HTTP-revshell – Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV.Help server.py (unisession server)Server usage: usage: server.py [-h] [–ssl] [–autocomplete] hostRead More

Faxhell – A Bind Shell Using The Fax Service And A DLL Hijack

A Proof-of-Concept bind shell using the Fax service and a DLL hijack based on Ualapi.dll.See our writeup at: https://windows-internals.com/faxing-your-way-to-system/How to use Build Ualapi.dll and place in c:windowssystem32 Start the Fax service, which will load the DLL and call the export UalStart. UalStart will queue a thread pool work item that will open a handle toRead More

EvilDLL – Malicious DLL (Reverse Shell) Generator For DLL Hijacking

Read the license before using any part from this code đŸ™‚Malicious DLL (Win Reverse Shell) generator for DLL Hijacking Features: Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option (LHOST,LPORT) Example of DLL Hijacking included (Half-Life Launcher file) Tested on Win7 (7601), Windows 10 Requirements: Mingw-w64 compiler: apt-get install mingw-w64 Ngrok Authtoken (for TCPRead More

JSshell – A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS

JSshell – a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, …This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell – a tool to get a JavaScript shell with XSSRead More

Eviloffice – Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)

Win python script to inject Macro and DDE code into Excel and Word documents (reverse shell) Features: Inject malicious Macro on formats: docm, dotm, xlsm, xltm Inject malicious DDE code on formats: doc, docx, dot, xls, xlsx, xlt, xltx Python2/Python3 Compatible Tested: Win10 (MS Office 14.0) Requirements: Microsoft Office (Word/Excel) pywin32: python -m pip installRead More

Evilreg – Reverse Shell Using Windows Registry Files (.Reg)

Reverse shell using Windows Registry file (.reg). Features: Reverse TCP Port Forwarding using Ngrok.io Requirements: Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signup Your authtoken is available on your dashboard: https://dashboard.ngrok.com Install your auhtoken: ./ngrok authtoken <YOUR_AUTHTOKEN> Target must reboot/re-login after installing the .reg file Legal disclaimer:Usage of Evilreg for attacking targets without priorRead More

Vulnx v2.0 – An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (WordPress , Joomla , Drupal , Prestashop …)

Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more …Instead of injecting each and every shell manually like all the other tools do, VulnX analyses the target websiteRead More

Tweetshell – Multi-thread Twitter BruteForcer In Shell Script

Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and it can test infinite number of passwords with a rate of +400 passwords/min using 20 threads.Legal disclaimer:Usage of TweetShell for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obeyRead More

X