Decider – A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

What is it? The Short A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. The Long Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating ATT&CK mappings easier to get right by walkingRead More

IpGeo – Tool To Extract IP Addresses From Captured Network Traffic File

IpGeo is a python tool to extract IP addresses from captured network traffic file (pcap/pcapng) and generate csv report containing details about the geolocation of each ip in the packets. The report contains: Country: Country Code. Region Region Name City Zip Latitude Longitude Timezone Isp Org Ip Installation Use the package manager pip3 to installRead More

Gmailc2 – A Fully Undetectable C2 Server That Communicates Via Google SMTP To Evade Antivirus Protections And Network Traffic Restrictions

A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions Note: This RAT communicates Via Gmail SMTP (or u can use any other smtps as well) but Gmail SMTP is valid because most of the companies block unknown traffic so gmail traffic is valid and allowed everywhere.Read More

NetLlix – A Project Created With An Aim To Emulate And Test Exfiltration Of Data Over Different Network Protocols

A project created with an aim to emulate and test exfiltration of data over different network protocols. The emulation is performed w/o the usage of native API’s. This will help blue teams write correlation rules to detect any type of C2 communication or data exfiltration. Currently, this project can help generate HTTP/HTTPS traffic (both GETRead More

DeepTraffic – Deep Learning Models For Network Traffic Classification

For more information please read our papers.  Wei Wang’s Google Scholar Homepage Wei Wang, Xuewen Zeng, Xiaozhou Ye, Yiqiang Sheng and Ming Zhu,”Malware Traffic Classification Using Convolutional Neural Networks for Representation Learning,” in the 31st International Conference on Information Networking (ICOIN 2017), pp. 712-717, 2017. Wei Wang, Jinlin Wang, Xuewen Zeng, Zhongzhen Yang andRead More

Nipe – An Engine To Make Tor Network Your Default Gateway

The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence agencies, hacking groups, criminal activities and even ordinaryRead More

Tornado – Anonymously Reverse Shell Over Tor Network Using Hidden Services Without Portforwarding

anonymously reverse shell over onion network using hidden services without portfortwarding Explore the docs fully undetectable reverse shell · View Demo · bulletproof anonymity If you are having any operating system compatiblity issue, let me know. I will try to fix as soon as possible so let’s explore the docs.   What is tornado? TornadoRead More

Pybatfish – Python Client For Batfish (Network Configuration Analysis Tool)

Pybatfish is a Python client for Batfish.  What is Batfish? Batfish is a network validation tool that provides correctness guarantees for security, reliability, and compliance by analyzing the configuration of network devices. It builds complete models of network behavior from device configurations and finds violations of network policies (built-in, user-defined, and best-practices). A primary useRead More

ICMP-TransferTools – Transfer Files To And From A Windows Host Via ICMP In Restricted Network Environments

ICMP-TransferTools is a set of scripts designed to move files to and from Windows hosts in restricted network environments. This is accomplished using a total of 4 different files, consisting of a python server and powershell client for each transfer direction (Download & Upload). The only dependency required is Impacket for one of the pythonRead More

GONET-Scanner – Golang Network Scanner With Arp Discovery And Own Parser

ScreenShots Install chmod +x [as root] Usage ARP Discovery -ar CIDR -s: Scan ports in all hosts discovered -ap: Scan to 65535 Ports -pr MINPORT MAXPORT: Define Port Range to Scan -1000: Scan Top 1000 ports (like nmap) -t: Set Timeout (in milliseconds) [EXAMPLES] go run scannerport.go -ap <IP>: Allports TCP Scan go runRead More