APEX: Azure Post Exploitation Framework
APEX – Azure Post Exploitation Framework An attempt to ease up post ex tasks once we have access to some sort of credentials to an Azure related account. To be honest it is nothing...
The pentester's Swiss knife
arya: produces pseudo-malicious files meant to trigger YARA rules
Arya – The Reverse YARA Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it as a reverse YARA because it does exactly the opposite...
pphack: The Most Advanced Client-Side Prototype Pollution Scanner
pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent workers) Default payload covers a lot of cases Payload and Javascript customization Proxy-friendly Support output in a file...
EvilKnievelnoVNC: Scalable and semi-automated MFA-Phishing
Weaponized EvilnoVNC: scalable and semi-automated MFA-Phishing via “browser-in-the-middle” Features concurrent EvilnoVNC instances, as many as your server can handle access to EvilnoVNC sessions is limited to generated URLs with random victim-specific identifier in parameter auto block...
C2 Cloud: robust web-based C2 framework
C2 Cloud The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the...
Verdict-as-a-Service: Analyze files for malicious content
Verdict-as-a-Service Verdict-as-a-Service (VaaS) is a cloud service that provides capabilities to scan files for malware and other threats. It allows you to easily integrate malware detection in your application with a few lines of code....
Astral-PE: A low-level mutator (headers obfuscator) for native Windows PE files
Astral-PE is a low-level mutator (headers obfuscator and patcher) for Windows PE files (.exe, .dll) that rewrites structural metadata after compilation (or postbuild protection) — without breaking execution. It does not pack, encrypt or inject. Instead, it mutates low-hanging...
TimeSync: obtain hash using MS-SNTP for user accounts
TimeSync Tool to obtain hash using MS-SNTP for user accounts Requirements Python 3.x ldap3 library for LDAP operations Installations Clone the repository: git clone https://github.com/yourusername/timeroast.git cd timeroast Install the required Python packages: pip install ....
ligolo-mp: Multiplayer pivoting solution
Ligolo-mp Ligolo-mp is a more specialized version of Ligolo-ng, with client-server architecture, enabling pentesters to play with multiple concurrent tunnels collaboratively. Also, with a sprinkle of less important bells and whistles. Features Everything that you...
vmlinux-to-elf: recover a fully analyzable .ELF from a raw kernel
vmlinux-to-elf This tool allows to obtain a fully analyzable .ELF file from a vmlinux/vmlinuz/bzImage/zImage kernel image (either a raw binary blob or a preexisting but stripped .ELF file), with recovered function and variable symbols....
Smugglo: Bypass Filters with Self-Dropping HTML
smugglo An easy-to-use script for wrapping files into self-dropping HTML payloads to bypass content filters. Features One-file payload: Wrap any file into a single self-contained HTML file Automatic extraction: The generated HTML auto-extracts and downloads the...
NoArgs: dynamically spoof and conceal process arguments while staying undetected
NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows...
PMAT-labs: Labs for Practical Malware Analysis & Triage
PMAT-labs – The labs for Practical Malware Analysis & Triage This repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate...
bincrypter: A Linux Binary Runtime Crypter
bincrypter – Pack/Encrypt/Obfuscate ELF + SHELL scripts A Linux Binary Runtime Crypter – in BASH! Features Obfuscates & encrypts any ELF binary or #!-script AV/EDR death: Morphing + different signature every time 100% in-memory. No temporary...
cloudpeass: Cloud Privilege Escalation Awesome Script Suite
Cloud Privilege Escalation Awesome Script Suite The current goal of Cloud PEASS is simple: Once you manage to get some credentials to access Azure, GCP or AWS, use different techniques to get the permissions the principal has and highlight...
Shelter: ROP-based sleep obfuscation to evade memory scanners
Shelter Shelter is a completely weaponized sleep obfuscation technique that allows you to fully encrypt your in-memory payload making extensive use of ROP. This crate comes with the following characteristics: AES-128 encryption. Whole PE...
