C2concealer – Command Line Tool That Generates Randomized C2 Malleable Profiles For Use In Cobalt Strike

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike. Installation chmod u+x install.sh./install.sh Building Docker image docker build -t C2concealer . Running with Docker docker container run -it -v <cobalt_strike_location>:/usr/share/cobaltstrike/ C2concealer –hostname google.com –variant 3 Example Usage Usage: $ C2concealer –hostname google.com –variant 3Flags: (optional) –hostname TheRead More

LDAPFragger – Command And Control Tool That Enables Attackers To Route Cobalt Strike Beacon Data Over LDAP

LDAPFragger is a Command and Control tool that enables attackers to route Cobalt Strike beacon data over LDAP using user attributes. For background information, read the release blog: http://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes Dependencies and installation Compiled with .NET 4.0, but may work with older and newer .NET frameworks as well Usage Active Directory domain –ldaps: Use LDAPS insteadRead More

Presshell – Quick And Dirty WordPress Command Execution Shell

presshell Quick & dirty WordPress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at <your-host>/wp-content/plugins/shell/shell.php Installation To install the shell, we are assuming you have administrative rights to WordPress and can install plugins since transferring a PHP file to the media library shouldn’t work anyway. Otherwise, you haveRead More

GC2 – A Command And Control Application That Allows An Attacker To Execute Commands On The Target Machine Using Google Sheet And Exfiltrate Data Using Google Drive

GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive. Why This program has been developed in order to provide a command and control that does not require any particular set up (like: aRead More

Owt – The Most Compact WiFi Auditing Tool That Works On Command Line Linux

  This tool compiles some necessary tools for wifi auditing in a unix bash script with a user friendly interface. The goal of owt is to have the smallest file size possible while still functioning at maximum proficiency. Installation & Running the script ~ $ git clone https://github.com/clu3bot/OWT.git~ $ cd owt~ $ sudo bash owt.shRead More

BeaconEye – Hunts Out CobaltStrike Beacons And Logs Operator Command Output

BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon, BeaconEye will monitor each process for C2 activity. How it works BeaconEye will scan live processes or MiniDump files for suspected CobaltStrike beacons. In live process mode, BeaconEye optionally attaches itself as a debugger and will begin monitoring beaconRead More

Link – A Command And Control Framework Written In Rust

link is a command and control framework written in rust. Currently in beta. Introduction link provides MacOS, Linux and Windows implants which may lack the necessary evasive tradecraft provided by other more mature command and control frameworks. Tested on Linux only. Features Hopefully this list expands for humans to actually want to use this: HTTPSRead More

Kubesploit – A Cross-Platform Post-Exploitation HTTP/2 Command And Control Server And Agent Written In Golang

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl (@Ne0nd0g). Our Motivation While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities inRead More

Procrustes – A Bash Script That Automates The Exfiltration Of Data Over Dns In Case We Have A Blind Command Execution On A Server Where All Outbound Connections Except DNS Are Blocked

A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution (e.g. java.lang.Runtime.exec). Unstaged:    Staged:   For its operations,Read More