Search the Community

CrossC2 framework is a security framework for enterprises and Red Team personnel supports CobaltStrike’s penetration testing of other platforms (Linux / MacOS / …), supports custom modules, and includes some commonly used penetration modules. Feature For a faster way, see cna introduction GO Linux & MacOS supports no file landing, load and execute from memory dynamic library or executable file GO Flexibly customize the data return type of the execution file, portscan, screenshot, keystrokes, credentials and other user-defined development to achieve more convenient implementation GO Custom communication protocol GO Android & iPhone support GO Restricted description: CobaltStrike: currently only supports the last version of cs 3.14(bug fixes). Linux: For particularly old systems, you can choose the “Linux-GLIBC” option in cna (around 2010) MacOS: Latest systems only support 64-bit programs iOS: sandbox, restricted cmd Embedded: only *nix ⍻ : Loader is still in progress [hide][Hidden Content]]

OSINT Tool: Generate username lists from companies on LinkedIn. This is a pure web-scraper, no API key required. You use your valid LinkedIn username and password to log in, it will create several lists of possible username formats for all employees of a company you point it at. Use an account with a lot of connections, otherwise, you’ll get crappy results. Adding a couple of connections at the target company should help – this tool will work up to third-degree connections. Note that LinkedIn will cap search results to 1000 employees max. You can use the features ‘–geoblast’ or ‘–keywords’ to bypass this limit. Look at the help below for more details. Here’s what you get: first.last.txt: Usernames like Joe.Schmoe flast.txt: Usernames like JSchmoe firstl.txt: Usernames like JoeS first.txt Usernames like Joe rawnames.txt: Full name like Joe Schmoe Optionally, the tool will append @domain.xxx to the usernames. Changelog v0.26 Fixes a key error related to name splitting Handles titles (Dr, PhD, etc) better [hide][Hidden Content]]

OSINT Tool: Generate username lists from companies on LinkedIn. This is a pure web-scraper, no API key required. You use your valid LinkedIn username and password to log in, it will create several lists of possible username formats for all employees of a company you point it at. Use an account with a lot of connections, otherwise, you’ll get crappy results. Adding a couple of connections at the target company should help – this tool will work up to third-degree connections. Note that LinkedIn will cap search results to 1000 employees max. You can use the features ‘–geoblast’ or ‘–keywords’ to bypass this limit. Look at the help below for more details. Here’s what you get: first.last.txt: Usernames like Joe.Schmoe flast.txt: Usernames like JSchmoe firstl.txt: Usernames like JoeS first.txt Usernames like Joe rawnames.txt: Full name like Joe Schmoe Optionally, the tool will append @domain.xxx to the usernames. Changelog v0.22 This version, ironically, removes version checks. It’s the wild west! [hide][Hidden Content]]

CrossC2 framework – Generator CobaltStrike’s cross-platform beacon CrossC2 framework is a security framework for enterprises and Red Team personnel supports CobaltStrike’s penetration testing of other platforms (Linux / MacOS / …), supports custom modules, and includes some commonly used penetration modules. Feature For a faster way, see cna introduction GO Linux & MacOS supports no file landing, load and execute from memory dynamic library or executable file GO Flexibly customize the data return type of the execution file, portscan, screenshot, keystrokes, credentials and other user-defined development to achieve more convenient implementation GO Custom communication protocol GO Android & iPhone support GO Restricted description: CobaltStrike: currently only supports the last version of cs 3.14(bug fixes). Linux: For particularly old systems, you can choose the “Linux-GLIBC” option in cna (around 2010) MacOS: Latest systems only support 64-bit programs iOS: sandbox, restricted cmd Embedded: only *nix ⍻ : Loader is still in progress Changelog v3.0 fix File download speed increased New MacOS & Linux support dynamic library beacon. LD_PRELOAD=./libbeacon.so java Dynamic library beacon supports entering the background to run.(export CC_BG=1) export CC_BG=1 && LD_PRELOAD=./libbeacon.so java [hide][Hidden Content]]

Beaconator is an aggressor script for Cobalt Strike used to generate either staged or stageless shellcode and packing the generated shellcode using your tool of choice Currently, it supports the following tools: Staged Beacon Generator Alaris: Alaris is a new and sneaky shellcode loader capable of bypassing most EDR systems as of today (02/28/2021). It uses several known TTP’s that help protect the malware and it’s execution flow. Stageless Beacon Generator PEzor: Open-Source Shellcode & PE Packer ScareCrow: ScareCrow is a payload creation framework for sideloading (not injecting) into a legitimate Windows process (bypassing Application Whitelisting controls). Once the DLL loader is loaded into memory, it utilizes a technique to flush an EDR’s hook out of the system DLLs running in the process’s memory. This works because we know the EDR’s hooks are placed when a process is spawned. ScareCrow can target these DLLs and manipulate them in memory by using the API function VirtualProtect, which changes a section of a process’ memory permissions to a different value, specifically from Execute–Read to Read-Write-Execute. [hide][Hidden Content]]

