fsociety Hacking Tools Pack – A Penetration Testing Framework

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Curated list of Unix binaries that can be exploited to bypass system security restrictions

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

A tool to dump the login password from the current linux user

An evil RAT (Remote Administration Tool) for macOS / OS X.

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Stealth post-exploitation framework

venom - shellcode generator/compiler/handler (metasploit)

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

Bash post exploitation toolkit

A Python Package for Data Exfiltration

This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell

A framework for Backdoor development!

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

Orc is a post-exploitation framework for Linux written in Bash

Load shellcode into a new process

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Network Pivoting Toolkit

Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test. Contributions are appreciated. Enjoy!

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.

*Frequently Updated. Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.

[Draft]Awesome Cyber Security Resource Collection. Currently contains 8000+ open source repositories, and not very well classified. For each repository, extra info included: star count, commit count, last update time. This is the DRAFT version.

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

Post-exploitation tool