52 matches found
Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework
Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h Usage: sh4d0wup OPTIONS Commands: bait Start a malicious update server front Bind a http/https server but forward everything unmodified infect High level tampering, inject additional command...
New EX-22 Tool Empowers Hackers with Stealthy Ransomware Attacks on Enterprises
A new post-exploitation framework called EXFILTRATOR-22 aka EX-22 has emerged in the wild with the goal of deploying ransomware within enterprise networks while flying under the radar. "It comes with a wide range of capabilities, making post-exploitation a cakewalk for anyone purchasing the tool,...
WEF - Wi-Fi Exploitation Framework
A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, automated hash cracking, bluetooth hacking and much more. I recommend you my alfa adapter: Alfa AWUS036ACM , which works really great with both, 2.4 and 5 Ghz Tested and supported in...
Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers
Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under...
Brutus - An Educational Exploitation Framework Shipped On A Modular And Highly Extensible Multi-Tasking And Multi-Processing Architecture
An educational exploitation framework shipped on a modular and highly extensible multi-tasking and multi-processing architecture. Brutus: an Introduction Looking for version 1? See the branches in this repository. Brutus is an educational exploitation framework written in Python. It automates pre...
awesome-windows-exploitation
This is a curated list of Windows exploitation resources and tools. The repository is a collection of articles, tutorials, and tools for Windows exploitation, including stack overflows, heap overflows, and kernel-based Windows overflows. The list includes resources such as articles from Phrack, a...
BlackMamba - C2/post-exploitation Framework
BlackMamba is a multi client C2/post exploitation framework with some spyware features. Powered by Python 3.8.6 and QT Framework. Some of BlackMamba features are: Multi Client - Supports multiple client connections at the same time. Real Time Communication Updates - Real time communication and...
UPDATE: Empire v3.4.0
Empire v3.4.0 was released a couple of days ago! I briefly mentioned about this tool in my old post titled - List of Open Source C2 Post-Exploitation Frameworks. This new version brings support for Malleable C2 listeners and reflective file loading among other bug fixes. What is Empire? Empire 3....
isf
This is an offensive tool for ICS exploitation. It is a Python-based framework for exploiting Industrial Control Systems ICS, similar to Metasploit. The framework, known as ICSSploit, is a fork of the routersploit project and is designed for ICS exploitation. It includes various modules for...
PayloadsAllTheThings
This is a collection of security-related tools and resources, including a list of useful payloads and bypass techniques for web application security and penetration testing/CTF Capture The Flag. The repository includes tools such as Pacu, an AWS exploitation framework, and Bucket Finder, a tool f...
Tentacle: A Vulnerability & Exploitation Test Framework
Yesterday, I was searching for a PoC of a Spring Cloud Config vulnerability. The first result that Google returned was for a cool vulnerability and exploit testing framework – Tentacle. Cherry on the top was that this is open source and has been coded in Python3! This post is an attempt at listin...
UPDATE: Empire 3.1.0
Empire 3.1.0 was released a few hours ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. It’s a very good thing that, BC-Security has taken over the development of the tool and has made some awesome...
UPDATE: Empire 3.0.1
Empire 3.0.1 release was a real surprise for me as about a week ago Empire 3.0 was released. I hadn't gotten around to test it all and then we have a new release already! If you remember, I briefly mentioned about this tool in my five month old post titled - List of Open Source C2 Post-Exploitati...
ISF - Industrial Control System Exploitation Framework
ISFIndustrial Exploitation Framework is a exploitation framework based on Python, it's similar to metasploit framework. ISF is based on open source project routersploit. Read this in other languages:English, 简体中文, ICS Protocol Clients Name | Path | Description ---|---|--- modbustcpclient |...
BeEF - The Browser Exploitation Framework Project
What is BeEF? BeEF is short for The BrowserExploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual securi...
Pacu - The AWS Exploitation Framework, Designed For Testing The Security Of Amazon Web Services Environments
Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...
UPDATED VERSION: RouterSploit 3.4.0
PenTestIT RSS Feed RouterSploit 3.4.0, the long awaited router exploitation framework update is out guys! This release includes some really cool features and updates such as using pycryptodome from pycryptoand newer exploitation modules! Read on for the improvements. What is RouterSploit? The...
BeEF Browser Exploitation Framework Hooking Request
Browser Exploitation Framework BeEF operates by delivering malicious js payload to the victim's browser. Successful infection will allow the attacker host to take control of the victim's browser to lunch further attacks...
RouterSploit v3.3.0 - Exploitation Framework For Embedded Devices
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...
UPDATED VERSION: RouterSploit 3.3.0
PenTestIT RSS Feed Since my last update, this router exploitation framework have gone through a lot of updates. This post is about RouterSploit 3.3.0 code named I Know You Were Trouble. We will also discuss changes made to and an earlier version 3.2.0 to maintain a chain with the hopes that I kee...