Stars
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (AC…
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
A python script to scan for Apache Tomcat server vulnerabilities.
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
RCE 0-day for GhostScript 9.50 - Payload generator
some gadgets about windows process and ready to use :)
Binary instrumentation framework based on FRIDA
HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
External C2 Using IE COM Objects
Pass the Hash to a named pipe for token Impersonation
Automation Recon tool which works with Large & Medium scopes. It performs a lot of tasks and gets back all the results in separated files.
BC-SECURITY / Empire
Forked from EmpireProject/EmpireEmpire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information colle…
Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality
A tool for generating fake code signing certificates or signing real ones
HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
ScareCrow - Payload creation framework designed around EDR bypass.