offensive-claude

Offensive Security Research Config for Claude Code A comprehe...

JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post Exploitation Implant To Monitor Users As They Use The Targeted Application

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...

CloudRecon - Finding assets from certificates

CloudRecon Finding assets from certificates! Scan the web! Tool presented @DEFCON 31 Install You must have CGO enabled, and may have to install gcc to run CloudRecon sudo apt install gcc go install github.com/g0ldencybersec/CloudRecon@latest Description CloudRecon CloudRecon is a suite of tools f...

EasyEASM - Zero-dollar Attack Surface Management Tool

Zero-dollar attack surface management tool featured at Black Hat Arsenal 2023 and Recon Village @ DEF CON 2023. Description Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets. The industry is dominated by $30k vendors selling...

Exploit for Improper Initialization in Linux Linux_Kernel

!Dirty Pipehttps://forum.hackersploit.org/uploads/default/ori...

Sysreptor - Fully Customisable, Offensive Security Reporting Tool Designed For Pentesters, Red Teamers And Other Security-Related People Alike

Easy and customisable pentest report creator based on simple web technologies. SysReptor is a fully customisable, offensive security reporting tool designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports...

Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase

AntiForensics Tool For Red Teamers, Used For Erasing Some Footprints In The Post Exploitation Phase. Reduces Payload Burnout And Increases Detection Countdown. Can Be Used To Test The capabilities of Your Incident Response / Forensics Teams. Capabilities Unloading Sysmon Driver. Gutmann Method Fi...

Exploit for Improper Initialization in Linux Linux_Kernel

!Dirty Pipehttps://forum.hackersploit.org/uploads/default/ori...

GodGenesis - A Python3 Based C2 Server To Make Life Of Red Teamer A Bit Easier. The Payload Is Capable To Bypass All The Known Antiviruses And Endpoints

God Genesis is a C2 server purely coded in Python3 created to help Red Teamers and Penetration Testers. Currently It only supports TCP reverse shell but wait a min, its a FUD and can give u admin shell from any targeted WINDOWS Machine. The List Of Commands It Supports :-...

Exploit for Improper Initialization in Linux Linux_Kernel

!Dirty Pipehttps://forum.hackersploit.org/uploads/default/ori...

MrKaplan - Tool Aimed To Help Red Teamers To Stay Hidden By Clearing Evidence Of Execution

MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution. It works by saving information such as the time it ran, snapshot of files and associate each evidence to the related user. This tool is inspired by MoonWalk, a similar tool for Unix machines. You can re...

Inceptor - Template-Driven AV/EDR Evasion Framework

Modern Penetration testing and Red Teaming often requires to bypass common AV/EDR appliances in order to execute code on a target. With time, defenses are becoming more complex and inherently more difficult to bypass consistently. Inceptor is a tool which can help to automate great part of this...

Ntlm_Theft - A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files

A tool for generating multiple types of NTLMv2 hash theft files. ntlmtheft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the...

DNSStager - Hide Your Payload In DNS

DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting...

Kubesploit - A Cross-Platform Post-Exploitation HTTP/2 Command And Control Server And Agent Written In Golang

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl @Ne0nd0g. Our Motivation While researching Docker and Kubernetes, we noticed that most of the...

InveighZero - Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool

InveighZero is a C LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version shares many features with the PowerShell version of Inveigh. Privileged Mode Features elevated admin...

SnitchDNS - Database Driven DNS Server With A Web UI

SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services. One of its main features is the logging of all DNS queries allowing the discovery o...

SharpSphere - .NET Project For Attacking vCenter

SharpSphere gives red teamers the ability to easily interact with the guest operating systems of virtual machines managed by vCenter. It uses the vSphere Web Services API and exposes the following functions: Command & Control - In combination with F-Secure's C3, SharpSphere provides C&C into VMs...

The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the first post of our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Jake Williams, Founder of...

SysWhispers2 - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported and example generated files available in the example-output/ folder. Difference BetweenSysWhispers 1 and 2 The usage is almost identical to SysWhispers1 but...