Disclaimer The contributor(s) cannot be held responsible for any misuse of the data. This repository is just a collection of URLs to download eBooks for free. Download the eBooks at your own risks. DMCA take down cannot be possible as we are not republishing the books/infringement of code, but we are just hosting the links […]
Empire is regarded as one of the most useful frameworks by many penetration testers. It has many different powershell and python agents to use for post-exploitation attacks. Empire offers many post-exploitation modules from keyloggers to Mimikatz. You can deploy advanced cryptologically-secure communications between you and your victim to bypass network detection. Installing Empire First things […]
Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of […]
Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. Usage To launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark’s help menu Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to […]
A post-exploitation agent powered by Python, IronPython, C#/.NET. Requirements Server requires Python >= 3.7 SILENTTRINITY C# implant requires .NET >= 4.5 How it works Notes .NET runtime support The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also there is no ZipArchive .NET library prior to 4.5 […]
SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers. It is named, in part, as a homage to the PowerSploit project, a personal favorite of mine! While SharpSploit does port over some functionality from PowerSploit, […]
Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web […]
XSStrike is an open source tool that detects Cross Site Scripting vulnerabilities and exploits them. The tool is equipped with a powerful fuzzing engine that increases the accuracy of the tool. The promising features of the tool include the following. XSStrike is equipped with a powerfull fuzzy engine for accurate results. The tool possesses context […]
CrackMapExec(CME) is a post exploitation tool that can be used for tasks like cracking administrative rights and mapping active directory networks. Active directory is a windows OS utility that provides services like protocols to access other directories in the network, security services through SSL and Kerberos authentication, organizational data storage in a centralized location, and […]
Bashark aids Pentesters and Security Researchers during the post-exploitation phase of security audits. Usage To launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark’s help menu Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to […]
Merlin is post-exploitation tool that is easily cross-compiled to run on any platform to achieve command and control of a host. Quick Start Download the latest version of Merlin Server from the releases section Extract the files with 7zip using the x function. The password is: merlin Start Merlin Deploy an agent. See Agent Execution Quick […]
BSQLinjector is a Blind SQL injection exploitation tool written in ruby. It uses blind method to retrieve data from SQL databases. I recommend using “–test” switch to clearly see how configured payload looks like before sending it to an application. Options: –file Mandatory – File containing valid HTTP request and SQL injection point (SQLINJECT). (–file=/tmp/req.txt) […]
Sqlmap is an open source tool used to test the SQL injection vulnerabilities within web applications. The tool requires Python 2.6.x and 2.7.x. The tool is capable of databases fingerprinting, fetching data from the databases, accessing the database file systems, and running different commands on the target server. The tool can be installed by cloning […]
Expliot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to create new plugins. The name expliot is a pun on exploit and explains the purpose of the framework i.e. Internet of Things (IoT) exploitation. It is developed in python3. Objective […]
Commix is a command injection exploitation tool used for testing command injection vulnerabilities in web applications. Command injection, also known as shell injection is achieved through vulnerable applications. For the attack to be successful, the application must pass unsecure user supplied data to the system shell. The tool is written in Python language. Who can […]
A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX. Features Emulate a simple terminal instance Undetected by anti-virus (OpenSSL AES-256 encrypted payloads, HTTPS communication) Multi-threaded No client dependencies (pure python) Persistent Simple extendable module system Retrieve Chrome passwords Retrieve iCloud tokens and contacts Phish for iCloud passwords via iTunes Download and upload files Take a picture using the webcam […]
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. The obfuscated communication is accomplished using HTTP headers under standard client requests and web server’s relative […]
Hackers can exploit the vulnerability in iTunes’ Wi-Fi Sync feature and spy on iPhone users. We already have told our readers about the dangers that plugging your iPhone into an unknown hardware device. The reason is that it makes your smartphone vulnerable to a variety of malicious activities including malware. But until now, we had assumed […]
p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an “all […]
REXT is a toolkit for easy creation and usage of various python scripts that work with embedded devices. Requirements: requests paramiko beautifulsoup4 Installation: Git clone REXT repository (this is the recommended way if you wish for REXT update command to work) $ git clone https://github.com/j91321/rext.git or download REXT $ wget https://github.com/j91321/rext/archive/master.zip $ unzip master.zip Install […]
XSStrike is an advanced XSS detection and exploitation suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts. Features: Powerful fuzzing engine Context breaking technology Intelligent […]