Tempest Tempest is a command and control framework written in 100% Rust. TEMPEST COMPONENTS: anvil – server 2 servers with APIs. All APIs are authenticated and unauth-discovery resistent. sqlite local database internal functions (building imps,...
SCCMSecrets SCCMSecrets.py is an SCCM policies exploitation tool. It goes beyond NAA credentials extraction, and aims to provide a comprehensive approach regarding SCCM policies exploitation. The tool can be executed from various levels of...
SIMurai SIMurai is a software platform designed for security-focused SIM exploration and experimentation. At its core, it offers a versatile software SIM implementation that can be integrated into various environments for advanced testing and...
DriverJack DriverJack is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. These method bypass the registration of a Driver Service on the system by hijacking an existing service, and also...
TrickDump TrickDump dumps the lsass process without creating a Minidump file, generating instead 3 JSON and 1 ZIP file with the memory region dumps. In three steps: Lock: Get OS information using RtlGetVersion. Shock:...
SCCM HTTP Looter Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s) How it works SCCM distribution points (DPs) are the servers used by Microsoft SCCM to host all the...
Kerbeus-BOF Beacon Object Files for Kerberos abuse. This is an implementation of some important features of the Rubeus project, written in C. The project features integration with the C2 frameworks Cobalt Strike and Havoc. Ticket requests and renewals asktgt...
Power Pwn An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform. Modules: Copilot Connector and Automator Allow interaction with Copilot for Microsoft 365 through the WebSocket messages...
Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets...
JNDI-Injection-Exploit-Plus JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and providing background services by starting the RMI, LDAP, and HTTP servers. Using this tool allows you to get JNDI links, you can insert these...
Shwmae Shwmae (shuh-my) is a Windows Hello abuse tool that was released during DEF CON 32 as part of the Abusing Windows Hello Without a Severed Hand Talk. The purpose of the tool is...
WAF Bypass Tool WAF bypass Tool is an open-source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker...
RustPatchlessCLRLoader The RustPatchlessCLRLoader leverages a sophisticated integration of patchless techniques for bypassing both Event Tracing for Windows (ETW) and the Windows Antimalware Scan Interface (AMSI) across all threads with the goal of loading .NET...
PANIX PANIX is a highly customizable Linux persistence tool for security research, detection engineering, penetration testing, CTFs and more. It prioritizes functionality over stealth and is easily detectable. PANIX is supported on popular distributions...
DeadPotato DeadPotato is a Windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by...
CODASM CODASM allows you to encode arbitrary data into pseudo-ASM instructions and compile them into the .text section of binaries. Payloads (esp. shellcode) come with pretty high entropy and look out of place in...
