- POSHC2: PoshC2 is a proxy aware C2 framework that utilises Powershell and/or equivalent (System.Management.Automation.dll) to aid penetration testers with red teaming, post-exploitation and lateral movement.
- Invoke-PSImage: Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute
- pupy: Pupy is a cross-platform, multi function RAT and post-exploitation tool mainly written in python.
- LaZagne: The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer.
- impacket: Impacket is a collection of Python classes for working with network protocols.
- CheckPlease: Sandbox evasion modules written in PowerShell, Python, Go, Ruby, C, C#, Perl, and Rust.
- phishery: An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector
- unicorn: Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
- Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
- rpivot: RPIVOT allows to tunnel traffic into internal network via socks 4. It works like ssh dynamic port forwarding but in the opposite direction.
- reGeorg: The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ.
- CACTUSTORCH: A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.
- tinymet: TinyMet is a tiny “4.5 kilobytes” flexible meterpreter stager, which supports multiple meterpreter transports, setting LPORT and LHOST during runtime.
- EarthWorm: EarthWorm is a portable network penetration tool with two core functions: SOCKS v5 service setup and port forwarding, which can complete network penetration in complex network environments.
- juicy-potato: Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.
- HTran: HTran is a connection bouncer, a kind of proxy server. A “listener” program is hacked stealthily onto an unsuspecting host anywhere on the Internet.
- Empire: Empire is a PowerShell and Python post-exploitation agent.
- SafetyKatz: SafetyKatz is a combination of slightly modified version of @gentilkiwi’s Mimikatz project and @subTee’s .NET PE Loader
- QuasarRat: Quasar is a fast and light-weight remote administration tool coded in C#.
- Tunna: Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
- powercat: Netcat: The powershell version.
- Ruler: A tool to abuse Exchange services.
- Invoke-Obfuscation: Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.
- koadic: Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.
- SharpHound: C# Rewrite of the BloodHound Ingestor
- PowerSploit: PowerSploit - A PowerShell Post-Exploitation Framework
- androrat: Remote Administration Tool for Android
- PAExec: PAExec is a free, redistributable and open source equivalent to Microsoft’s popular PsExec application
- quarkspwdump: Dump various types of Windows credentials without injecting in any process
- Windows Credential Editor: Windows Credentials Editor (WCE) allows you to list logon sessions and add, change, list and delete associated credentials.
- AsyncRAT-C-Sharp & QuasarRAT: RAT
- nbtscan: This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. METERPRETER: Metaspolit payload
- Bitvise: SSH client/server
Red Teaming Toolkit: A collection of open source and commercial tools that aid in red team operations.
GoFetch -
это инструмент для автоматического осуществления плана атаки, созданного приложением BloodHound .
GoFetch сначала загружает путь локальных пользователей-администраторов и компьютеров, созданных BloodHound, и преобразует его в свой собственный формат плана атаки. Как только план атаки готов, GoFetch продвигается к месту назначения в соответствии с планом, шаг за шагом, последовательно применяя методы удаленного выполнения кода и скомпрометируя учетные данные с Mimikatz.
#### awesome-pentest Топовые инструменты для работы)
One-Lin3r
pip3 install one-lin3r [инструмент достоин внимания!]
evil-winrm
WinRM (Windows Remote Management) - это реализация протокола WS-Management от Microsoft. Стандартный протокол на основе SOAP, позволяющий взаимодействовать аппаратным и операционным системам разных производителей. Microsoft включила его в свои операционные системы, чтобы облегчить жизнь системным администраторам.
Эту программу можно использовать на любых серверах Microsoft Windows с включенной этой функцией (обычно на порту 5985), конечно, только если у вас есть учетные данные и разрешения на ее использование. Таким образом, мы можем сказать, что он может быть использован в фазе взлома / пентестинга после эксплуатации. Цель этой программы - предоставить приятные и простые в использовании функции для взлома. Он также может быть использован в законных целях системными администраторами, но большинство его функций сосредоточено на взломе / тестировании.
AggressorScripts for Cobalt_Strike
- https://github.com/rsmudge/ElevateKit
- https://github.com/vysec/CVE-2018-4878
- https://github.com/harleyQu1nn/AggressorScripts
- https://github.com/bluscreenofjeff/AggressorScripts
- https://github.com/ramen0x3f/AggressorScripts
- https://github.com/360-A-Team/CobaltStrike-Toolset
- https://github.com/ars3n11/Aggressor-Scripts
- https://github.com/michalkoczwara/aggressor_scripts_collection
- https://github.com/vysec/Aggressor-VYSEC
- https://github.com/killswitch-GUI/CobaltStrike-ToolKit
- https://github.com/ZonkSec/persistence-aggressor-script
- https://github.com/ramen0x3f/AggressorScripts
- https://github.com/rasta-mouse/Aggressor-Script
- https://github.com/RhinoSecurityLabs/Aggressor-Scripts
- https://github.com/Und3rf10w/Aggressor-scripts
- https://github.com/Kevin-Robertson/Inveigh
- https://github.com/Genetic-Malware/Ebowla
- https://github.com/001SPARTaN/aggressor_scripts
- https://github.com/gaudard/scripts/tree/master/red-team/aggressor
- https://github.com/branthale/CobaltStrikeCNA
- https://github.com/oldb00t/AggressorScripts
- https://github.com/p292/Phant0m_cobaltstrike
- https://github.com/p292/DDEAutoCS
- https://github.com/secgroundzero/CS-Aggressor-Scripts
- https://github.com/skyleronken/Aggressor-Scripts
- https://github.com/tevora-threat/aggressor-powerview
- https://github.com/tevora-threat/PowerView3-Aggressor
- https://github.com/threatexpress/aggressor-scripts
- https://github.com/threatexpress/red-team-scripts
- https://github.com/threatexpress/persistence-aggressor-script
- https://github.com/FortyNorthSecurity/AggressorAssessor
- https://github.com/mdsecactivebreach/CACTUSTORCH
- https://github.com/C0axx/AggressorScripts
- https://github.com/offsecginger/AggressorScripts
- https://github.com/tomsteele/cs-magik
- https://github.com/bitsadmin/nopowershell
- https://github.com/SpiderLabs/SharpCompile
- https://github.com/realoriginal/reflectivepotato