NufSed C2 A next-generation, Python-based Command & Control (C2) framework equipped with chaos-key encryption, dynamic port assignment, and cross-platform payload generation. NufSed C2 is designed to simplify red team operations while increasing stealth and flexibility across...
Java Archive Implant Toolkit Inject malicious payloads into JAR files. Configuration JarPlant supports injection of custom values with the implants. A set of common configuration properties are defined with the template and built-in implants....
SeamlessPass SeamlessPass is a tool designed to obtain Microsoft 365 access tokens using on-premises Active Directory Kerberos tickets for organizations with Seamless SSO (Desktop SSO) enabled. These tokens can be used for further interaction...
Hannibal Hannibal is a x64 Windows Agent written in fully position independent C (plus a tiny bit of C++). It is based off the Stardust template created by @C5pider. Use case Hannibal is intended to be...
Pytune Pytune is a post-exploitation tool for enrolling a fake device into Intune with mulitple platform support. Microsoft Intune is a cloud-based endpoint management solution designed to manage a variety of devices, including PCs...
Pentest Muse Building an AI agent that can automate parts of pentesting jobs and provide live suggestions to pentesters. Requirements Python 3.12 or later Necessary Python packages as listed in requirements.txt OpenAI API key Modes...
ldapx Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly. Usage Where: -f will apply Filter middlewares to all applicable requests -a will apply...
Git-Rotate Leveraging GitHub Actions for IP Rotation – for more information see the following blog post. The Sprayer and Catcher components are currently configured to target the Microsoft login portal and handle the response data. You’ll need to modify...
legba Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming fewer resources than similar...
bore A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls. That’s all it does: no more and no less. # On your local machine...
Native Bypass CredGuard NativeBypassCredGuard is a tool designed to bypass Credential Guard by patching WDigest.dll using only NTAPI functions (exported by ntdll.dll). It is available in two flavours: C# and C++. The tool locates...
Phantun A lightweight and fast UDP to TCP obfuscator. Phantun is a project that obfuscated UDP packets into TCP connections. It aims to achieve maximum performance with minimum processing and encapsulation overhead. It is...
Donut Donut is a shellcode generation tool that creates x86 or x64 shellcode payloads from .NET Assemblies. This shellcode may be used to inject the Assembly into arbitrary Windows processes. Given an arbitrary .NET...
SuperdEye SuperdEye is the implementation of HellHall (a revised version of TartarusGate) in pure Go and Go Assembler. The purpose is to scan hooked NTDLL and retrieve the Syscall number to then do an...
Chisel-Strike A .NET XOR encrypted cobalt strike aggressor implementation for the chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience, I found socks4/socks4a proxies quite slow in comparison...
autobloody autobloody is a tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound combining pathgen.py and autobloody.py. This tool automates the AD privesc between two AD objects, the source (the one we own) and...
