ssh-mitm is an intercepting (mitm) proxy server for security audits. Redirect/mirror Shell to another ssh client supported in 0.2.8 Replace File in SCP supported in 0.2.6 Replace File in SFTP supported in 0.2.3 Transparent proxy support in 0.2.2! – intercepting traffic to other hosts is now possible when using arp spoofing or proxy is usedRead More
Multi-threaded c2 server and reverse TCP shell client written in pure C (Windows). Command list: list: list available connections. interact tag:blogger.com,1999:blog-8317222231133660547.post-3056304803628582479: interact with client. download [filename]: download a file from client. upload [filename]: upload a file to client. background: background client. exit: terminate client or server. cd [dir]: change directory on client. Download Sak1To-Shell
[*] An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server. Installation RedShell runs on Python 3. It also requires a Cobalt Strike client installed on the system where it runs. Install dependencies: pip3 install -r requirements.txt Install proxychains-ng (https://github.com/rofl0r/proxychains-ng): apt install proxychains4 Make the agscriptRead More
Cooolis-ms is a server that supports Metasploit Framework RPC. It is used to work for Shellcode and PE loader, bypassing the static detection of anti-virus software to a certain extent, and allows the Cooolis-ms server to perform with the Metasploit server separate. Loader execution process: connect to Cooolis-Server Cooolis-Server connects to Metasploit RPC server retrieveRead More
A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet. Development Status frp is under development. Try the latest release version in the master branch, or use the dev branch for the version in development. The protocol might change at a release and we don’t promiseRead More
Review Access – kubectl plugin to show an access matrix for server resources IntroHave you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use kubectl auth can-i list deployments, but maybe you are looking for a complete overview? This is what rakkess is for. It listsRead More
SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication, a TLS Client Hello Extension. The tool consists of an agent which resides on the compromised internal host, and a Command&Control Server which controls the agent and gathers exfiltrated data.The full story behind SNIcat canRead More
Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side.Template engines are designed to generate web pages by combining fixed templates with volatile data. Server-side template injection attacks can occur when user input is concatenated directly into aRead More
This is a basic C2 generic server written in Python and Flask. This code has based ideia to GTRS, which uses Google Translator as a proxy for sending commands to the infected host. The BabyShark project aims to centralize reverse connections with agents, creating a way to centralize several types of connections in one place.BabySharkRead More
Carina is a web application used to store webshell, Virtual Private Server (VPS) and cPanel data. Carina is made so that we don’t need to store webshell, VPS or cPanel data in “strange places”.Screenshots Install Carina $ git clone https://github.com/c0delatte/carina && cd carina Run composer update. Edit .env.example with your database configuration. Run php artisanRead More
