Stars
Post Exploitation agent which uses a browser to do C2 operations.
Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks.
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
A collection of Red Team focused tools, scripts, and notes
PowerSploit - A PowerShell Post-Exploitation Framework
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…
Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
MeterSSH is a way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection. The way it works is by injec…
Veil 3.1.X (Check version info in Veil at runtime)
go-audit is an alternative to the auditd daemon that ships with many distros
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users…
Exchange privilege escalations to Active Directory
Virtual Machine for Adversary Emulation and Threat Hunting
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API
Undark - a SQLite recovery tool for deleted data or corrupt database
Extracts emails and attachments saved in Microsoft Outlook's .msg files
Invisibly inserting usernames into text with Zero-Width Characters
CMS Detection and Exploit Kit based on Whatcms.org API
Google App Engine Flask C2 redirector
flask pythonanywhere C2 redirector template
flask heroku C2 redirector template
Chrome extension to alert and possibly block IDN/Unicode websites and zero-day phishing websites using AI and Computer Vision.