GodGenesis – A Python3 Based C2 Server To Make Life Of Red Teamer A Bit Easier. The Payload Is Capable To Bypass All The Known Antiviruses And Endpoints

God Genesis is a C2 server purely coded in Python3 created to help Red Teamers and Penetration Testers. Currently It only supports TCP reverse shell but wait a min, its a FUD and can give u admin shell from any targeted WINDOWS Machine. The List Of Commands It Supports :- =================================================================================================== BASIC COMMANDS: =================================================================================================== helpRead More

Coercer – A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine. Analyze mode with –analyze, which only lists theRead More

ApacheTomcatScanner – A Python Script To Scan For Apache Tomcat Server Vulnerabilities

A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target source possible: Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets. Reading targets line by line from a file. Reading individual targets (IP/DNS/CIDR)Read More

GooFuzz – Tool To Perform Fuzzing With An OSINT Approach, Managing To Enumerate Directories, Files, Subdomains Or Parameters Without Leaving Evidence On The Target’s Server With Google Dorking

Credits Author: M3n0sD0n4ld Twitter: @David_Uton Description: GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. Download and install: $ git clone https://github.com/m3n0sd0n4ld/GooFuzz.git$ cd GooFuzz$ chmod +x GooFuzz$ ./GooFuzz -h Use: Menu Lists files by extensionsRead More

Octopus – Open Source Pre-Operation C2 Server Based On Python And Powershell

Octopus is an open source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S. The main purpose of creating Octopus is for use before any red team operation, where rather than starting the engagement with your full operational arsenal and infrastructure, you can use Octopus first to attack theRead More

PSRansom – PowerShell Ransomware Simulator With C2 Server

PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server, you can exfiltrate files and receive client information via HTTP. All communication between the two elements isRead More

WSVuls – Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What’s WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It’s designed for developers/testers and for those workers in IT who want to test vulnerabilities and analyses website from a single command. It detects issuesRead More

SSRFire – An Automated SSRF Finder. Just Give The Domain Name And Your Server And Chill! Also Has Options To Find XSS And Open Redirects

An automated SSRF finder. Just give the domain name and your server and chill! 😉 It also has options to find XSS and open redirects. Syntax ./ssrfire.sh -d domain.com -s yourserver.com -f custom_file.txt -c cookies domain.com —> The domain for which you want to test yourserver.com —> Your server which detects SSRF. Eg. Burp collaboratorRead More

Xolo – Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph

Author: ET Lownoise Version: 1.0 Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/…/risk assessments pentest hacking team exercises. Requirements: Requests==2.18.4Flask==0.12.2JsonPypyodbcbeautifulsoup4==4.6.0lxml==4.1.0Example: pip install pypyodbc python -m pip install pypyodbc Install/Run: – Download- Decompress – Put it in directory- Run it c:xolo>python main.py … * RunningRead More

Melting-Cobalt – A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object

A tool to hunt/mine for Cobalt Strike beacons and “reduce” their beacon configuration for later indexing. Hunts can either be expansive and internet wide using services like SecurityTrails, Shodan, or ZoomEye or a list of IP’s. Getting started Install melting-cobalt Configure your tokens to begin the hunt Mine Beacons to begin reducing them Review resultsRead More