Sharperner Sharperner is a tool written in CSharp that generates a .NET dropper with AES and XOR obfuscated shellcode. A generated executable can possibly bypass signature check but I can’t be sure it can bypass heuristic scanning. Features PE binary Process Hollowing PPID Spoofing Random generated AES key and iv Final Shellcode, Key, and IV are translated to morse code 🙂 .NET binary AES + XOR encrypted shellcode APC Process Injection (explorer.exe) Random function names Random generated AES key and iv Final Shellcode, Key, and IV are translated to morse code 🙂 [hide][Hidden Content]]

MeterPwrShell Automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Any AVs. This tool is powered by Metasploit-Framework and amsi.fail Notes NEVER UPLOAD THE PAYLOAD THAT GENERATED BY THIS PROGRAM TO ANY ONLINE SCANNER NEVER USE THIS PROGRAM FOR MALICIOUS PURPOSE SPREADING THE PAYLOAD THAT GENERATED BY THIS PROGRAM IS NOT COOL ANY DAMAGE GENERATED BY THIS PROGRAM IS NOT MY (As the program maker) RESPONSIBILTY!!! If you have some feature recommendation,post that on Issue If you have some issue with the program,try redownloading it again (trust me),cause sometimes i edit the release and fix it without telling 😂 If you want to know how tf my payload bypass any AVs,you can check on this and this Dont even try to fork this repository,you'll dont get the releases! Features (v1.5.1) Bypass UAC Automatic Migrate (using PrependMigrate) Built-in GetSYSTEM (if u use the Bypass UAC option) Disable All Firewall Profile (if u use the Bypass UAC option) Fully Bypass Windows Defender Real-time Protection (if you choose shortened payload or using Bypass UAC or both) Disable Windows Defender Security Features (if u use the Bypass UAC option) Fully unkillable payload Bypasses AMSI Successfully (if you choose shortened payload) Short One-Liner (if you choose shortened payload) Bypass Firewall (If you pick an unstaged payload) Great CLI A Lot More (Try it by yourself) [hide][Hidden Content]]

CrossC2 framework – Generator CobaltStrike’s cross-platform beacon CrossC2 framework is a security framework for enterprises and Red Team personnel supports CobaltStrike’s penetration testing of other platforms (Linux / MacOS / …), supports custom modules, and includes some commonly used penetration modules. Only for internal use by enterprises and organizations, this framework has a certain degree of instability. Non-professionals are not allowed to use it. Anyone shall not use it for illegal purposes and profitability. Besides that, publishing unauthorized modified version is also prohibited, or otherwise bear legal responsibilities. Feature For a faster way, see cna introduction GO Linux & MacOS supports no file landing, load and execute from memory dynamic library or executable file GO Flexibly customize the data return type of the execution file, portscan, screenshot, keystrokes, credentials and other user-defined development to achieve more convenient implementation GO Custom communication protocol GO Android & iPhone support GO Restricted description: CobaltStrike: currently only supports the last version of cs 3.14(bug fixes). Linux: For particularly old systems, you can choose the “Linux-GLIBC” option in cna (around 2010) MacOS: Latest systems only support 64-bit programs iOS: sandbox, restricted cmd Embedded: only *nix ⍻ : Loader is still in progress Changelog v2.1 New Supports running scripts from memory (bash/python/perl/ruby/php/..) [hide][Hidden Content]]

Bopscrk (Before Outset PaSsword CRacKing) is a tool to generate smart and powerful wordlists. Included in BlackArch Linux pentesting distribution and Rawsec’s Cybersecurity Inventory since August 2019. The first idea was inspired by Cupp and Crunch. We could say that bopscrk is a wordlist generator situated between them, taking the best of each one. The challenge was to try to apply the Cupp’s idea to more generic-situations and amplify the shoot-range of the resultant wordlist, without losing this custom-wordlist-profiler feature. Changelog v2.3.1 2.3.1 version notes fixing namespace bug (related to aux.py module, renamed to auxiliars.py) when running on windows systems unittest (and simple unitary tests for transforms, excluders and combinators functions) implemented. 2.3 version notes (15/10/2020) Customizable configuration for artists and lyrics transforms using the cfg file Requirements at setup.py updated Multithreads logic improved Leet and case order reversed to improve operations efficiency BUG FIXED in lyrics space replacement BUG FIXED when remove duplicates (Type Error: unhashable type: ‘list’) Memory management and efficiency improved SPLIT INTO MODULES to improve project structure BUG FIXED in wordlists-exclusion feature 2.2 version notes (11/10/2020 Configuration file implemented NEW FEATURE: Allow to create custom charsets and transforms patterns trough the config file NEW FEATURE: Recursive leet transforms implemented (disabled by default, can be enabled in cfg file) 2.2~beta version notes (10/10/2020) The lyricpass integration have been updated to run with last version released by initstring --lyrics-all option removed (feature integrated in other options) [hide][Hidden Content]]

