The pentester's Swiss knife

C2 framework, email C2

b3acon: In-Memory C# IMAP C2 over Email

b3acon is a mail based C2 that uses an in-memory, dynamically compiled C# IMAP client via PowerShell. It communicates entirely through standard email protocols, fetching commands from email drafts and sending execution results to the...

offensive data

Nemesis: An offensive data enrichment pipeline

Nemesis Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data...

generating reverse shells

shells: Script for generating reverse shells

Shellz A script for generating common reverse shells fast and easy. Especially nice when in need of PowerShell and Python reverse shells, which can be a PITA getting correctly formatted. PowerShell revshells Shows username@computer.(domain),...

threagile

threagile: Agile Threat Modeling Toolkit

Threagile Agile Threat Modeling Toolkit Threagile is an open-source toolkit for agile threat modeling: It allows to model architecture with its assets in an agile fashion as a YAML file directly inside the IDE. Upon...

Flutter Mobile Application Reverse Engineering

blutter: Flutter Mobile Application Reverse Engineering Tool

B(l)utter Flutter Mobile Application Reverse Engineering Tool by Compiling Dart AOT Runtime Currently, the application supports only Android libapp.so. Also, the application currently works only against recent Dart versions. Install This application uses the...

shellcode encryption tool

Supernova: shellcode encryption tool

Supernova Supernova is an open-source tool that empowers users to securely encrypt and/or obfuscate their raw shellcode.Supernova supports various features beyond those typically found in a common shellcode encryptor tool. Features Supernova offers automatic...

Kerberos abuse

Kerbeus-BOF: Beacon Object Files for Kerberos abuse

Kerbeus-BOF Beacon Object Files for Kerberos abuse. This is an implementation of some important features of the Rubeus project, written in C. The project features integration with the C2 frameworks Cobalt Strike and Havoc. Download git clone https://github.com/RalfHacker/Kerbeus-BOF.git Use...

AI security

V’ger: AI/ML Security in Your Arsenal

V’ger V’ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations. User Stories As a Red Teamer, you’ve found Jupyter credentials, but don’t know what you...