variety of security oriented tools and libraries will be written using the C# programming language, allowing for cross-platform automation of the most crucial aspects of a security engineer's roles in a modern organization. Many of the topics will also be highly useful for hobbyists and security enthusiasts who are looking to gain more experience with common security concepts and tools with real world examples for both offensive and defensive purposes. We cover a broad slice of concepts a modern security engineer must be familiar with, starting with a brief introduction to the C# language. After the introduction, we focus on fuzzing web application vulnerabilities and writing exploits for them. This is followed by C# payloads for pentesters to use for remote command execution and persistence. Then, we move onto security tool automation using true APIs, not just calling programs from the system shell. Finally, we focus on reverse engineering and forensics in the final chapters.
sql-injection fuzzer metasploit payload c-sharp automation mono xamarin security nessus openvas nexpose sqlmap arachni clamav cuckoo-sandbox pentesting blueteam redteamgo-shellcode - Load shellcode into a new process
This is a program to run shellcode as its own process, all from memory. This was written to defeat anti-virus detection. Keep in mind that only 64bit shellcode will run in a 64bit process. This can't autodetect your shellcode architecture.
shellcode redteam post-exploitationHoleySocks - Cross-Platform Reverse Socks Proxy in Go
A simple cross-platform reverse socks proxy. It's possible to embed all the required parameters to start and forward the socks server with SSH so that cli flags are not needed. Do this by creating config/ssh.json and using the -X main.static=1 ldflag.
redteam infosec socks5 ssh proxy security-toolsdoxycannon - A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy
Doxycannon takes a pool of OpenVPN files and creates a Docker container for each one. After a successful VPN connection, each container spawns a SOCKS5 proxy server and binds it to a port on the Docker host. Combined with tools like Burp suite or proxychains, this creates your very own private botnet on the cheap. Use the --single flag to bring up your proxies and create a proxy rotator.
docker redteam pentest proxy openvpn botnetgorsh - A Golang Implant and Tmux-driven C2 Interface
Learn go. Make a throwaway reverse shell for things like CTFs. Learn about host-based OPSEC considerations when writing an implant. Check out the official documentation for an intro to developing with Go and setting up your Golang environment (with the $GOPATH environment variable).
infosec redteam c2 reverse-shell reverseshell security security-toolsruse - a secure and highly-portable reverse proxy (redirector) for your Red Team infrastructure.
Ruse is secure, multi-platform, selective Reverse Proxy (or Redirector) that is fast and easy to deploy. It can help you concealing C2 communications, and reverse shells traffic using the HTTP protocol. Ruse combines the core features of Python's SimpleHTTPServer, Apache's mod_rewrite, and SSL ProxyPass, all in a single, self-contained and highly-portable executable.
redteam proxy-server redirector http-listener shellcodeRedTeam - One line PS scripts that may come handy during your network assesment
The above PS file will help to get the list of Domain Controller in a network, and will create a csv file in C: drive This can be used during Network Pentesting or such other situtations. This runs Mimikatz PS script by directly pulling it from Github and executing it "in memory" on your system.
powershell redteam redteaming ps1 powershell-modules powershell-scriptMalwarePersistenceScripts - A collection of scripts I've written to help red and blue teams with malware persistence techniques
A collection of scripts I've written to help red and blue teams with malware persistence techniques. I take no responsibility for how they're used. These are techniques that I regularly use to ensure that my agents can survive reboots. Majority of my persistence scripts are written in PowerShell since it's an excuse for me to learn it. May these scripts help you evade many a blue team.
persistence malware redteam blueteam powershell living-off-the-landDNS-Persist - DNS-Persist is a post-exploitation agent which uses DNS for command and control.
DNS-Persist is a post-exploitation agent which uses DNS for command and control. The server-side code is in Python and the agent is coded in C++. This is the first version, more features and improvements will be made in the future. DO NOT USE THIS SOFTWARE FOR ILLEGALL PURPOSES.
pentesting post-exploitation redteamMalwLess - Test Blue Team detections without running any attack.
MalwLess is an open source tool that allows you to simulate system compromise or attack behaviours without running processes or PoCs. The tool is designed to test Blue Team detections and SIEM correlation rules. It provides a framework based on rules that anyone can write, so when a new technique or attack comes out you can write your own rules and share it a with the community. These rules can simulate Sysmon or PowerShell events. MalwLess can parse the rules and write them directly to the Windows EventLog, then you can foward it to your event collector.
blueteam dfir mitre-attack sysmon siem redteam powershellWSAAcceptBackdoor - Winsock accept() Backdoor Implant.
This project is a POC implementation for a DLL implant that acts as a backdoor for accept Winsock API calls. Once the DLL is injected into the target process, every accept call is intercepted using the Microsoft's detour library and redirected into the BackdooredAccept function. When a socket connection with a pre-defined special source port is establised, BackdooredAccept function launches a cmd.exe process and binds the accepted socket to the process STD(OUT/IN) using a named pipe.
shell backdoor rootkit pentest winsock redteam implant winsock2trident - automated password spraying tool
This diagram was generated using Diagrams. The Go gopher was designed by Renee French and is licensed under CC BY 3.0. Deploying trident requires a Google Cloud project, a domain name (for the orchestrator API), and a Cloudflare Access configuration for this domain. Cloudflare Access is used to authenticate requests to the orchestrator API.
redteamAggressorScripts_0x727 - Cobalt Strike AggressorScripts For Red Team
Aggressor Script is the scripting language built into Cobalt Strike, version 3.0, and later. Aggresor Script allows you to modify and extend the Cobalt Strike client. Aggressor Script is the scripting language built into Cobalt Strike, version 3.0, and later. Aggresor Script allows you to modify and extend the Cobalt Strike client.
redteam cobaltstrike-cna readteaming
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