Bopscrk (Before Outset PaSsword CRacKing) is a tool to generate smart and powerful wordlists. Included in BlackArch Linux pentesting distribution and Rawsec’s Cybersecurity Inventory since August 2019. The first idea was inspired by Cupp and Crunch. We could say that bopscrk is a wordlist generator situated between them, taking the best of each one. The challenge was to try to apply the Cupp’s idea to more generic-situations and amplify the shoot-range of the resultant wordlist, without losing this custom-wordlist-profiler feature. How it works You have to provide some words which will act as a base. The tool will generate all possible combinations between them. To generate more combinations, it will add some common separators (e.g. “-“, “_”, “.”), random numbers, and special chars. You can enable leet and case transform to increase your chances. If you enable lyricpass mode, the tool will ask you about artists and it will download all his songs’ lyrics. Each line will be added as a new word. Then it will be transformed in several ways (leet, case, only first letters, with and without spaces…). Artist names will be added too. You can provide wordlists that you already tried against the target in order to exclude all these words from the resultant wordlist (-x). Changelog v2.3 Customizable configuration for artists and lyrics transforms using the cfg file Requirements at setup.py updated Multithreads logic improved Leet and case order reversed to improve operations efficiency BUG FIXED in lyrics space replacement BUG FIXED when removing duplicates (Type Error: unhashable type: ‘list’) Memory management and efficiency improved SPLIT INTO MODULES to improve project structure BUG FIXED in wordlists-exclusion feature [hide][Hidden Content]]

[hide][Hidden Content]]

Description A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms (Linux / MacOS / ...), supports custom modules, and includes some commonly used penetration modules. ChangeLog release v2.0 : -fix Fix the problem of path errors caused by backslashes when uploading files in the file management office -fix Long-term testing in various scenarios in the real environment, fixing some hidden problems, and now more stable +support Support for lower kernel version systems +support Environment variables are automatically set at startup +support Delete sensitive env records at startup +support The background service process can be linked to the init process at startup +support Increase session spawn function +support Increase the function of session setting environment variables +support Increase the privilege escalation function of session getsystem +support Increase session analysis function to handle multiple merge tasks +support Increase Mac & Linux lateral movement function [hide][Hidden Content]]

Bopscrk Bopscrk (Before Outset PaSsword CRacKing) is a tool to generate smart and powerful wordlists. How it works You have to provide some words which will act as a base. The tool will generate all possible combinations between them. To generate more combinations, it will add some common separators (e.g. “-“, “_”, “.”), random numbers, and special chars. You can enable leet and case transform to increase your chances. If you enable lyricpass mode, the tool will ask you about artists and it will download all his songs’ lyrics. Each line will be added as a new word. Then it will be transformed in several ways (leet, case, only first letters, with and without spaces…). Artist names will be added too. You can provide wordlists that you already tried against the target in order to exclude all these words from the resultant wordlist (-x). bopscrk-2.0 Python 3 supported. [hide][Hidden Content]]

A simple script to generate a hidden url for social engineering. Legal disclaimer: Usage of URLCADIZ for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [HIDE][Hidden Content]]

Words Scraper Selenium based web scraper to generate passwords list. [HIDE][Hidden Content]]

[HIDE][Hidden Content]]

Insanity-Framework THIS PROJECT ARE CLOSED NOW - FEEL FREE TO CONTINUE IT Copyright 2017 Insanity Framework (IF) 2.0 END Written by: * Alisson Moretto - 4w4k3 Special Thanks to Thomas Perkins - Ekultek Insanity Payload consists of encrypting your code and decrypting it in memory, thus avoiding a possible av signature, also has the ability to wait long enough to bypass a running sandbox. **NOTE: Insanity payloads may experience a 1 minute delay while connecting, this is necessary in order to bypass most avs and sandboxes. ** Twitter: @4w4k3Official DISCLAIMER: "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." Taken from LICENSE. INSTALLATION OF DEPENDENT LIBRARIES cd Insanity-Framework chmod +x install.sh ./install.sh That's it Features Bypass most AV and Sandboxes. Remote Control. Payload Generation. Some Phishing methods are included on payloads generated. Detect Virtual Machines. Multiple Session disabled. Persistence and others features can be enabled. Bypass UAC. Memory Injection. Needed dependencies apt wine wget Linux sudo access python2.7 python 2.7 on Wine Machine pywin32 on Wine Machine VCForPython27 on Wine Machine Tested on: Kali Linux - SANA Kali Linux - ROLLING Ubuntu 14.04-16.04 LTS Debian 8.5 Linux Mint 18.1 Black Arch Linux Cloning: git clone [Hidden Content] Running: sudo python insanity.py If you have another version of Python: sudo python2.7 insanity.py Screenshot: More in Screens Contribute: Send me more features if you want it 😄 I need your help for Insanity to become better! Things needed to be improved and future updates: File Transfer (FTP) Webcam Snaps and Streaming Keylogging Print Screens Download: [HIDE][Hidden Content]]